When Danger is an apt name!

Microsoft\Danger and T-Mobile don’t seem to have quite got the cloud concept yet.  Yes it’s true that cloud users don’t have to worry about ther data – it’s all safely tucked away somewhere and your cloud provider sorts it all out.

Alas it seems that Microsoft\Danger got a bit confused during Cloud Computing 101 and went away thinking that no-one had to worry about the data.  So they didn’t.

They have come clean on the T-Mobile website and told SideKick users not to turn off the devices as the data now lives nowhere else.  In a cruel extra twist, the SideKick Devices are useless now as just about everything it does requires the cloud – it retains nothing at all during reboot for example.

The T-mobile article is here. In the meantime you would be right if you were really nervous about trusting these guys with your data!

It seems that the only person to show incredible foresight was the person that came up with Danger as the name of the company.

Microsoft have had a couple of years now since they acquired Danger to make the services offered resilient.  Seems that they failed.  Epic Fail.

Oh and BTW, Azure, Microsofts flagship cloud OS launches in a month or so.  What-Could-Possibly-Go-Wrong.

Certificate Fingerprints

There have been some very nasty certificate based vulnerabilities announced recently and these amount to an attacker being able to act as  MITM (Man In The Middle) on pretty much any SSL conversation.  All the attacker has to do is insert themselves somewhere in your traffic chain between you and your target web site.

As these vulnerabilities turn into real exploits, you should be really really really (got the picture?) careful what sites you log into and give your personal info to.

The nature of these attacks will mean that your browser is completely fooled into thinking it is talking to the real PayPal.com or Ebay.com. When spoofed, you will most likely experience normal logon and purchasing, but your details are phished for future use.  Even certificate verification checks such as CRL, OCSP Validation and path validation will work as you would expect.  Nasty.

I suggest therefore that for the next few weeks, while we see how bad this really is, you check independently the certs of all sites that you need to log in to.

I have printed out the SSL certs for the sites that I use often so I can check them for myself, but you may want to use this article which has the cert hashes for 4 common sites, PayPal.com, Amazon.com, eBay.com and of course, TurboTas.co.uk.

It would be very hard for an attacker to make the fake cert match these hashes, so that’s what you need to check. Bear in mind though this web page could be MITM attacked too, so unless you know your connection to turbotas.co.uk is unspoofable, don’t trust this source either as the pictures could be replaced.

The best bet all around is for you to print out every cert you encounter for the next few weeks and every time you revisit a website, check the cert against your hard copy.  read on for the certs.

 

 

 

Amazon.com

eBay.com

PayPal.com

TurboTas.co.uk

Google

Yahoo

Amazon Kindle comes to the UK

Two years after the release in the US of the Amazon Kindle, the device finally makes its way to the UK!  As from today you can buy the gadget from Amazon.  this is a special version for the international market with tweaks to ensure it can get network connectivity.

It’s not all good news though – because the international version is a special build, you can only get the Kindle 2, not the DX with the nice screen.  Oh well – I suppose we can’t have everything.

Also bear in mind the Orwelian remote deletion feature which Amazon got slated for earlier in ’09 and maybe you will think twice before you part with your cash.

I’ll put one on my wish list for xmas and can always delete it if the early UK reviews are not encouraging!

 

 

FOTA Breakaway Calendar

The Guardian has an article today with the proposed schedule for th Formula One Breakaway series, and it looks like a doozy with some great circuits on offer.

The full FOTA 2010 schedule, as published in The Guardian, is as follows:

7 March Buenos Aires Argentina Last hosted F1 in 1998
21 March Mexico City Mexico Last hosted F1 in 1992
11 April Jerez Spain Last hosted F1 in 1997
25 April Portimao Portugal Never hosted F1
2 May Imola San Marino Last hosted F1 in 2006
23 May Monte Carlo Monaco Current F1 host
6 June Montreal Canada Last hosted F1 in 2008
13 June Indianapolis United States Last hosted F1 in 2007
11 July Silverstone United Kingdom Current F1 host
25 July Magny-Cours France Last hosted F1 in 2008
15 August Laustizring Germany Never hosted F1
29 August Helsinki Finland Never hosted F1
12 September Monza Italy Current F1 host
26 September Abu Dhabi United Arab Emirates Current F1 host
10 October Marina Bay Singapore Current F1 host
24 October Suzuka Japan Last hosted F1 in 2006
7 November Adelaide or Surfers’ Paradise Australia Last hosted F1 in 1995/Never hosted F1

More News over the next couple of days.  Todays update is that the FOTA president appeared in front of the WMSC today and told them unequivocally that the breakaway series will go ahead.

It seems like the FOTA teams are adamant that the budget savings are needed and that it;s the huge slice that F1 Commercial Rights holder gets that they want o get rid of!  Roll On FOTA!

 

Formula One Hits Self Destruct Button

The Self destruct Button was well and truly thumped last night when the deadline passed for unconditional entries into the 2010 Formula One series without all but one of the big teams being signed up for 2010.

The FIA and FOTA have been wrangling for years about the commercial, political and technical management of Formula One.  This has all come to a head recently, when FIA president, Max Mosley tried to enforce a budget cap on the teams. This budget cap is perceived by Mosley to be critical to the survival of the sport as the huge largess of the teams is not considered by him to be appropriate in the present financial climate. The teams all fight back with claims that their budgets are huge due to the large volumes of rule changes which Mosley makes to try and make the sport more entertaining.

In addition to budget constraints, it is clear that Max has been trying over the last few years to homogenize the cars to a single chassis, single engine series and with most of the big manufacturers either being or being sponsored by car companies with their own engines, it is clear that this was always going to end in tears.

FOTA announced last night that they are dismayed that their arguments against the budget caps have been ignored and they announced that they would begin planning a breakaway series with immediate effect:

Silverstone, 18 June 2009 – Since the formation of FOTA last September the teams have worked together and sought to engage the FIA and commercial rights holder, to develop and improve the sport.

Unprecedented worldwide financial turmoil has inevitably placed great challenges before the F1 community.  FOTA is proud that it has achieved the most substantial measures to reduce costs in the history of our sport.  

In particular the manufacturer teams have provided assistance to the independent teams, a number of which would probably not be in the sport today without the FOTA initiatives.  The FOTA teams have further agreed upon a substantial voluntary cost reduction that provides a sustainable model for the future.

Following these efforts all the teams have confirmed to the FIA and the commercial rights holder that they are willing to commit until the end of 2012.  

The FIA and the commercial rights holder have campaigned to divide FOTA. 

The wishes of the majority of the teams are ignored. Furthermore, tens of millions of dollars have been withheld from many teams by the commercial rights holder, going back as far as 2006. Despite this and the uncompromising environment, FOTA has genuinely sought compromise.

It has become clear however, that the teams cannot continue to compromise on the fundamental values of the sport and have declined to alter their original conditional entries to the 2010 World Championship.

These teams therefore have no alternative other than to commence the preparation for a new Championship which reflects the values of its participants and partners.  This series will have transparent governance, one set of regulations, encourage more entrants and listen to the wishes of the fans, including offering lower prices for spectators worldwide,   partners and other important stakeholders.  

The major drivers, stars, brands, sponsors, promoters and companies historically associated with the highest level of motorsport will all feature in this new series.

Note to Eds: Statement issued by FOTA on behalf of BMW-Sauber, BrawnGP, Scuderia Ferrari, McLaren-Mercedes, Red Bull Racing, Renault, Scuderia Toro Rosso, Toyota.

The FIA responded in what is becoming standard Formula One practice with the words ‘See you in Court’.  At the heart of this threat are the private agreements that the FIA have direct with some of the teams to be involved in the sport in the future.

Particularly interesting is the fall from grace of Ferrari, who has previously been able to exert some kind of mystical hold over the sport, with the press release on the FIA website summing up the FIA position:

19/6/2009 The FIA’s lawyers have now examined the FOTA threat to begin a breakaway series. The actions of FOTA as a whole, and Ferrari in particular, amount to serious violations of law including willful interference with contractual relations, direct breaches of Ferrari’s legal obligations and a grave violation of competition law. The FIA will be issuing legal proceedings without delay.

So far, the spinoff series is likely to involve:

  • BMW Sauber;
  • Brawn GP;
  • McLaren;
  • Renault;
  • Red Bull Racing;
  • Ferrari;
  • Toro Rosso;
  • Toyota.

It’s not presently clear what the position of Williams is in all this.  They alone of the FOTA members have submitted an unconditional entry for next year.

This may simply be that they have nothing to lose: Without a championship winning car for the last few years, this may be a great way to get back to the front of the grid if the present big guns go elsewhere.

What remains to be seen is if the breakaway series becomes the new motorsport pinnacle. With the FIA controlling budgets, technical innovation, pre season testing, engine performance and tires, the thing this is clear is that the breakaway series looks like it might be able to bring back the true innovation that in the past has bought us 6 wheels cars, side skirts and a host of other groundbreaking performance enhancing parts.

We certainly live in interesting times – May be wise not to book seats for a 2010 F1 venue just yet!

UAV Build February 09 Update

Finally, a stable(ish) flight! On Sunday 8th, the UAV finally flew in a more or less stable flight in the AUTO1 position. This essentially means that the UAV controls attitude and takes directional input from the radio. The UAV interprets the RC signal and decides on the relevant bank and pitch angles. In the case of the testing this weekend, it was noted that the maximum bank and pitch angles were not sufficient to have full control of the plane. Additionally some roll oscillation was noted although given that the gyro is presently disconnected, this is not unexpected.

One significant problem came to light with this flight and that was lack of telemetry. Even thought the antenna positioning was identical to the last flight, very few data packets were exchanged with the aircraft while in flight. This is being investigated, but is likely to require a more powerful ground antenna.

Next steps are to repeat the flight with improved reception so that good data can be gathered, then to test and calibrate the attitude response of the plane using the HSI.

Once responsive flight is acheived in AUTO1, the Gyro can be re-integrated and finally, AUTO2 flight with a simple ‘Circle Home’ Mission can be attempted.

The attitude problem was discovered to be a fundamental mistake when setting up the airframe file which caused teh aicraft to believe it was upsidedown.

UAV Build January 09 Update

It’s been a long time since an update on the UAV project has been forthcoming, so I thought it worth a quick post with progress.

The RC radio is now re-modified so that operation of the mode switch is on the left.  I fly mode 2 and it was not the smartest descision to put the mode switch over on the right of the radio.

Test flights have shown that during the brief forays into AUTO1 (stabilised manual flight) showed a small roll oscillation and a violent nose down pitch.  this issue is ongoing and is the cause of much head scratching.  Telemetry data seems to show that the AHI is in a neutral position before the switch is flicked, so it’s most odd that the plane immediatly dives towards the ground. I suspect the users forum will yield suggestions.

The airframe has around six flights of ten minutes each to its name now and although some improvements have been made, the plane generally flies very well.  The only mishaps have been related to the AUTO1 attempts and although these have involved close shaves, the plane is still in great shape.   Aircraft now shown to fly equally well on 2 cell or 3 cell LIPO.  Normal flight probably will be on 3 Cell LIPO to maximise flight time. 3 Cell pack does increase AUW and consequently approach and landind speed.  Ideal prop is 8×6 and this gives good throttle response and very quiet flight.

A recent update of the GUI software has bought a massive performance improvement in the ground segment aspects.  It’s not known what has triggered the improvement, simply that it runs very well indeed now.  Additional GUI features will be tested over the next few weeks.

Photos of the progress are on the gallery, which is here.

Eavesdropping on Wired Keyboards from 20 Paces

Yes, you heard it right. Researchers in Switzerland have developed some attacks targetted at capturing the Radio Frequency emmissions from keyboards and using the captured RF data to work out what keys the user pressed.

Note that this attack is not against wireless keyboards, but is actually aimed at those USB and PS2 keyboards which we all use every day. Notebooks with built in keyboards are just as easily sniffed too, so there is no obvious escape from this problem. 

The heart of the vulnerability is that keyboards are built so cheaply that they have absolutley no Radio Frequency sheilding at all and picking up some form of radio signal from just about any keyboard is an almost trivial excercise.

What is not trivial of course is the decoding of that signal to rebuild the users keypresses. Nevertheless, the team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland have developed four similar attacks and have found that of the 11 keyboards they extensivly tested, all were suseptible to their eavedropping methods.

The key point here is that it's now pretty much mandatory to use one time passwords if you truly want to be secure.

Read more about the attackes here.

UAV Build July 08 Update

The RC radio is now modified so that it has a three position switch for MANUAL\AUTO1\AUTO2 mode selection. This works fine although ideally the switch should be mounted on the left of the radio and not the right. Full Radio (RC) range check carried out and an initial test flight showed good telemetry data. Photos of the radio mod ar on the gallery, which is here. Full radio (modem) range tests carried out and good signal recieved at 250 Meters using standard antennas.

GCS tested on Mains inverter powers from car battery. GCS voltage converter added for video goggles.

Initial flight test carried out. One 10 minute flight proved the airframe working fine. Chosen Motor/Prop combination giving reasonable
performance on 2 cel LIPO. 3 brief attempts at AUTO1 deemed failures. Each time AUTO1 flight was attempted, the airframe rolled violently. Further ground tuning underway.

UAV Build June 08 Update

The GCS is online and the airframe talks over the air to the airframe. The airframe is now complete with all components mounted. Initial tuning of the airframe file commenced involving checking the servo and sensor polarity. Changed the motor in the airframe to a unit with a bit more oomph.