Welcome

Welcome to my digital home! There are lots of articles you might find helpful buried in this site on topics such as modifying an Alfa Romeo 159, rebuilding a Lotus 7 (Robin Hood 2B), not to mention a ton of stuff on technology in general. It’s all here somewhere, so use the search function or navigate using the menu structure. if you want to talk, reach out via the contact function, I usually do answer!

Random Post Selection
InfoSecOk, its been ages since I actually had snort up and running, so long in fact that the last time I used it, ACID was still the best way to deal with the alerts! Well after a couple of days (well a couple of hours here and there at least) I have a fully functional set of snort sensors in place on public and private segments of my networks, all feeding to a centralised database with “BASE” handling the analysis! woohoo. small victories are the best! I can definatley say its come a long way. It was much easier to install, and only took a small amount of syntax debugging to figure out the configs. During my research / re-learning curve though it would seem that version 2.8 with the stream5 processor is not as good as version 2.4 with the flow processor at detecting portscans. This was certainley the concensus of the community, and after a bit of playing I can agree. However, I now have sfPortscan running with stream5 and its seems pretty accurate to me, so I am certainly happy with the results. BASE is also a welcome move onwards from what used to be a very clunky interface. It seems light and intuitive, with decent features. I think it could do with the addition of some basic graphs, rather than having to use the graph engine to define your graphs each time, but on the whole i think it is certainly a good alternative to spending a large amount of money on a commercial product. Certainly the ability to abstract the managemnet interface, data storage and sensors from each other gives you a highly scaleable model to use a basis for a large scale deployment. Of course, if you don’t fancy the pain of compiling code from scratch, or your just dam lazy, check out EasyIDS for a complete “IDS in a box” that gives you everything I just said with none of the hastle! ….You just can’t ingore the momentum that opensource has gained 😉 [...]
Alfa 159 / ElectronicsFor a while now I have been looking into alternative power solutions for the Alfa due to its power hungry nature that is not helped by the many auxiliary systems I have added over time. For the most part, the stock battery can cope just fine, but I have always wondered about the use of capacitors and what real value they hold. In years gone by, the capacitors you could get hold of were simply not that useful. A 1 Farad 12v capacitor like you would use in an car audio installation was simply too expensive and had far too little power storage.  One reason I had been considering capacitors was not for power storage but for the side effect of cleaning up the overall noise introduced by the power system in the car. This would serve to improve the overall sound quality of the entire system as well as benefit all electrical systems with a cleaner supply. A good explanation and test is here: Capacitors have come on a long way though and the new generation of “Super” or “Ultra” Capacitors are starting to become a viable alternative to a battery in a car. Because of this, I thought it only sensible to buy some parts and see what it was all about 🙂 Here is a video of a car replacement battery using 6x 2.7v, 500F super capacitors to show you what I mean: Obviously starting the car and providing long term, offline power for the systems when its not running are two different things, so if you seriously wanted to replace your traditional battery you would need a hybrid solution that combined batteries with capacitors.  I’ll be looking into that next 😉 Super capacitors come in a few common shapes and sizes but by far the cheapest for the power are the common 2.7v 500 farad units. To hit the target voltage I needed (12-14v) I needed a few wired in series to increase the overall voltage. Fortunately this is a common solution as its a typical voltage used in solar installations. Wiring the capacitors in serial actually decreases the overall farads of the bank, so 6 x 2.7v = 16.2v but the farads are divided by 6 to give you 83.333F. You could add a number of additional banks in parallel to bring the farads back up, but it starts to get a bit big then and you would be better looking into a different style capacitor. such as the Maxwell Ultra 2.7V 3000F, 6 of which would deliver a 16.2v 500F pack ! Also, a point of note is that even though the planned bank has a capacity of 16.2v it will only operate at the voltage its charged too, so if the car charges at 13.5v then the bank will be charged to 13.5v. Its also important to balance the load across a serialized bank of capacitors to prevent damage. Fortunately due to the commonality of the target bank design, a balance board was readily available: The plan was to build a 12v 83 farad bank that would act as a power reserve for the bass amplifier in the boot as this would be a good starting point and bolster the overall power system on easily accessible, existing 4AWG wiring I first bought a few common, cheap and easily accessible parts off ebay: 6 x Green-Cap (Black) Super Farad Capacitor Parallel Battery 2.7V 500F 35*60MM @ 26.99 6 String 2.7V Super Capacitor Protection Balancing Board 100F – 500F 240x40mm @ 8.75 10 rubber lined 35mm pipe clamps @ £7.29 8 AWG power cable with in line fuse holder and fuse @ 4.99 So for less than £50 I had everything I needed for the experiment. I could have bought a pre-made board with unknown capacitors on for about £26 but I have read a few things about the capacitors being junk so went for a known good brand and DIY. I first assembled the capacitor bank with the balance board to achieve the target solution. Hot gluing the capacitors to the board before soldering them to make sure the finished unit was as solid as possible. It took some real heat on the iron to get the solder flowing, especially soldering in the 8AWG wires. I soldered the 8AWG cables directly to the board to ensure maximum power transfer: Once the bank was ready I used the pipe clamps to install the unit in a free space within the amp enclosure and connected it to the positive and negative 4AWG distribution blocks I already had in place from the original installation of the enclosure: I must admit, I was extremely worried when I first connected the fuse that it would just explode in my face, so it was a tentative and careful moment! Some people recommend installing a resistor inline initially to slow charge the capacitors and protect the systems in between, but as I was on a 4AWG connection direct to the battery I was not worried about the charge / discharge issues. They did make a fizzing sound for a few seconds when they took there initial charge but I was stood by with a fire extinguisher!  Once the fizzing stopped and nothing looked like it wasd going to explode I checked the units for discharge / earth shorts and also for temperature. As everything was ok, I decided to start the car and run the amp. The car started quicker than normal so clearly the extra high current supply had already made an impact on the overall electrical system. Its actually possible to start and run an normal engine on a bank of capacitors like this and replace the battery with them as can be seen in one of the videos at the top of the page. Although for the Alfa, I would need a larger bank with more capacity as the 2.4 is a bit of a power hungry beast! I ran a Bass test loop to get the amp hot and push the sub to its limits for 30 minutes. The amp got very hot as expected but the capacitors only got a little warm which is great as if they got very hot that would be a problem. Once it was all back together you could hardly notice the upgrade unless you looked very closely at the vent holes! All in all this was a great upgrade and I am definitely going to explore more super capacitors in the engine bay in some sort of hybrid battery/capacitor solution next! [...]
InfoSecI have seen some comments of late about the PSN hack being due to Sony having no firewalls in place and out of date Apache instances. A brief amount of research defuncts this assertion, however, I was genuinely surprised at the level and voracity of the comments around it. Most of which related to people essentially “living and dieing” by their firewalls. This position is ludicrous to say the least, as a firewall is but one control, not the be all and end all of security, and in my own personal experience, sometimes, they are simply not up to the task and you need to think outside the box. So here is the problem…… You are designing/running a global gaming platform that is highly latency sensitive, your planning on having all the worlds gamers use your platform and push it to its limits. If you even drop one packet, you could frag someone in game and cause the most heinous flaming you have ever experienced resulting in lost customers for the company, but, it needs to be secure. What next? Believe it or not, I have personally been in this scenario during my time at EA. I had to design, build and deploy the EMEA Online Web & Game Platform, as well as co-develop the global gaming platforms for the wider business. What I can share with you is that firewalls, no matter how big/good/expensive they are suffer 2 problems…. 1) They are a bottle neck into your environment that when you scale up to millions of users, is a problem, and 2) they introduce latency by doing their job. So what are the options? Well on the one hand, you could design around the problem, spend a large amount of cash on the “biggest and best” firewalls money can buy, create smaller firewalled segments and multi-layer your network to cope with the limits of the firewalls perhaps? True, yes you could, but this additional complexity introduces more routing hops and more kit for the packets to flow through, which increases latency & degrades the overall experience for the players. Another option is to not use firewalls….. So what do you do, when you cant put a firewall in place? easy 🙂 All a firewall is doing is a) controlling the flow of IP using an Access Control List & b) looking at the packet for something malicious in it (please note, I am specifically talking about a basic statefull inspection firewall (L3) and not anything extra in the UTM (L7) space, as these add way too much latency to packets for gaming consideration). Given that the firewall is performing these two simple tasks, all you need to do is replicate them elsewhere. Firstly, all your existing network infrastructure can handle the ACL function, easier and faster, and given the packets are already going through this kit, it doesn’t add any latency to the path. Next, its all about understanding the attack and being vigilant….. Essentially, if your gonna break into a computer system, you need a few basic components: A Threat Agent (Bad guy with motivation, we will call him Fred) An Attack Vector (Something Bad he cooked up, like an SQL Injection) An Attack Surface (Your infrastructure, applications etc) A Vulnerability (Something you missed that matches Fred’s attack) So, if Fred needs all these things to line up before he can achieve success, its all about making sure that you minimise your attack surface, and keep it vulnerability free.This is going to mean that you design your environment to be simple and easy to manage, and that you have some solid, well executed vulnerability management programmes in place, typically including real time (or near real time) monitoring of services for vulnerabilities, and excellent patching programmes, fully automated. Essentially, you want one system to identify a vulnerability in one of your web services, and tell the other system to patch it. It is possible to do and works well, but your gonna have to clean up the odd system failure, so make sure your system is highly resilient (by definition of the type of environment, it would be anyway). Now, I appreciate that a 0Day is going to pwn you, but guess what, it still would even with the firewall, so don’t get all upset about it, just have your CSIRT ready to go and make sure it is well oiled! On that subject, this is one of the key controls you should have anyway, but wont. Your ability to respond to an issue, and appropriately deal with it is what people will observe. It doesn’t matter how good you are, how well you have designed something, at some point its all going to hit the fan. The other key control your going to need is monitoring, so you know when you need the CSIRT! You will need to implement full monitoring and alerting for the environment, from availability and security perspectives. You need to know everything, every device is doing at all times, because correlating this information can help you identify attacks in progress before they get anywhere near success. All your kit is already logging issues silently to itself, so your not going to add any extra burden on the environment, and typically, you would create a separate network to handle management traffic to keep it off your primary network anyway, so its not going to impact service delivery. Also, when your talking about the gaming industry, typically, aside from the usual raft of web services running, your talking about very specific, proprietary services running on random ports to facilitate multi player gaming, so your “Threat Agents” are a limited pool of elite gamers, who’s typical motivation is not to pwn your systems and steal your data, but is usually limited to 1) administrative control of the game so they can kick who they don’t like out, and b) the ability to alter scores and leader board positions! I would like to finish my brief rant/educational spout on a simple truth, firewalls don’t make you secure, they make you lazy. [...]