The idea is to build a small application that generates PSKC xml file based on a txt file with only token serial numbers and its seeds in a HEX string.
Basicaly it generates 6 digits OTP based in a EPOCH time stored in a variable called birthTime There is no time drift. The OTP is updated each 30 or 60 seconds.
For HMAC-SHA1 hash this implementation uses the code from Cathedrow / Cryptosuite (https://github.com/Cathedrow/Cryptosuite).
However a small change was added to sha1.h and sha1.c: The method size_t Sha1Class::writebytes(const uint8_t* data, int length)
This small project was built in order to explain how to implement a OATH token with only open-source tools. Also, this project will be presented at International Free Software Forum (FISL13 http://softwarelivre.org/fisl13/about-the-event)
Also there are two small videos about this project:
Some days ago I was trying to test a XTAL of 11Mhz with a friend of mine at my home lab. When the xtal was placed in a complete circuit we just attached the scope proof points and we are were able to see the correct measurement at screen of scope.
But when the xtal was apart of a circuit we did not find a way to test it. We had two objectives: A fast way to test a xtal to see if it is working or not; A way to measure the exact frequency of it;
Transistor Q01, a NPN 2N3904, and its associated components form an oscillator circuit that will oscillate if, and only if, a good crystal is connected to the test clips. The output from the oscillator is then rectified by the 1N4148 signal diode and filtered by C03, a 100pF capacitor.
The positive voltage developed across the capacitor is applied to the base of Q02, another 2N3904, causing it to conduct. When that happens, current flows through Led01, causing it to glow. Since only a good crystal will oscillate, a glowing LED indicates that the crystal is indeed OK.
The circuit works very well with 6 - 8Mhz crystals, but for higher frequency crystals (11Mhz) the LED glows very weak. For that reason I've added a 1k potentiometer to enable the adjust of LED's resistance.
In order to test this circuit with oscilloscope, just use the proof points in the where the crystal is connected (see the images bellow).
“Centro de Defesa Cibernética do Exército” in portuguese, which means Center of Cybernetic Defense of Army. It is a Brazilian army initiative (inspired in other cyber-defense agencies from other countries) with some important functions:
- Research in IT Security
- Defense through information systems
- Eventual counter-attacks
Some key arguments (learned from outside experiences) for creation of CDCiber were:
- 9/11 (Several documents stolen from industries and government, which were used to plan the terrorist act.)
- Chinese and Russian cyber attacks against other countries
- Stuxnet: Domain-driven malwares
- Wikileaks: The amount of confidential documents from government leaked and exposed in Wikileaks, reveled a weakness in the efforts to protect sensitive data.
- Brazil growth: More exposure of brazilian market, natural resources as well as some important companies as Petrobras and Compania Vale do Rio Doce, among others.
- Coordinated attacks from LulzSec and Anonymous
Differential* aspects over other/common defense centers:
Ability to find in market, professionals/consultants which required skills to work in the center
Low cost of infrastructure, when compared with common defense centers
*The same differential aspects are used to companies and criminals to build its own defense centers. Therefore these aspects are also a strong argument to build de CDCiber. (23.03.2012)
Studying the basics of cryptography using XOR I've decided to to design some XOR graphical representation, as several that we can find in the Web (http://en.wikipedia.org/wiki/Xor). The result can be seen bellow. It is very interesting to see the symmetry of result.
Através da criação do "Identity Protection Technology", IPT, a Intel passa a oferecer em seus processadores i3, i5 e i7 (2a. geração) e posteriormente nos Ultrabooks uma série de recursos de segurança. Tais recursos estão embarcados em uma área do processador chamada de Management Engine (ME). Essa área pode ser acessível através do bus PCI por meio de um Firmware embarcado na BIOS e um driver. Dessa forma diversos algoritimos de gerenciamento de senhas, proteção de identidade e autenticação de transações, que normalmente são feitos via software dependentes do sistema operacional, podem agora ser transferidos para para execução interna no ME dentro do processador e assim garantir a inviolabilidade desses algoritmos. Além disso somente algoritmos assinados por certificados reconhecidos pela Intel poderão rodar nessa área do processador.
Para que os usuários comuns possam se beneficiar dessa tecnologia em acesso a bancos, lojas eletrônicas, redes sociais, etc, essas empressas precisarão que seus sistemas de segurança e autenticação sejam atualizados para funcionar nesse novo padrão. Para isso a Intel estabeleceu parceria com a InfoSERVER S/A para o desenvolvimento de soluções que permitam a integração do mercado.
A friend of mine asked me for Java NIO PDF Documents, Presentations and Books references.
Here is what I have:
- Advanced JavaTM NIO Technology-Based Applications Using the Grizzly Framework
- A Programmer’s Tutorial on Event-Driven Programming, Asynchronous Input/Output, and the Bamboo DHT
- A Study of Java Networking Performance on a Linux Cluster
- Getting started with NIO
- How to Build a Scalable Multiplexed Server With NIO Mark II
- Improving Java Network Programming
- Introduction to NIO: New I/O
- Java NIO
- JAVA NIO FRAMEWORK Introducing a high-performance I/O framework for Java
- Multiple Client Server and Java New-IO (nio) classes
- New I/O in JDK 7
- Scalable IO in Java
- Using the new Java I/O interface in parallel computing
Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
WSBang: perform automated security testing of SOAP based web services
Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
python-poppler-qt4: Python binding for the Poppler PDF library, including Qt4 support
Misc
InlineEgg: toolbox of classes for writing small assembly programs in Python
Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging
RevHosts: enumerate virtual hosts for a given IP address
JAmtConnector is an OpenSource application (written in Java), release under Eclipse Public License, that can connect an collect data from vPro machines over network. It uses web-services for communication and works with machines that has AMT version >= 3.0. The software was built based on Intel® WS-Management Java Client Library.
This software also can be useful for who want to learn how to implement AMT resources through Java and Web-Services.
This application, works in Command-Line Interface (CLI) and also in desktop. See the example bellow:
A Subversion client, implemented as a windows shell extension.
TortoiseSVN is a really easy to use Revision control / version control / source control software for Windows.
Since it's not an integration for a specific IDE you can use it with whatever development tools you like.
TortoiseSVN is free to use. You don't need to get a loan or pay a full years salary to use it.
