Windows 7 and Vista crash via SMB exploit

[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.

[Laurent] has a proof of concept available with his writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but disabling the SMB protocol will protect your system until one is available.

Update: According to the Microsoft advisory this vulnerability could lead to code execution, making it a bit worse than we thought. On the bright side, they claim that the final version of Windows 7 is not open to this attack, only Windows Vista and Windows Server 2008.

Augmented Network Interfaces

Here’s an interesting bit of research to come out of Microsoft and UCSD. The Somniloquy project is a new type of network interface. It’s a USB device that allows a computer to continue network communications after being put to sleep. By offloading these tasks, machines that would normally stay awake for RDP and file transfers are only powered up when absolutely necessary. The device uses a Gumstix board like the one used in the Tor hardware adapter. The device pictured above has two USB interfaces, but the second is just for debugging and not needed for proper operation. The board runs BSD and creates a USBNet bridge to the Vista host. When the host daemon detects the computer going to sleep, it hands off active communication to the gumstix. They developed “stub” applications to handle the various types of communication. For downloads, they used wget to download only the portion of the data that was still left. For bittorrent, they customized the command line client ctorrent to manage the download. Both programs wake up the PC upon completion and transfer the file off of the SD card.

Guitar Hero macro board

Doesn’t look like the Guitar Hero hacks will be slowing up any time soon. In this recent installment, [Thunderhammer3000] built a board to record Guitar Hero “songs”. It is wired inline with with the fret buttons and strum bar and records each of the key presses. Songs can be recorded at slow speed in practice mode and replayed at full speed. The board is Arduino compatible and has two optoisolator chips for collecting the button presses plus a small EEPROM for storage. The board fits easily inside the guitar body.

HAL suit going into production

When we compiled our list of real life power suits last May, the HAL suit was being pitched as a $1000 a month rental. Cyberdyne has changed their tune for the better recently. Teports suggest that the first 400 unit run of powered exoskeletons will sell for $4200, less than a Segway. The suit can increase the wearer’s strength ten-fold and will run continuously for nearly three hours.

Rocketting fun

[Gabe] sent in this project summary from his rocketry club’s yearly project(pdf). The goal was to build a rocket that would go up to about 800 meters and eject a robot that would pilot itself to a destination on the ground for re use. There’s tons of great information from what hardware is in the robot to hardware design for the ejection mechanism. There are great pictures of the final build, not so many of the construction itself. The project seemed to go well until EMI problems caused everything to fail during flight. If you’re interested in seeing more from the club, check out their site (translated).

Parts: 32KB SPI SRAM memory (23K256)

Microchip’s new 23K256 is a serially interfaced 32 kilobyte SRAM memory chip, available in 8 pin DIP and 8 pin SO packages. SRAM, like EEPROM, is a data storage medium. Data stored in SRAM is lost without constant power, but it’s really fast and there’s no limits to the number of write cycles. EERPOM stores data even without power, but it’s slow and usually limited to around a million write cycles.

32K SRAM chips typically have 15 address lines and 8 data lines, like the IS61LV256AL we used on our CPLD development board. The 23K256 requires just four signal lines, but sacrifices the speed of a parallel memory interface. It’s a great way to add extra memory to a low-pin count microcontroller without routing 23 signal traces. We’ll show you how to interface this chip below.

STK500 as an Arduino

The AVR STK500 has been Atmel’s standard AVR development platform for many years. Recently though, hobbyists have embraced the Arduino. [Alessandro] has decided to bring the two together so that you can use the Arduino environment with the STK500. Unlike the Arduino, it comes with 8 LEDs, 8 switches, a variable power supply, and variable analog reference. It’s a great way to get hardware you might already have back into service.