Welcome to my digital home! There are lots of articles you might find helpful buried in this site on topics such as modifying an Alfa Romeo 159, rebuilding a Lotus 7 (Robin Hood 2B), not to mention a ton of stuff on technology in general. It's all here somewhere, so use the search function or navigate using the menu structure. if you want to talk, reach out via the contact function, I usually do answer!
Random Post Selection
RH2B Build DiaryFor the longest time I have had an itch that I needed to scratch. Specifically the itch of a lightweight, open top, fast road toy for the summer days and track. This desire was in the particular flavor of a lotus Super 7 Kit car.
The new Toy!
There are many styles of Super 7 to choose from, GBS Zero, Haynes Roadster, Westfield, Caterham, Dax etc etc etc. Literally too many to choose from, however, luck, proximity and price brought this little bundle of joy into my life.
She is a Robin Hood 2B Roadster, based on a Sierra donor with all the right bits under the bonnet, but in need of some much needed TLC! This was just the right combination for me to jump on the purchase and start my journey.
The car was in need of some love though as she is ultimately nearly 20 years old! Fortunately, I am not shy with a spanner and had every intention of bringing her back to her former glory.
That is where this journey begins. I will post updates on the progress and modifications as I go, but here is a short description / summary of the vehicle as a base:
Robin Hood 2B Roadster base car with Ford Sierra donor partsSGS Engineering double wishbone conversionFord Zetec SE (Sigma) 1600 engineFord Type 9 Gearbox with ShortShifterFord 7″ Limited Slip DifferentialMegasquirt MS2 ECUThrottle Bodies (converted Deloorto Carbs)Westfield 15″ WheelsBlue with Ford ST Racing Graphics [...]
InfoSecThis is a brief interview about my role and the assessment process designed for the challengers playing the UK cyber security Challenge while at the Cyber Camp 2012: [...]
InfoSecI was recently asked to comment on the new chip & pin attack created by Prof Ross Anderson from Cambridge University. In my original comment released to the press I make an assertion in relation to a change in process that “breaks the circuit” of this attack – see below:
Jay Abbott, director in charge of Threat & vulnerability Management, PricewaterhouseCoopers LLP (PwC), said:“Essentially, what the scientists have come up with is a very effective and simple way of exploiting weaknesses in the system.
However, it is important to bear in mind that the fraud requires a very specific scenario to become effective.
“A simple process change by the retailer of asking for the card holder to hand over the card would break the circuit, although this isn't always possible as sometimes the card reader is fixed to a point on the other side of the counter.
“At present, the customer is accountable for the fraud as banks argue that PIN verified transactions are secure. Given this attack demonstrates a clear method of bypassing the PIN system, this assertion by the banks stands on shakier ground.”
With the original comment came a caveat, which as you would normally expect, was not quoted by the media, this caveat was that the process change suggested brought with it the opportunity for cards to be skimmed, which was in fact one of the original reasons behind the Chip & Pin changes. In fact, the change works in the favour of the retailer rather than the consumer, however, before you hang me, allow me to demonstrate the rationale behind this.
Consider first that Chip & Pin is in fact “two factor” authentication, which anyone in the security business will explain is more secure than “one factor” authentication. The first factor is the card itself or the “chip” in this instance, the second factor is the “Pin” which in this context operates as a pass code. Given both elements are authenticators in their own right, both are required, and as such any attack must include them both. The attack designed by Prof ross anderson targets the Pin aspect of the authentication, and relies on the original card accessed through a series of technology components that have to be connected together in some way. The method shown in this attack makes use of concealment to hide these components on the person of the attacker, and relies on a custom built “attack” card with wires hidden up the sleeve of the attacker, back to the other components involved. The obvious way to therefore detect and prevent this attack at the retailer is by separating the card from the attacker, thus showing the wires and revealing the ruse.
The cloning of cards must be treated separately as the current methods of cloning (that I am aware of at this point in time) only create “yes cards” which would not work in this attack scenario as they are not true copies and would be detected by the PoS equipment as fraudulent. As I understand it, there is no economically viable way of cloning Chip & PIN Cards effectively at this time. Any cloning would still focus on the magnetic stripe data, which can be easily cloned, but is not accepted by the retailers (usually) when a Chip & PIN card is presented. This of course is at the discretion of the retailer and out of the control of the consumer or the banks.
This brings us to the counter argument, specifically in relation to the increased risk of your card getting skimmed/cloned by the retailer when you hand it over. Een if it were viable to clone the chip cards, given that a card skimmed by a retailer would typically not get the pin as well (this of course is not always the case), using the now cloned card would have to make use of Prof Ross Anderson's attack method, which if the aforementioned process change was implemented, would not work, so in effect increasing the risk of cloning, but decreasing the risk of a successful attack using the cloned card and “breaking the circuit”.
This of course relies on the premise that the use of the cards magnetic strip is in fact not viable, and therefore if anything, reinforces the use of Chip & PIN ironically. Of course in real life the Magstrip is regularly used, but that, again is outside the scope of this discussion and considered irrelevant in the face of the specific discussion around Prof Andersons attack.
There is always of course the argument for using a small form factor wireless transmission device to remove the need for wires, but given the form factor of a credit card and the inability to alter this form factor without raising suspicion, I am personally unsure that significant enough range for a TX/RX comms loop could be achieved given the power that could be implemented into a credit card sized device.
Again, in my original comments to the press I clearly stated that the system needed to be fixed, and that the attack was effective, so this is not me suggesting that we should brush this under the carpet, in fact it is simply looking at what we can potentially do NOW to protect the system, while its eventual upgrade is debated and planned.
Don't forget, in this context I am just as much of a concerned consumer as you. [...]
InfoSecPeople often ask me whats the best way to get into security as a career. There are of course many views on this subject, but I don't believe there is a clear answer. So rather than try and map out a path, lets look at some of the elements involved and some options.
The first thing I want to say on the subject is that Security is more of a state of mind than anything else. I have a saying, to be good in security you need to be sceptical with a healthy dose of paranoia! This point of view will serve you well when it comes to security as it will allow you to be objective and not accept things at face value. Secondly, you need an inquisitive nature and a thirst for knowledge, To be the best at security you simply need to be able to hunt out the truth and learn the latest concepts and techniques very quickly. Finally, you need to be a good generalist, I realise this point is contentious, but I truly believe that you need to have a good general grasp of everything technology related as well as your preferred specialism in order to cover the breadth of security. Of course you can be an expert in your chosen specialism, but you must have a grasp of how “everything” fits together in order to be good.
OK, so where do you begin? Well, for starters, you need to have a long hard think about what you want out of life. What I mean by this is, are you a “techy” or are you a “manager”? I realise you can be both (as I am), but when your starting out, the subject is so broad you need a direction to head. If your a techy, then you probably heading down the threat, vulnerability and controls path, with topics such as ethical hacking, intrusion detection and firewalls on your learning list. if however, your more of a manager, your probably heading down the opposite path towards topics such as strategy, assurance and governance. Once you have figured this out, you can start to look at the material, courses and support networks available for each road to help you get going.
One important factor that should always be included however is your own personal growth and development. What I mean by this are the softer skills such as communication, empathy, leadership, coaching etc. All of these skills are fundamental to your success and should be developed in equal measure with your chosen subject specialisms. The biggest issues I face as an employer in this sector is finding good security people with excellent soft skills. Its too easy in this game to get trapped in a world of regulations or bits ‘n' bytes, and forget that all your knowledge is pointless if you cannot make use of it and educate the world. [...]
Alfa 159 / ElectronicsThis is the final update to the schematics and overall design and concludes the R&D aspects of the project. What I have now is a good mix of design good practice and intelligent thinking that results in a solid architecture for a production run. So far I have just prototyped the design into the car using readily available breadboards, however, the next step is to move to a manufactured circuit board that will give much better longevity and easier assembly.
Content relocated to Project Page [...]
Alfa 159 / ElectronicsAs part of my quest to replace every single bulb in my alfa with an led equivalent, I noticed that the high level brake light utilised small bulbs and not LEDs (strange I know, but that's Alfa for you!). So me being me, I took it apart and found that it would be very easy to replace the bulbs with LEDs whcih was a result. Of course, this wasn't enough so I thought, If I had 10 LEDs what could I do with them 🙂
Enter the ATMega328 MCU, or as you may know it, the arduino 🙂
The ATMega328 has 14 Digital Pins, 6 of which are pwm and an additional 6 x analogue inputs, problem is I needed 10 x PWM pins. The best option in this case is to use a shift register such as a 595 to extend your pins, but as I didn't have one to hand, I decided to do it the hard way. There is a software library for the arduino SDK called : SoftPWM.h which lets you simulate PWM on any pin, which is quite useful to limit the hardware used and make better use of the processing power of the chip. So 4 hours of “figuring it out” yielded this result:
The basic functional requirement was simple:
When the brake pedal is pressed illuminate as normal
If the pedal is pressed for more than 5 seconds get your cylon on 🙂
You can download the sketch from the downloads section if you want to play with it. There are lots of arduino cyclon sketches around, but most / all of them are 6 LED's or less due to the hardware PWM limitation, so this one lets you have up to 14 LEDs without moving into shift register world. and the schematic is below for your information:
This is isn't the finished product btw, juts a learning experience on the way. I have some high powered LED's on the way from China, and some shift registers in the post, as the main issue with doing this in software is speed and I need some more speed for some additional functions 🙂 [...]
GeneralI have been working with a large retailer of late who is a heavy user of Sun & Solaris. As you can imagine, this is perfectly normal, and in fact, considered best practice for what they are doing. That said though, in an area such as retail, with low margins and profits based on sheer quantity, surely a leap of faith into the “dark side” or as we prefer to call it, linux, would be a better option?
Once upon a time the argument was simple, RISC architecture was simply ahead of the game, by a long way, but guess what, x86 grew up, caught up, and overtook. These days, the performance you get out of multi-core x86 is significantly more than it's RISC based equivalent. I realise that point could be considered contentious by the purists out there, but for mainstream computing in a world that is ever more cost concious, I struggle see how any argument for RISC can win over x86.
Once you have your x86 base, you can go with an x86 version of Solaris (not that you would) or thanks to Sun not playing silly games, you can actually use something useful, such as Redhat, Suse, ubuntu or if you so desire, Novell.This additional flexibility is core to getting the base of your platform right. Large scale architectures need solid foundations to remain stable, perform and scale as desired.
Lets consider it for a moment. Sparc vs x86 & Solaris vs Linux, well to be honest, there is barley anything in the comparison except cost. Sun make x86 hardware based on multi-core AMD processors which are blisteringly fast and being manufactured by Sun, they are rock solid.
Now. If I were that retailer, I know where I would be looking to spend my money, but thats not what I am there to talk to them about, so I'll keep it for my blog and not overstep my scope. [...]
Generalok, I have had an X25 deck stand for years now, and it is actually quite good. Its stable and well put together, and of course, holds enough of the basic equipment to keep you up and running. Of course, as I expand my setup, I have come to basic realisation that what I need, is actually a simple flat surface. So me, being me, I opened up visio and knocked this up:
….essentially it is 2 sheets of 8ft x 4ft, 3/4″ mdf cut into a number of shapes and sizes, screwed togetehr resulting in two vertical podiums, each wide enough to take a 19″ rack mount perfectley, and a worksurface 2meters by 750mm, big enough for plenty of equipment. the whole thing stands 600mm high, which is the same height as your kitchen sink! so its ideal to stan infront of for long periods of time. If anyone is interested I'll post up the 2 x cutting guides for the mdf sheets so that you can make your own. To put it into perspective. you can buy somthing similar, but inferior at www.htfr.com for well in excess of £130. The total cost for my version, which is bigger and better, is £30, yes 2 x sheets of mdf from B&Q at £15 per sheet. for the sake of an afternoons work, i know which one i would do! [...]
Alfa 159Daily Power is a work in progress but boost is at 3500mbar and fuel is flowing at 130mm3 so it should be good for a solid 800NM+ as a daily driver 🙂 #noSmokenoPoke
Power:
Base Model: 2008 159 TI 2.4 JTDM QTRONIC (Diesel)
Base Power: 200bhp / 400nm @ the flywheel
Dyno Power: 317WHP / 793NM @ front wheels (with Water/Meth 500cc) @ 3200mbar
Daily Power: TBC WHP / TBC NM @ front wheels (with Water/Meth 1000cc) @ 3500mbar
The run above had a faulty water/meth controller which is why its a little jumpy!
Old Dyno Runs of when it was around 250bhp:
Dyno run 1
Dyno run 2
Dyno run 3
Dyno run 3 alternative angle
Dyno run 4
Dyno run 4 alternative angle
Engine mods:
Blow back Recirculation Breather System re-routed to exhaust via E-Vac Scavenger and one way morroso valve
Swirl Valves fully blanked in the Manifold
Straight through Wizard exhaust with no CAT's, no DPF and no mufflers on 4″ tails
600 x 300 x 76mm core High Flow, Front Mounted Inter-cooler with custom pipework and mounts
18 row Mocal oil cooler (235mm)
Hybrid GTB2056 Turbo (BMW 530D Gt22 Turbine conversion, 62mm Extended tip billet Compressor Wheel with 4mm extended tips and 49.60mm inducer “62 trim”, Blueprinted, staggered gap oil seals on exhaust side, 15 degree cutback / clipped turbine wheel and 63mm custom intake adapter)
4bar TMAP sensor
80mm BMC CDA direct to turbo on custom 2ft pipe run for maximum de-restriction
Water Methanol System (AEM Pump & 1000cc/min nozzle + Devils Own 100psi/7bar progressive Controller)
Inline OIL sensor reservoirs on Engine and Gearbox
Inline Mocal thermostatic control valve on gearbox oil cooler
All ECU Mapping work courtesy of Jacekowski and Jabawoki.
Handling Mods:
255/40/19 Vredestein ULTRAC Vorti Tyres
Spacers on wheels to stance / prevent rub!
Autolusso Braided Brake Lines
Performance Friction Brake Pads @ Front
EBC Yellow Brake Pads @ Rear
MTEC Groved, Vented & Dimpled Discs with Black Treatment all round
ATE TYP200 Racing Brake Fluid
Bilstein B12 Pro Suspension Kit (B6 Shocks & Eibach Springs)
Powerflex Front Upper and Lower Bushes
Modified upper arms with greese nipples
New 330mm Brembo calipers
Lighting Mods:
H7 LED's for Driving & Main Beam including custom dust caps
Full External LED Conversion
Full Internal LED Conversion
Cylon High Level LED brake light
Project Halo – Tri-Halo DRL Conversion
Electrical Mods:
16v 83.333F Super Capacitor Bank on primary electrical system
230v AC Socket in Glovebox
Twin Digital Temp Gauge (Engine and Gearbox Oil) in air vent mount
secondary fused distribution boxes under dash and in engine bay for ancillaries
All wiring and ancillary systems wrapped to look stock.
Gearbox Radiator Cooling System
100Amp Shunt and Volt / Ammeter from Capacitor Bank to Battery
Multiple 2.2amp USB sockets and feeds for general convenience!
Under Bonnet Temperature Sensor / Gauge
Audio Mods:
Custom Sub Enclosure with 12″ Infinity KAPPA Perfect 12VQ M3D Sub
Fully Soundproofed
Modified Alpine MRV-T420 Amplifier
Custom Wiring
Pioneer AVH-X5700DAB
FM/AM/DAB+/GPS Aerial Mod
Visual Mods:
Fog Lights removed from front bumper and re-grilled for greater air flow to additional radiators
Latest Gen Badges all round
Some stickers:
Cloverleafs …because race car.
Nurembergring Sticker …because she's been 🙂
“Built Not Bought” …because she is.
” order_by=”sortorder” order_direction=”ASC” returns=”included” maximum_entity_count=”500″] [...]
LiveMixesA fresh mix for you all – Happy New Year!
Track List:
Albin Myers – Time Like These
Robbie Rivera – New Direction
Oliver Twizt – Yo're Not Alone
John Dahlback – More than I Wanted
Chris Lake – If You Knew
Doman & Gooding Feat Dru & Lincoln – Runnin
Guetta Angello Gerraud Ingrosso Willis – Everytime We Touch
Steve Angello & Laifdback Luke Feat Robin S – Show Me Love
Planet Funk – Lemonade
Kurd Maverick – Blue Monday
Nari & Milani Feat Max C – Disco Nuff
Kevin Bryant – Who You Wanna Be
Empire of the Sun – Walking on a Dream
https://jabawoki.com/wp-content/mp3/Jabawoki_Sunny_Side_Up_25012010.mp3
Podcast: Play in new window | Download [...]