Showing posts with label hardware. Show all posts
Showing posts with label hardware. Show all posts

23.5.09

work!

finally, i have some work. work that involves NuGO, the European Nutrigenomics Organisation, a Kerrighed-based Linux Beowulf cluster, and a research institute of bioinformaticists all eminently more qualified than i am (the guy i'll be working directly under has three degrees; i haven't even finished my first.) i'm not all that sure what is and isn't protected data on this, but i'm going to be developing a prototype cluster, one that implements BioLinux and Kerrighed, among other things. that's to stop me b0rking the main Beowulf before the new stuff's properly tested. i'll be writing a report that'll go all the way to NuGO on it.

this is going to be so much fucking fun!

ed. in addition, i got the ego massage of a lifetime when i found out that one of my three rival candidates dropped out of the running because "If Lepht's running for it, it's out of my depth"; the professor i worked for last summer didn't just give a good recommendation but actively told the bioinformaticists that i'd be good for the job and they should interview me; and the interviewers told me they'd already heard of me from the Computing Science department (cause of my grades and my running the CS student society), the helpdesk (cause i volunteer, natch) and through the secular society website (cause i wordpress'd it). i'm famous amongst my vast superiors!

14.5.09

side-effects may vary

i get a lot of admiration and kudos for my pissabouts with H+ technology, most of it undeserved. frequently, people will say that they wouldn't do it, but it's a cool thing to be doing, or something along those lines; less frequently, people get into it right along with me. two people in the city have since i've been here. both now have a black-market implant installed by yours truly, and one reacted very differently to the other.

that got me thinking. when i first jumped into the field with my little RFID ampoule, i just had one aim: to satisfy my own curiosity. i honestly wasn't thinking of anything else, neither of puerile cool-factor addition or of higher goals; transhumanism wasn't really something i even understood at that point. i just wanted to hack the meat and see what would happen, both socially and technologically.

i got my answer, sort of, but i also got a whole barrel of side-effects, good and bad. viz:

good:
- it stimulates discussion and interest in H+. this is the major pro.
- there are functions of the devices i didn't expect: i use the Nd-60 nodules on my right hand as placeholders for magnetic objects, which helps while soldering and when using styluses, for instance.
- it gets people to build on what i have, like one buddy who's working on improving the RFID setup. this is the biggest benefit, to be truly honest. it gets folk smarter than me interested.

bad:
- it's the biggest blackmail incitement i've ever had. someone i used to work back-to-back with underground now holds the power to send me to jail, someone who doesn't like my sorry ass at all anymore. now i've got a sword of Damocles over my head that i can't forget about, and i've lost the ability to tell you guys about my procedures for fear that it'll fall.
- that infection, and with the Nd-60s, the poisoning / rejection / whatever it is. it's a risk we run, and it's gone badly wrong for me once in the past. it also makes me feel like an asshole every time i have to go get State surgery for things i did to myself.
- socially, it tends to isolate me once people find out who i am. for everyone who thinks RFID is cool and they might try it themselves cause they could do a damn sight better than junkie-ass here, there's another one who thinks monsters check under the bed to make sure Lepht's not there, or that i'm some exotic flavour of self-harmer. it's weird, but i guess it's part of our society; ask TV: cyborgs are emotionless at best and psychotic on average.
- pain. you got a pain problem? homebrewing'll make it that much worse; you didn't have one before and you're sure as shit going to now.
- not that this one bothers me, but people comment on the scars. my hands look pretty fucked up now. personally, i like them.

the worst thing is what's happened with my onetime partner. he was abusive, a total mindfuck to be with even though we had good times too, and i don't miss the guy - on a pretty deep level, i hate that he controlled me for as long as he did - but i've a lot of regrets about what went down. it keeps me awake at night that he could dump my ass back in prison any time he wanted. that's not somewhere i wanna go, ever. the best, i think, has to be the knowledge of exactly how little i've already done, how much there still is to play with and how much room my crapped-out body still has for experimentation. it's exhilarating.

i think even if i'd known this shit would go down, i wouldn't have been able to resist the implants. they're like crack for me. i guess that makes this post the patient information leaflet for cocaine.

L

3.3.09

implants! aliens! vampires! STAY IN YOUR HOMES

so i was googling to see what other people have come up with in the way of homebrew implanted technology. what i discovered is that a few have neodyms like me, a few have RFID chipped themselves (fewer of us seem to do that than have the neodyms, weirdly) and there's not a lot else out there.

what i also found is that far, far more of them are batshit, underpants-on-head insane.

take one Sherry Shriner, for instance. there's something seriously wrong going on here; something, in fact, that looks a lot like classical schizophrenia to me, although i'm pretty sure i'd get called a "black op" for saying that in these nutjobs' world. Sherry's convinced that aliens put implants in your fucking ears.

not only that, but Sherry is also telling everyone that neodymium - that's right, Nd-60, the same element ensconced in several places under the skin of my hands as i type, right goddamn next to my EM4102 RFID chip - can deactivate microchips.

the hell it can, lady. i could go demonstrate if i wanted to. people, Nd doesn't deactivate microanything, but it will wipe your credit cards if you get a bigass one like these idiots are asking you to Paypal them for.

on a totally unrelated note, i'm getting sick of this sparkly teenage vampire film Twilight that's drifting around - it just made it over to Europa a couple weeks ago, and already i'm getting the shit. three separate people have accused me of looking like one of the sparkly vampire characters - apparently i'm pale enough to be considered actually undead now.

you'd think a ugly motherfucker like me would escape the whole OMG LESTAT IS KEWT treatment, but no - either i have a self-esteem problem, or the actor that plays this Alice Cullen character is uglier than i would've assumed. i'ma just bite the next person that says it and see if any more people think i'm fucking sparkly.

L
(would prefer a blood transfusion, seriously)

12.10.08

even more metal

two skin divers, one each side of my head. magnet plans have been shifted to the index fingertip of the left hand - which i'm pretty much shitting myself over, since it's gonna be a 5mm needle incision and some painful insertion work - plus circuit design for the thermistors is coming on, and i got (maybe) some help with getting needles and doing the actual surgery for it.

on the minus side, i have the goddamn flu, so it all fucking hurts. worth it though.

1.10.08

thermistor system in development

i traded two thermistors for a quantum mechanics primer today, from an absolute legend of an engineering buddy of mine. i'm siting them in the back of my left hand or wrist - haven't decided which yet; it's a question of practicality - in order to artificially replace (poorly, but better than nothing) my natural temperature sense, which has been pretty much obliterated by my painkiller use. the idea is that i'll be able to develop a small circuit with a lithium cell and a pair of LEDs, one for each thermistor, whose brightness will increase as the resistance of the thermistors decreases, meaning the hotter it gets, the brighter the LEDs should be.

i have a long way to go, including building the system, siting the implanted components, and testing it all, before i consider this a success, but the idea is pretty much there. i have no idea if my concept of how accurately the thermistors respond to temperature shifts is accurate, and that needs testing too.

the reason there are two sensors is (in my relatively worthless opinion) also pretty cool: one is in the ohm range, for sensing the temperature of things i touch, whereas the other is in the kiloohm range, for ambient temperature. combined, they should give a rudimentary picture of the temperature of my environment.

if i succeed here, the next step will be to replace the LED indications with a proper LCD readout of the temperature, which needs a microcontroller to calibrate the thermistors and perform the calculations necessary to translate their resistance values into grokable Celsius ones. that's a pipedream, for now, but the first setup i'm actively developing. more news as it evolves... this is gonna be one hell of an experiment.

19.6.08

lepht can has job?

i actually have a paid form of employment now, which is why nobody's seen me for about a month now. i've got so much shit to catch up on... but man, it's awesome to be employed again. i'm now a researcher with the University until September, when i have to go back to my undergrad degree - basically, a hardware junkie. i'm helping out with a project using RFID to help severely disabled kids tell stories about what happened during their day at school, as the project's resident clankie - seriously, this is one of the best jobs i've ever done. i can has job!

17.5.08

new hardware

i finally have replacement hardware, a Lenovo laptop replete with Windows Vista. Fedora Core 9 comes out on Tuesday, so i'll be jacked up and Linified by Tuesday night and waiting to dump more newbie-hacker crap on y'all. i also have new custom ink lined up for then, and a couple new piercings doing their best to heal up within the confines of my slightly shit immune system, plus new (hot) Scottish nookie, so all in all i'm a pretty happy little bastard right now. i might even have a job.

anyway. few challenges are gonna be working with the Broadcomm chipset for wireless under Core 8 (i seem to remember that needing madwifi), making the weird combo memory card reader and the fingerprint auth device work at all - especially the fingerprinter, i'll be fucking chuffed if i can get that shit working. it's a swiper rather than a presser, too, which makes it harder to hack; i'd want to dust the keyboard, monitor and case for prints, relief one into a mould and make a gelatine finger to test that before i could say i was sure though. biosecurity is pretty cool, but we've all seen it's far from infallible.

does give me a little more trust in Windows, though, although disturbingly i don't think the regular auth protocol has been disabled in favour of fingerprints. i'd have passwords required as well as prints, or as a backup only if the prints failed, but not as an either-or option...

so kids, fingerprints are fun but won't keep the robbers away, Scots are all hardcore motherfuckers, and remember - Tramadol fucks you up.

L

30.4.08

unplugged

so i'm sat in the lab, trying to follow Baal's Bum through Genesis. this isn't an easy task, especially when you've already slogged through the fucker once and you're opiated up to the nipples, and especially when you're unplugged.

that's right, it's Mental Detox Week, the seven days in every year when people like me, who fucking hate adverts, get yelled at by Kalle Lasn to turn the damn electricals off before we rot our modern brains out around our crappy, overpriced iPod headphones. i'm following it, as it happens, but not by choice.

you've all (both of you) seen me bitching and ranting about passing out in random places. it happens on the street too, and turns out that's not so good for all the shit in my pockets. i have no fucking clue how i didn't figure out this was gonna happen before it did, cause it's pretty damn obvious when you think about it, but in the space of three days i've smashed the shit out of the little iPod someone really close to me gave me a few years ago, and my one and only piece of computer hardware, my Fedora Core 8 laptop. they're both totalled, and it's 100% my own stupid junkie fault.

so i'm on my fourth day now with no Linux and no music, and holy crap am i feeling it. i'm so sick of the Windows XP boxes in the labs that i honestly have no idea how i managed to use this operating system, let alone try and hack anything with it, for so long. i'm also on the verge of stabbing someone with my penknife (yeah, all four centimetres of blunt blade we're allowed to carry here in Europe's favourite police state) - i never realised how obnoxious people are when you can hear them.

Kalle, man, you're not convincing me.

L

5.4.08

RFID and implant tutorial

lets you be just as stupid and self-destructive as i am. may even get you referred to a shrink.

ODT:
http://stashbox.org/v/99392/rfid-tut.odt

PDF:
http://stashbox.org/v/99393/rfid-tut.pdf

the implant part is optional, so you could just use this to learn some beginner stuff about RFID and improve your knowledge of the EM4102 protocol... do whichever.

L

2.4.08

implants can't be addictive, right?

right?

so we all know i'm screwed when it comes to those things, and i only plan to get more so. so far the implant project is a massive, awesome pile of success: my original tag is cutely readable by a little C program i mutated out of some examples that came with the reader (cause i'm not actually as smart as people think i am), and i'm now working on a way to use AES or RSA (or something weird like the KHAZAD cipher i was considering before) to encrypt the tag data i'm currently storing within the program as escaped ASCII characters, and externally as hex literals, into something a little less snarfable. screenshots will be up as soon as i can get a metadata stripper for them...

i'm also not doing any University work, and i keep forgetting to eat.

second, i still want a Hitag read-writable tag. if anyone knows where a poor government-handout-dependent wetware hacker can get one, let me know; i could have some serious fun with one of those little fuckers.

and third, i'm currently researching the feasibility of an implantable temperature sensor with an external LCD gauge or some other surface-mounted display. (it's because i can't feel hot and cold properly anymore. that and it'd be awesome.) some ideas:

1. it's gonna be the messiest operation yet, needing at least four incisions as far as i can see, if i fix the display to the surface of my skin. you could do that quite easily with subcutaneous "planks" - little flat bits of polymer that extend for a way under the skin, porous so that flesh grows back into them. it'd be a total bitch to remove, but why would i do that?

2. i wanted to site it on the back of my wrist. according to Gray's, i've got two deep veins, two deep arteries, four important nerves of the hand and a hideously complicated little web of surface vessels to look out for, all of which i'm fucked if i hit (well, nerves and arteries at least, not to mention tendons.) i might want another site, but i can't think of an easy way to look at the display anywhere else.

3. i'm gonna need a whooole lot more equipment than i have right now. for a start, it's looking like my little scalpels aren't gonna cut it with nondelicate parts of my anatomy or big incisions: cutting with them is painfully slow, and with three or four cuts to make, i can't afford to be slow, so i'm gonna want:
- Lidocaine and some syringes (and probably some smaller hypos, mine are fucking huge)
- most likely a suture kit, it being less messy and more likely to take that way
- more steristrips
- Betadine

also more parts: a soft tube-embedded fluid temperature probe (Eltek is like a candy store that way), a tiny CPU of some sort (that's gonna be a huge challenge) and a display as small as i can get it, plus a way to integrate them all.

4. there's wireless temperature tags out there, but no ampoule types, so i might try and create one by myself just as POC if they'll let me into the University electronics labs (not likely; they know what i want in there for).

y'all know by the time i'm fifty i'm gonna be the goddamn Borg; that or i'm gonna have killed myself doing something retarded with a bonesaw and a C-LEG. peace out, meatbags.

L

3.3.08

tag recognition program, rudimentary draft

/* rfid-mod
* simplistic rfid recog program heavily based on Phidgets Inc's RFID-simple
* version: 0.1b
* author: Lepht Anonym */


#include
#include

/* attachHandler
* displays status to the terminal */
int attachHandler(CPhidgetHandle reader, void *userPointer)
{
int serial;
const char *name;

CPhidget_getDeviceName (reader, &name);
CPhidget_getSerialNumber(reader, &serial);
printf("%s %10d attached.\n", name, serial);

return 0;
}

/* detachHandler
* displays status to the terminal */
int detachHandler(CPhidgetHandle reader, void *userPointer)
{
int serial;
const char *name;

CPhidget_getDeviceName (reader, &name);
CPhidget_getSerialNumber(reader, &serial);
printf("%s %10d detached.\n", name, serial);

return 0;
}

/* errorHandler
* prints errors to the terminal */
int errorHandler(CPhidgetHandle reader, void *userPointer, int errorCode, const char *unknown)
{
printf("error handled: %i - %s\n", errorCode, unknown);
return 0;
}

/* tagHandler
* turns on the LED port and prints the ID of the tag
* later, it will store the read tag in a local var so it can be verified as either matching L's or not
* pls note this is not a secure thing to do as the tag value could be strings'd out of the program (should hash'n'md5 instead) */
int tagHandler(CPhidgetRFIDHandle reader, void *userPointer, unsigned char *tag)
{
int i;
CPhidgetRFID_setLEDOn(reader, 1);
printf("got tag: ");
for(i = 0 ; i < 5 ; i++) printf("%02x ", (*(tag+i))&0xff);
printf("\n");
return 0;
}

/* tagLostHandler
* turns off the LED port and prints the ID of the lost tag to the terminal */
int tagLostHandler(CPhidgetRFIDHandle reader, void *userPointer, unsigned char *tag)
{
int i;
int var[5];
CPhidgetRFID_setLEDOn(reader, 0);
printf("tag lost: ", tag);
for(i = 0 ; i < 5 ; i++) printf("%02x ", (*(tag+i))&0xff);
// store that same data as a variable:
for(i = 0; i < 5; i++) { var[i] = (*(tag+i)&0xff); }
// TODO check that the separate parts of the var array match L's implant
printf("\n");
return 0;
}

/* displayProperties
* displays the data about a physical reader to the terminal */
void displayProperties(CPhidgetRFIDHandle reader)
{
// declare variables for the data and a buffer to store device type in:
int serial, version, outputs, antennaStatus;
const char* type;

// get data from the device:
CPhidget_getDeviceType((CPhidgetHandle)reader, &type);
CPhidget_getSerialNumber((CPhidgetHandle)reader, &serial);
CPhidget_getDeviceVersion((CPhidgetHandle)reader, &version);
CPhidgetRFID_getNumOutputs(reader, &outputs);
CPhidgetRFID_getAntennaOn(reader, &antennaStatus);

// print to the terminal:
printf("%s\n", type);
printf("serial number: %10d\nversion: %8d\n", serial, version);
printf("number of digital outputs: %d\n\n", outputs);
printf("antenna status: %d\n", antennaStatus);
}

/* main
* administrates */
int main(int argc, char* argv[])
{
const char *error;
int result;

// declare and create a handle for the reader:
CPhidgetRFIDHandle reader = 0;
CPhidgetRFID_create(&reader);

// set handlers for device and tag events:
CPhidget_set_OnAttach_Handler((CPhidgetHandle)reader, attachHandler, NULL);
CPhidget_set_OnDetach_Handler((CPhidgetHandle)reader, detachHandler, NULL);
CPhidget_set_OnError_Handler((CPhidgetHandle)reader, errorHandler, NULL);
CPhidgetRFID_set_OnTag_Handler(reader, tagHandler, NULL);
CPhidgetRFID_set_OnTagLost_Handler(reader, tagLostHandler, NULL);

// open device:
CPhidget_open((CPhidgetHandle)reader, -1);

// wait for the physical RFID reader device to be attached:
printf("polling for physical device presence...");
if((result = CPhidget_waitForAttachment((CPhidgetHandle)reader, 10000)))
{
CPhidget_getErrorDescription(result, &error);
printf("device error: %s\n", error);
return 1;
}

// activate the antenna and display properties to the terminal:
CPhidgetRFID_setAntennaOn(reader, 1);
displayProperties(reader);

// keep the program open until the user is done:
printf("now scanning for tags.\nhit any key and enter to end session.\n");
getchar();

// close the device and free the memory back up:
printf("closing...\n");
CPhidget_close((CPhidgetHandle)reader);
CPhidget_delete((CPhidgetHandle)reader);
return 0;
}

25.1.08

meathacked

fuck yeah, there's a chip in the hand i'm not typing with. it took longer and hurt more than i expected, but bled a lot less; the first thing i'm gonna do as a cyborg (pfft) is a. scare the shit outta the kiddies in the spring term's first lecture, and b. show you guys how to be just as irresponsible and foolhardy as me.

first up, i should explain why the fuck i did this. for a start, it's gonna make some awesome crypto projects - the chip is inherently insecure, seeing as how it broadcasts in cleartext, and i'm really fucking interested in how they can be incorporated into securer systems. also, i've been wanting to do this just to prove to myself i could ever since reading Battle Angel Alita and being told by a seven-year-old that i couldn't take a pinprick without my pain pills (little shit). i think this and my countless liver-purgings sans analgesia have proved that kid wrong =] third, i did it cause i wanted to know what it was like, plain and simple.

second, why i did it this way, in a student bathroom, instead of having it shot in like a normal... dog whose owners don't wanna lose it. like i've yelled about before, .gov health services won't do this sorta thing for a few reasons: takes up real patients' time, isn't medically necessary, i might sue (yeah...) there's no vet in my part of town, and i doubt they'd do it anyway, so i was left on my own...

so how to do it? aw, here goes. i'm assuming you got a rice-grain type glass ampoule tag.

1. gather ya tools. you need a sterile scalpel (Swann-Morton disposables are the cleanest bet, but a boiled and Milton'd surgical knife would be way more efficient), wound spray or iodine for cleaning the area and the incision, gauzes, steri-strips, fabric strapping and cotton wool. also, it's good to have TCP or Milton liquid antiseptic on hand in case shit gets nasty. you're also gonna want a permanent marker, in addition to the tag itself.

2. find a buddy to help ya out (preferably a non-squeamish buddy who's at least a bio student) and a secure, clean bathroom or kitchen to do the "operation" in. it's this buddy's job to spot you, help you make the big cut, swab while you're inserting the chip, help you dress the wound and call 999 if you nick an artery.

3. get ya marker. now, put your hand flat on a surface. look for the triangular, vein-free area between the bones of your index finger and thumb; that's where we're gonna insert the chip. draw a solid line a centimetre long, in the clearest part of this area you can see, parallel to your thumb. you gotta get it the right way round though.

4. make sure the area is really clean, then wash your hands like you had TB and sterilise them all over with the wound spray or Milton. you can wear latex gloves if that's easier to work in. have your buddy wash and steri his hands too.

5. now for the pain. get something to bite, and make the first cut all the way along your marker guideline on your hand. it'll take about ten or twenty strokes of the scalpel before you get deep enough to insert anything, and brother, it will hurt like fuck. get your buddy to take over if you get the shakes, make sure you keep swabbing the blood away with Milton or whatever, and stop when you're about two mil deep and you can see distinct lips of skin on either side of the wound.

6. and now for the fucking nasty part. push the end of your ampoule chip underneath the 'lip' closest to the index finger bone, where it'll probably lodge. now shove that motherfucker in until you can't see any of it - it can go under the skin, you just need to force it. this will also hurt a lot, but just do it all at once or you'll never make it.

7. once you can't see any part of the tag, swab the wound until you can close it with steri-strips, then sterilise the whole hand again, and cover the strips with a gauze pad. bind your hand up real tight with the strapping and get yourself and your buddy a shot, cause bro, it's over.

so, uh, enjoy yourselves. more on this once it heals.

L

24.1.08

meat hackery

ok, i got kinda sick this year. the consequence being that all my university work is gonna get repeated next year, all my quals and everything, and i got a little more time on my hands. so first up, i'd like to direct you to why the lucky stiff's interactive Ruby tutorial; it's in ur browsah, defyin ya non-administrator install permissions, and it's fun as fuck; i'm liking this sorta scriptomatic approach.

secondly, i'm going right ahead with my RFID chip project, despite not one single fucking medical professional anywhere in the damn city being able to help me. i'm so fucking mad at these assholes; the NHS won't do it because they don't have the equipment, or the ones that do have it - like for the contraceptive implant that millions of women get every day at their damn local surgery - just refuse to do it, i've had three hospitals say they just won't do it with no fucking reason or justification. this is after i tell them that if no fucker helps me out, i'm gonna do it myself with a scalpel and a fuckload of Miltons, and they still tell me they won't help...

anyway, results later. i've got med student buddies, a copy of Gray's Anatomy (the text, not the dumbass show), a sterile scalpel and a fuckload of painkillers...

ladies and gentlemen, let the meat hack begin.

17.1.08

l's fedora project

okay, so you're running Windows. even worse, you're running Vista - no tools, no drivers, no nothing. en plus, you live under a pseudorepressive government with human rights-crushing surveillance powers and the sudden inclination to smash the shit out of every hacker and security consultant it comes across who can't prove they weren't using their tools for t3h_kr1mz, and you ran out of funding a good couple years or so - well, my friends, then you're in my (slightly overdosed) situation, and it's Linux time.

on the advice of the peeps at LSO, which you should go check out, i've converted my crap little laptop to a Fedora Core 8 box. and now begins the fight.

(dings its little wrestling bell) round one - local cripple versus MADWifi 0.9.3, FIGHT!

L

29.8.07

observation at the print station

i'm in the labs, looking even more drugged-up and rough than i usually do (and possibly thereby convincing the freshers who've started turning up that i am, in fact, the campus crack dealer and not the campus hacker), and i have a clear view of the printer from where i'm slumped in my office chair. station's attached to a little win98 box, to which you have to logon, as the box's monitor states. clearly. in bright fucking size 20 purple.

the same woman just went up to it twice, sat down, pressed random buttons on the printer, and each time gave up and walked off. she's just this minute sat back down again. it's like being Bill fucking Oddie or something - i can sit and observe these, uh fresh new minds, but one move on my part and they'll run the fuck away. so i'm stuck observing them needing three tries to work a machine that has neon instructions right the fuck there on the screen.

i think i just temporarily gave up my faith in students.

Lepht

15.8.07

but i am invincible!

today, we sit our asses down in the morgue of the computer world, the University lab, for a simple post-mortem. as you've probably gathered, the networks i get to play with here are huge; massive, dynamic systems, thousands of terminals, hundreds of printers, upwards of twenty main servers and i don't even wanna know how many miles of base-1000 cable. it's fairly well-secured, and not thanks to me (hell, i didn't set the security systems up): the labs are secured by swipecard access, you can't logon without a current username and password, and the password system is... adequate. the Unix servers are actually very well-defended, i can tell you.

and yet it's not secure. it is possible to hack the main server in three steps.

i'll give you a hint: the first step is to walk up the stairs to the helpdesk, which is in the Department's offices and not the Directorate's: the Department is the teaching arm of Computing, whereas the Directorate handles the running of labs, the wireless, username allocation, email and all the rest of the machine shit that the non-inducted use on a daily basis.

winner is the first who can tell me how. there's no prize, just glory.

26.7.07

crypto? is that some Southern kid's name?

i'm always amazed at this. on looking at the passwords for a small section of a network, i found that despite the strict password policy, all the passwords but three - out of several hundred - were words. the policy demands alphanumerics and mixed case, so most users had a "Password123"... oy.

i asked a couple other users what the hell was with that. the response?

"Well, normal people can't remember codes."

like fuck they can't. i'm a normal person, apart from being slightly better educated than the general public, and i remember about 10 different alphanumeric codes with random punctuation marks for all the different shit i have to authenticate to in a day (use mnemonics!). if you have to use each code once or twice a day, it really isn't difficult to memorize them; and these other students only have the one system password that's enforced to be so complex. the rest of their passwords, for all the things i keep seeing them wasting their time with - Bebo or Myspace, usually (you know what i think of Bebo and Myspace) - are set by themselves, of course, and they're uniformly simple.

so what's the problem? why can't you remember one code? i guess that's a question for a psychologist. my problem with this is that when they can't remember it, they write it down; and when they write codes down, the security of our collective system is down to someone not finding the paper.

obviously, that ain't acceptable. my solution with my own citadel was to implement a token system, which i'm in the process of linking to a chip in my hand (more on that when it's more developed) - and i'm unfortunately not allowed to RFID my compatriots. but i still think the token idea stands, and i'd kill to have a say on whether or not it's implemented here.

here's how the simplest token protocol works, from the seminal textbook, Ross Anderson's Security Engineering:

you have a token, a little transponder thing that can be shaped like a key, or a button, or even embedded in your ID card or something. i have a gate, or a door. you walk up to the door, and your token sends a string to the door's reciever:

token -> gate: serial number, {serial number, onetime number}


the stuff in braces is encrypted under a key known to both the transponder and the reciever, meaning my gate can then decrypt it, check that the two serial numbers match, check that the onetime (Anderson calls it a nonce, but in my country that's slang for a child molester...) hasn't been used already (this way i know you're not just replaying someone else's earlier access attempt) and lets you in.

now, replace the gate with the logon system, and you're flying. it's a little more difficult than that, unfortunately, so i won't be seeing it around here anytime soon. unfortunately, the fact remains:this kind of system is the only way to let normal people slack off remembering their codes.

so: either ya remember your damn password, or you let a totally non-medically qualified, slightly paranoid security nut embed machinery in your hand. okay?

...where are you going?


Lepht

19.7.07

a message from the User!

more correspondence on audio, this time from the man, James Atkinson of the Granite Island Group. i'm actually quite impressed that he replied to me in the first place, seeing as in this sphere, i'm kind of scum. a peasant of the white-hat world, if you will.


It is properly called "audio correlation" where a known audio signal (pressure waves) are induced into an area, and then those same signals are measured both as a physical movement elsewhere, or matching electrical response is sought..


it's a little over my head, seeing as Atkinson is officially trained in TEMPEST, and i'm a dabbler, but i think this might mean you could use the audio signals as a means to verify an image of your target's monitor you obtained via other ways. i've asked him for clarification, and meanwhile, yours truly has about half an experiment proposal finished...

and now, on to today's a la carte special: crispy fried bitch with extra cheese. roquefort, no less.

it is known otherwise as "For fuck's sake, it's spelled 'ATHEIST'."


Lepht
(baby-eating "athiest fundamentalist")

18.7.07

what time is it?

my fellow geeks of the Interweb: we may have some serious experimental fun on our hands, the kind that were i twelve years old i should spell "phun". i've recieved a reply from the admin of cryptome.org, who i won't name out of respect:


You're on the right track. Audial leakage of surveillance equipment is
used by counter-surveillance experts to pick up inadvertent signals.
Audial emanations of other electronic equipment are certainly
likely but I've not seen a study of it.
[...]
Let me know what you come up with, we've not published anything
on audial TEMPEST.


what time is it? it's EXPERIMENTATION TIME.

Lepht

17.7.07

audial TEMPEST

sit down at any lab PC or perhaps at your home machine, jack in your headphones and reboot. during the boot sequence, and under various OS, during periods of high system activity, you'll hear strange low-volume audial chatter - i'm pretty sure it's been abused by woos to make "electronic voice phenomena", in fact.

i got a different hypothesis about this chatter. i think it's a form of data leakage; like a Category III-risk optical TEMPEST indicator - a HDD status LED or the indicator LED on some routers and broadband modems - it seems to correspond to the data passing through the device. on a PC, you hear what seem to be unique patterns of chatter during application startups, writes to and reads from the HDD, and when joining or acceding from a network.

this is to my curiosity what liquid oxygen is to a barbecue. i have got to find out whether data from my networks is leaking out the sound card as well as out the emissions of the components, the old-school cathode-ray monitors and half the LEDs on everything.

therefore, i have a new research project. i'll be back with all the existing research i can find on the subject ASAP. you guys are in for an ethically awesome, fact-finding, data-jacking, network-sniffing, audially-challenging goddamn adventure!

my Zero Cool-emulating childhood self would be really impressed with this.


Lepht