Archive for category Technology
Alchemy Walkthrough for the iPhone
Posted by grymoire in Technology on November 24, 2011
Walkthrough for Alchemy on the iPhone
I wrote a program that examines all of the recipes, and it creates a walkthrough for the complete set of recipes.
I tried to get all of the recipes in exact order, but there seems to be a bug in the program. But you can complete all of the phases if you jump around within each phase.
Note. This is “Alchemy”. This is NOT the following games:
- Zed’s Alchemy
- Master of Alchemy
- Alchemy Premium
Note – I think there are only 230 elements. The 231 elements, in the recipe, is “*” – which is a wildcard. It matches any elements.
Walkthrough
Basic Elements
You start with these
- Water
- Soil
- Fire
- Air
Phase 1
- Water+Fire=>Alcohol
- Air+Soil=>Dust
- Air+Fire=>Energy
- Water+Water=>Lake
- Soil+Fire=>Lava
- Water+Air=>Steam
- Water+Soil=>Swamp
After this, you should have 10 out of 230 elements
Phase 2
- Fire+Dust=>Ash
- Steam+Air=>Cloud
- Swamp+Energy=>Life
- Air+Lava=>Stone
- Water+Lava=>Stone
- Air+Energy=>Storm
- Water+Alcohol=>Vodka
- Alcohol+Fire=>Whiskey
After this, you should have 17 out of 230 elements
Phase 3
- Swamp+Life=>Bacterium
- Life+Stone=>Egg
- Life+Fire=>Fire Golem
- Life+Lava=>Lava Golem
- Stone+Fire=>Metal
- Life+Ash=>Phantom
- Cloud+Water=>Rain
- Air+Stone=>Sand
- Water+Stone=>Sand
- Water+Life=>Seaweed
- Lava+Stone=>Volcano
After this, you should have 27 out of 230 elements
Phase 4
- Water+Sand=>Beach
- Air+Egg=>Bird
- Metal+Steam=>Boiler
- Swamp+Sand=>Clay
- Soil+Egg=>Dinosaur
- Fire+Egg=>Fried Egg
- Fire+Sand=>Glass
- Swamp+Egg=>Lizard
- Metal+Fire=>Mercury
- Life+Metal=>Metal Golem
- Swamp+Seaweed=>Moss
- Seaweed+Soil=>Mushroom
- Bacterium+Water=>Plankton
- Energy+Metal=>Radiowave
- Water+Metal=>Rust
- Sand+Storm=>Sandstorm
- Life+Sand=>Seeds
- Bacterium+Swamp=>Sulfur
- Sand+Egg=>Turtle
- Bacterium+Swamp=>Worm
After this, you should have 47 out of 230 elements
Phase 5
- Mushroom+Life=>1up
- Fire+Sulfur=>Acid
- Bird+Metal=>Airplane
- Ash+Glass=>Ashtray
- Soil+Lizard=>Beast
- Clay+Fire=>Brick
- Soil+Worm=>Bug
- Air+Worm=>Butterfly
- Stone+Plankton=>Cockleshell
- Seeds+Energy=>Coffee
- Dinosaur+Fire=>Dragon
- Swamp+Moss=>Fern
- Bacterium+Plankton=>Fish
- Air+Dinosaur=>Flying Dinosaur
- Clay+Life=>Golem
- Soil+Moss=>Grass
- Glass+Fire=>Lamp
- Radiowave+Fire=>Laser
- Energy+Radiowave=>Microwave
- Fire+Bird=>Phoenix
- Sand+Worm=>Snake
- Swamp+Worm=>Snake
- Alcohol+Worm=>Tequila
- Mercury+Glass=>Thermometer
- Storm+Bird=>Thunderbird
- Soil+Seeds=>Tree
After this, you should have 72 out of 230 elements
Phase 6
- Rain+Acid=>Acid Rain
- Glass+Fish=>Aquarium
- Fish+Fish=>Caviar
- Tree+Fire=>Coal
- Fire+Bug=>Firefly
- Fish+Swamp=>Frog
- Golem+Life=>Human
- Life+Beast=>Human
- Stone+Cockleshell=>Limestone
- Swamp+Grass=>Reed
- Acid+Metal=>Salt
- Bug+Sand=>Scorpion
- Fish+Seaweed=>Sushi
- Fire+Grass=>Tobacco
- Tree+Life=>Walking Tree
- Beast+Water=>Whale
- Plankton+Fish=>Whale
After this, you should have 87 out of 230 elements
Phase 7
- Fish+Human=>Aquaman
- Dinosaur+Human=>Blood
- Clay+Limestone=>Cement
- Clay+Human=>Ceramics
- Fire+Human=>Corpse
- Alcohol+Human=>Drinker
- Vodka+Human=>Drinker
- Stone+Human=>Hut
- Beast+Human=>Livestock
- Coal+Water=>Oil
- Human+Bacterium=>Patient
- Human+Egg=>Patient
- Metal+Coal=>Pig-iron
- Salt+Lake=>Sea
- Human+Human=>Sex
- Mushroom+Human=>Shaman
- Boiler+Coal=>Steam Engine
- Whale+Metal=>Submarine
- Metal+Human=>Tool
After this, you should have 104 out of 230 elements
Phase 8
- Soil+Tool=>Arable Land
- Human+Sex=>Baby
- Hut+Beach=>Bungalow
- Water+Cement=>Concrete
- Corpse+Soil=>Grave
- Livestock+Grass=>Manure
- Livestock+Human=>Meat
- Livestock+Grass=>Milk
- Livestock+Human=>Milk
- Sea+Sea=>Ocean
- Tool+Reed=>Paper
- Oil+Tool=>Petrol
- Mushroom+Tool=>Poison
- Snake+Tool=>Poison
- Tool+Scorpion=>Poison
- Human+Submarine=>Submariner
- Blood+Human=>Vampire
- Tool+Metal=>Weapon
- Tree+Tool=>Wood
- Livestock+Human=>Wool
- Life+Corpse=>Zombie
After this, you should have 122 out of 230 elements
Phase 9
- Human+Wool=>Ape
- Water+Wood=>Boat
- Concrete+Brick=>Brick house
- Paper+Tobacco=>Cigarette
- Tool+Wool=>Fabric
- Meat+Fire=>Fried Meat
- Zombie+Corpse=>Ghoul
- Weapon+Human=>Hunter
- Shaman+Poison=>Medicine
- Arable Land+Seeds=>Peas
- Wood+Life=>Pinocchio
- Weapon+Poison=>Poison Weapon
- Arable Land+Reed=>Rice
- Limestone+Manure=>Saltpeter
- Ocean+Air=>Space
- Laser+Weapon=>Starwars
- Baby+*=>Toy
- Vampire+Beast=>Werewolf
- Arable Land+Grass=>Wheat
- Wood+Tool=>Wheel
- Bacterium+Milk=>Yogurt
After this, you should have 143 out of 230 elements
Phase 10
- Space+Life=>Alien
- Wheat+Alcohol=>Beer
- Wood+Wheel=>Cart
- Fabric+Patient=>Clobber
- Fabric+Human=>Clothing
- Human+Peas=>Fart
- Hunter+Bird=>Feather
- Stone+Wheat=>Flour
- Saltpeter+Sulfur=>Gunpowder
- Human+Rice=>Japanese
- Brick house+Lamp=>Lighthouse
- Space+Stone=>Meteorite
- Poison Weapon+Human=>Murderer
- Boat+Fabric=>Sailing Boat
- Brick house+Glass=>Skyscraper
- Space+Lava=>Sun
- Medicine+Medicine=>Vicodin
- Weapon+Hunter=>Warrior
- Wood+Boat=>Wooden ship
- Shaman+Starwars=>Yoda
After this, you should have 163 out of 230 elements
Phase 11
- Metal+Gunpowder=>Bomb
- Paper+Feather=>Book
- Clobber+Human=>Cleaner
- Water+Flour=>Dough
- Weapon+Gunpowder=>Fire-arms
- Warrior+Dragon=>Hero
- Japanese+Metal=>Katana
- Feather+Fabric=>Pillow
- Brick house+Beer=>Pub
- Japanese+Tool=>Robot
- Wooden ship+Fabric=>Sailing Vessel
- Japanese+Weapon=>Samurai
- Clothing+Brick house=>Shop
- Steam Engine+Cart=>Steam Locomotive
- Wooden ship+Steam Engine=>Steamship
- Beast+Cart=>Team
- Wooden ship+Weapon=>Warship
- Warrior+Warrior=>War
After this, you should have 181 out of 230 elements
Phase 12
- Fire+Dough=>Bread
- Laser+Book=>CD
- Hero+Sailing Vessel=>Columbus
- Human+Book=>Doctor
- Hero+Fire=>Firefighter
- Book+Sex=>Kamasutra
- Japanese+Book=>Manga
- Samurai+Poison Weapon=>Ninja
- Murderer+Sailing Vessel=>Pirate
- Fire-arms+Murderer=>Sniper
- Bomb+Murderer=>Terrorist
After this, you should have 192 out of 230 elements
Phase 13
- Brick house+Doctor=>Hospital
- Doctor+Vicodin=>HouseMD
- Doctor+Book=>Scientist
- Columbus+Ocean=>USA
After this, you should have 196 out of 230 elements
Phase 14
- Scientist+Livestock=>Clone
- Scientist+Energy=>Electricity
- USA+Skyscraper=>NewYork
- Scientist+Bomb=>Nuclearbomb
- Scientist+Grass=>Philosopher
After this, you should have 201 out of 230 elements
Phase 15
- Metal+Electricity=>Aluminium
- Electricity+Glass=>Bulb
- Hero+NewYork=>Cop
- Philosopher+Stone=>Elixir
- Nuclearbomb+*=>Radiation
After this, you should have 206 out of 230 elements
Phase 16
- Radiation+Bug=>Cockroach
- Cop+Scientist=>FBI
- Elixir+*=>Gold
- Bird+Aluminium=>Plane
- Radiowave+Bulb=>TV
After this, you should have 211 out of 230 elements
Phase 17
- Plane+Bomb=>Bomber
- TV+Book=>Computer
- Gold+Paper=>Money
- Plane+Human=>Pilot
- Plane+Gunpowder=>Rocket
- FBI+Alien=>X-Files
After this, you should have 217 out of 230 elements
Phase 18
- Computer+Life=>AI
- Money+Brick house=>Bank
- Money+Human=>Business
- Radiowave+Computer=>Cellphone
- Computer+Human=>Cyborg
- Computer+Sex=>Developer
- Computer+Computer=>Internet
- Clobber+Pilot=>Skydiver
- Boat+Rocket=>Speedboat
- Rocket+Water=>Torpedo
- Alien+Rocket=>UFO
After this, you should have 228 out of 230 elements
Phase 19
- Internet+Pirate=>Hacker
- Cyborg+Mercury=>T-1000
After this, you should have 230 out of 230 elements
Adding the ARDX.ORG source code to your Arduino Example folder
Posted by grymoire in Hacking, Shell Scripting, Technology on October 16, 2011
I purchased the ARDX kit from Lady Ada, and I wanted to experiment with all of the source code from the ARDX web site. However typing in the link and copying the source code didn’t automatically add it as an example. Instead I had to re-save it as a sketch. So instead, I wrote a shell script called ARDX.sh
This does several things.
- It downloads all of the sketches.
- It creates a directory to store all of the sketches
- It creates a directory for each one of the sketches.
- It renames the source code into a *.pde file
- It moves the *.pde file into the proper sketch folder
- It removes all files created during the process. that are no longer needed.
To use the script, simply type
./ARDX.sh
# This creates a folder called "Ardx"
mv Ardx .../arduino-0022/examples/.
Here is the script. Note how I used the $debug variable. This let me select if I wanted to show the commands or execute the commands.
#!/bin/sh # Remove the '#' at the beginning of the next line to debug this script #debug=echo if [ ! -d Ardx ] then mkdir Ardx fi cd Ardx Examples="01 02 03 04 05 06 07 08 09 10 11 12A 13A" for i in $Examples do $debug wget -r http://ardx.org/CODE$i done $debug wget -r http://www.ardx.org/src/circ/CIRC12-code-ADAF.txt $debug wget -r http://www.ardx.org/src/circ/CIRC13-code-ADAF.txt # Now create a directory for each of the examples Examples="01 02 03 04 05 06 07 08 09 10 11" for i in $Examples do if [ ! -f ardx.org/src/circ/CIRC$i-code.txt ] then echo unable to find file ardx.org/src/circ/CIRC$i-code.txt else $debug mkdir CIRC$i $debug mv ardx.org/src/circ/CIRC$i-code.txt CIRC$i/CIRC$i.pde fi done # Now remove the old files in $debug mkdir CIRC12A $debug mv www.ardx.org/src/circ/CIRC12-code-ADAF.txt CIRC12A/CIRC12A.pde $debug mkdir CIRC13A $debug mv www.ardx.org/src/circ/CIRC13-code-ADAF.txt CIRC13A/CIRC13A.pde $debug /bin/rm -r ardx.org www.ardx.org
Restart your Arduino session, and when you look in examples, you will see a new folder called Ardx. Inside is a sketch for each of the examples.
Security News June 2011
Posted by grymoire in Security, Technology on June 6, 2011
Summary
- Several defense contractors were hacked, and the most likely method was the SecurID token.
- Government accounts on GMAIL were attacked
- Sony and Nintento hacked by LulzSec, others. Last count for Sony was 13 hacks, spawning the new term S0wned (Sony + P0wned)
- China explains their Cyber War view. According to the translator, US is the aggressor.
- New Flash update, fixes vulnerability seen in wild
- Iran, Canada, InfraGard, Acer Hacked
- Android gains firesheep capabilities by stealing cookies
Update for June 14, 2011
- Hacked: Citibank, IMF, Senate, Codemasters
- FBI Investigates LM Breach, Pittsford theft
- Google removes suspicious apps
- US urges Code of Conduct
- Flash being exploited
- IBM/Cloud Security
- Secure Coding Framework update
- Why it’s hard to trace hackers
- Australian banks replace SecurID Token
Updated June 16th
Summary for June 23rd
- NIST has SCADA guide
- NSA team with ISP’s
- Citibank affects 360K
- Flash exploited
- Bitcoins stolen
- US builds test net for cyber war games
- Sega- hack netted 3.29 million users
- Northrup Grumman
- Lulzsec & Anonymous form AntiSecurity, gets hacked, arrested
- WordPress Backdoor
- CNET has hacked spreadsheet
- 90% of all companies hacked
- Scareware ring busted
Summary for June 30th
- Chronology of Data Breeches
- Travelodge
- Should I Change My Password?
- Secure Hash History Visualization
- Apple Update
- Disposable Router
- LulzSec News
- Electronic Arts
- GPU Cracking
- CitiBank
- ChronoPay
- ‘Indestructable rootkit’
- Tor Trojaned
- Groupon
- Popular iPhone PINS
- Hackers vs. Al-Qaeda
- Counterfeit chips
Defense Contractors: Fallout From RSA Breach
Lockheed’s finding confirmed the fears of security experts about the safety of the SecurID tokens and heightened concerns that other companies or government agencies could be vulnerable to hacking attacks..
LM will be re-issuing 45,000 of their their SecurID Tokens. Note the L-3 Communications (formerly from LM) and Northrup Grumman were also hacked.
http://www.nytimes.com/2011/06/04/technology/04security.html
http://www.nytimes.com/2011/06/04/technology/04security.html
Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks
http://www.wired.com/threatlevel/2011/05/l-3/
Northrop Grumman May Have Been Hit by Cyberattack, Source Says
http://www.foxnews.com/scitech/2011/05/31/northrop-grumman-hit-cyber-attack-source-says/
Northrup is now moving to smartcards.
Microsoft Enhanced Mitigation Evaluation Toolkit (EMET)
http://www.darknet.org.uk/2011/06/microsoft-enhanced-mitigation-evaluation-toolkit-emet/
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e127dfaf-f8f3-4cd5-8b08-115192c491cb
Microsoft now has a bootable package that can remove rootkits.
US-CERT’s summary of Control Systems Security Program (CSSP)
http://www.us-cert.gov/control_systems/ics-cert/archive.html
Lists reports related to SCADA and control systems. Worth bookmarking
ICS-CERT Monthly bulletin on ICS Security
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_May.pdf
Sony Pictures hacked by Lulz Security, 1,000,000 passwords claimed stolen
http://www.engadget.com/2011/06/02/sony-pictures-hacked-by-lulz-security-1-000-000-passwords-claim/
http://dvice.com/archives/2011/06/oh-no-not-again.php
“Apparently LulzSec were a little pissed off that nobody at Sony noticed as they were downloading their secret files, so they sent them the friendly tweet shown above to let them know. Who says hackers don’t have good manners?”
Latest score: Hackers 12, Sony 0.
http://attrition.org/security/rants/sony_aka_sownage.html
The new term is sownage – replacing pownage.
Sony Russia hacked
http://www.allgeek.tv/2011/06/05/sony-pictures-russia-exposed-by-sql-injection/
Lulzsec attacks Nintendo
http://www.hardocp.com/news/2011/06/05/hackers_attack_nintendo
Spear phishing attacks from China towards gmail accounts
http://www.schneier.com/blog/archives/2011/06/spear_phishing.html
Gmail Hack Targeted White House
http://online.wsj.com/article/SB10001424052702304563104576361863723857124.html
More details on the GMAIL hack
http://money.cnn.com/2011/06/03/technology/gmail_phishing_scams/
And if you have a gmail account, read this
Spotting Web-Based Email Attacks
http://krebsonsecurity.com/2011/06/spotting-web-based-email-attacks/
China Calls US Culprit in Global ‘Internet War’
http://abcnews.go.com/Business/wireStory?id=13750409
Chinese view of American as the aggressor
http://taosecurity.blogspot.com/2011/06/chinas-view-is-more-important-than.html
Iran’s top secret files on wikileaks
http://thepiratebay.org/torrent/6422934/Anonymous_Operation_Iran_TOP_SECRET_FILES_
Hackers say Acer breach leaked data for 40,000
http://www.theregister.co.uk/2011/06/03/acer_customer_data/
Hackers stole secret Canadian government data
http://www.cbc.ca/news/technology/story/2011/06/02/pol-cyber-attacks.html
Android app brings cookie stealing to unwashed masses
http://www.theregister.co.uk/2011/06/03/android_cookie_stealing_app/
An android version of the FireSheep plugin
Exclusive: Microsoft Has Acquisition Deal With Nvidia
http://www.informationweek.com/news/windows/microsoft_news/229900137
Yahoo Mail, Hotmail become new targets for hackers
Anonymous reveals passwords for hundreds of Middle East government email accounts
Adobe Flash Player 10.3.181.22 Released, fixes vulnerability being exploited
http://blog.sharpesecurity.com/2011/06/06/adobe-flash-player-10-3-181-22-released/
http://krebsonsecurity.com/2011/06/flash-player-patch-fixes-zero-day-flaw/
FBI partner attacked by hackers, passwords taken
http://www.fox11az.com/news/world/123201463.html
“Nearly 180 passwords belonging to members of the Atlanta-based FBI partner organization InfraGard have been stolen and leaked to the Internet”
“The passwords appear to include users from the U.S. Army, cybersecurity organizations and major communications companies.”
Seoul denies leakage of Lee-Obama conversation
http://www.straitstimes.com/BreakingNews/Asia/Story/STIStory_676706.html
Notorious rootkit gets self-propagation powers
http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/
TDSS Rootkit now propagates by acting as a rogue DHCP server, directing clients to poisoned DNS server.
Iran Announces Plans To Build Its Own Internet, Operating System
http://www.foxnews.com/scitech/2011/05/29/new-form-censorship-iran-moves-disconnect-internet-world/
RSA – will replace 40 million tokens
http://www.theregister.co.uk/2011/06/07/rsa_token_replacement_offer/
Note that earlier RSA has publically stated that there is no reason for customers to be worried.
Acer inadvertently releases 40,000 customer details
After delay, hacker to show flaws in Siemens industrial gear at Blackhat
http://www.itworld.com/171679/after-delay-hacker-show-flaws-siemens-industrial-gear
Remember that this talks was cancelled at the request oif DHS and Siemens.
Note that Siemens has publically stated that there is no reason for customers to be worried.
Just like RSA.. Anyhow – the gauntlet has been thrown. Siemens has little more than a month to fix the problem.
Romanians pocket $1.5m in alleged ATM skimming spree
http://www.theregister.co.uk/2011/06/07/atm_skimming_indictment/
New Oracle Sun Java 6 Update 26 Release Contains Security Fixes for 17 holes
http://blog.sharpesecurity.com/2011/06/08/new-oracle-sun-java-6-update-26-release-contains-security-fixes/
http://krebsonsecurity.com/2011/06/java-patch-plugs-17-security-holes
Update now. And update your Flash as well if you haven’t/
CloudFlare: A website security product accidentally makes sites 60% faster
By careful use of CloudFlare, you can instrument and tune your website and improve loading time. There’s no magic function for speed.
Tennessee Makes Password Sharing Illegal
http://www.schneier.com/blog/archives/2011/06/tennessee_makes.html
So don’t let your kids use your iTune account in Tennessee. Sheesh.
Anonymous hacks sites in India in fight against corruption
http://www.networkworld.com/news/2011/060711-anonymous-hacks-indian-site-in.html
Their message: “There is no use securing. There is no use of spending on forensic. Get this message clear Mr. Prime Minister and others”.
Citibank hacked
http://www.reuters.com/article/2011/06/09/us-citi-idUSTRE7580TM20110609
http://www.theregister.co.uk/2011/06/09/citibank_hack_attack/
Citigroup Inc said computer hackers breached the bank’s network and accessed the data of about 200,000 bank card holders in North America, the latest of a string of cyber attacks on high-profile companies.
Hackers exploiting Flash Player XSS vulnerability
http://www.zdnet.com/blog/security/hackers-exploiting-flash-player-xss-vulnerability/8732
Google Removes ‘Suspicious’ Apps From Android Market
‘Angry Birds’ spinoffs may contain malware that steals data from smartphone, researchers say, but other experts say it may not be malicious–just too invasive
US urges Code of Conduct for Internet Commerce
http://www.msnbc.msn.com/id/43338118/ns/technology_and_science-security/
IBM building security into cloud fabric
http://www.networkworld.com/news/2011/060911-ibm-security.html
IBM executives said this week that the company is looking to many of its existing tools, from the Tivoli management system to Cognos business intelligence software, to secure private and IBM-hosted hybrid clouds as customers migrate to these new computing setups.
Australian banks replace RSA tokens
http://www.theregister.co.uk/2011/06/09/banks_replacing_tokens/
Secure coding news flash: BSIMM3 coming in August
http://www.networkworld.com/news/2011/061011-secure-coding-news-flash-bsimm3.html
FBI Investigating Cyber Theft of $139,000 from Pittsford, NY
http://krebsonsecurity.com/2011/06/fbi-investigating-cyber-theft-of-139000-from-pittsford-ny/
The thieves initiated a small batch of automated clearing house (ACH) transfers to several money mules
Gaming firm Codemaster suffers data breach
http://www.salisburyjournal.co.uk/uk_national_news/9079035.Gaming_firm_suffers_data_breach/
International Monetary Fund Reportedly Hacked
https://threatpost.com/en_us/blogs/international-monetary-fund-reportedly-hacked-061111
http://www.theregister.co.uk/2011/06/13/imf_hack_attack/
http://www.nytimes.com/2011/06/12/world/12imf.html?_r=4
http://www.bbc.co.uk/news/world-us-canada-13740591
FBI Investigates Lockheed Martin breach
Seeking Address: Why Cyber Attacks Are So Difficult to Trace Back to Hackers
http://www.scientificamerican.com/article.cfm?id=tracking-cyber-hackers
Sony, Google, RSA and now Citigroup are just some of the prominent victims of cyber attacks as defenses at large organizations prove porous and attackers elude detection
Hackers break into Senate computers
http://www.centralkynews.com/amnews/sns-rt-us-cybersecurity-ustre75c5ji-20110613,0,5193525.story
http://www.theregister.co.uk/2011/06/14/lulzsec_senate_bethesda_hack/
The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not reach behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms, said on Monday.
U.S. Underwrites Internet Detour Around Censors
http://www.nytimes.com/2011/06/12/world/12internet.html?_r=3&smid=tw-nytimes&seid=auto
Connect.Me & The Respect Trust Framework™ -
From Tim O’Reily
The Respect Trust Framework is a new approach to giving individuals control over their personal data. A trust framework is a set of legal and technical rules by which members of a network agree to operate in order to achieve trust online. Read the white paper.
http://blog.connect.me/whitepaper-the-personal-network
Who is behind the hacks? (FAQ)
http://news.cnet.com/8301-27080_3-20071100-245/who-is-behind-the-hacks-faq/?tag=cnetRiver
A reasonable summary. Mentions Anonymous, LulzSec, Idahc, and Foreign countries
Commerce Department: Recent Wave Of Cyberattacks Sounds An Urgent Wake-up Call
Citigroup Attackers Used Simple, Clever [i.e. lame - Bruce] Entry Point
https://threatpost.com/en_us/blogs/citigroup-attackers-used-simple-clever-entry-point-061411
http://www.nytimes.com/2011/06/14/technology/14security.html?ref=technology
They just enumerated account numbers on the URL. Smack forehead.
Citigroup now says 360,000 affected by hackers
http://ap.onlineathens.com/pstories/20110616/844999528.shtml
FBI’s New Guidelines Further Loosen Constraints on Monitoring
Security Experts: Hackers Can Shut Down S Korea in 3 Hours
NIST has finalized the NIST SP 800-82 document, entitled “Guide to Industrial Control Systems (ICS) Security”.
http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
NSA allies with Internet carriers to thwart cyber attacks against defense firms
“The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.”
Citigroup Breach Now Reportedly Affecting More Than 360k
http://threatpost.com/en_us/blogs/citigroup-breach-now-reportedly-affecting-more-360k-061611
Amazon Web Services Overview of Security Processes
http://d36cz9buwru1tt.cloudfront.ne/pdf/AWS_Security_Whitepaper.pdf
A new whitepaper from Amazon. It covers
- Amazon Elastic Compute Cloud (Amazon EC2) Security
- Amazon Virtual Private Cloud (Amazon VPC)
- Amazon Simple Storage Service (Amazon S3) Security
- Amazon SimpleDB Security
- Amazon Relational Database Service (Amazon RDS) Security
- Amazon Simple Queue Service (Amazon SQS) Security
- Amazon Simple Notification Service (SNS) Security
- Amazon CloudWatch Security
- Auto Scaling Security
- Amazon CloudFront Security
- Amazon Elastic MapReduce Security
Thousands of Aussie websites exposed in hack attack of Distribute.IT
‘Thousands of Australian websites are vulnerable to being taken over by hackers following a break-in at Australian domain registrar and web host Distribute.IT, security experts say.”
Germany opens cyberdefence centre to protect water, electricity
http://www.theregister.co.uk/2011/06/16/germany_cyber_defence_to_defend_infrastructure/
Adobe Patches Critical Bugs in Flash, Reader, Acrobat (June 15th)
http://threatpost.com/en_us/blogs/adobe-patches-critical-bugs-flash-reader-acrobat-061511
Latest version is 10.3.181.26
Hackers target virtual currency
http://www.echonews.com.au/story/2011/06/18/hackers-target-virtual-currency-bitcoin/
Bitcoin is a true anonymous digital currency based on cryptography. The value of bitcoins to the US has increased substantially. Now hackers have a way to break into Windows boxes to steal someone’s bitcoin wallet.
Bitcoin transaction exxplorer
This shows you how important bitcoin has become, with people trading thousands of dollars a day. Some huge transactions occurring.
Facebook, PayPal users urged to check logins after hacking
Here is the list of accounts that were compromized- http://dazzlepod.com/lulzsec/
Youtube Video on Stuxnet
http://www.youtube.com/watch?v=7g0pi4J8auQ
Very glitzy and suitable to scare the masses. Loose with the facts, i.e. “20 zero-day vulnerabilities”. As far as I know, there were 4, not 20. The takeaway – Stuxnet is an open source weapon. It doesn’t matter who designed it. What matters is who will use it next. We are supposed to tremble where we hear this.
US builds net for cyber war games
http://www.bbc.co.uk/news/technology-13807815
The United States government is building its own “scale model” of the internet to carry out cyber war games.
Cyber Security: China at risk from hacker’s cyber attacks
From Dillon Beresford, the person who recently found the Siemens flaw.
Sega says hackers stole data of 1.29 million users
http://www.bbc.co.uk/news/technology-13829690
Sega has confirmed that the personal data of 1.29 million of its customers was stolen in an attack on its systems.
Network Solutions’ Systems Back Online Following DDoS Attacks
http://threatpost.com/en_us/blogs/after-ddos-attacks-network-solutions-systems-back-online-062211
NorthropGrumman constantly under attack by cyber-gangs — forensics reveal distinct groups going after sensitive data
http://www.networkworld.com/news/2011/062111-northrop-grumman.html?source=nww_rss
Lulzsec and Anonymous form “Operation Anti-Security”
http://www.thehackernews.com/2011/06/lulzsec-anonymous-initiates-operation.html
WordPress Advises Password Reset After Finding Suspicious Commits
CNET composed a spreadsheet of hacker activity.
Dox everywhere: LulzSec under attack from hackers, law enforcement
90% of companies say they’ve been hacked: Survey
http://www.networkworld.com/news/2011/062211-90-of-companies-say-theyve.html?hpg1=bn
Cyber attack jams Brazilian presidency’s website
http://www.bellinghamherald.com/2011/06/22/2071322/cyber-attack-jams-brazilian-presidencys.html
Feds crack multi-million scareware ring
http://www.theregister.co.uk/2011/06/23/fbi_scareware_arrests/
This is related to the following blog post.
Financial Mogul Linked to DDoS Attacks
http://krebsonsecurity.com/2011/06/financial-mogul-linked-to-ddos-attacks
Pavel Vrublevsky, the embattled co-founder of ChronoPay — Russia’s largest online payments processor — has reportedly fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber attack against a top ChronoPay competitor.
Hackers Exploiting Latest Adobe Flash Bug On Large Scale
http://www.darknet.org.uk/2011/06/hackers-exploiting-latest-adobe-flash-bug-on-large-scale/
Chronology of Data Breaches Security Breaches 2005 – Present
http://www.privacyrights.org/data-breach?order=field_breach_total_value&sort=desc
IMF identifies computer files hacked in cyber attack
http://www.rawstory.com/rs/2011/06/23/imf-identifies-computer-files-hacked-in-cyber-attack/
Group says it hacked Arizona public safety files
http://newsok.com/group-says-it-hacked-arizona-public-safety-files/article/feed/270796
Travelodge admits hack
http://www.theregister.co.uk/2011/06/24/travelodge_hacked/
Replica keys can be generated using a camera 195 feet away.
http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=791
UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key.
Should I change my password?
https://shouldichangemypassword.com/
This is a site that has a repository of all hacked accounts.
You can enter your email address, and it will tell you if there are public records revealing your password, and if you should change it.
No passwords are stored in the ShouldIChangeMyPassword.com database.
List of Cyber Event Calendar from IATAC Information Assurance Technology Analysis Center
http://iac.dtic.mil/iatac/IOcalendar/cyber_calendar_current.html
Useful visual of secure hash key length over history
http://valerieaurora.org/hash.html
See also http://www.keylength.com/en/
Popular, but sluggish secure server? Popularity might not be the reason
30% of popular sites use SSL inefficiently
Apple Issues Huge Security Update, Releases OS X 10.6.8
http://threatpost.com/en_us/blogs/apple-issues-huge-security-update-releases-os-x-1068-062411
Wisper: 1 inch by 1 inch disposable router for DHS
http://www.dhs.gov/files/programs/st-snapshots-self-powered-waterpoof-heat-resistant-router.shtm
Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?
LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm
Hackers attack Electronic Arts website
http://www.reuters.com/article/2011/06/24/us-electronicarts-hackers-idUSTRE75N58J20110624
Nice article on GPU’s and password cracking
http://erratasec.blogspot.com/2011/06/password-cracking-mining-and-gpus.html
LulzSec calls it quits after 50 days of ‘mayhem’
http://www.networkworld.com/news/2011/062611-lulzsec-calls-it-quits-after.html?source=nww_rss
Citi hackers made $2.7 million
http://www.networkworld.com/news/2011/062511-citi-hackers-made-27.html
About 3,400 of the 360,000 compromised credit card accounts were hit with fraud
Ukraine disrupts $72M Conficker hacking ring
http://www.networkworld.com/news/2011/062311-ukraine-disrupts-72m-conficker-hacking.html
The hackers allegedly pushed fake antivirus software and then also stole banking details
Hit and Hacked, Sony Fights Back
http://www.newsweek.com/2011/06/26/sony-s-ceo-on-battling-cybercrime.html
Enough about Sony, he says: “Everybody is being hacked now.”
ChronoPay Co-Founder Arrested
http://krebsonsecurity.com/2011/06/chronopay-co-founder-arrested/
An interesting example of a gmail account getting hacked
http://www.multitasked.net/2011/jun/27/hacked-gmail-google-account/
After they were able to log in, and change the password and backup email, it was hacked again.
Google kills sickly health, energy projects
http://www.theregister.co.uk/2011/06/27/google_health_and_powermeter_killed/
Google is killing its Health and PowerMeter products due to a lack of interest from would-be customers.
Geohut – the Original Sony PlayStation Hacker, whose lawsuit triggered the Sony hacks, joins Facebook
http://developers.slashdot.org/story/11/06/27/0316244/Geohot-Joins-Facebook-As-Product-Developer
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
http://www.theregister.co.uk/2011/06/29/tdss_alureon_advances/
Trojan talks over Tor
http://www.scmagazine.com.au/News/262063,trojan-talks-over-tor.aspx
The Tor communication capability was an addon function to the Bifrost backdoor trojan that allowed the malware to send stolen user data over the encrypted proxy network.
Up-And-Coming Botnet Uses Same Malware Kit As Defunct Mariposa
‘Butterfly bot’ kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters
Groupon passwords in the clear?
http://pauldotcom.com/2011/06/groupon-passwords-in-the-clear.html
Groupon India publishes 300,000 user passwords
http://www.theregister.co.uk/2011/06/28/groupon_india_privacy_breach/
Home of Outed Alleged LulzSec Member Raided in Ohio
http://threatpost.com/en_us/blogs/home-outted-lulzsec-member-mnerva-raided-ohio-062911
Automation Firewall 100/200 is new SIemens appliance
Posted on https://twitter.com/#!/scadahacker
US Govt. plant USB sticks in security study, 60% of subjects take the bait
Most popular iPhone PINs
http://amitay.us/blog/files/most_common_iphone_passcodes.php
Symantec’s Healthcare Expert: Substantial Risk for Cyber Attack on Medical Devices
There is a fiction book “Rain Fall,” published in 2002, where the assassin modifies an imbedded pacemaker’a timing using a wireless link to the device, leaving no physical clue to the cause of death.
http://www.amazon.com/exec/obidos/ASIN/0399149104/
Hackers shut down Al-Qaeda’s net communication
http://www.indiatalkies.com/2011/06/hackers-shut-alqaedas-net-communication.html
Metasploitable – Test Your Metasploit Against A Vulnerable Host
http://www.darknet.org.uk/2011/06/metasploitable-test-your-metasploit-against-a-vulnerable-host/
Fishy Chips: Spies Want to Hack-Proof Circuits (Supply Chain)
http://www.wired.com/dangerroom/2011/06/chips-oy-spies-want-to-hack-proof-circuits/#more-49990
Why is NFC so important?
Posted by grymoire in Security, Technology on June 2, 2011
NFC, or Near Field Communication is old technology that has been waiting for the right moment to become a major part of our lives.
Introduction to RFID and Smartcards
FIrst – let me give you some background on the technology NFC is based on. This is an overview of RFID and smartcards.
Actually, I dislike the use of the term RFID, because it means anything from a digital barcode, to a WiFi device. It’s just too vague. Another vague term is “smartcard” which can be anything from a serial number that can be read wirelessly, to a full-blown CPU with PKI, AES encryption, etc. That is, smart cards can have the appearance of
- A number, like a barcode, with the same security (none).
- A card that contains memory which you can read from and write to, which may be encrypted.
- File systems, with directories and files
- Cards with pre-determined APIs (with the code in firmware)
- Virtual machines, such as one running Java. These cards may have PKI, hardware-based encryption, hardware-based random number generator.
First of all, the industry is filled with many proprietary technologies, some of which became “standards” because customers demanded some stability. In some cases, these standards have “type A” vs “type B” which use different and incompatible technologies, but because they are now documented, then are now “standardized.”
Let’s first describe some various types of RFID/smartcard technology, both contact and contactless (wireless), which can be defined by the standards they use.
| Standard | Connection Type | Power | Range | Speed | Strong Crypto? | Card/Reader |
| ISO-7816 | Physical | Physical | 0 | 106 Kb/s | Yes | Card |
| ISO-14443 (Proximity) | Wireless 13.56 MHz | Passive | Up to 4″ | 424 Kb/s | Yes | Card |
| ISO-15693 (Vicinity) | Wireless 13.56 MHz | Passive | Up to 28″-48″ | 26.2 Kb/s | Perhaps | Card |
| ISO-18092 (NFC) | Wireless | Passive/Powered | Up to 8″ | 106 Kb/s | Yes | Card/Reader |
ISO-7816 is the standard for contact-based smart cards. These cards are commonly used as smart credit cards in Europe, and you can see the contacts on the credit card. These cards never became popular in the US. These cards can perform very strong encryption. Or they can be simply cards with accessible memory.
The next two smartcard types are the “prox” cards and the “vicinity’ cards. Vicinity cards are often used as access badges, because they work at large ranges. “Prox” cards have to be very close to the reader to work. Notice that the Prox cards have a much higher data transmission range. More data can be sent.
Proximity cards can perform encryption. However, as they are powered by the reader, the card has to “boot up”, send and receive data, and encrypt/decrypt the data before the power is removed. That is, before the card is moved away from the reader. This might take 300 milliseconds, and one of the design challenges is to have protocols that can handle cases where the card can lose power at any point in time. Let’s say you have a protocol that the reader and the card exchange 2 packets each – for a total of 4 packets. If the card owner moves the card away from the reader before the protocol is finished, only 1, 2 or 3 packets may have been sent. You don’t want to have unstable data when purchasing something.
I should mention that these “Prox” cards are used for contactless credit cards. These cards are described as ‘Blink” or “Wave” cards.
Cards may also be “dual-interface” i.e. they have both contacts, and will work contactlessly.
All of the cards are powered by the card reader. Wireless cards are powered by a coil in the card that picks up the energy from the reader. No battery in necessary in the card.
Wikipedia has more information on the ISO-14443, ISO-15693, and NFC. There are other “standards” such as Mifare, which may or may not support encryption. There are at least eight different types of Mifare cards.
Some of the most powerful cards are the JCOP cards, where JCOP means Java Card OpenPlatform. It’s like a mini-operating system on a card. This gives you a lot of flexibility. For a while, I was playing around with JCOP cards. I purchased a couple of JCOP cards from IBM, installed the free software – as a plug-in for Eclipse, and once I inserted one of my IBM cards, the software was enabled. Unfortunately, NXP/Phillips purchased the group and the free software no longer was available. Closed systems only innovate slowly.
I experimented with the MUSCLEcard, which let me use a contact smart card for remote authentication. You needed a PIN to unlock the card, but once you did, the remote system, which has your public key, sends a challenge to the local system, which sends it to the card, which encrypts the challenge with the private key. This in turn is sent back to the remote site, which verifies your identity. I liked this technology a lot. It was a great way to authenticate yourself. Iliked it better that the Yubikey, except it needed a card reader, while the Yubikey only needed a USB port.
There have been proposals to allow NFC devices to read ISO-15693 tags.
What’s so special about NFC?
NFC is an extension of ISO-14443. It can interact with ISO-14443 devices in three different ways:
- NFC can act as a passive devices. to a reader. It can provide a simple serial number, like a barcode or UPC, It can also act as a contactless credit card. Therefore a NFC device can dispense money and make purchases. If a soda machine supported NFC and the right standards, you could pay for a soda with a NFC-enabled phone.
- NFC can read passive devices. Therefore it can read “smart cards” with could be a serial number, a code that corresponds to a coupon that is on a poster or a product. It can also act as a credit card reader. Yes, a NFC-enabled phone can read a Blink or Wave credit card. Your phone allows you to sell things to anyone with a contactless credit card.
- NFC supports reader-to-reader communication. Therefore you can touch two phones together and exchange information over the NFC interface. If it were possible for a phone to contain “digital money”, you can use this to “give” money to someone else.
You can see that the potential for an NFC device to replace a wallet , and replace cash is possible. Standards have to be developed and reviewed for this to happen. The closest thing I have seen to digital cash is the Bitcoin concept.
These standards won’t spring up overnight. But we need to have enough momentum for devices to be freely available out in the world before people really start innovating. Once this occurs, we will see a lot of innovation. It’s a brave new world, and I am anxiously awaiting the developments of Googles wallet, and the rumors of NFC in the next generation iPhone.
Update: more on the wallet.
Security News May 2011
Posted by grymoire in Hacking, Politics, Security, Technology on May 5, 2011
Advanced Persistent Tweets: Zero-Day in 140 Characters
http://krebsonsecurity.com/2011/05/advanced-persistent-tweets-zero-day-in-140-characters/
Interesting report on “a Chinese hacker” bragging about zero-day attacks.
Sony Online loses 12,700 credit card account numbers, 24.6 million accounts compromised [update]
http://www.joystiq.com/2011/05/02/sony-hit-with-second-attack-loses-12-700-credit-card-nu/
A second hack has occurred.
Bruce Schneier’s TED talk on security trade-offs
http://www.ted.com/talks/bruce_schneier.html?awesm=on.ted.com_Schneier
Bruce always has an interesting view on security. This one discusses how we react and evaluate security.
Crimeware Kit Emerges for Mac OS X
http://threatpost.com/en_us/blogs/crimeware-kit-emerges-mac-os-x-050211
“Crimeware kits have become a ubiquitous part of the malware scene in the last few years, but they have mainly been confined to the Windows platform. Now, reports are surfacing that the first such kit targeting Apple’s Mac OS X operating system has appeared.”
Best Buy Suffers Second Email Breach
Epsilon hack victim’s customer emails exposed yet again — via a different vendor
“The Best Buy spokesman noted that the second breach was similar to that of Epsilon’s”
The X Factor hit by database breach, leading to quarter of a million personal details being stolen
“The personal details of 250,000 The X Factor hopefuls may have been compromised following a database hack. A Fox network spokesperson confirmed that no financial information was accessed”
Bin Laden Death Triggers Cyber Scams
http://www.techweb.com/news/229402787/bin-laden-death-triggers-cyber-scams.html
As expected. There are many other links as well.
Five Biggest Recipients Of Corporate Tax Breaks Spent $8 Million In 2010 Elections (UPDATED)
http://www.huffingtonpost.com/2011/05/03/recipients-corporate-tax-breaks-elections_n_856630.html
GE is listed as one of the top 5 companies that received a tax break.
Other references regarding lobbying include
http://www.opensecrets.org/orgs/list.php?order=A
http://www.opensecrets.org/orgs/totals.php?cycle=2010&id=D000000125
Sony notes deception in their attack
“Hirai went on to claim that the breach occurred at the same time as the DoS attack, which was not immediately detected because of its ‘sheer sophistication’ and because a ‘system software vulnerability’ was exploited.”
An example of deceptive hacking – Bruce
North Korea hackers blamed for bank crash in South
Michael Stores reports PIN pad attack in Chicago, according to email I just received.
Lastpass forces everyone to change their master password after a hack.
http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html#tk.twt_pcw
This may not be necessary, but the CEO felt it is best to be conservative regarding security. - Bruce
Scammers Swap Google Images for Malware
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
Homeland Security Demands Mozilla Remove Firefox Extension That Redirects Seized Domains
Latvian energy grid hacked? Chinese hacking group claims responsibility all details; keys, rules.
http://seclists.org/fulldisclosure/2011/May/85
This is the URL to the bragging
The third Sony hack
http://mobile.reuters.com/article/idUSL3E7G701T20110507?irpc=932
http://www.thehackernews.com/2011/05/thn-hacker-news-exclusive-report-on.html
Vulnerability in Skype exposes MacOS to worm
http://www.networkworld.com/news/2011/050611-skype-to-fix-wormable-bug.html?source=nww_rss
Congress Bans Scientific Collaboration with China, Cites High Espionage Risks
“The clause prohibits the White House Office of Science and Technology Policy (OSTP) and the National Aeronautics and Space Administration (NASA) from coordinating any joint scientific activity with China.”
Renren (China’s equivalent to Facebook) Changes Key User Figure Before IPO
http://online.wsj.com/article/SB10001424052748704729304576286903217555660.html?KEYWORDS=renren
“Chinese social-networking company Renren Inc., which is hoping to raise $584 million in a public listing on the New York Stock Exchange, revised a key user number in its prospectus, highlighting the murkiness of data in China’s high-flying Internet sector.”
Phishing Becomes More Sophisticated
http://www.networkworld.com/news/2011/050911-phishing-becomes-more.html?source=nww_rss
“Organized cybercrime groups are using convincingly crafted emails to target high-level executives and employees within the organizations they want to attack. In many cases, the phishing emails are personalized, localized and designed to appear as though they originated from a trusted source. ”
Some pen test experts say they are 70% successful for each individual email. – Bruce
The hackers hacked: main Anonymous IRC servers invaded
OpenID warns of ‘psychic paper’ authentication attack
http://www.theregister.co.uk/2011/05/09/openid_security_bug/
Baddies can modify cross-site personal data … though no one has yet
Vulnerabilities in Online Payment Systems
http://www.schneier.com/blog/archives/2011/05/vulnerabilities_2.html
Paypal –based authentication flaw with third party
CS2: A Semantic Cryptographic Cloud Storage System
http://research.microsoft.com/apps/pubs/default.aspx?id=148632
“This paper presents CS2, a cryptographic cloud storage system that provides provable guarantees of confidentiality, integrity, and verifiability without sacrificing utility. In particular, while CS2 provides security against the cloud provider, clients are still able to efficiently access their data through a search interface and to add and delete files. ”
Metasploit 3.7 Takes Aim at Apple iOS
http://www.esecurityplanet.com/news/article.php/3932861/Metasploit-37-Takes-Aim-at-Apple-iOS.htm
“The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple’s iOS mobile operating system security”
Backtrack 5 released
http://www.backtrack-linux.org/
Backtrack is an exploitation distribution. The maintainers said on Twitter that they DoS on server the night before. Bruce
Google’s South Korea Office Raided over Location Privacy
“Google’s South Korean office was raided by police in that country over the use of location data in its AdMob mobile ad platform, which delivers ads on Android handsets and tablets.”
Breach at Michaels Stores extends nationwide. 70 hacked PIN pads found in stores from DC to West Coast
http://krebsonsecurity.com/2011/05/breach-at-michaels-stores-extends-nationwide/
Facebook Applications Accidentally Leaking Access to Third Parties
Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher
Problematic Certificates
http://www.f-secure.com/weblog/archives/00002155.html
Nothing new – just a discussion of the problem with certificates
Two Zero-Day Flaws Used To Bypass Google Chrome Security
French researchers say they hacked their way out of browser’s sandbox, bypassed DES and ASLR
Google responds
NASA, Stanford Hacked by Software Scammers
http://www.foxnews.com/scitech/2011/05/10/nasa-stanford-hit-software-scammers/
Shady online salesmen offering cheap Adobe software have hacked into several Web pages belonging to NASA and Stanford University.
Database of Fox Employees’ Passwords and Emails Leaked
http://gawker.com/5800366/database-of-fox-employees-passwords-and-emails-leaked
Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download !
http://www.thehackernews.com/2011/05/finally-source-code-of-zeus-crimeware.html
Security Fixes for Microsoft Windows, Office
http://krebsonsecurity.com/2011/05/security-fixes-for-microsoft-windows-office/
“Microsoft issued just two updates today to fix at least three security flaws in its Windows and Microsoft Office products, a merciful respite following last month’s record-setting patch push. One of the patches issued today earned a critical rating, the company’s most serious.”
Preventive and protective measures against insider threats in nuclear facility
http://www-pub.iaea.org/MTCD/publications/PDF/Pub1359_web.pdf
Facebook worm w/cut&paste javascript
http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/
Businesses Need to Look at Security as a Military Operation
“Businesses need to look at security as a military exercise and can benefit from strategies that have proved useful in battle, a former military security expert told an Interop audience this week”
Exposing the Lack of Privacy in File Hosting Services
http://www.usenix.org/event/leet11/tech/full_papers/Nikiforakis.pdf
File hosting services like Rapidshare provide an apparently obscure and secret way to exchange files. Not so. The URL’s are guessable, and being actively examined by third parties.
ActiveX Flaw Affecting SCADA systems
http://isc.sans.edu/diary/ActiveX+Flaw+Affecting+SCADA+systems/10873
“If you are running a power plant, a refinery or any other system using ICONICS’ GENESIS32 and BizViz software[[...]please patch your plant.”
Amazon.com Server Said to Have Been Used in Sony Network Attack
Not surprising, as a stolen credit card can be used to create untraceable accounts.
Critical Flash Player Update Plugs 11 Holes
http://krebsonsecurity.com/2011/05/critical-flash-player-update-plugs-11-holes/
Final Fantasy maker Square Enix hacked
http://www.bbc.co.uk/news/technology-13394968
Hackers have broken into two websites belonging to Japanese video games maker Square Enix.
Pentesting Vulnerable Study Frameworks Complete List
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
Useful list of tools and links for pentesters – Bruce
More details and theories on the Sony PSN hack
http://www.theregister.co.uk/2011/05/13/veracode_playstaion_hack_analysis/
And then it came up, and went down again.
Review of various password managers
http://blog.danielfischer.com/2011/05/12/its-time-to-start-using-a-password-manager/
Killerbee is an exploitation for 802.15.4/ZigBee sensor networks
http://code.google.com/p/killerbee/
Stuxnet: How It Happened
The paper recommendations:
* prevent unauthorized media
* Use host-based firewalls to disable P2P protocols
* Use tripwire, etc. to detect unauthorized changes
Qakbot Virus Causes Possible Data Breach at Mass. Agencies
http://threatpost.com/en_us/blogs/qakbot-virus-causes-possible-data-breach-mass-agencies-051811
“An untold number of computers at the Massachusetts Department of Unemployment Assistance and Department of Career Services were compromised in April, leading state officials to warn hundreds of thousands of people that their personal information may have been stolen as part of the attack.”
Code wars
http://www.cnbc.com/id/42210831/
CNBC’s “Code Wars”, hosted by Melissa Lee, takes you onto the frontlines of the war on cyber. Cyber attacks are almost impossible to trace, making cyber crime and acts of cyber warfare the ultimate anonymous crime. So how do we protect our systems whose components are largely manufactured abroad? Can our nation’s infrastructure be protected from cyber attacks? And how can the U.S. win a war in which conventional rules of combat do not apply? CNBC tackles the tough questions in “Code Wars: America’s Cyber Threat.”
TV show is Thursday May 26th
Hack Targets NASA’s Earth Observation System
http://threatpost.com/en_us/blogs/hack-targets-nasas-earth-observation-system-051711
A hacker is claiming that a security hole in a server at NASA’s Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief.
Executives underestimate cybercrime danger
http://www.dw-world.de/dw/article/0,,15083403,00.html?maca=en-rss-en-top-1022-xml-atom
“However, Ernst & Young found a remarkable contradiction in its poll. While 94 percent of those leaders surveyed talked about the growing danger of cybercrime, 38 percent said they thought the threat to their own firm was rather small.”
SCADA hack talk canceled after U.S., Siemens request
http://news.cnet.com/8301-27080_3-20064112-245.html
A security research cancelled his talk by request of DHS and Siemens.
And the related post:
Siemens working on vulnerability that threatens critical infrastructure
http://www.gsnmagazine.com/article/23386/siemens_working_vulnerability_threatens_critical_i
Hackers attack Norwegian Defense
http://www.norwaypost.no/news/hackers-attack-norwegian-defence-25222.html
U.S. Infrastructure Is Vulnerable to Cyber Attack, but No One Will Do Anything
Protecting Your Industrial Control System from Zero-Day Attacks
http://scadahacker.com/factorylink-video.html
NIST publishes BIOS recommendations
http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf
Sony hacked again/Phishing
Hackers Infiltrate Sony So-net Subsidiary, Steal $1,125 in Points
http://www.pcmag.com/article2/0,2817,2385715,00.asp
“To So-net’s credit, whatever security system the company employs for its point system did manage to hold for quite a bit of time. That, or the hackers really had no other strategies other than what appears to be a brute-force attack on accounts. It allegedly took the attackers more than 10,000 different attempts before they were finally successful in accessing So-net’s system. “
Sony BMG Greece the latest hacked Sony site
http://nakedsecurity.sophos.com/2011/05/22/sony-bmg-greece-the-latest-hacked-sony-site/
This makes the 7th attack on Sony. -Bruce
Common Vulnerability Reporting Framework
http://isc.sans.edu/diary/Common+Vulnerability+Reporting+Framework+CVRF+/10900
Cyber-security legislation sent to Congress by President
http://www.gsnmagazine.com/article/23319/cyber_security_legislation_sent_congress_president
and another view:
Congress Just Sold You Out: Leadership Plans To Extend Patriot Act For Four Years With NO Concessions
Credit processors targeted in fight against spam
http://www.theregister.co.uk/2011/05/23/spam_economics/
“The researchers have discovered that the vast majority (95 per cent) of the credit card payments to unlicensed pharmaceutical sites are handled by just three payment processing firms – based in Azerbaijan, Denmark and Nevis, in the West Indies, respectively.”
There is also a 16-page paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain” referenced
Researchers find irreparable flaw in popular CAPTCHAs
Decaptcha pierces Live.com, Yahoo!, Digg
http://www.theregister.co.uk/2011/05/23/microsoft_yahoo_captchas_busted/
“Decaptcha is a two-phase audio-CAPTCHA solver that correctly breaks the puzzles with a 41-percent to 89-percent success rate on sites including eBay, Yahoo, Digg, Authorize.net, and Microsoft’s Live.com. The program works by removing background noise from the audio files, allowing only the spoken characters needed to complete the test to remain.”
The creator of the “Great Firewall of China” was pelted with shoes
http://packetstormsecurity.org/news/view/19192/Chinas-Great-Firewall-Creator-Pelted-With-Shoes.html
“While many of China’s estimated 477 million internet users appear largely indifferent to the firewall because they use almost solely domestic sites and services, a growing number of young people are frustrated by curbs that not only prevent them accessing foreign news and social media sites, but increasingly make it hard or even impossible to use apparently uncontroversial sites, such as the Internet Movie Database (IMDb).”
Google notes that SSL False Start negotiation increases https connect time by 30%
http://blog.chromium.org/2011/05/ssl-falsestart-performance-results.html
Google has been verifying this in their Chrome browser.
9th attack on Sony
http://www.thehackernews.com/2011/05/lulzsec-leak-sonys-japanese-websites.html
False Positives – The Dirty Secret of the Web Security Scanning Industry
When using automated tools to test a web application for security, there are large number of false positives which must be manually and tediously examined. If the skill of the white hat pen tester is limited, they may overlook real vulnerabilities by assuming it’s a false positive.
Alienvault announces a SCADA SIEM (Security and Information Event Management)
http://alienvault.com/products/industrial-control-system-siem
A demo is coming soon. Alienvault had a VM image of their original SIEM that was impressive.
Senate debates president’s power during cyber-attack
http://www.washingtontimes.com/news/2011/may/23/senate-debates-presidents-power-during-cyber-attac/
“The Senate Homeland Security and Governmental Affairs Committee held a hearing on the administration’s legislative proposal, announced two weeks ago, that would rely on a pre-World War II radio emergency law to provide the president with authority to protect key computer and communication networks — like those mainly in private hands that run power grids, phone systems and banking services — from a cyber-attack.”
More news about the SCADA/Siemens hack that was cancelled at the last minute
http://www.networkworld.com/news/2011/052311-a-botched-fix-not-legal.html
For the next two days speculation swirled as to whether DHS weighed in with a heavy hand to pull the talk, or if Siemens threatened legal action against the security firm. “That’s not what happened here,” says Vik Phatak, chief technology officer at NSS Labs. “Siemens found out, near the last minute, that the mitigation they had planned didn’t work. It could be bypassed,” Phatak says.
Related: http://threatpost.com/en_us/blogs/metasploit-holding-siemens-exploits-052311
The exploits are ready to be released into the Metaspolit framework.
Hotmail Exploit Has Been Silently Stealing E-mail
http://www.darknet.org.uk/2011/05/hotmail-exploit-has-been-silently-stealing-e-mail/
The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing malicious senders to snoop on e-mail and even add forwarding rules to the victim account.
negative reaction to Siemens for their reaction to discovery of security flaws in their SCADA equipment.
http://www.securitycurve.com/wordpress/archives/4164
http://threatpost.com/en_us/blogs/researcher-says-siemens-downplaying-serious-scada-holes-052411
UPDATE 2-U.S. government warns about Siemens security flaw
http://www.reuters.com/article/2011/05/24/siemens-security-idUSN2428619720110524
“But a spokesman for Siemens denied any fault, saying company officials are in a better position to assess potential security risks than researchers from an outside firm.”
I think this is a grave error on Siemens part, because it erodes confidence in their company – especially their denial of any problem.
Bruce Schneier discusses this here
http://www.schneier.com/blog/archives/2011/05/new_siemens_sca.html
I believe each company should have a “dry run” exercise to see how they will handle such an event. All public statements regarding security should be carefully managed, to prevent a public relations disaster. There should be a policy, and everyone should know what that policy is.
Vulnerabilities on Cisco Device
http://www.isssource.com/vulnerabilities-on-cisco-devices/
Cisco network equipment is still vulnerable to a single security vulnerability flaw nearly two years after the company issued a patch, according to an analysis of network scans by Dimension Data for its 2011 Network Barometer Report.
MacOS
I haven’t been reporting this, but Apple malware has been in the news. First a IOS Malware generation package was released, along with MacOS plugins for Metasploit, which makes writing malware for IOS easier. Next, Mac users have been tricked to install malware, named “Mac Defender”, masquerading as an anti-virus package. , Apple, as their policy, refuses to tell infected users how to remove the malware. Now Apple is issuing an OS update, but the malware authors are modifying the malware to defeat Apple’s response.
http://blogs.pcmag.com/securitywatch/2011/05/mac_defender_20_released.php
http://www.us-cert.gov/current/index.html#apple_mac_defender_macprotector_and
And now a Russian company has released a toolkit to break Apple’s encryption.
http://www.h-online.com/security/news/item/ElcomSoft-cracks-iOS-encryption-system-1250526.html
And now we know more about the people behind the MacDefender malware: ChronoPay
http://krebsonsecurity.com/2011/05/chronopay-fueling-mac-scareware-scams/
Bank of America Breach
http://www.latimes.com/business/la-fi-lazarus-20110524,0,1687635.column
An inside employee leaked personal account information that cost $10 million in damages. They have arrested 95 suspects, and apparently it took a year before BofA told their customers that thieves have been siphoning money from the customers bank accounts.
Microsoft finds 427K email addresses on knocked-out Rustock server
US Cert has released Common Cybersecurity Vulnerabilities in Industrial Control Systems
http://www.us-cert.gov/control_systems/pdf/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf
Vendor backdoors in Siemens, HP, and Allied Telesis
https://threatpost.com/en_us/blogs/hardware-vendor-offers-backdoor-every-product-052611
Lockheed network hit by major disruption: sources
http://www.nw32.com/business/sns-rt-us-lockheed-networktre74p7u3-20110526,0,5678682.story
http://www.reuters.com/article/2011/05/26/lockheed-network-idUSN2613783420110526
Congress approves extension of USA Patriot Act provisions
China Admits Cyber Warfare Unit – “Blue Army”
http://www.infowar-monitor.net/2011/05/china-admits-cyber-warfare-unit/
Reuters report on compromise of RSA Secure ID tokens at Lockheed
Lockheed Strengthens Network Security After RSA-based Hacker Attack
http://www.nytimes.com/2011/05/30/business/30hack.html?_r=2
They are keeping their RSA token technology. But they are getting new tokens, and using an additional password.
http://www.schneier.com/blog/archives/2011/05/lockheed_martin.html
And more details.
More details on the Siemens vulnerability.
http://news.infracritical.com/pipermail/scadasec/2011-May/020005.html
This is an excellent comment that shows how the customers view Siemen’s response as a “head in the sand” attitude.
Hackers Post Phony Tupac Shakur Story on PBS Site
http://www.nytimes.com/2011/05/31/technology/31pbs.html
Hackers Deface PBS Site, Promise More Lulz
http://www.pcworld.com/article/228983/hackers_deface_pbs_site_promise_more_lulz.html
New GPU-accelerated password cracker
http://hashcat.net/oclhashcat-plus/
New technology making use of OpenGL and CUDA-based graphics accelerators
Aussie banks cancel 10,000 credit cards
http://www.theregister.co.uk/2011/05/29/aus_banks_cancel_credit/
“The Commonwealth Bank and the St George Bank initiated the alert via SMS to customers notifying them that their cards would be cancelled as part of precautionary measures”
Aggressive social engineers
http://www.schneier.com/blog/archives/2011/05/aggressive_soci.html
Hours after I posted this on FaceBook, my sister got a phone call from someone who claimed her computer was sending out error messages, and wanted her to buy some software to “fix the problem.” The web site was v2serve.com – registered March 10, in India. I reported this to the FBI – Bruce.
Complete list of Alchemy for iPhone
Posted by grymoire in Hacking, Technology on March 5, 2011
Looking for the solution to Alchemy?
Here’s the complete list of 226 (now 231) recipes for the iPhone’s version of Alchemy.
I checked the came, and I think the programmer counted wrong. You see, some of the recipes use “*” as an element. This is a wildcard, and matches any element. So it should not be counted. If you get a score of 230, you win.
Note. This is “Alchemy”. This is NOT the following games:
- Zed’s Alchemy
- Master of Alchemy
- Alchemy Premium
This list is for the version created by This is the version Vitaliy Grinevetsky and Denis Butyletskiy. Copyright 2010.
NOTE here is the Walkthrough I wrote
Updated – New program
I had a bug that hid some of the combinations. Thanks for the comment, Mark. You pointed out my error.
Here are the new items in version 1.5
Grave = Corpse + Soil
Pinocchio = Wood + Life
Pillow = Feather + Fabric
Bank = Money + Brick House
Cockroach = Radiation + Bug
Total List
Air=Basic Element
Fire=Basic Element
Water=Basic Element
Soil-Basic Element
1up=Mushroom+Life
Acid=Fire+Sulfur
Acid Rain=Rain+Acid
AI=Computer+Life
Airplane=Bird+Metal
Alcohol=Water+Fire
Alien=Space+Life
Aluminium=Metal+Electricity
Ape=Human+Wool
Aquaman=Fish+Human
Aquarium=Glass+Fish
Arable Land=Soil+Tool
Ash=Book+Fire
Ash=Dragon+Human
Ash=Dragon+Hunter
Ash=Fire+Corpse
Ash=Fire+Dust
Ash=Fire+Lizard
Ash=Fire+Tobacco
Ash=Fire+Walking Tree
Ash=Fire+Worm
Ash=Moss+Fire
Ash=Nuclearbomb+*
Ash=Paper+Fire
Ash=Snake+Fire
Ashtray=Ash+Glass
Ash=Tree+Fire
Ash=Water+Fire Golem
Ash=Wood+Fire
Baby=Human+Sex
Bacterium=Swamp+Life
Bank=Money+Brick house
Beach=Water+Sand
Beast=Soil+Lizard
Beer=Alcohol+Bread
Beer=Wheat+Alcohol
Bird=Air+Egg
Bird=Air+Lizard
Bird=Bird+Bird
Blood=Beast+Hunter
Blood=Dinosaur+Human
Blood=Dinosaur+Hunter
Blood=Hunter+Bird
Blood=Warrior+Beast
Blood=Warrior+Dinosaur
Blood=Warrior+Dragon
Blood=Warrior+Human
Boat=Water+Wood
Boiler=Metal+Steam
Bomber=Plane+Bomb
Bomb=Metal+Gunpowder
Book=Paper+Feather
Bread=Fire+Dough
Brick=Clay+Fire
Brick house=Concrete+Brick
Bug=Soil+Worm
Bulb=Electricity+Glass
Bungalow=Hut+Beach
Business=Money+Human
Butterfly=Air+Worm
Cart=Wood+Wheel
Caviar=Fish+Fish
CD=Laser+Book
Cellphone=Radiowave+Computer
Cement=Clay+Limestone
Ceramics=Clay+Human
Cigarette=Paper+Tobacco
Clay=Swamp+Sand
Cleaner=Clobber+Human
Clobber=Fabric+Patient
Clone=Scientist+Livestock
Clothing=Fabric+Human
Cloud=Steam+Air
Coal=Nuclearbomb+*
Coal=Tree+Fire
Coal=Wood+Fire
Cockleshell=Stone+Plankton
Cockroach=Radiation+Bug
Coffee=Seeds+Energy
Columbus=Hero+Sailing Vessel
Computer=TV+Book
Concrete=Water+Cement
Cop=Hero+NewYork
Corpse=Fire+Human
Corpse=Human+Poison
Corpse=Patient+Doctor
Corpse=Patient+Medicine
Corpse=Patient+Shaman
Corpse=Warrior+Human
Cyborg=Computer+Human
Developer=Computer+Sex
Dinosaur=Dinosaur+Dinosaur
Dinosaur=Dinosaur+Human
Dinosaur=Dinosaur+Hunter
Dinosaur=Soil+Egg
Doctor=Human+Book
Doctor=Patient+Doctor
Dough=Water+Flour
Dragon=Dinosaur+Fire
Dragon=Dragon+Human
Dragon=Dragon+Hunter
Dragon=Flying Dinosaur+Fire
Drinker=Alcohol+Human
Drinker=Beer+Human
Drinker=Vodka+Human
Dust=Air+Soil
Dust=Nuclearbomb+*
Egg=Bird+Bird
Egg=Dinosaur+Dinosaur
Egg=Life+Stone
Egg=Lizard+Lizard
Egg=Snake+Snake
Egg=Turtle+Turtle
Electricity=Scientist+Energy
Elixir=Philosopher+Stone
Energy=Air+Fire
Energy=Fire+Alcohol
Energy=Nuclearbomb+*
Energy=Water+Fire Golem
Energy=Water+Lava Golem
Fabric=Tool+Wool
Fart=Human+Peas
FBI=Cop+Scientist
Feather=Hunter+Bird
Fern=Swamp+Moss
Fire-arms=Weapon+Gunpowder
Firefighter=Hero+Fire
Firefly=Fire+Bug
Fire Golem=Life+Fire
Fire=Nuclearbomb+*
Fire=Stone+Stone
Fish=Bacterium+Plankton
Fish=Water+Snake
Flour=Stone+Wheat
Flying Dinosaur=Air+Dinosaur
Fried Egg=Fire+Egg
Fried Meat=Meat+Fire
Frog=Fish+Swamp
Ghoul=Zombie+Corpse
Glass=Fire+Sand
Gold=Elixir+*
Golem=Clay+Life
Grass=Soil+Moss
Grave=Corpse+Soil
Gunpowder=Saltpeter+Sulfur
Hacker=Internet+Pirate
Hero=Warrior+Dragon
Hospital=Brick house+Doctor
HouseMD=Doctor+Vicodin
HouseMD=Patient+HouseMD
Human=Beast+Human
Human=Golem+Life
Human=Life+Beast
Human=Livestock+Human
Human=Metal+Human
Human=Patient+HouseMD
Hunter=Beast+Hunter
Hunter=Hunter+Bird
Hunter=Weapon+Human
Hut=Stone+Human
Internet=Computer+Computer
Japanese=Human+Rice
Kamasutra=Book+Sex
Katana=Japanese+Metal
Lake=Water+Water
Lamp=Glass+Fire
Laser=Radiowave+Fire
Lava Golem=Life+Lava
Lava=Nuclearbomb+*
Lava=Soil+Fire
Life=Swamp+Energy
Lighthouse=Brick house+Lamp
Limestone=Stone+Cockleshell
Livestock=Beast+Human
Livestock=Livestock+Grass
Lizard=Lizard+Lizard
Lizard=Snake+Worm
Lizard=Swamp+Egg
Manga=Japanese+Book
Manure=Livestock+Grass
Meat=Beast+Hunter
Meat=Hunter+Bird
Meat=Livestock+Human
Medicine=Shaman+Poison
Mercury=Metal+Fire
Metal Golem=Life+Metal
Metal=Stone+Fire
Meteorite=Space+Stone
Microwave=Energy+Radiowave
Milk=Livestock+Grass
Milk=Livestock+Human
Money=Gold+Paper
Moss=Swamp+Seaweed
Murderer=Poison Weapon+Human
Mushroom=Seaweed+Soil
NewYork=USA+Skyscraper
Ninja=Samurai+Poison Weapon
Nuclearbomb=Scientist+Bomb
Ocean=Sea+Sea
Oil=Coal+Water
Paper=Tool+Reed
Patient=Human+Bacterium
Patient=Human+Egg
Patient=Human+Patient
Peas=Arable Land+Seeds
Petrol=Oil+Tool
Phantom=Fire+Walking Tree
Phantom=Life+Ash
Phantom=Nuclearbomb+*
Philosopher=Scientist+Grass
Phoenix=Fire+Bird
Pig-iron=Metal+Coal
Pillow=Feather+Fabric
Pilot=Plane+Human
Pinocchio=Wood+Life
Pirate=Murderer+Sailing Vessel
Plane=Bird+Aluminium
Plankton=Bacterium+Water
Poison=Mushroom+Tool
Poison=Snake+Tool
Poison=Tool+Scorpion
Poison Weapon=Weapon+Poison
Pub=Brick house+Beer
Radiation=Nuclearbomb+*
Radiowave=Energy+Metal
Rain=Cloud+Water
Reed=Swamp+Grass
Rice=Arable Land+Reed
Robot=Japanese+Tool
Rocket=Plane+Gunpowder
Rust=Water+Metal
Sailing Boat=Boat+Fabric
Sailing Vessel=Wooden ship+Fabric
Salt=Acid+Metal
Saltpeter=Limestone+Manure
Samurai=Japanese+Weapon
Sand=Air+Stone
Sand=Nuclearbomb+*
Sandstorm=Sand+Storm
Sand=Water+Stone
Scientist=Doctor+Book
Scorpion=Bug+Sand
Sea=Salt+Lake
Seaweed=Water+Life
Seeds=Grass+Grass
Seeds=Life+Sand
Seeds=Tree+Tree
Sex=Human+Human
Shaman=Mushroom+Human
Shop=Clothing+Brick house
Skydiver=Clobber+Pilot
Skyscraper=Brick house+Glass
Snake=Sand+Worm
Snake=Snake+Snake
Snake=Swamp+Worm
Sniper=Fire-arms+Murderer
Space=Ocean+Air
Speedboat=Boat+Rocket
Starwars=Laser+Weapon
Steam Engine=Boiler+Coal
Steam Locomotive=Steam Engine+Cart
Steamship=Wooden ship+Steam Engine
Steam=Water+Air
Steam=Water+Fire Golem
Steam=Water+Lava
Steam=Water+Lava Golem
Stone=Air+Lava
Stone=Stone+Stone
Stone=Water+Lava
Stone=Water+Lava Golem
Storm=Air+Energy
Storm=Nuclearbomb+*
Submariner=Human+Submarine
Submarine=Whale+Metal
Sulfur=Bacterium+Swamp
Sun=Space+Lava
Sushi=Fish+Seaweed
Swamp=Water+Soil
T-1000=Cyborg+Mercury
Team=Beast+Cart
Tequila=Alcohol+Worm
Terrorist=Bomb+Murderer
Thermometer=Mercury+Glass
Thunderbird=Storm+Bird
Tobacco=Fire+Grass
Tool=Metal+Human
Tool=Tool+Metal
Tool=Tool+Wool
Tool=Tree+Tool
Torpedo=Rocket+Water
Toy=Baby+*
Tree=Soil+Seeds
Turtle=Sand+Egg
Turtle=Turtle+Turtle
TV=Radiowave+Bulb
UFO=Alien+Rocket
USA=Columbus+Ocean
Vampire=Blood+Human
Vampire=Vampire+Beast
Vampire=Vampire+Human
Vicodin=Medicine+Medicine
Vodka=Water+Alcohol
Volcano=Lava+Stone
Walking Tree=Tree+Life
Warrior=Warrior+Beast
Warrior=Warrior+Dinosaur
Warrior=Warrior+Human
Warrior=Weapon+Hunter
Warship=Wooden ship+Weapon
War=Warrior+Warrior
Weapon=Tool+Metal
Werewolf=Vampire+Beast
Whale=Beast+Water
Whale=Plankton+Fish
Wheat=Arable Land+Grass
Wheel=Wood+Tool
Whiskey=Alcohol+Fire
Wooden ship=Wood+Boat
Wood=Tree+Tool
Wool=Beast+Hunter
Wool=Livestock+Human
Worm=Bacterium+Swamp
Worm=Human+Egg
Worm=Soil+Plankton
X-Files=FBI+Alien
Yoda=Shaman+Starwars
Yogurt=Bacterium+Milk
Zombie=Life+Corpse
This link was helpful; So was Openssh, and looking at Sparing.plist
I started using perl to make things easier to manage.
Building a Linux-based HTPC Part 3
Posted by grymoire in Linux, Technology on January 30, 2011
Assembling the P7H57D-M EVO with the SilverStone LC17
First question – do I need a fan installed in front of the disk drives? This is an option, so for now I am not installing a fan. I should have one on hand just in case.
The Asus documentation says that I need to use DVI-D cable for the BIOS. The VGA cannot be used.
First step – remove the center brace.
How to install the SeaSonic power supply
The box was impressive to open. The PSU came in a black cloth drawn-string bag. The cables came in their own carry-along – with velcro straps.
The power supply installed in the case. The documentation said the fan should face the motherboard, but some chassis don’t allow this. The LC17 is one of those – the fan faces out.
How to install the ASUS Q-Shield into the Silverstone LC17
The Asus Q-shield must be snapped into place before the motherboard is fastened to the chassis.
How to install the ASUS P7H57D-M EVO Motherboard
I put Threadlocker fluid on the threads for the stand-off posts that came with the LC17. I tightened the posts with a small Crescent wrench. If I have to remove the motherboard, I didn’t want the the posts to loosen.
Make sure the pins under the the Q connector are straight.
How to install the chassis fans with 3-pin and 4-pin connectors.
There are two connectors for chassis fans. One is 4 pin, and one is 3-pin. The chassis fans only has 3-pin connectors. So I connected the other chassis fan to the 4-pin connector as suggested. I suppose I could get a 4-pin. variable speed fan, and replace one of the chassis fans. This way, the system can control the speed of the fan.
How to install the Firewire 1394 connector onto the P7H57D-M EVO
This installed with no problem.
Installing the Audio card.
The LC17 front port has an audio connector with two headers, I picked the one I wanted, and plugged it into the audio connector. I do have to set the BIOS to the proper audio controller.
The Asus P7H57D-M EVO Motherboard has 8-pin ports for the USB, but the LC17 had 4+1 pins.
Here’s how to handle this issue. Just make sure the red wire is closest to the back panel, and the 4-pin plug is closest to the back. The unused connector is closest to the front panel.
The front panel has 4 USB ports. So that’s USB7/8 and USB9/10. I need the 4-port USB panel for the back panel for USB11/12 and USB 13/14. As these are the 10-pin (one unused) standard, they installed easily.
I’m not sure why Asus included a 2-port USB panel with an eSATA port. I don;t see any place to plug in the extra eSATA connector.
Attaching the SeaSonic X650W Power Supply to the Asus P7H57D-M EVO
For my first PC, this is complex. There are some how-tos that help a little.
The EATX12V connector on the Asus motherboard has 4 of the pins covered by a cap. The solution is to remove the cap and use a 8-pin CPU connector.
I connected the 24-pin EATXPWR to the 20-pin PSU connector in the lower right of the panel. The other 10-pin connector plugs in the upper left, right above the 20-pin.
Installing the 5″ optical bay
Make sure the blue wires from the front panel (USB) are underneath, and around, so the wires can be dressed nicely. The 24-pin EATXPWX connector makes this a little tight, as the wires press up against the bay.
I installed the SATA cables before I installed the 3.5″ disk drive bay.
CPU Installation
The Asus documentation stresses how imnportant you push in the fan pins on a diagonal. Then push them in on the other diagonal.
Do not turn the plastic pegs. This is only done when you wish to remove the fan.
What should I worry about concerning the SATA2 vs SATA3 connectors.
I have to make sure I use the SATA2 ports for my Linux system, instead of the SATA3. So I am limited to 4 SATA drives until Linux catches up in technology.
Dressing the wires/cables
The Silverstone comes with an EMI ring that the front panel wires go though. These wires are blue. It also helps keep the wires neat.
The other wires i dressed in two sections. The power cables were dressed in one bundle. I fastened them to the middle chassis brace with a Velcro strap. The data cables were dressed in another bundle. It’s always a good idea to have power cables and data cables separate.
Boot issues
Here is some help.
The CPU and cooler come with thermal paste, but it’s a good idea to check instructions if you want to re-apply Arctic Paste.
I booted up without any memory. The green poweron led was lit as soon as I flicked on the PSU. When I pressed the Power switch on the front panel, a red LED near the CPU blinked, and then the fan started to spin. Then this repeated again.
BIOS
I have to make sure I select the right Audio option. There are two audio plugs from the front panel. I choose the AA97 because I think the older standard will work better with Linux. I also have to set the BIOS the same way.
I’m not using a RAID setup.
Next step – Linux
Building a Linux-based HTPC Part 2
Posted by grymoire in Hacking, Linux, Technology on January 29, 2011
Ordering my P7H57D-M EVO HTPC
This is a continuation of Part 1 of my adventures in building an Open Source HTPC.
I did a lot of price comparison, and purchased parts from Amazon (for the chassis), ExcaliberPC (for the power supply), and SuperWarehouse for the motherboard, CPU and memory. Amazon also sold the power supply at a good price, but they wanted $50 shipping!
SuperWarehouse review – not good
Well, I am not pleased with SuperWarehouse. . I used them because they had free shipping if the order was over $300. When I ordered the motherboard, the web site said they had one board in stock. Then I get an email saying it’s backordered. So I said I wanted the CPU and memory anyway. They didn’t ship the order for 8 days, or even let me know when they planned to ship it. Everything else I ordered, even after all of the changes, and still nothing from SuperWarehouse. I canceled the order by email. The email reply was that “Sorry. The order is submitted. We can’t cancel it.” So I called them in person, and talked to someone, who canceled it. And to top it all off, they charged my credit card! Yes, they never shipped me anything, yet I find a charge on my credit card. I send an email, and they quickly responded, but charging credit cards before the parts are in stock is just wrong.
The rest of the vendors
I had to find another vendor for the mobo. I next went to FuturePowerPC. I ordered the mobo which was in stock. Get an email – out of stock. I next tried NextDayPC, and they said they had 24 units in stock. I placed the order, and they did not have any in stock! What type of !#@% inventory system do they use that has 24 missings motherboards!!! Their website lies.
Sigh… I looked around some more. I called one vendor, who said the mobo was obsolete. He wanted to sell me the -PRO version. I checked the Asus web site, and looked some more, to see that they have a Asus p7h57d EVO as well as Asus p7h55d EVO. Unlike the P7H55D boards, of which there are 10 variations, the P7H57D board only has the -EVO version. It looked like this verison “had a few more months of tweaking” according to bit-tech. When I started looking for the P7H57D-EVO, Amazon had it for the lowest price, and quick delivery, so I used them.
I looked for another vendor for the CPU, and decided on buy.com. I’d normally pick Amazon, but sometimes Amazon delays shipping for a week, and the CPU and memory became critical because I had all of the other parts. Despite the delays that Amazon has in shipping, and despite the fact that I don;t have a Prime membership, Amazon has been very dependable. I placed all orders in one day, and after several days of waiting, anc cancelling, and choosing Amazon to ship a second order, the stuff from Amazon came faster that many of the other vendors shipping FexEx (8 days for the PSU).
I also decided to order the memory directly from Crucial, because of the good experience I had returning the old memory. This was not a pleasant experience. I used the same credit card for a dozen purchases. When I tried to use the same card on Crucial, they insisted on getting a SecureCode number from MasterCard. I did not sign up for this with MasterCard, and frankly, I don’t want the service. If I did, then the other 10 orders I placed would have been rejected. What good is a service that prevents you from doing business with 95% of the vendors out there? As far as I know, Crucial is the only vendor that requests this. To add to the frustration, this extra requirement poped up in a new tab on my browser. I typically have 20 tabs open at once, and I didn’t notice the new tab. I repeated the entire purchase process several times, worrying that by reloading the page, I’d be charged twice.
So I finally completed my purchase using PayPal, which I did not want to do.
Additionally, when I used Crucial to suggest a memory board for my system, none of the parts seemed to match the list of parts on Asus’s Qualified Vendor List. But Crucial had a guaranty, so I will try the one they recommend. Well, it didn’t work, even though I used their oin-line tool to select a memory card. I contacted them, and they gave me a RMA. However, I the package has to arrive within 10 business days.
I ordered a Dual Channel DVI-D cable from J&R. They also wanted MasterCard SecureCode. I used PayPal instead. Grrr.
After placing the order for the Motherboard, I started looking at the P8H67-EVO. Perhaps this would have been a better choice. Here’s a tip. Always look at Amazon’s rankings of products. The P8P67d is a LGA1155 mobo. But the parts are already ordered. Oh well.
During the assembly/diagnosis process, I needed to get replacement parts. This is a real pain in the butt. Asus tells me to swap out the CPU and memory first. So how do I do that? Do I wait 2 weeks to get a replacement CPU?
And then wait another two weeks to get a replacement memory?
Some advice on buying components
Method #1 -Build with a buddy
You may want to find someone who wants to do the same thing as you. This may be near impossible, but if you have two of everything, diagnosing a problem is much easier.
Method #2 – Buy 2, and return one
You can order duplicates of every part, and then return the parts that you don’t need. Some vendors might be nicer than others. It’s a crap-shoot.
Method #3 – Buy from Amazon
FuturePowerPC.com sucks
I ordered the CPU from them because of the price. I waited 10 days, to discover the CPU had not shipped, and I would not have discovered that unless I contacted them to find out the status.
NextDayPC.com sucks
They said they had 24 in stock. I orderd the product to find out they are out of stock.
buy.com sucks
Delivery was fast. Returns was easy. What was the problem? After returning the CPU, their web site says it takes 7-10 days to process the return. I contacted them to get the status, and then I found out that the CPU is out of stock. I got a refund. But if I had not contacted them, I don;t know when I would have found out.
Amazon.com rocks!
After dealing with a dozen vendors, Amazon is the best. When I returned the Motherboard, Amazon sent me a replacement before I returned the original motherboard. They also gave me a month to return the second motherboard.
The reasons I didn’t first choose Amazon:
- Other stores offered faster delivery. I don’t have Amazon prime, and I didn’t want to wait 10 days for my parts.
- Other stores had cheaper prices. One dealer offered free shipping if I spent $300.
- Other stores do not change state tax.
Advantages to using Amazon
- Returns are easy and free
- They will send you replacements before you ship the broken part back. Therefore you may be able to diagnose problems by having two units of each kind.
- The popularity of the device is very useful. If you are buying some part that is rare, or unpopular, then you might be in trouble. It might be obsolete. Amazon can help you make sure you are using mainstream technology.
- Amazon provides comparisons to similar products, and to related products. 99% of the time the “some people buy this instead of this” is useless to me because it rarely gives you unbiased views. It’s usually the same vendor that is suggested, but just a variation of the same product. But this is useful at times. For instance, when you buy a CPU, it reminds you of faster/slower versions of the same CPU.
If I had ordered from Amazo initially, I would have had all of the parts, and the replacement parts by now. But it’s been a month, and I still do not able to successfully boot.
Here’s how I assembled the PC. Continued.
Building a Linux-based HTPC
Posted by grymoire in Hacking, Technology on January 23, 2011
My old box, an ASUS Pundit P1-AH2, that I bought from Monolith, died.
It’s my primary server. I use it for a file server, computer server, DVD burner, backup server, and since it’s always up and running, I use it as a HTPC. It running mythbuntu (mythtv on Ubuntu), so I can record TV shows, and stream then back onto any PC in the house.
Frankly, I had a lot of problems with it, in particular, in the stability of the OS, support for video, sound, etc. I just bought a memory upgrade from Crucial, upgraded the memory, rebooted the machine, and the system failed to boot. At first I was able to get to the BIOS prompt, but while trying to diagnose the problem, the system failed to boot altogether. It was 3 years old, and the chassis was falling apart, so I felt I might as well replace it.
I contacted Crucial, and they accepted my memory back for a refund. Great company!. So, this documents the process I used to replace the system with a new PC.
Requirements
Everyone makes decisions based on what they want. Here is my list which influenced by decision.
- HTPC style chassis – I want it to be uncluttered and quiet.
- Custom built – I want the ability to replace parts that fail. The Pundit had to be scraped when it failed. I’d rather just replace the Motherboard, the CPU or whatever.
- Support for Firewire/IEEE 1394. – I have FireWire disks I use for backup. Perhaps I could have used a PCI card, but this saves a slot.
- Support for VGA monitors – I have an old monitor I would like to use, as I tend to run the system headless. I also want to add HDMI monitors later. This gives me flexibility.
- Ability to have more than one hard disk. My last box only had space for one disk. Well, disks fail. I’ve had this happen twice. When you are limited to one internal disk, replacing a 1.5TB disk with a 2TB disk is a pain. The equipment is scattered all over the floor. I want to be able to get additional disks, pop them in, and then remotely format, mount, and backup the data. I can set up disk to be a clone of another.Having more than one internal disk means moving data between SATA disks is easy. I power down the system,plug in a disk, power up, and then I can finish the rest remotely, on the command line. So having space for more than one SATA drive is useful.
- Ability to be a home-based file server. Since it can support many disks, I wanted to be able to use it to store shared files, media, photos, etc.
Trade-offs
- My current HTPC captures analog data, not digital. I want to retain this ability, but I wanted the ability to upgrade to digital later.
- I wanted a system that was inexpensive to start, but I can upgrade to a more powerful system later.
- I am willing to pay more for price to get good quality components that will be useful 3 years from now.
My shopping list
Based on the above, I did some research, and made up a shopping list:
- Asus P7H57D-M EVO – 3 year warranty ( first looked at a p7h55-M-EVO)
- Intel Core i3-550 Processor with 4 MB Cache, 3.20 GHz Clock Speed, LGA1156 Socket BX80616I3550 – 3 year warranty
- Corsair 4GB Dual Channel Corsair DDR3 Memory for Intel Core i5 Processors (CMX4GX3M2A1600C9) – limited lifetime warranty – i would have preferred to get memory from Crucial, but the vendor didn’t offer it, and I wanted to take advantage of the free shipping if the product was > $300.
- Silverstone LC17B
- SeaSonic 650W Power Supply X650 Gold – 5 year warranty (a 350W PSU is the minimum). Maybe this is overkill, but I didn’t want an underpowered PSU. A review is here.
- 4-port USB PCI Bracket
- Motherboard (mobo) speaker to make it easier to debug any boot problems.
The total was Initially $643 including tax and shipping. I already have a disk, a DVD Burner, and a Haughpauge TV tuner.There’s a $20 rebate for the Silverstone case.
Because I used a Clarkdale CPU, I don’t need a graphics board. When CPU’s and RAM becomes cheaper, I can upgrade later. The Silverstone is built for silent operation, with 2 built-in standard 80mm fans, and I can add more cooling. The power supply has intelligent cooling as well. Yes, I know I spent a lot on the power supply, but I won’t have to upgrade this for years.
The Intel LGA1156 seems like the right decision for now. The LDA 1155 are pricier. The ASUS EVO board supports FireWire and eSATA. The Asus document Linux Status Report For ASUS Desktop Motherboard says Ubuntu 9.04 is supported. Asus also provides a power calculator.
Hardware Revolution described a HTPC I can build for $500, but other sites warned that an Atom-based motherboard, while cheaper, have to struggle with graphics. The $500 HTPC used an all-in-one mother board, with a PSU, but the ability to upgrade was limited. What happens when you run out of CPU power?
Upgradability
As I said, I wanted a system that will be able to grow
- 6 DATA disks (up to 6Gb/s!) w/RAID support. + 2 Sata3 ports (But note that SATA3 support is limited in Linux.)
- Intel i5, i7, quad core CPU
- Graphics card
- Up to 16 GB of RAM
- HD TV Tuner
Also supported is
- 2 IEEE 1394 ports (1 on front, one using extra connector at back)
- 14 USB ports (2 are USB 3.0, and 12 are USB 2.0)
- Two simultaneous monitors (VGA, DVI, HDMI).
- 40-pin PR_EIDE for Ultra DMA 133/100/66
- PS/2 (COM)
- SPDIF (Digital Audio) (requires connector/port
- ALC889/ HD Audio (front) – settable by the BIOS
It looks like a good plan. This is the first time I built a PC from scratch. Let’s see how deep this rabbit hole gets. See Part 2.