Posts tagged ‘flash’

SANS Internet Storm Center, InfoCON: green: Flash Webcast: What you need to know about POODLE (3pm EDT, noon PDT, 9pm CEST) https://www.sans.org/webcasts/about-poodle-99032, (Wed, Oct 15th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green


Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: Microsoft, Adobe Push Critical Security Fixes

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks.

brokenwindowsEarlier today, iSight Partners released research on a threat the company has dubbed “Sandworm” that exploits one of the vulnerabilities being patched today (CVE-2014-4114). iSight said it discovered that Russian hackers have been conducting cyber espionage campaigns using the flaw, which is apparently present in every supported version of Windows. The New York Times carried a story today about the extent of the attacks against this flaw.

In its advisory on the zero-day vulnerability, Microsoft said the bug could allow remote code execution if a user opens a specially crafted malicious Microsoft Office document. According to iSight, the flaw was used in targeted email attacks that targeted NATO, Ukrainian and Western government organizations, and firms in the energy sector.

More than half of the other vulnerabilities fixed in this month’s patch batch address flaws in Internet Explorer. Additional details about the individual Microsoft patches released today is available at this link.

brokenflash-aSeparately, Adobe issued its usual round of updates for its Flash Player and AIR products. The patches plug at least three distinct security holes in these products. Adobe says it’s not aware of any active attacks against these vulnerabilities. Updates are available for Windows, Mac and Linux versions of Flash.

Adobe says users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189. To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v. 15.0.0.152 (with no outstanding updates available, and no word yet from Chrome about when the fix might be available).

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed, you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 15.0.0.293 for Windows, Mac, and Android.

Finally, Oracle is releasing an update for its Java software today that corrects more than two-dozen security flaws in the software. Oracle says 22 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Java SE 8 updates are available here; the latest version of Java SE 7 is here.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates are available from Java.com or via the Java Control Panel. I don’t have an installation of Java handy on the machine I’m using to compose this post, but keep in mind that updating via the control panel may auto-select the installation of third-party software, so de-select that if you don’t want the added crapware.

javamessOtherwise, seriously consider removing Java altogether. I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

For Java power users — or for those who are having trouble upgrading or removing a stubborn older version — I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft .NET Framework, which also received updates today from Microsoft).

SANS Internet Storm Center, InfoCON: green: Adobe October 2014 Bulletins for Flash Player and Coldfusion, (Tue, Oct 14th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Adobe published two security bulletins today:

APSB-22[1] : fixes 3 vulnerabilities in Adobe Flash Player as well as in Adobe Air. The vulnerabilities are rated with a priority of 1 for Flash Playerrunning onWindows and OS X , which means they have already been exploited in targeted attacks.

APSB-23 [2] : another 3 vulnerabilities, but this time in Cold Fusion. The priority for these updates is 2which indicates that they have not yet been exploited in the wild.

[1]http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
[2]http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html


Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Raspberry Pi: Goblin detector and Jam review – a guest post from 8-year-old Annabel

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

Liz: Annabel Oakley is eight years old. That makes her our youngest ever guest blogger! Here’s her account of a day out at a the PyCon UK Raspberry Jam in September at Coventry University, and the goblin-scaring project she made with her Raspberry Pi. Thanks very much, Annabel – and thanks also to Dad, who helped out with the Goblin Detector and drove the car!

Annabel wanted a project to show at the  computer conference. She decided to make a Goblin Detector which would sound a buzzer and flash a light, when her brother or sister went in her bedroom.

goblins

Annabel used a Raspberry Pi computer and a motion sensor.

Annabel and goblin detector
Her dad showed her what to do, and Annabel wired it up and wrote the program to control it.

goblin detector
The program was written in a computer language called Python. The Goblin Detector has a motion sensor in a margarine tub. It connects to the Raspberry Pi using three wires.

wiring

The Raspberry Pi has an add-on called Pibrella which gives it three lights, a buzzer and a button. It waits 5 seconds to let you get out of
the room, then it waits for movement. When it sees movement, it sounds a buzzer. You can press the button to stop the buzzer, and it will wait for movement again.

Pibrella
The motion sensor is very cheap, only £3, and can be found in light switches which turn off automatically. It has three wires:

• Positive
• Signal
• Negative

The program waits for a high current on the Signal wire, which means it has seen some movement. You can find out how to make and
program one yourself on Annabel’s dad’s website.

Then Annabel and her dad set off for the computer conference. The ticket was only £5 for children!

Annabel, book
When Annabel got there, she got given a goody bag which included a brand new Raspberry Pi, a book and other goodies!

Annabel wrote a program to put the words “Hello World” on the screen in Minecraft.

programming

Some teachers were also at the conference. The teachers were learning how children used computers.

programming
There were also some computer programmers helping the children and
teachers. The grown-ups were not allowed to touch the keyboards. The children had to do everything themselves! There were lots of grown-up computer programmers around to help out, and some of the children were already experts.

Lots of people were interested in Annabel’s Goblin Detector.

kids
We let the children take it apart and program it for themselves. It was easy to put it back together.

Most of the children at the computer conference were girls. There was a whole pack of Brownies!

girls

Annabel also saw some robots which  could be programmed to dance.

robot
Annabel made a friend called Sam and they wrote a program to take lots of photos, and then turn those photos into an animated video.

sam and annabel
There were some famous programmers helping out, such as Carrie Ann Philbin and Ben Nuttall, who work for the Raspberry Pi charity.

Miss Philbin, famous programmer
Sam and Annabel had to show off their animation to everyone else.

demo

You can watch their 8-second animation here.

Server Fault Blog: Welcome Greg Bray, Server Fault Valued Associate #0000008!

This post was syndicated from: Server Fault Blog and was written by: Shane Madden. Original post: at Server Fault Blog

Greg Bray Arches SquareThe Site Reliability Engineering team at Stack Exchange has a new addition – Greg Bray!

Greg joins us as our new Windows-focused generalist (in case you missed it, our friend Steven Murawski moved on recently), though he’s happy to work on whatever technology we throw at him. He’s a software developer turned sysadmin, and he’ll be assisting us in our quest to automate our infrastructure until it achieves sentience.

Greg is a participant on a number of the sites in the Stack Exchange network (since the early days in 2008!), a University of Utah Computer Engineering graduate (where he worked on a FPGA-based tester for NAND flash storage [pdf link]), and an occasional blogger. He has a knack for finding obscure bugs.

Greg lives in Salt Lake City with his wife and 4 year old cat named Kitty, and he’ll be working remotely from there. When he’s not working with technology, he enjoys biking, camping, and golfing.

Join me in welcoming Greg to our team!

Errata Security: Wget off the leash

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

As we all know, to grab a website with wget, we’ll use the “-r” option to “recurse” through all the links. There is also the ‘-H’ option, means that wget won’t restrict itself to just one host. In other words, with ‘-r -H’ together, it’ll try to spider the entire Internet. So I did that to see what would happen.

Well, for a 32-bit bit process, what happened is that after more than a month, it ran out of memory. It maintained an ever growing list of URLs that it has to visit, which can easily run in the millions. At a hundred bytes per URL and 2-gigabytes of virtual memory, it’ll run out of memory after 20 million URLs — far short of the billions on the net. That’s what you see below, where ‘wget’ has crashed exhausting memory. Below that I show the command I used to launch the process, starting at cnn.com as the seed with a max timeout of 5 seconds.

How much data did I download from the Internet? According to ‘du’, the answer is 18-gigabytes, as seen in the following screenshot:

It reached 79425 individual domains, far short of the millions it held in memory. I don’t know how many files it grabbed — there’s so many that it takes hours to traverse the entire directory tree.

What sorts of domains did it visit? As you can see in the screenshot, all sorts of stuff, like “www.theemporiumbarber.com.au” or “hairymenofcolor.tumblr.com”. How all this stuff is reached via “cnn.com”, I just don’t know.

Note that the point of this experiment wasn’t to actually spider the net; there are far better tools for that. Also, there is a nice project on Amazon AWS called the “Common Crawl Corpus” where they crawl the Internet for you (billions of links) and then let you process it with your own EC2 instance.

Instead, the point is what hackers always do. In this case, it’s answering the question “I wonder what -H does”. I mean, I know what it does, but I still wonder what happens. Now I’ve got a nice 18G of random stuff from the Internet that is what happens.

You can get better, more rigorous data sets (like the Common Crawl stuff), but if you want a copy of this data set, hit me up at the next hacker/security con. I’ll probably have it on a USB 3.0 flash drive (srsly, my flash drives are now 64gigabyte in size — for the small ones). It’ll be good for various testing projects, like building parsers for things like JPEGs or PDFs.

Schneier on Security: <i>Data and Goliath</I> Is Finished

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World is finished. I submitted it to my publisher, Norton, this morning. In a few weeks, I’ll get the copyedited manuscript back, and a few weeks after that, it’ll go into production. Stacks of printed books will come out the other end in February, and the book will be published on March 9. There’s already an Amazon page, but it’s still pretty preliminary. And I expect the price to go down.

Books are both a meandering and clarifying process for me, and I figure out what I’m writing about as I write about it. Data and Goliath started out being about security and power in cyberspace, and ended up being about digital surveillance and what to do about it.

This is the table of contents:

Part 1: The World We’re Creating

Chapter 1: Data as a By-Product of Computing
Chapter 2: Data as Surveillance
Chapter 3: Analyzing our Data
Chapter 4: The Business of Surveillance
Chapter 5: Government Surveillance and Control
Chapter 6: Consolidation of Institutional Surveillance

Part 2: What’s at Stake

Chapter 7: Political Liberty and Justice
Chapter 8: Commercial Fairness and Equality
Chapter 9: Business Competitiveness
Chapter 10: Privacy
Chapter 11: Security

Part 3: What to Do About It

Chapter 12: Principles
Chapter 13: Solutions for Government
Chapter 14: Solutions for Corporations
Chapter 15: Solutions for the Rest of Us
Chapter 16: Social Norms and the Big Data Trade-off

Fundamentally, the issues surrounding mass surveillance are tensions group interest vs. self-interest, a topic I covered in depth in Liars and Outliers. We’re promised great benefits if we allow all of our data to be collected in one place; at the same time, it can be incredibly personal. I see this tension playing out in many areas: location data, social graphs, medical data, search histories. Figuring out the proper balances between group and self-interests, and ensuring that those balances are maintained, is the fundamental issue of the information age. It’s how we are going to be judged by our descendents fifty years from now.

Anyway, the book is done and at the publisher. I’m happy with it; the manuscript is so tight you can bounce a quarter off of it. This is a complicated topic, and I think I distilled it down into 80,000 words that are both understandable by the lay reader and interesting to the policy wonk or technical geek. It’s also an important topic, and I hope the book becomes a flash point for discussion and debate.

But that’s not for another five months. You might think that’s a long time, but in publishing that’s incredibly fast. I convinced Norton to go with this schedule by stressing that the book becomes less timely every second it’s not published. (An exaggeration, I know, but they bought it.) Now I just hope that nothing major happens between now and then to render the book obsolete.

For now, I want to get back to writing shorter pieces. Writing a book can be all-consuming, and I generally don’t have time for anything else. Look at my essays. Last year, I wrote 59 essays. This year so far: 17. That’s an effect of writing the book. Now that it’s done, expect more essays on news websites and longer posts on this blog. It’ll be good to be thinking about something else for a change.

If anyone works for a publication, and wants to write a review, conduct an interview, publish an excerpt, or otherwise help me get the word out about the book, please e-mail me and I will pass you on to Norton’s publicity department. I think this book has a real chance of breaking out of my normal security market.

Krebs on Security: Critical Fixes for Adobe, Microsoft Software

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework. If you use any of these, it’s time to update!

winiconMost of the flaws Microsoft fixed today (37 of them) are in addressed in an Internet Explorer update — the only patch this month to earn Microsoft’s most-dire “critical” label. A critical update wins that rating if the vulnerabilities fixed in the update could be exploited with little to no action on the part of users, save for perhaps visiting a hacked or malicious Web site with IE.

I’ve experienced troubles installing Patch Tuesday packages along with .NET updates, so I make every effort to update .NET separately. To avoid any complications, I would recommend that Windows users install all other available recommended patches except for the .NET bundle; after installing those updates, restart Windows and then install any pending .NET fixes). Your mileage may vary.

For more information on the rest of the updates released today, see this post at the Microsoft Security Response Center Blog.

brokenflash-aAdobe’s critical update for Flash Player fixes at least 12 security holes in the program. Adobe is urging Windows and Macintosh update to Adobe Flash Player v. 15.0.0.152 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted. If you’d rather not be bothered with downloaders and software “extras” like antivirus scanners, you’re probably best off getting the appropriate update for your operating system from this link.

To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed (required by some programs like Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 15 for Windows, Mac, and Android.

Adobe had also been scheduled to release updates today for Adobe Reader and Acrobat, but the company said it was pushing that release date back to Sept. 15 to address some issues that popped up during testing of the patches.

As always, if you experience any issues updating these products, please leave a note about your troubles in the comments below.

Linux How-Tos and Linux Tutorials: How to Control a 3 Wheel Robot from a Tablet With BeagleBone Black

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Ben Martin. Original post: at Linux How-Tos and Linux Tutorials

terrytee pantiltGive the BeagleBone Black its own wheels, completely untether any cables from the whole thing and control the robot from a tablet.

The 3 Wheel Robot kit includes all the structural material required to create a robot base. To the robot base you have to add two gearmotors, batteries, and some way to control it. Leaving the motors out of the 3 wheel kit allows you to choose the motor with a torque and RPM suitable for your application.

In this article we’ll use the Web server on the BeagleBone Black and some Bonescript to allow simple robot control from any tablet. No ‘apps’ required. Bonescript is a nodejs environment which comes with the BeagleBone Black.

Shown in the image at left is the 3 wheel robot base with an added pan and tilt mechanism. All items above the long black line and all batteries, electronics, cabling, and the two gearmotors were additions to the base. Once you can control the base using the BeagleBone Black, adding other hardware is relatively easy.

This article uses two 45 rpm Precision Gear Motors. The wheels are 6 inches in diameter so the robot will be speed-limited to about 86 feet per minute (26 meter/min). These motors can run from 6-12 volts and draw a maximum stall current draw of 1 amp. The large stall current draw will happen when the motor is trying to turn but is unable to. For example, if the robot has run into a wall and the tires do not slip. It is a good idea to detect cases that draw stall current and turn off power to avoid overheating and/or damaging the motor.

In this Linux.com series on the BeagleBone Black we have also seen how to use the Linux interface allowing us to access chips over SPI and receive interrupts when the voltage on a pin changes, and how to drive servo motors.

Constructing the 3 Wheel Robot

3 wheel robot kit parts

The parts for the 3 Wheel Robot kit are shown above (with the two gearmotors in addition to the raw kit). You can assemble the robot base in any order you choose. A fair number of the parts are used, together with whichever motors you selected, to mount the two powered front wheels. The two pieces of channel are connected using the hub spacer and the swivel hub is used to connect the shorter piece of channel at an angle at the rear of the robot. I’m assuming the two driving wheels are at the ‘front’. I started construction at the two drive wheels as that used up a hub adapter, screw hub, and two motor mount pieces. Taking those parts out of the mix left less clutter for the subsequent choice of pieces.terry in construction

Powering Everything

In a past article I covered how the BeagleBone Black wanted about 2.5 into the low 3 Watts of power to operate. The power requirements for the BeagleBone Black can be met in many ways. I chose to use a single 3.7-Volt 18650 lithium battery and a 5 V step up board. The BeagleBone Black has a power jack expecting 5 V. At a high CPU load the BeagleBone Black could take up to 3.5 W of power. So the battery and step up converter have to be comfortable supplying a 5V/700mA power supply. The battery is rated at about 3 amp-hours so the BeagleBone Black should be able to run for hours on a single charge.

The gearmotors for the wheels can operate on 6 to 12 V. I used a second battery source for the motors so that they wouldn’t interfere with the power of the BeagleBone Black. For the motors I used a block if 8 NiMH rechargeable AA batteries. This only offered around 9.5 V so the gearmotors would not achieve their maximum performance but it was a cheap supply to get going. I have manually avoided stalling either motor in testing so as not to attempt to draw too much power from the AA batteries. Some stall protection to cut power to the gearmotors and protect the batteries should be used or a more expensive motor battery source. For example, monitoring current and turning off the motors if they attempt to draw too much.

The motor power supply was connected to the H-bridge board. Making the ground terminal on the H-bridge a convenient location for a common ground connection to the BeagleBone Black.

Communicating without Wires

The BeagleBone Black does not have on-board wifi. One way to allow easy communication with the BeagleBone Black is to flash a TP-Link WR-703N with openWRT and use that to provide a wifi access point for access to the BeagleBone Black. The WR-703N is mounted to the robot base and is connected to the ethernet port of the BeagleBone Black. The tablets and laptops can then connect to the access point offered by the onboard WR-703N.

I found it convenient to setup the WR-703N to be a DHCP server and to assign the same IP address to the BeagleBone Black as it would have obtained when connected to my wired network. This way the tablet can communicate with the robot both in a wired prototyping setup and when the robot is untethered.

Controlling Gearmotors from the BeagleBone Black

Unlike the servo motors discussed in the previous article, gearmotors do not have the same Pulse Width Modulation (PWM) control line to set at an angle to rotate to. There is only power and ground to connect. If you connect the gearmotor directly to a 12 V power source it will spin up to turn as fast as it can. To turn the gearmotor a little bit slower, say at 70 percent of its maximum speed, you need to supply power only 70 percent of the time. So we are wanting to perform PWM on the power supply wire to the gearmotor. Unlike the PWM used to control the servo we do not have any fixed 20 millisecond time slots forced on us. We can divide up time any way we want, for example running full power for 0.7 seconds then no power for 0.3 s. Though a shorter time slice than 1 s will produce a smoother motion.

An H-Bridge chip is useful to be able to switch a high voltage, high current wire on and off from a 3.3 V wire connected to the BeagleBone Black. A single H-Bridge will let you control one gearmotor. Some chips like the L298 contain two H-Bridges. This is because two H-Bridges are useful if you want to control some stepper motors. A board containing an L298, heatsink and connection terminals can be had for as little as $5 from a China based shop, up to more than $30 for a fully populated configuration made in Canada that includes resistors to allow you to monitor the current being drawn by each motor.

The L298 has two pins to control the configuration of the H-Bridge and an enable pin. With the two control pins you can configure the H-Bridge to flow power through the motor in either direction. So you can turn the motor forwards and backwards depending on which of the two control pins is set high. When the enable pin is high then power flows from the motor batteries through the motor in the direction that the H-Bridge is configured for. The enable pin is where to use PWM in order to turn the motors at a rate slower than their top speed.

The two control lines and the enable line allow you to control one H-Bridge and thus one gearmotor. The L298 has a second set of enable and control lines so you can control a second gearmotor. Other than those lines the BeagleBone Black has to connect ground and 3.3 V to the H-Bridge.

When I first tried to run the robot in a straight line I found that it gradually turned left. After some experimenting I found that at full power the left motor was rotating at a slightly slower RPM relative to the right one. I’m not sure where this difference was being introduced but having found it early in the testing the software was designed to allow such callibration to be performed behind the scenes. You select 100 percent speed straight ahead and the software runs the right motor at only 97 percent power (or whatever callibration adjustment is currently applied).

To allow simple control of the two motors I used two concepts: the speed (0-100) and heading (0-100). A heading of 50 means that the robot should progress straight ahead. This mimics a car interface where steering (heading) and velocity are adjusted and the robot takes care of the details.

I have made the full source code available on github. Note the branch linux.com-article which is frozen in time at the point of the article. The master branch contains some new goodies and a few changes to the code structure, too.

The Server

Because the robot base was “T” shaped, over time it was referred to as TerryTee. The TerryTee nodejs class uses bonescript to control the PWM for the two gearmotors.

The constructor takes the pin identifier to use for the left and right motor PWM signals and a reduction to apply to each motor, with 1.0 being no reduction and 0.95 being to run the motor at only 95 percent the specified speed. The reduction is there so you can compensate if one motor runs slightly slower than the other.

function TerryTee( leftPWMpin, rightPWMpin, leftReduction, rightReduction )
{
    TerryTee.running = 1;
    TerryTee.leftPWMpin = leftPWMpin;
    TerryTee.rightPWMpin = rightPWMpin;
    TerryTee.leftReduction = leftReduction;
    TerryTee.rightReduction = rightReduction;
    TerryTee.speed = 0;
    TerryTee.heading = 50;
}

The setPWM() method shown below is the lowest level one in TerryTee, and other methods use it to change the speed of each motor. The PWMpin selects which motor to control and the ‘perc’ is the percentage of time that motor should be powered. I also made perc able to be from 0-100 as well as from 0.0 – 1.0 so the web interface could deal in whole numbers.

When an emergency stop is active, running is false so setPWM will not change the current signal. The setPWM also applies the motor strength callibration automatically so higher level code doesn’t need to be concerned with that. As the analogWrite() Bonescript call uses the underlying PWM hardware to output the signal, the PWM does not need to be constantly refreshed from software, once you set 70 percent then the robot motor will continue to try to rotate at that speed until you tell it otherwise.

TerryTee.prototype.setPWM = function (PWMpin,perc) 
{
    if( !TerryTee.running )
	return;
    if( PWMpin == TerryTee.leftPWMpin ) {
	perc *= TerryTee.leftReduction;
    } else {
	perc *= TerryTee.rightReduction;
    }
    if( perc >  1 )   
	perc /= 100;
    console.log("awrite PWMpin:" + PWMpin + " perc:" + perc  );
    b.analogWrite( PWMpin, perc, 2000 );
};

The setSpeed() call takes the current heading into consideration and updates the PWM signal for each wheel to reflect the heading and speed you have currently set.

TerryTee.prototype.setSpeed = function ( v ) 
{
    if( !TerryTee.running )
	return;
    if( v < 40 )
    {
	TerryTee.speed = 0;
	this.setPWM( TerryTee.leftPWMpin,  0 );
	this.setPWM( TerryTee.rightPWMpin, 0 );
	return;
    }
    var leftv  = v;
    var rightv = v;
    var heading = TerryTee.heading;
    
    if( heading > 50 )
    {
	if( heading >= 95 )
	    leftv = 0;
	else
	    leftv *= 1 - (heading-50)/50;
    }
    if( heading < 50 )
    {
	if( heading <= 5 )
	    rightv = 0;
	else
	    rightv *= 1 - (50-heading)/50;
    }
    console.log("setSpeed v:" + v + " leftv:" + leftv + " rightv:" + rightv );
    this.setPWM( TerryTee.leftPWMpin,  leftv );
    this.setPWM( TerryTee.rightPWMpin, rightv );
    TerryTee.speed = v;
};

The server itself creates a TerryTee object and then offers a Web socket to control that Terry. The ‘stop’ message is intended as an emergency stop which forces Terry to stop moving and ignore input for a period of time so that you can get to it and disable the power in case something has gone wrong.

var terry = new TerryTee('P8_46', 'P8_45', 1.0, 0.97 );
terry.setSpeed( 0 );
terry.setHeading( 50 );
b.pinMode     ('P8_37', b.OUTPUT);
b.pinMode     ('P8_38', b.OUTPUT);
b.pinMode     ('P8_39', b.OUTPUT);
b.pinMode     ('P8_40', b.OUTPUT);
b.digitalWrite('P8_37', b.HIGH);
b.digitalWrite('P8_38', b.HIGH);
b.digitalWrite('P8_39', b.LOW);
b.digitalWrite('P8_40', b.LOW);
io.sockets.on('connection', function (socket) {
  ...
  socket.on('stop', function (v) {
      terry.setSpeed( 0 );
      terry.setHeading( 0 );
      terry.forceStop();
  });
  socket.on('speed', function (v) {
      console.log('set speed to ', v );
      console.log('set speed to ', v.value );
      if( typeof v.value === 'undefined')
	  return;
      terry.setSpeed( v.value );
  });
  ...

The code on github is likely to evolve over time to move the various fixed cutoff numbers to be configurable and allow Terry to be reversed from the tablet.

The Client (Web page)

To quickly create a Web interface I used Bootstrap and jQuery. If the interface became more advanced then perhaps something like AngularJS would be a better fit. To control the speed and heading with an easy touch interface I also used the bootstrap-slider project.BeagleBone robot web interface

<div class="inner cover">
  <div class="row">
    <div class="col-md-1"><p class="lead">Speed</p></div>
    <div class="col-md-8"><input id="speed" data-slider-id='speedSlider' 
                    type="text" data-slider-min="0" data-slider-max="100" 
                    data-slider-step="1" data-slider-value="0"/></div>
  </div>
  <div class="row">
    <div class="col-md-1"><p class="lead">Heading</p></div>
    <div class="col-md-8"><input id="heading" data-slider-id='headingSlider' 
                    type="text" data-slider-min="0" data-slider-max="100" 
                    data-slider-step="1" data-slider-value="50"/></div>
  </div>
</div>
<div class="inner cover">
    <div class="btn-group">
	<button id="rotateleft" type="button" class="btn btn-default btn-lg" >
	  <span class="glyphicon glyphicon-hand-left"></span>&nbsp;Rot&nbsp;Left</button>
	<button id="straightahead" type="button" class="btn btn-default btn-lg" >
	  <span class="glyphicon glyphicon-arrow-up"></span>&nbsp;Straight&nbsp;ahead</button>
	<button id="rotateright" type="button" class="btn btn-default btn-lg" >
	  <span class="glyphicon glyphicon-hand-right"></span>&nbsp;Rot&nbsp;Right</button>
    </div>
</div>

With those UI elements the hook up to the server is completed using io.connect() to connect a ‘var socket’ back to the BeagleBone Black. The below code sends commands back to the BeagleBone Black as UI elements are adjusted on the page. The rotateleft command is simulated by setting the heading and speed for a few seconds and then stopping everything.

$("#speed").on('slide', function(slideEvt) {
    socket.emit('speed', {
        value: slideEvt.value[0],
        '/end': 'of-message'
    });
});
...
$('#straightahead').on('click', function (e) {
     $('#heading').data('slider').setValue(50);
})
$('#rotateleft').on('click', function (e) {
     $('#heading').data('slider').setValue(0);
     $('#speed').data('slider').setValue(70);
     setTimeout(function() {
        $('#speed').data('slider').setValue(0);
        $('#heading').data('slider').setValue(50);
     }, 2000);
})

The BeagleBone Black runs a Web server offering files from /usr/share/bone101. I found it convenient to put the whole project in /home/xuser/webapps/terry-tee and create a softlink to the project at /usr/share/bone101/terry-tee. This way http://mybeagleip/terry-tee/index.html will load the Web interface on a tablet. Cloud9 will automatically start any Bonescript files contained in /var/lib/cloud9/autorun. So two links setup Cloud9 to both serve the client and automatically start the server Bonescript for you:

root@beaglebone:/var/lib/cloud9/autorun# ls -l
lrwxrwxrwx 1 root root 39 Apr 23 07:02 terry.js -> /home/xuser/webapps/terry-tee/server.js
root@beaglebone:/var/lib/cloud9/autorun# cd /usr/share/bone101/
root@beaglebone:/usr/share/bone101# ls -l terry-tee
lrwxrwxrwx 1 root root 29 Apr 17 05:48 terry-tee -> /home/xuser/webapps/terry-tee

Wrap up

I originally tried to use the GPIO pins P8_41 to 44. I found that if I had wires connected to those ports the BeagleBone Black would not start. I could remove and reapply the wires after startup and things would function as expected. On the other hand, leaving 41-44 unconnected and using 37-40 instead the BeagleBone Black would boot up fine. If you have a problem starting your BeagleBone Black you might be accidentally using a connector that has a reserved function during startup.

While the configuration shown in this article allows control of only the movement of the robot base the same code could easily be extended to control other aspects of the robot you are building. For example, to control an arm attached and be able to move things around from your tablet.

Using a BeagleBone Black to control the robot base gives the robot plenty of CPU performance. This opens the door to using a mounted camera with OpenCV to implement object tracking. For example, the robot can move itself around in order to keep facing you. While the configuration in this article used wifi to connect with the robot, another interesting possibility is to use 3G to connect to a robot that isn’t physically nearby.

The BeagleBone Black can create a great Web-controlled robot and the 3 wheel robot base together with some gearmotors should get you moving fairly easily. Though once you have the base moving around you may find it difficult to resist giving your robot more capabilities!

We would like to thank ServoCity for supplying the 3 wheel robot base, gearmotors, gearbox and servo used in this article.

Krebs on Security: Adobe, Microsoft Push Critical Security Fixes

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Adobe and Microsoft today each independently released security updates to fix critical problems with their products. Adobe issued patches for Adobe Reader/Acrobat, Flash Player and AIR, while Microsoft pushed nine security updates to address at least 37 security holes in Windows and related software.

Microsoft's recommended patch deployment priority for enterprises, Aug. 2014.

Microsoft’s recommended patch deployment priority for enterprises, Aug. 2014.

Two of the seven update bundles Microsoft released today earned the company’s most-dire “critical” label, meaning the vulnerabilities fixed in the updates can be exploited by bad guys or malware without any help from users. A critical update for Internet Explorer accounts for the bulk of flaws addressed this month, including one that was actively being exploited by attackers prior to today, and another that was already publicly disclosed, according to Microsoft.

Other Microsoft products fixed in today’s release include Windows Media Center, One Note, SQL Server and SharePoint. Check out the Technet roundup here and the Microsoft Bulletin Summary Web page at this link.

There are a couple other important changes from Microsoft this month: The company announced that it will soon begin blocking out-of-date ActiveX controls for Internet Explorer users, and that it will support only the most recent versions of the .NET Framework and IE for each supported operating system (.NET is a programming platform required by a great many third-party Windows applications and is therefore broadly installed).

These changes are both worth mentioning because this month’s patch batch also includes Flash fixes (an ActiveX plugin on IE) and another .NET update. I’ve had difficulties installing large Patch Tuesday packages along with .NET updates, so I try to update them separately. To avoid any complications, I would recommend that Windows users install all other available recommended patches except for the .NET bundle; after installing those updates, restart Windows and then install any pending .NET fixes).

Finally, I should note that Microsoft released a major new version (version 5) of its Enhanced Mitigation Experience Toolkit (EMET), a set of tools designed to protect Windows systems even before new and undiscovered threats against the operating system and third-party software are formally addressed by security updates and antimalware software. I’ll have more on EMET 5.0 in an upcoming blog post (my review of EMET 4 is here) but this is a great tool that can definitely help harden Windows systems from attacks. If you already have EMET installed, you’ll want to remove the previous version and reboot before upgrading to 5.0.

ADOBE

Adobe’s critical update for Flash Player fixes at least seven security holes in the program. Which version of Flash you should have on your system in order to get the protection from these latest fixes depends on which operating system and which browser you use, so consult the (admittedly complex) chart below for your appropriate version number.

brokenflash-aTo see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v. 14.0.0.145 (with no outstanding updates available, and no word yet from Chrome about when the fix might be available).

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed (required by some programs like Tweetdeck and Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 14.0.0.137 for Windows, Mac, and Android.

adobeFlash-AirAug2014

Adobe said it is not aware of any exploits in the wild that target any of the issues addressed in this month’s Flash update. However, the company says there are signs that attackers are are already targeting the lone bug fixed in an update released today for Windows versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat for Apple’s OS X are not affected).

reader-acrobat-aug2014

Experience technical issues during or after applying any of these updates, or with the instructions above? Please feel free to sound off in the comments below.

SANS Internet Storm Center, InfoCON: green: Adobe updates for 2014/08, (Tue, Aug 12th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Adobe has released security updates for Adobe Flash Player, Adobe AIR, Adobe Reader, and Acrobat. The updates are rated as critical and an impressive number of CVE entries.  CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2014-0546. Summary: update now. 

http://helpx.adobe.com/security/products/flash-player/apsb14-18.html

http://helpx.adobe.com/security/products/reader/apsb14-19.html

Cheers,

Adrien de Beaupré

Intru-shun.ca Inc.

My SANS Teaching Schedule

 

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Linux How-Tos and Linux Tutorials: How to Fix a Mangled Partition Table on Linux

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Carla Schroder. Original post: at Linux How-Tos and Linux Tutorials

fig-1 boot failureWell there I was, rebuilding a router and having a good time when I accidentally damaged the partition table on my main Linux installation, which is a GUID partition table, or GPT. Figure 1 (above) shows the cheery message that greeted me at boot.

How did this happen? I was installing Voyage Linux on a compact flash card, and while I was messing around with GParted and other filesystem tools I accidentally ran some commands on/dev/sdb, my main hard disk, instead of /dev/sdc, the compact flash card. Like, oops. I don’t know exactly which operations gummed up /dev/sdb, which would be good to know. But I don’t, so let us carry on.

“Press any key to exit” landed at a blinking cursor on a black screen. Fortunately, I always foil the desires of certain distros that disable ctrl+alt+delete, or make it behave like Windows and open a services manager. I make sure that it is enabled and that it reboots the system. I booted into a different Linux installation and pondered how to make repairs. When your partition table is damaged to the point that your Linux will not boot, you have to fix it from the outside of the damaged system via bootable rescue media, or another Linux in a multi-boot installation. SystemRescueCD on a USB stick is my fave. Any *buntu live system also makes a great rescue distro, especially on a USB stick with persistent storage, because then it remembers your settings, you can install apps, and store documents.

There are no guarantees- you may be able to repair the problem, or you may have to reinstall your operating system. If the partition table is unrecoverable you may not be able to recover your data. So, as always, your first and best line of defense is good backups.

TestDisk

A good tool for repairing partition tables and recovering files is TestDisk. TestDisk operates on both the legacy MBR and the newfangled GPT (see Using the New GUID Partition Table in Linux (Goodbye Ancient MBR)) . TestDisk is in most Linux repos, and on SystemRescueCD. Start it up as root:

$ sudo testdisk
TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER grenier@cgsecurity.org;
http://www.cgsecurity.org
TestDisk is free data recovery software designed to help recover lost
partitions and/or make non-booting disks bootable again when these symptoms
are caused by faulty software, certain types of viruses or human error.
It can also be used to repair some filesystem errors.
Information gathered during TestDisk use can be recorded for later
review. If you choose to create the text file, testdisk.log , it
will contain TestDisk options, technical information and various
outputs; including any folder/file names TestDisk was used to find and
list onscreen.
Use arrow keys to select, then press Enter key:
>[ Create ] Create a new log file
 [ Append ] Append information to log file
 [ No Log ] Don't record anything

Select “create a new log file”. In the next screen select the disk you want to repair.



Select a media (use Arrow keys, then press Enter):
 Disk /dev/sda - 2000 GB / 1863 GiB - ST2000DM001-1CH164
>Disk /dev/sdb - 640 GB / 596 GiB - WDC WD6401AALS-00J7B1
 Disk /dev/sdc - 32 GB / 29 GiB - SanDisk CF  Extreme USB2
 Disk /dev/sr0 - 366 MB / 349 MiB (RO) - ATAPI   iHAS424   B
 
>[Proceed ]  [  Quit  ]
 

This example shows two hard drives, a compact flash drive, and an audio CD. /dev/sdb is the broken one. In the next screen we select the partition type:

Disk /dev/sdb - 640 GB / 596 GiB - WDC WD6401AALS-00J7B1
Please select the partition table type, press Enter when done.
 [Intel  ] Intel/PC partition
>[EFI GPT] EFI GPT partition map (Mac i386, some x86_64...)
 [Humax  ] Humax partition table
 [Mac    ] Apple partition map
 [None   ] Non partitioned media
 [Sun    ] Sun Solaris partition
 [XBox   ] XBox partition
 [Return ] Return to disk selection
Hint: EFI GPT partition table type has been detected.

In the next screen, select Analyse:

Disk /dev/sdb - 640 GB / 596 GiB - WDC WD6401AALS-00J7B1
     CHS 77825 255 63 - sector size=512
>[ Analyse  ] Analyse current partition structure and search for lost partitions
 [ Advanced ] Filesystem Utils
 [ Geometry ] Change disk geometry
 [ Options  ] Modify options
 [ Quit     ] Return to disk selection

Hmm. This does not look good. Select Quick Search:

 TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER grenier@cgsecurity.org;
http://www.cgsecurity.org

Disk /dev/sdb - 640 GB / 596 GiB - CHS 77825 255 63 Current partition structure: Partition Start End Size in sectors Bad GPT partition, invalid signature. Trying alternate GPT Bad GPT partition, invalid signature. P=Primary D=Deleted >[Quick Search] Try to locate partition

This can take a little time, so be patient. And hopefully TestDisk will find your partitions:

TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER grenier@cgsecurity.org;
http://www.cgsecurity.org

Disk /dev/sdb - 640 GB / 596 GiB - CHS 77825 255 63 Partition Start End Size in sectors > MS Data 63 89470974 89470912 MS Data 80078846 265625597 185546752 [xubunthome] P MS Data 265625600 1250263039 984637440 [data-xubuntu] Structure: Ok. Use Up/Down Arrow keys to select partition. Use Left/Right Arrow keys to CHANGE partition characteristics: P=Primary D=Deleted Keys A: add partition, L: load backup, T: change type, P: list files, Enter: to continue ext4 blocksize=4096 Large file Sparse superblock, 45 GB / 42 GiB

Hurrah, this is looking hopeful. If it doesn’t find your swap partition, or gives you a message that it won’t restore it, don’t worry about it because a swap partition doesn’t hold data and you can easily restore it later. At this point you have the option to select a partition and press P to see your files, and copy them to another storage medium like a different hard drive or a USB stick. Don’t copy them back to the same device, because if your recovery fails your copied files go with it. It did a funny thing on my system: no matter which directory I chose to copy files into, they all went into /home/carla/carla. I couldn’t find out if this is the correct behavior, but I got my files back.

When TestDisk finds a partition that it can restore, it is marked in the left column with a P, and highlighted in green. In the above example that is only the third partition. Press the return key, and then you can try writing the partition to disk, or doing a deeper search for more recoverable partitions. The deeper search can take a long time, even several hours on a big hard disk.

TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER grenier@cgsecurity.org;
http://www.cgsecurity.org

Disk /dev/sdb - 640 GB / 596 GiB - CHS 77825 255 63 Partition Start End Size in sectors 1 * Linux 16534 109 24 77825 70 5 984637440 [data-xubuntu] [ Quit ] >[Deeper Search] [ Write ] Try to find more partitions

Then you can select writing the recovered partitions to disk:

TestDisk 6.14, Data Recovery Utility, July 2013
Christophe GRENIER grenier@cgsecurity.org;
http://www.cgsecurity.org
Write partition table, confirm ? (Y/N)
TestDisk 6.14, Data Recovery Utility, July 2013 Christophe GRENIER grenier@cgsecurity.org; http://www.cgsecurity.org You will have to reboot for the change to take effect. >[Ok]

Several things could happen: You could get a complete restoration with all of your partitions and files. You could get a partial recovery that you can mount from another system and retrieve your files. Or it could all go to that great bitbucket in the sky. Most likely you will get at least some of your files back even if you can’t restore your partition table, because stuff that is written to disk is amazingly persistent.

Please visit CGsecurity.org to learn more about TestDisk, and also PhotoRec, an excellent data recovery tool.

Krebs on Security: Wireless Live CD Alternative: ZeusGard

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

I’ve long recommended that small business owners and others concerned about malware-driven bank account takeovers consider adopting a “Live CD” solution, which is a free and relatively easy way of temporarily converting your Windows PC into a Linux operating system. The trouble with many of these Live CD solutions is that they require a CD player (something many laptops no longer have) — but more importantly – they don’t play well with wireless access. Today’s post looks at an alternative that addresses both of these issues.

Zeusgard, with wireless adapter, on a Macbook Air.

Zeusgard, with wireless adapter, on a Macbook Air.

As I noted in my 2012 column, “Banking on a Live CD,” the beauty of the “Live CD” approach is that it allows you to safely bank online from any machine — even from a system that is already riddled with malware. That’s because it lets you boot your existing PC into an entirely different (read: non-Windows) operating system. [Not sure why you should consider banking online from a non-Windows PC? Check out this series].

The device I’ll be looking at today is not free, nor is the the tiny dongle that enables its ability to be used on a wireless network. Nor is it an actual CD or anything more than a stripped-down Web browser. But it is one of the safest, most easy-to-use solutions I’ve seen yet.

The device, called ZeusGard, is a small, silver USB flash drive that boots into a usable browser within about 30 seconds after starting the machine. The non-writeable drive boots directly into the browser (on top of Debian Linux), and if your system is hard-wired to your router with an Ethernet connection, you should be good to go.

Nearly all Live CD solution have one glaring weakness: They typically are not usable over a wireless connection. The Live CD solution I most frequently recommend — which is based on a version of Puppy Linux — technically can work with wireless networks, but I found that setting it up is not at all intuitive, especially for people who’ve never used anything but Windows before.

zgbox My review copy of ZeusGard came with a tiny USB wireless Wi-Fi adapter, which makes jumping on a wireless network a complete breeze. When you boot up with both ZeusGard and the adapter plugged in, ZeusGard automatically searches for available wireless networks, and asks you to choose yours from a list of those in range.

Assuming access to your wireless network is secured with WPA/WPA2  (hopefully not the weaker WEP) , click the “properties” box next to your network, and enter your network’s encryption key (if you need to see the key in plain text while you’re typing, tick the box next to “key”). Hit “OK” and then the “Connect” button. Once you’re connected, click the down arrow at the top of the dialog box and select “Exit to Browser Session.”

This is the second generation of ZeusGard, and I’m looking forward to seeing the next iteration of the device. ZeusGard is produced by Bancsec, a consulting firm that advises financial institutions on ways to beef up security (think Sneakers). Bancsec CEO J.B. Snyder said the next version should include a streamlined wireless setup, and will offer users more options inside the browser session (in the version I tested, for example, ZeusGard automatically shuts down after 30 minutes of use).

At $24.95 for the basic ZeusGard and $14.95 for the wireless adapter, this device is likely to be more appealing to small businesses than the average Internet user. But if you need or want wireless capability in a USB-based “Live CD” solution, ZeusGard is one of few easy-to-use options currently available.

To get ZeusGard working on a Mac, hold the “Option” key while booting up, and select the volume labeled “Windows” (yes, I realize this is counter-intuitive, since the whole idea behind booting into a live CD is that you’re not in Windows).

zgmb

Getting ZeusGard (or any other live distribution, for that matter) working on a Windows PC may be a bit more involved. Rather than reinvent the wheel, I’ve excerpted and modified the following instructions from my Banking on a Live CD post.

We next need to make sure that the computer knows to look to the USB drive first for a bootable operating system before it checks the hard drive, otherwise ZeusGard will never be recognized by the computer (this only needs to be done once). When you start up your PC, take note of the text that flashes on the screen, and look for something that says “Press [some key] to enter setup” or “Press [some key] to enter startup.” Usually, the key you want will be F2 or the Delete or Escape (Esc) key.

A Windows BIOS screen. If you've done it right, the "removable dev" option should be listed as the 1st Boot Device.

A Windows BIOS screen. If you’ve done it right, the “removable dev” option should be listed as the 1st Boot Device.

When you figure out what key you need to press, press it repeatedly until the system BIOS screen is displayed. Your mouse probably will not work here, so you’ll need to rely on your keyboard. Look at the menu options at the top of the screen, and you should notice a menu named “Boot”. Hit the right arrow key until you’ve reached that screen listing your bootable devices, and then hit the Enter key What you want to do here is move the Removable Devices option to the top of the list (it may be listed as merely “Removable Dev”). Do this by selecting the down-arrow key until that option is highlighted, and then press the Shift and the “+” key on your keyboard until the Removable Devices option is at the top. Then hit the F10 key, and confirm “yes” when asked if you want to save changes and exit, and the computer should reboot.

Unless you know what you’re doing here, it’s important not to make any other changes in the BIOS settings. If you accidentally do make a change that you want to undo, hit F10, and select the option “Exit without saving changes.” The computer will reboot, and you can try this step again.

If you’ve done this step correctly, the computer should detect the USB drive as a bootable operating system, and boot into ZeusGard.

Krebs on Security: Beware Keyloggers at Hotel Business Centers

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

A DHS/Secret Service advisory dated July 10, 2014.

A DHS/Secret Service advisory dated July 10, 2014.

In a non-public advisory distributed to companies in the hospitality industry on July 10, the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) warned that a task force in Texas recently arrested suspects who have compromised computers within several major hotel business centers in the Dallas/Fort Worth areas.

“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” the advisory reads.

“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning continues. “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”

The advisory lists several basic recommendations for hotels to help secure public computers, such as limiting guest accounts to non-administrator accounts that do not have the ability to install or uninstall programs. This is a good all-purpose recommendation, but it won’t foil today’s keyloggers and malware — much of which will happily install on a regular user account just as easily as on an administrative one.

While there are a range of solutions designed to wipe a computer clean of any system changes after the completion of each user’s session (Steady State, Clean Slate, et. al), most such security approaches can be defeated if users also are allowed to insert CDs or USB-based Flash drives (and few hotel business centers would be in much demand without these features on their PCs).

Attackers with physical access to a system and the ability to reboot the computer can use CDs or USB drives to boot the machine straight into a stand-alone operating system like Linux that has the ability to add, delete or modify files on the underlying (Windows) hard drive. While some computers may have low-level “BIOS” settings that allow administrators to prevent users from booting another operating system from a USB drive or CD, not all computer support this option.

The truth is, if a skilled attacker has physical access to a system, it’s more or less game over for the security of that computer. But don’t take my word for it. This maxim is among the “10 Immutable Laws of Security” as laid out by none other than Microsoft‘s own TechNet blog, which lists law #3 as: “If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.”

The next hotel business center you visit may be completely locked down and secure, or it could be wide open and totally overrun with malware. The trouble is that there is no easy way for the average guest to know for sure. That’s why I routinely advise people not to use public computers for anything more than browsing the Web. If you’re on the road and need to print something from your email account, create a free, throwaway email address at yopmail.com or 10minutemail.com and use your mobile device to forward the email or file to that throwaway address, and then access the throwaway address from the public computer.

SANS Internet Storm Center, InfoCON: green: Apple pushes OS X update to block out of date Flash versions – http://support.apple.com/kb/HT5655, (Fri, Jul 11th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

=============== Rob VandenBrink Metafore

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: Adobe Says Piracy is Down, But Photoshop Still Rules Pirate Bay

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

There can be little doubt that Adobe products are a crowd pleaser among digital creatives. Designers love them, photographers and videographers do too, and Adobe’s Photoshop, Flash and Acrobat brands are recognized worldwide.

But while millions of people use Adobe’s premium products, not everyone pays for that privilege. Unauthorized Photoshop releases have been appearing on computers worldwide for 25 years and other Adobe products are regularly pirated close to their launch. Over time this has led Adobe to invest substantial sums of money on anti-piracy measures including DRM and even legal action. But there are other ways to deal with the problem.

In May last year and much to the disappoint of Adobe’s millions of pirate ‘customers’, the company announcemend that it would be changing the way it does business. Boxed products, a hangover from the last decade and earlier, would be phased out and replaced with a cloud-based subscription model.

On the one hand, many pirates heard the word “cloud” and associated that with a lack of local machine control, something that can cause issues when trying to run unlicensed software. Adobe, on the other hand, appeared to be looking at product development and the piracy problem from a different angle.

While attempts at hacking its cloud service would present another technical barrier to piracy, with its new offering the tech giant also looked towards making its product more affordable. A few dollars a month rather than $700 in one go was aimed at providing an economic reason for even the most budget-restricted not to pirate. But has the strategy worked?

According to new comments from Fabio Sambugaro, VP of Enterprise Latin America at Adobe, unauthorized use of the company’s products is definitely down since the cloud switch.

“Piracy has fallen,” Sambugaro says. “It’s hard to measure, but we’ve seen many companies seeking partnerships that in the past wouldn’t have done so.”

According to information released to investors last month, Adobe exited quarter two this year with 2,308,000 subscribers of its Creative Cloud service, an increase of 464,000 over the first quarter of 2014. The company attributed 53% of the company’s quarter two revenue to “recurring sources” such as its Creative and Marketing Cloud services.

So have the pirates given up on Adobe? In a word, no.

One only has to scour the indexes of the world’s most popular torrent sites to see that Photoshop, Photoshop Lightroom, Illustrator, Premiere, Indesign, After Effects and Acrobat Pro all take prominent places in the charts of most-popular torrents. No surprise then that on The Pirate Bay, Photoshop CS6 – the last version of Photoshop before the cloud switch – is king of the software downloads by a long way.

Also, and contrary to fears aired by pirates alongside Adobe’s original strategy change announcement, the cloud has not made it impossible to run unauthorized versions of Photoshop CC 2014, for example. Expected functional restrictions aside, torrent sites have plenty of working copies of Creative Cloud releases, but is this necessarily a bad thing?

There are those who believe that some level of piracy is useful as a try-before-you-buy option on a traditionally expensive product such as Photoshop. But what makes this notion even more interesting today is that Adobe’s switch to the cloud – and its much lower price point for entry – may see people investing a few dollars a month for increased functionality and a simple life, instead of one spent jumping through hoops with an inferior and oftentimes awkward product.

And Adobe knows it.

“I do not think people who pirate our software do it because they are bad people, or because they like to steal things. I just think that they decided that they can not afford it,” said Adobe’s David Wadhwani previously.

“And now, with the switch to subscriptions and with the ability to offer software at a cheaper price, we see that the situation is beginning to change and we’re excited.”

Richard Atkinson, Corporate Director of Worldwide Anti-Piracy, admitted last year that the company would move away from “enforcement-led anti piracy” to a “business-focused pirate-to-pay conversion program.”

If the company is to be believed, that is now paying off.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

SANS Internet Storm Center, InfoCON: green: Adobe Flash Player patches: http://helpx.adobe.com/security/products/flash-player/apsb14-17.html, (Wed, Jul 9th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: Microsoft, Adobe Push Critical Fixes

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

If you use Microsoft products or Adobe Flash Player, please take a moment to read this post and update your software. Adobe today issued a critical update that plugs at least three security holes in the program. Separately, Microsoft released six security updates that address 29 vulnerabilities in Windows and Internet Explorer.

brokenwindowsMost of the bugs that Microsoft addressed with today’s updates (24 of the 29 flaws) are fixed in a single patch for the company’s Internet Explorer browser. According to Microsoft, one of those 24 flaws (a weakness in the way IE checks Extended Validation SSL certificates) was already publicly disclosed prior to today’s bulletins.

The other critical patch fixes a security problem with the way that Windows handles files meant to be opened and edited by Windows Journal, a note-taking application built in to more recent versions of the operating system (including Windows Vista, 7 and 8).

More details on the rest of the updates that Microsoft released today can be found at Microsoft’s Technet blog, Qualys’s site, and the SANS Internet Storm Center.

Adobe’s Flash Player update brings Flash to version 14.0.0.145 on Windows, Mac and Linux systems. Adobe said it is not aware of exploits in the wild for any of the vulnerabilities fixed in this release.

To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v. 14.0.0.125.

brokenflash-aFlash has a built-in auto-updater, but you might wait days or weeks for it to prompt you to update, regardless of its settings. The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed (required by some programs like Tweetdeck and Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 14.0.0.137 for Windows, Mac, and Android.

flash-14-0-0-125

Matthew Garrett: Self-signing custom Android ROMs

This post was syndicated from: Matthew Garrett and was written by: Matthew Garrett. Original post: at Matthew Garrett

The security model on the Google Nexus devices is pretty straightforward. The OS is (nominally) secure and prevents anything from accessing the raw MTD devices. The bootloader will only allow the user to write to partitions if it’s unlocked. The recovery image will only permit you to install images that are signed with a trusted key. In combination, these facts mean that it’s impossible for an attacker to modify the OS image without unlocking the bootloader[1], and unlocking the bootloader wipes all your data. You’ll probably notice that.

The problem comes when you want to run something other than the stock Google images. Step number one for basically all of these is “Unlock your bootloader”, which is fair enough. Step number two is “Install a new recovery image”, which is also reasonable in that the key database is stored in the recovery image and so there’s no way to update it without doing so. Except, unfortunately, basically every third party Android image is either unsigned or is signed with the (publicly available) Android test keys, so this new recovery image will flash anything. Feel free to relock your bootloader – the recovery image will still happily overwrite your OS.

This is unfortunate. Even if you’ve encrypted your phone, anyone with physical access can simply reboot into recovery and reflash /system with something that’ll stash your encryption key and mail your data to the NSA. Surely there’s a better way of doing this?

Thankfully, there is. Kind of. It’s annoying and involves a bunch of manual processes and you’ll need to re-sign every update yourself. But it is possible to configure Nexus devices in such a way that you retain the same level of security you had when you were using the Google keys without losing the freedom to run whatever you want. Here’s how.

Note: This is not straightforward. If you’re not an experienced developer, you shouldn’t attempt this. I’m documenting this so people can create more user-friendly approaches.

First: Unlock your bootloader. /data will be wiped.
Second: Get a copy of the stock recovery.img for your device. You can get it from the factory images available here
Third: Grab mkbootimg from here and build it. Run unpackbootimg against recovery.img.
Fourth: Generate some keys. Get this script and run it.
Fifth: zcat recovery.img-ramdisk.gz | cpio -id to extract your recovery image ramdisk. Do this in an otherwise empty directory.
Sixth: Get DumpPublicKey.java from here and run it against the .x509.pem file generated in step 4. Replace /res/keys from the recover image ramdisk with the output. Include the “v2″ bit at the beginning.
Seventh: Repack the ramdisk image (find . | cpio -o -H newc | gzip > ../recovery.img-ramdisk.gz) and rebuild recovery.img with mkbootimg.
Eighth: Write the new recovery image to your device
Ninth: Get signapk from here and build it. Run it against the ROM you want to sign, using the keys you generated earlier. Make sure you use the -w option to sign the whole zip rather than signing individual files.
Tenth: Relock your bootloader
Eleventh: Boot into recovery mode and sideload your newly signed image.

At this point you’ll want to set a reasonable security policy on the image (eg, if it grants root access, ensure that it requires a PIN or something), but otherwise you’re set – the recovery image can’t be overwritten without unlocking the bootloader and wiping all your data, and the recovery image will only write images that are signed with your key. For obvious reasons, keep the key safe.

This, well. It’s obviously an excessively convoluted workflow. A *lot* of it could be avoided by providing a standardised mechanism for key management. One approach would be to add a new fastboot command for modifying the key database, and only permit this to be run when the bootloader is unlocked. The workflow would then be something like

  • Unlock bootloader
  • Generate keys
  • Install new key
  • Lock bootloader
  • Sign image
  • Install image

which seems more straightforward. Long term, individual projects could do the signing themselves and distribute their public keys, resulting in the install process becoming as easy as

  • Unlock bootloader
  • Install ROM key
  • Lock bootloader
  • Install ROM

which is actually easier than the current requirement to install an entirely new recovery image.

I’d actually previously criticised Google on the grounds that using custom keys wasn’t possible on Android devices. I was wrong. It is, it’s just that (as far as I can tell) nobody’s actually documented it before. It’s important that users not be forced into treating security and freedom as mutually exclusive, and it’s great that Google have made that possible.

[1] This model fails if it’s possible to gain root on the device. Thankfully this would never hold on what’s that over there is that a distraction?

comment count unavailable comments

Raspberry Pi: Compute Module development kits now available!

This post was syndicated from: Raspberry Pi and was written by: James Adams. Original post: at Raspberry Pi

Fuelled by Welsh cakes and a lot of sunshine, the team at Sony Pencoed have finished building the first batch of Compute Modules (CM) and Compute Module IO Boards (CMIO). These are available today to buy from RS and Element14 in the form of Compute Module Development Kits. The MRP is $200.

In each kit you get a Compute Module, an IO Board, adaptors to convert the CMIO board camera and display interfaces to use the official Raspberry Pi Camera (and display when available later this year), 5V power supply and a micro USB cable for flashing the eMMC from a host PC.

cm-devkit-boards

Compute Module Development Kit (also includes 5V PSU and USB cable, not shown)

As of today the only operating system that is officially ‘Compute Module Aware’ is the very latest Raspbian (as of the 20/6/2014), so you’ll need to grab that and only that to flash on to the Compute Module. The remaining OSes will be updated shortly. Right now using NOOBS or any of the other OSes will (probably) not work properly, but YMMV.

We are working as we speak to improve the software stack to make it much easier to develop with the Compute Module. For example we are working on a new system to easily make the GPIOs controlled by the closed source drivers able to be remapped easily and also working to enable dual cameras. However these things aren’t ready quite yet. So a word to the early adopters – if you can do it with a Pi today, it will work. If you need more GPIO, it will work, if you need dual cameras or screens or any of the interfaces that are not working on a Pi then today it won’t work or might be more tricky than it eventually will be. We are working hard to get these improvements out just as soon as we can.

To get started with your Compute Module Development Kit please head on over to the official Raspberry Pi Compute Module documentation. Also feel free to post questions on the forum, and we will do our best to answer them.

Needless to say we are very excited to finally have the Compute Module winging its way into the hands of developers – we look forward to seeing what happens next!

Errata Security: Products endorsed by cybersec experts

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

The idea came up in Twitter, so I thought I’d write a quick blog post answering the question: “What products do cybersec experts endorse as being secure?”

The answer, of course, is none. It’s a fallacy, because perfect security is impossible. If you want your computer data to be perfectly secure, then smash your device to pieces, run them through a blender, and drop the bits into volcanic lava.
With that said, we cybersec experts do use stuff. From this you can derive some sort of implicit endorsement. I use Windows, iPhone, and GMail, from which you can assume they are probably “secure enough”.
I use an iPhone because it has excellent security. For all I criticize Apple’s security, the fact is that they have very smart people solving the toughest problems. For example, their most recent operating system will randomize MAC addresses when looking for WiFi in order to avoid disclosing your identity. This is a security problem I’ve blogged about for years, and it’s gratifying that Apple is the first company to tackle this problem.
If you do the right thing, such as locking your iPhone with a complex code, you are likely safe enough. If a thief steals your phone, they will likely not get your private secrets from it.
On the other hand, if you don’t lock your iPhone, then the thief can steal everything from your phone, including things your phone has access to, like your email. That’s the problem with “security endorsements”: I as an expert can’t help if you don’t help yourself. Your biggest threat isn’t the products you use, but you yourself. Your top threats you are getting easily tricked by “phishing emails”, drive-by downloads, lack of patches, and using the same password across many websites. Choosing greater or lesser secure product doesn’t really much matter in the face of bad decisions you make with those products.
With that said, there are some recommendations I can make. Public wifi, such as at Starbucks or the airport, is very very bad. Among the things I’m known for is demonstrating just had bad this can be (“sidejacking”). The safest thing is not to use it — tether through your phone instead. But, if you have to use it, use a VPN. This encrypts your data to a remote site across the Internet, so that local people near you can’t decrypt it. There are lots of free/cheap VPN providers. Another option is “Tor”, which acts like a VPN, but also anonimizes your identity. These are a little bit technical and hard to use, but can make using public WiFi secure.

We in the security industry know that some things are exceptionally bad. Browser apps using Java and ActiveX, the thing found in most corporate environments, are very bad. Adobe products Flash and PDF are likewise insecure in the browser. These technologies aren’t bad in of themselves, but only bad when hackers have direct access to them via the web browser. What you want instead is a browser like Chrome using JavaScript applets, HTML5 replacing Flash, and built-in viewers for PDF rather than Adobe’s viewer.

We experts know that the standard way of building web apps on the backend using the “LAMP” stack is inherently insecure. PHP, in particular, is a nightmare. Pasting strings together to form SQL queries is bad. Not whitelisting output characters is bad. If programmers just heeded these last three sentences, they’d stop 99% of the ways hackers break into websites.
Microsoft, Apple, and Google care about cybersecurity. They are really the only companies I can point to that really do care. Their problems stem from the fact that they are also popular, and therefore, the top targets of hackers. Their problems also stem from the fact that security is a tradeoff: caring too much about security makes products unusable.
Tradeoffs is why Android is less secure than iPhone. Apple limits apps to only those they’ve approved, whereas Android allows apps to be downloaded from anywhere. Android’s policy is better, it gives control over the phone to the user rather than than the fascist control Apple has over their phones. But the price is additional risk, as users frequently download apps from dodgy websites that “infect” their phone with a “virus”. Thus, if you want a secure phone, choose iPhone, but if you want a phone that you can control yourself, choose Android. Note that Microsoft makes technically excellent phones, but nobody cares, because they don’t have the apps, so I don’t mention them in the comparison :).
I use GMail. Google’s web apps have the best track record of security, being the first to adopt SSL everywhere all the time. There are still problems, of course, but their track record is better than others.
As an operating system, I currently use Win7, Mac OS X, and Ubuntu (using Windows the majority of the time). I use them with full disk encryption. They are all equally secure as far as I’m concerned. I use Microsoft’s Office, on both Windows and Mac, as well as their cloud apps.
Finally, I want to discuss the security community’s historic dislike of Microsoft. It’s not valid. It’s always been a political dislike of Microsoft’s monopolistic control over the desktop, and an elitist preference for things like Linux that aren’t useable by mainstream. I point this out because I can’t endorse the advice form security experts — their advise is more often going to be political rather than technical.

Raspberry Pi: Art Showcase: Binaudios

This post was syndicated from: Raspberry Pi and was written by: Rachel Rayns. Original post: at Raspberry Pi

Hey all – Rachel here!

I have spent the last year talking with lots of artists who are making amazing things with Raspberry Pis. Every day my inbox is PINGing with exciting progress news. So I’m going to start showcasing some of these projects on the blog. I find them incredibly inspiring – I hope you do too!

I’m going to kick off with a piece from one of my favourite artists: Dominic Wilcox. I bet you’ve seen some of his work kicking around the internet – He made the GPS shoes which guided you home and did some narrative sculptures inside watch faces.

binaudiosmam

This time he’s partnered up with Creative Technologist James Rutherford to produce Binaudios; a device that enables the user to listen to the sounds of the city – at the moment it’s installed in the Sage Gateshead music discovery centre.

binaudistesting2

Taking tourist binoculars as inspiration, the Binaudios can be pointed at over 40 different locations, seen out of the Sage Gateshead windows. Turn the giant listening cones toward the football stadium to hear the crowd chanting or to the Tyne Bridge to hear King George V’s speech when he opened the bridge in 1928. Point it toward the park to listen to sounds such as skateboarders and local tennis players.

As the Binaudios are rotated the stereo sounds move from one ear to the other creating a real feeling of listening to the city across the river.

binaudios3

I’ve met loads of ‘Creative Technologists’ on my travels. They believe creativity and art are the driving forces behind the technology they make.

James describes his work as “somewhere between code and art”. He mainly creates software; developing visualisations, data tools or games.

BoKf_LJCAAEPQMi

Binaudios was his first Raspberry Pi project AND first go with Python! Just for you guys, he has very kindly written up how Binaudio is put together:

How Binaudios works:

Although Binaudios was developed to look like an analogue device, there’s a small selection of electronics concealed within the central wooden box. A USB lead runs up the central column, powering a Raspberry Pi. This is connected to speakers within the metal cones and a USB hub. The hub adds some extra flash memory and has a couple of ports for attaching a keyboard and mouse for debugging.

Dominic recorded a selection of sounds from across Newcastle. I load these when the device boots. There are around 40 of them, spread across the 180 degree range of movement provided by the ear-cones.

The Pi has a PiBorg XLoBorg sensor attached to the GPIO port. The XLoBorg returns a 3-axis reading of the magnetic field at a point. The Python script very roughly converts this into a compass heading (to do this properly is extremely complicated- so this is a bit of a hack). I spread this heading into two angles a couple of degrees apart to fake some left/right ear separation, pick the sound clips within a small range of these and assign some volumes. The volume profile drops-off over a few degrees which produces a naturalistic ‘telescope’ focus effect. The left/right separation also enhances this as the unit is turned.

The rest is all about smoothing. I debounce the output of the XLoBorg (it has a slight natural waver), ensure volume levels are adjusted gently (audio buffering can cause the sound to chop otherwise, which is very unnatural) and keep the sounds playing even when they are a few degrees out of audio range (this means that sounds don’t necessarily need to restart from the beginning when they are back in ‘view’).

Gotchas

The XLoBorg is a sensitive bit of kit, and magnetic fields are complicated (who knew!?). I needed to spend some time calibrating and recalibrating. Slight vertical misalignment seems to shift the compass heading much more than I first anticipated. It’s a very intriguing bit of hardware and I look forward to playing with it some more!

My test set of samples worked wonderfully, but the program failed critically when I got the real clips- some of the sounds would work, but the rest would make a single pop, or a loud, painful high-pitched wave. I never fully figured out why, but I think I was maxing out Pygame’s audio channels. Originally I was playing all of the sounds simultaneously and just shifting the volumes around (so that all but a few were zero), but I switched this to just trigger those within a small angle range – so it now plays maybe four or five at the same time. There was no failure response from the code, so I spent a manic day trying to squash, re-encode and generally poke the samples about without error reports to work on. Thankfully, the fix seems reliable.

This was my first physical project, first Pi project, and first slice of Python charming!

You can see them in action in this video or you can go and visit in person!

Binaudios was commissioned by the awesome Suzy O’Hara at Thinking Digital Arts.

Linux How-Tos and Linux Tutorials: How to Control a Servo Motor from a BeagleBone Black on Linux

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Ben Martin. Original post: at Linux How-Tos and Linux Tutorials

servocity gearboxServo motors can rotate to a specified angle and hold that angle against a resistive force. This makes Servos great for creating a DIY pan-and-tilt camera system, for moving panels through a limited distance in a model aircraft where the wind might provide resistance to that movement, and in many cases in robotics where you might need to rotate something to a specific angle. In this tutorial, we’ll cover how to connect and control a servo motor with a BeagleBone black running Linux.

Higher torque servos can run at a higher voltage than a BeagleBone Black will supply, so you might need to bring an external power source into the mix. To make things interesting, the servo for this article needs at least 6 Volts and is mounted into a gearbox to trade some RPM for even more torque.

Using an external power source means you only need two pins from the BeagleBone Black, a PWM pin (the white wire in the figure, above) to control the Servo and a ground pin to ensure that both power sources have a common ground (green wire) to operate from.

The BeagleBone Black is a small 1 Gigahertz (Ghz) ARM machine with 512 Megabytes (MB) of RAM, 2 Gigabytes (GB) of on-board flash memory, and most importantly, two headers each with two rows of pin sockets ready for your next embedded project. In this series on the BeagleBone Black we have seen how to use the Linux interface allowing us to access chips over SPI and receive interrupts when the voltage on a pin changes.

Anatomy of a Servo Motor

Inside a servo motor you will find the motor itself, a feedback mechanism, and a little curcuit to control things. Many servos offer a limited range of motion, for example 90, 180, or 360 degrees of motion. Because of the range of motion, a servo is controlled by telling it what angle you would like the motor to hold. That said, some servos have no restriction and offer continuous rotation. The feedback mechanism inside a servo might be a potentiometer which allows the servo to know what angle it is currently holding. This way you can tell the servo to move to 120 degrees and it will make adjustments itself to move the motor to that angle and then continue to hold that angle.

There are normally three wires for a servo: power, ground, and a signal wire. This article uses an Hitec HS-5685MH servo. For this Hitec servo the power wire is red, ground is black, and the signal wire is yellow. This servo offers a good amount of torque and can run on 6 to 7.4 Volts (V) of power. It is interesting to note that the lock/stall power requirements of the Hitec HS-5685MH is 2 Amps when you are powering it at 6 V.

Because of the high power requirements of this servo, trying to run it directly off the Arduino or BeagleBone Black power output ports is a bad idea. So I powered it off a power source external to the BeagleBone Black or Arduino and connected the ground on the BeagleBone Black/Arduino to the ground on the external servo power curcuit to establish a common ground. I found that the servo didn’t want to operate at 5 V –no surprise as this is out of the servo’s spec. At 6 V the servo moved smoothly. The maximum voltage of the servo at 7.4 V should allow many battery options to provide the best torque the servo can offer.

The signal wire uses Pulse Width Modulation (PWM) to allow you to tell the servo the angle you would like it to rotate to. When using PWM to control a servo, time is divided into 20 millisecond (ms) blocks. Inside a block if the voltage is high for 1.5 ms and then low for the remainder of the block, the servo will sit at about the middle of its range, at least for the Hitec servos uses in this article. If the signal is high for only 1 ms of the 20 ms block of time then the servo will move to a smaller angle than its middle. Likewise holding the signal high for 2 ms will cause the servo to move to a larger angle than its mid-point.

Some servos are available allowing motion through many different ranges of angles. For this article the Hitec HS-5685MH was configured for motion through about 400 degrees. The block of time (20 ms in this case) is called the period of the signal and the time the voltage is high (1-2 ms) is the duty cycle.

Even with a high torque servo you might want to trade some of your RPM for an increase in torque. The image above shows the servo mounted in a ready-made Servo Gearbox which is then mounted inside some Actobotics aluminum channel. One little catch here is that the brass servo gear will have to rotate many times in order for the larger alloy gear to rotate once.

To help keep servo control simple, the feedback mechanism in the servo is removed from the servo and attached to the larger alloy gear. This way a servo that was going to offer a 360-degree maximum rotation will spin many times in order to provide a 360-degree rotation of the larger alloy gear. Of course, you have to use a servo that can fully rotate many times. Some servos have physical stoppers within them that do not permit full rotation. By moving the feedback mechanism you can directly control the angle the alloy gear is holding using the same PWM range that the servo can understand.

Kicking the tires with Arduino

As I have done in the past, I first started out by interacting with the hardware using an Arduino and then moved to replace the Arduino with a BeagleBone Black. Thinking in milliseconds made the numbers in the above discussion easier, but in a program it can be more convenient to use microseconds (µs) throughout to avoid mixing milliseconds and microseconds. The following program sweeps the Hitec HS-5685MH servo through about 360 degrees of rotation. The first 20 ms (20,000 µs) block of time will only have a high voltage for 800 µs of time. This will steadily increase up to being high 2400 µs of the 20,000 µs time block.

void setup()
{
    pinMode(5, OUTPUT);
    digitalWrite(5, LOW);
}
int periodTimeSlice = 20 * 1000;
int minPulseTimeSlice = 800;
int maxPulseTimeSlice = 2400;
int TimeDelta = 1;
void loop()
{
    int c = minPulseTimeSlice;
    for( c = minPulseTimeSlice; c <= maxPulseTimeSlice; c += TimeDelta )
    {
        digitalWrite(5, HIGH);
        delayMicroseconds( c );
        digitalWrite(5, LOW);
        delayMicroseconds( periodTimeSlice - c );
    }  
    for( c = maxPulseTimeSlice; c >= minPulseTimeSlice; c -= TimeDelta )
    {
        digitalWrite(5, HIGH);
        delayMicroseconds( c );
        digitalWrite(5, LOW);
        delayMicroseconds( periodTimeSlice - c );
    }  
}

The Arduino servo library provides a much more convenient interface to controlling servo motors. The above code was deliberately written at a low level without using any specific PWM hardware so that the PWM output is explicit.

Moving to Linux and the BeagleBone Black

I started testing using an HS-422 servo and the BeagleBone Black. Given the the lower power requirements of the HS-422 I decided to run it directly from the 5 V output on the BeagleBone Black. At first I started tinkering around in the promising looking /sys/class/pwm directory tree which is documented in the Linux kernel documentation files. After a while with no success using /sys/class/pwm I moved on to using the device tree overlays in /lib/firmware.

One little trick here is that if you enable two PWM outputs which are driven by the same chip then you cannot change the period of the PWM. You get something like “write error: Invalid argument” when you try to write to the period file. If you get the write error, try disabling other PWM overlays so that there is only one use of the PWM chip. An example of removing an overlay is shown at the end of the article. The default period is 500000 nanoseconds, or half a millisecond which is too short for servo control.

My initial plan was to use pin 22 on header 9 which is the first PWM chip. That overlay failed to load because there was a conflict with the SPI bus overlay, shown below. So the device tree overlays protected a potential conflicted use of some pins! The PWM on P9_16 was able to load without conflict.

A word of caution before you enable a PWM output, for me they always started with default values and one of these is to start in a running state. So you will want to move to the pwm_test_P9_16 directory fairly quickly and disable the PWM output. I tried changing the dts file to tell the Linux kernel that I wanted the PWM interface to be started in a non-running mode and without inverted output. Unfortunately my many attempts did not result in any change from the default values when setting up the slot.

root@beaglebone:/lib/firmware# uname -a
Linux beaglebone 3.8.13 #1 SMP Thu Sep 12 10:27:06 CEST 2013 armv7l GNU/Linux
root@beaglebone:/lib/firmware# echo bone_pwm_P9_22 > /sys/devices/bone_capemgr*/slots
-bash: echo: write error: File exists
root@beaglebone:/lib/firmware# dmesg | tail
[ 4510.813900] bone-capemgr bone_capemgr.9: part_number 'bone_pwm_P9_22', version 'N/A'
[ 4510.814095] bone-capemgr bone_capemgr.9: slot #30: generic override
[ 4510.814353] bone-capemgr bone_capemgr.9: bone: Using override eeprom data at slot 30
[ 4510.814412] bone-capemgr bone_capemgr.9: slot #30: 'Override Board Name,00A0,Override Manuf,bone_pwm_P9_22'
[ 4510.818521] bone-capemgr bone_capemgr.9: slot #30: Requesting part number/version based 'bone_pwm_P9_22-00A0.dtbo
[ 4510.818589] bone-capemgr bone_capemgr.9: slot #30: Requesting firmware 'bone_pwm_P9_22-00A0.dtbo' for board-name 'Override Board Name', version '00A0'
[ 4510.818654] bone-capemgr bone_capemgr.9: slot #30: dtbo 'bone_pwm_P9_22-00A0.dtbo' loaded; converting to live tree
[ 4510.819308] bone-capemgr bone_capemgr.9: slot #30: bone_pwm_P9_22 conflict P9.22 (#9:BB-SPIDEV0)
[ 4510.828819] bone-capemgr bone_capemgr.9: slot #30: Failed verification
root@beaglebone:/lib/firmware# echo bone_pwm_P9_16 > /sys/devices/bone_capemgr*/slots
# cat /sys/devices/bone_capemgr*/slots    
 0: 54:PF--- 
 1: 55:PF--- 
 2: 56:PF--- 
 3: 57:PF--- 
 4: ff:P-O-L Bone-LT-eMMC-2G,00A0,Texas Instrument,BB-BONE-EMMC-2G
 5: ff:P-O-- Bone-Black-HDMI,00A0,Texas Instrument,BB-BONELT-HDMI
 6: ff:P-O-- Bone-Black-HDMIN,00A0,Texas Instrument,BB-BONELT-HDMIN
 7: ff:P-O-L Override Board Name,00A0,Override Manuf,cape-bone-iio
 8: ff:P-O-L Override Board Name,00A0,Override Manuf,am33xx_pwm
 9: ff:P-O-L Override Board Name,00A0,Override Manuf,BB-SPIDEV0
10: ff:P-O-L Override Board Name,00A0,Override Manuf,gpio-P9.12
11: ff:P-O-L Override Board Name,00A0,Override Manuf,gpio-P9.15
12: ff:P-O-L Override Board Name,00A0,Override Manuf,gpio-P9.23
14: ff:P-O-L Override Board Name,00A0,Override Manuf,gpio-P9.26
15: ff:P-O-L Override Board Name,00A0,Override Manuf,gpio-P9.27
29: ff:P-O-L Override Board Name,00A0,Override Manuf,bone_pwm_P9_16

Once the pwm_test_P9_16 directory exists you’ll want to move to it and set run to 0 to disable output while you configure the PWM. Below, I set the period to 20 ms and a starting duty of 1 ms, after enabling output again the servo will swing to left of its central position. After echoing 2 ms into the duty the servo should move to right of its center.

root@beaglebone:# cd /sys/devices/ocp.3/pwm_test_P9_16.*
# echo 0 >run
# cat period 
500000
# cat duty 
0
# cat polarity 
1
# echo 0 > polarity 
# echo 20000000 > period 
# echo 1000000 > duty 
# echo 1 >run
# echo 2000000 > duty 
# echo 0 >run

Replacing the HS-422 servo with the channel mount Servo Gearbox I again ran the Servo from an external 6 V power source and connected the ground pin to the ground of the external power supply used for the servo. I found the range of 360 degree movement could almost be achieved using a range of 1 to 2 ms pulse. The minimal useful pulse was about 880,000 ns up to about 2,200,000 ns. Writing a value outside that range caused the servo to continually rotate instead of settling at any specific angle.

If you want to remove an overlay for a PWM output simply view the slots file, see the slot number of what you want to remove and write -1 * slot-number back to the slots file as shown below.

root@beaglebone:/lib/firmware# echo bone_pwm_P9_16 > /sys/devices/bone_capemgr*/slots
# cat /sys/devices/bone_capemgr*/slots    
 0: 54:PF--- 
 1: 55:PF--- 
 2: 56:PF--- 
 3: 57:PF--- 
 4: ff:P-O-L Bone-LT-eMMC-2G,00A0,Texas Instrument,BB-BONE-EMMC-2G
 5: ff:P-O-- Bone-Black-HDMI,00A0,Texas Instrument,BB-BONELT-HDMI
 6: ff:P-O-- Bone-Black-HDMIN,00A0,Texas Instrument,BB-BONELT-HDMIN
 7: ff:P-O-L Override Board Name,00A0,Override Manuf,cape-bone-iio
 8: ff:P-O-L Override Board Name,00A0,Override Manuf,am33xx_pwm
...
15: ff:P-O-L Override Board Name,00A0,Override Manuf,gpio-P9.27
29: ff:P-O-L Override Board Name,00A0,Override Manuf,bone_pwm_P9_16
root@beaglebone:/lib/firmware# echo -29 > /sys/devices/bone_capemgr*/slots

It seems that device tree overlays play a key role in accessing much of the hardware on the BeagleBone Black. With a SoC that can use its pins for many different purposes depending on how it is configured, the device overlays can save you from trying to accidentally reuse some pins which might be already reserved for other purposes. Once a PWM directory is setup in /sys/devices/ocp.3 controlling a servo from the BeagleBone Black is as simple as writing a number to a file. Tune in next time when we'll control some gearmotors to move a robot base around using Bonescript.

We would like to thank ServoCity for supplying the gearbox and servo used in this article.

SANS Internet Storm Center, InfoCON: green: Pay attention to Cryptowall!, (Wed, Jun 11th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

CryptoLocker might be pretty much off the radar. But Cryptowall is alive and kicking, and making the bad guys a ton of money. It mainly spreads by poisoned advertisements and hacked benign websites, and then sneaks its way onto the PCs of unsuspecting users by means of Silverlight, Flash and Java Exploits.

Somewhat unexpectedly, Java is NOT the most prominent for a change. It looks like the Silverlight sploits are currently the most successful.

If you’re “had”, Cryptowall encrypts all the files that you possible could want to keep (images, documents, etc), and then asks for a 500$ ransom. If you don’t pay up quick, the ransom doubles. And after a while of not paying, well, the suckers delete the key. As far as we know, there is not way yet to recover the encrypted data, because the private key is not really present on the infected machine. I hope you have a recent backup.

Last week’s batch of infections for example had “food.com” as a prominent source. As far as I can tell, they are cleaned up by now, but we have several samples in the database that show pages like http://www.food[dot]com/recipe/pan-fried-broccoli-226105, http://www.food[dot]com/recipe/barefoot-contessas-panzanella-salad-135723, etc, as the last referer before the exploit triggered.

The domains last week were following the pattern [a-f0-9]{6,8}\.pw and [a-f0-9]{6,8}\.eu, but this is obviously changing all the time. Still, it probably doesn’t hurt to check your DNS or proxy logs for the presence of (especially) .pw domains. Yes, I had to look it up as well … .pw is Palau. A bunch of islands in the South Pacific. It is safe to assume that most of the web sites with this extension are not actually about or in Palau.

More info: Ronnie has an outstanding write-up at http://phishme.com/inside-look-dropbox-phishing-cryptowall-bitcoins/ . Cisco’s blog has a lot of IOCs: https://blogs.cisco.com/security/rig-exploit-kit-strikes-oil

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: Adobe, Microsoft Push Critical Security Fixes

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Adobe and Microsoft today each released updates to fix critical security vulnerabilities in their software. Adobe issued patches for Flash Player and AIR, while Microsoft’s Patch Tuesday batch includes seven update bundles to address a whopping 66 distinct security holes in Windows and related products.

winiconThe vast majority of the vulnerabilities addressed by Microsoft today are in Internet Explorer, the default browser on Windows machines. A single patch for IE this month (MS14-035) shores up at least 59 separate security issues scattered across virtually every supported version of IE. Other patches fix flaws in Microsoft Word, as well as other components of the Windows operating system itself.

Most of the vulnerabilities Microsoft fixed today earned its “critical” rating, meaning malware or bad guys could exploit the flaws to seize control over vulnerable systems without any help from users, save perhaps for having the Windows or IE user visit a hacked or booby-trapped Web site. For more details on the individual patches, see this roundup at the Microsoft Technet blog.

Adobe’s update for Flash Player fixes at least a half-dozen bugs in the widely-used browser plugin. The Flash update brings the media player to v. 14.0.0.125 on Windows and Mac systems, and v. 11.2.202.378 for Linux users. To see which version of Flash you have installed, check this link.

brokenflash-aIE10/IE11 and Chrome should auto-update their versions of Flash. If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser. Chrome version 35.0.1916.153  includes this Flash update; to see which version of Chrome you’re running, click the 3-bars icon to the right of the address bar and select “About Google Chrome.”

The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed (required by some programs like Tweetdeck and Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 14.0.0.110 for Windows, Mac, and Android.

flash14-0-0-125