Welcome - Jabawok Industries

Welcome to my digital home! There are lots of articles you might find helpful buried in this site on topics such as modifying an Alfa Romeo 159, rebuilding a Lotus 7 (Robin Hood 2B), not to mention a ton of stuff on technology in general. It’s all here somewhere, so use the search function or navigate using the menu structure. if you want to talk, reach out via the contact function, I usually do answer!

Random Post Selection

Press Coverage – July 2009

InfoSecOpen post to see coverage: Sheffield Star Business Monthly – July 2009 – HackingRelated Images: [...]

Anything that can be engineered by mankind…..

InfoSec……can be reverse engineered by mankind. Its a simple mantra, but one that has served me well in security. Think of of this way, it doesn’t matter how intelligent you are, someone, somewhere is more intelligent! When it comes to security this is never more true. As we all know, security is asymmetric, in so much that the effort required to secure something is significantly more than that required to break into it. Given this point, it makes the mantra even more relevant! If security was symetrical, you would have a 1:1 effort relationship, however, as its not, (we will for the purposes of this article assume its 2:1, i.e. double the effort required to secure), it would theoretically take less brain power than it took to create the control to break it. Obviously I accept that this is a very simplistic representation of the point, but one I think is valid. Related Images: [...]

Modified ALFA RT8187

InfoSecSo I finally got round to sorting out the heat issues associated with running the 1W ALFA at full power for extended periods of time. It was a simple hardware mod that cost next to nothing to do and it means I can run higher power for longer, which is useful 🙂 Ok, so starting from the top….. Your going to need an ALFA USB RT8178 external Wireless adapter, rated at 1W. You want the 1W one not the 2W or N spec etc ones as they are different chip sets and the best chip set for wifi pwnage is the 8187 🙂 Once you have your trusty ALFA card your going to want to overclock its power to make it see where other cards cannot. That is as simple as typing: ifconfig wlan0 down iw reg set BO ifconfig wlan0 up iwconfig wlan0 txpower 30 Once you have full power enabled however, your going to start running into problems unless you modify the hardware as well. That’s where this guide comes in! What you will need: ALFA USB RT8187 Adapter Small chip Heat sinks from Maplin or elsewhere 3M Heat sink double sided sticky pads Super Glue Dremil Sharp craft knife To start, you need to crack open the unit. It just pops open, but I found that it snapped the clips that hold it together when I did it so you need to be careful or be prepared to super glue it back together. Once you have it all open and ready to go clean up the chip and the heat sinks with some heat sink paste solvent and heat sink surface prep. Once that’s done, cut a piece of the heat sink tape to size and attach it to the heat sink. Then just attach it to the chip and your set for fabrication to commence! No for the tricky bit. Using your dremil and knife, cut a hole for the heat sink in the face of the case. Its tricky, and mine didn’t come out great, but it was good enough and function over form is good for me on this one! Now your all set, you can run your ALFA at full power, injecting and sniffing to your hearts content without burning it out. Enjoy! Related Images: [...]

Decision made

GeneralNative Instuments – Traktor Scratch This is the final choice and the result of much deliberation and research. It would seem that for the most part its a two horse race, Serato vs Traktor. I’ll give you the highlights to make it simple. Serato is very very stable, easy to use and generally a rock solid solution to mixing MP3’s. Traktor has less reputation for stability but so many more features and possabilities when it comes to taking your music to the next level. This is best domonstrated bythe release of traktor 3.2 and its ability to mix 4 sources in the same interface! this means you could have 2 x decks + two other input sources all up at once mixing through a 4 channel mixer, when used with the Audio 8 interface. It was this feature that won it for me. With this I can utilise Ableton Live like it was another deck, and have a 4th source as something like a standalone sequencer, drum machine or other random piece of electronic excellence. Now all I have to do is save my pennies and actually buy one! 🙂 Related Images: [...]

ACME Supercomputing Inc – Roadrunner Beware

InfoSecI read an interesting article the other day about the fact that Cray have toppled IBM of the top spot in the super computer race with a staggering 1.64 Petaflops of processing grunt from its XT Jaguar supercomputer. Of course, I expect this will be short lived given the Roadrunner has a theoretical 1.7 Petaflop capacity. So what I hear you cry! Well think of this, Cloud computing is here to stay and can yield some massive processing potential, but its still quite young and clouds tend to be privately owned and sold to the highest bidder. But what if we could all club together and build a cloud so big, so powerful it blew the Crays and IBMs of this world out of the water? Again, I hear the crys of yeah right! Well, ask yourself this, do I own a PS3? if the answer is yes, welcome to the “PSCloud” The concept is simple, in a PS3 there is an IBM Cell Processor with 8 CPU cores, a very powerful CPU indeed! and guess what, IBM’s Roadrunner uses them too, yes, the Roadrunner has just short of 13,000 Cell Processors in it, of course it has quite a few AMD’s as well (6.4K), but the cells are the bulk of it. So lets look at the facts, the same basic architecture used for the supercomputer market is in our homes, and cloud computing is here to stay, well I’m no rocket scientist but I reckon if we put these two concepts together, Roadrunner and Jaguar have a problem on their hands. As of November 2008, over 16 million PS3’s have been sold around the world, of which we can assume by the design and nature of the unit, that nearly all of them are connected to the internet, so if we were able to join them into a single cloud, what sort of processing power could we achieve? I ask you this….. If 13,000 Cells and 6K AMD’s get you 1.6 Petaflops, what would 16million Cells get you? All we need to make this happen is a software/firmware update to turn the PS3 into a cloud member and a peer based command and control mechanism, any programmers out there? Related Images: [...]

Press Coverage – February 2009

InfoSecOpen post to see coverage: Computer Fraud and Security – February 2009 – Ethics & Hacking Related Images: [...]

RH2B – Bonnet Fix

RH2B Build DiaryThe bonnet on the hoody is metal, in two sections, and was bolted together on a centre flange. This left a seam that was filled with filler and then a vinyl stripe laid over the top. Now this would have been fine except for the fact that the builder then installed a long pneumatic ram (the type that opens a boot on a hatchback) to hold up the bonnet when you lift it. Great for convenience but done in such a way as to cause a long term issue. Essentially, as the weight of the bonnet and nose cone were pivoting on an M8 bolt attached to the centre flange (2 x 1mm steel), the flange had twisted, bent and caused the bonnet to deform above. This in turn caused the filler to crack and separate from the bonnet, which then caused the vinyl to crack leaving an unsightly jagged line down the centre of the bonnet. Bonnet damage after removing the vinyl and cracked filler. Rather than just filling it and applying another vinyl sticker to it, knowing it would just do the same again, I set about designing and printing a better solution to the mounting of the jack point to the bonnet and also reinforcing the flange with several additional M8 bolts! A few iterations in Fusion 360 and 3 test prints in PLA, I had a final design that met the profile of the bonnet, bolted through the flange, spread the load of the bonnet more evenly and provided a solid anchor point for the jack. Design iterations The final design is pretty cool. It spreads the load exactly as I wanted and prevents the centre of the bonnet where the filler is being pushed up. It has also added rigidity to the panel as a side effect. Finished mount Once the mount was installed all that was left to do was fill the resulting gap with a flexible filler that wont crack and fall out, sand it smooth(sh) and the re-apply the vinyl. What I learned from this experience is something I was already pretty cognizant of. I cannot do bodywork!!! I dont have the patience for it at all! Finished article. Its by no means perfect but will do for now! Related Images: [...]

Chip & Pin Attack

InfoSecI was recently asked to comment on the new Chip & Pin attack created by Prof Ross Anderson from Cambridge University. In my original comment released to the press I make an assertion in relation to a change in process that “breaks the circuit” of this attack – see below: Jay Abbott, director in charge of Threat & Vulnerability Management, PricewaterhouseCoopers LLP (PwC), said:“Essentially, what the scientists have come up with is a very effective and simple way of exploiting weaknesses in the system. However, it is important to bear in mind that the fraud requires a very specific scenario to become effective. “A simple process change by the retailer of asking for the card holder to hand over the card would break the circuit, although this isn’t always possible as sometimes the card reader is fixed to a point on the other side of the counter. “At present, the customer is accountable for the fraud as banks argue that PIN verified transactions are secure. Given this attack demonstrates a clear method of bypassing the PIN system, this assertion by the banks stands on shakier ground.” With the original comment came a caveat, which as you would normally expect, was not quoted by the media, this caveat was that the process change suggested brought with it the opportunity for cards to be skimmed, which was in fact one of the original reasons behind the Chip & Pin changes. In fact, the change works in the favour of the retailer rather than the consumer, however, before you hang me, allow me to demonstrate the rationale behind this. Consider first that Chip & Pin is in fact “two factor” authentication, which anyone in the security business will explain is more secure than “one factor” authentication. The first factor is the card itself or the “chip” in this instance, the second factor is the “Pin” which in this context operates as a pass code. Given both elements are authenticators in their own right, both are required, and as such any attack must include them both. The attack designed by Prof Ross Anderson targets the Pin aspect of the authentication, and relies on the original card accessed through a series of technology components that have to be connected together in some way. The method shown in this attack makes use of concealment to hide these components on the person of the attacker, and relies on a custom built “attack” card with wires hidden up the sleeve of the attacker, back to the other components involved. The obvious way to therefore detect and prevent this attack at the retailer is by separating the card from the attacker, thus showing the wires and revealing the ruse. The cloning of cards must be treated separately as the current methods of cloning (that I am aware of at this point in time) only create “yes cards” which would not work in this attack scenario as they are not true copies and would be detected by the PoS equipment as fraudulent. As I understand it, there is no economically viable way of cloning Chip & PIN Cards effectively at this time. Any cloning would still focus on the magnetic stripe data, which can be easily cloned, but is not accepted by the retailers (usually) when a Chip & PIN card is presented. This of course is at the discretion of the retailer and out of the control of the consumer or the banks. This brings us to the counter argument, specifically in relation to the increased risk of your card getting skimmed/cloned by the retailer when you hand it over. Een if it were viable to clone the chip cards, given that a card skimmed by a retailer would typically not get the pin as well (this of course is not always the case), using the now cloned card would have to make use of Prof Ross Anderson’s attack method, which if the aforementioned process change was implemented, would not work, so in effect increasing the risk of cloning, but decreasing the risk of a successful attack using the cloned card and “breaking the circuit”. This of course relies on the premise that the use of the cards magnetic strip is in fact not viable, and therefore if anything, reinforces the use of Chip & PIN ironically. Of course in real life the Magstrip is regularly used, but that, again is outside the scope of this discussion and considered irrelevant in the face of the specific discussion around Prof Andersons attack. There is always of course the argument for using a small form factor wireless transmission device to remove the need for wires, but given the form factor of a credit card and the inability to alter this form factor without raising suspicion, I am personally unsure that significant enough range for a TX/RX comms loop could be achieved given the power that could be implemented into a credit card sized device. Again, in my original comments to the press I clearly stated that the system needed to be fixed, and that the attack was effective, so this is not me suggesting that we should brush this under the carpet, in fact it is simply looking at what we can potentially do NOW to protect the system, while its eventual upgrade is debated and planned. Don’t forget, in this context I am just as much of a concerned consumer as you. Related Images: [...]

Uplifting Trance Vibes – 10/02/2011

LiveMixesIn celebration of my birthday I thought I would take a trip back to my roots and put out a big room trance mix for you all. Enjoy! Track listing: 1 ALEX M.O.R.P.H. feat. Michael – Wanna Be (Album Extended Vocal Mix) 2 Cosmic Gate feat. Emma Hewitt – Not Enough Time (Extended Mix) 3 Dash Berlin feat. Emma Hewitt – Waiting (Original Mix) 4 Fabio XB & Andrea Mazza – Light To Lies (Gareth Emery Mix) 5 John OCallaghan feat. Audrey Gallaher – Big Sky (Markus Schulz AX Remix) 6 Rex Mundi feat. Susana – Nothing At All (Original Mix) 7 torcycle – As The Rush Comes (Daniel Kandi & Anton Firtich Divine Remix) 8 Myon & Shane 54 feat. Aruna – Helpless (Monster Mix) 9 Roger Shah & Tenishia feat. Lorilee – Im Not God (Roger Shah Mix) 10 Medina – You And I (Dash Berlin Mix) 11 Marco V – Unprepared (Extended Mix) https://jabawoki.com/wp-content/mp3/Jabawoki_Uplifting_Trance_Vibes_10022011.mp3 Podcast: Play in new window | Download Related Images: [...]

Press Coverage – August 2009

InfoSecOpen post to see coverage: Accountancy Age – August 2009 – Dark Pools of Talent Related Images: [...]