Git directory server vulnerability

Do you use git to manage your site and or server files? In my opinion, this is undoubtably a good way to run things but you need to make sure it’s secure. Just try going to yoursite.com/.git/config. If you haven’t secured your server properly, you will see the configuration file for your git repository. Not good, huh? Not only could an attacker reveal lots of information about your code base including where the upstream server is, I believe they could possibly get the entire source. This would allow the attacker to see exactly how the site works and be able to exploit it very easily.

Now, the good news. It’s an easy fix!

Continue reading

Cyber Centurion competition at Bletchley Park

Today, the guys at SubjectRefresh and I competed in the Cyber Centurion Security Challenge at The National Museum of Computing at Bletchley Park.

The day started with an introduction by the organisers and a brief explanation of how the day was going to work. Then it was off to the marquee to get started securing the machines we were provided with. There were two Windows VMs (server 2008 and 8.1) and one Ubuntu 14.04 image. The team delegated four people to work on the machines in the first part of the day and swapped out two at lunch time.

By the end, we’d managed to get 66% of the vulnerabilities on Ubuntu and about 80% on each of the Windows VMs. This result was on par with most of the other teams, the top 5 or so each having really close overall scores.

Our team bio is available at https://cybersecuritychallenge.org.uk/competitors/cybercenturion/ and you can find out more about the Finals at https://cybersecuritychallenge.org.uk/competition-final-at-bletchley-park/.

It was a fantastic day and we all had a lot of fun. To top it all off, we featured on the ITV Anglia news this evening! http://www.itv.com/news/anglia/update/2016-04-26/competition-aims-to-find-next-generation-of-cyber-defence-experts/

Post-Birthday Hack: Arduino GPS

For my birthday, Ben James gave me some geeky goodies including a uBlox NEO-6M GPS module.

As soon as I had a moment, I rigged it up to my Arduino and uploaded this sketch from ArduinoTronics.

The pin connection layout is this:

GPS RX -> Arduino digital 4 (D4)

GPS TX -> Arduino digital 3 (D3)

GPS GND -> Arduino GND

GPS VCC -> Arduino 5V

It took a while to get a fix (find a satellite) but after it had, I received this over the serial port!:

Arduino GPS data
Arduino GPS data

I have my GPS module in mind for a secret project which is to be launched soon, so keep your ears pricked!

EDIT 15/04/15:

Just took the module and Arduino out for a drive in the car and then plotted all the points (about 500 of them) on a map, very pleased with the results!

Our quick drive around
Our quick drive around

The Pi-Powered Hamster Hunter Part 4: Reflections

Reflections

At the end of our project our initial objectives had now been added to and matured through the development process.

Objectives at the start

The objective of this project was to build an all terrain vehicle which could be used for various applications and controlled from anywhere in the world. We wanted it to be operational in all circumstances, which meant being able to operate in low light/pitch dark conditions and being able to traverse all terrain. It was essential for the user to be able to see from the ReCoRVVA’s point of view in real time. We also wanted the ReCoRVVA to be able to sense when it was about to crash and automatically stop to avoid collisions.

Objectives at the end

The ReCoRVVA is controllable from anywhere in the world, the user can see in real time where they were driving and knows the environmental conditions they were operating in. The ReCoRVVA is able to automatically stop if it senses an obstacle.

We have also shown that it can be adaptable to any circumstance and any user or their medium of control.

Continue reading