Monday, 14 May 2018

The Magic Mirror Project

This story started one year ago, when I went to MakerFair in Rome, an event created bt Make magazine to celebrate arts, crafts, engineering, science projects and the Do-It-Yourself (DIY) mindset.

There, my eyes has been catched by the Magic Mirror, a mix between a mirror and a computer. I asked a lot of information regarding the object and I remember I thought: "I want to build one of this by myself"

During my way home was impossible for me to forgot that object. Arrived at home I switched on my computer and I started to googling how to build it. I was very busy at those time, so I read a lot and stored everything in my mind in order to use this information in the future.

At the end of the last year I went back to my open projects and I decided to complete it.

First of all I jot down in a paper every component i needed.

  • 1 Raspberry Pi 3
  • 1 Monitor HDMI, LCD or Led between 15 and 19 inc.
  • 1 Magic Mirror Software (to develop)
  • 1 Plexiglas tails
  • Mirror's film
  • ...and something useful to use like a minor

I made some research and at the end I decided to use Android as OS because I am very able to develop apps for this environment, so everything would have been faster.

So, I found a good custom Android ROM and I installed it in the Raspberry Pi 3.

I decided which features I'd like to have in my Magic Mirror and I started developing and Android's App for my Magic Mirror.

I decided, as base, to have the time, date, icon weather and relative temperature degrees. Then I decided to add a services to have the daily news.

In the meantime looked for a HDMI monitor that could fit well with my goal.
I found and bougth it and when I finished Magic Mirror app has been the time to test it.

The result looks like pretty good.
The next step was to dismantle the monitor's plastic cover in order to kepp only the panel.
I did it and then I measured its size in order to buy the plexiglass sheet.

I found a plexiglas sheet bigger than I need, so I have to cut the it.
But this task has not been the most difficult part...the hardest has been to apply the mirror's film in the best way as possible.

Of course, I have not been able to do the best job ever and as you can see there are some little bubbles.
The next step has been to fix the plexiglas with the monitor and this has been very easy thanks to the film cut longer than the need.

At the end this is the result! Me and my girlfriend mirrored into the Migic Mirro! :)

The last step was to have a suitable and beautiful frame for the Magic...and voilĂ  the frame!!

There you can see the back of the Magic Mirror, with the monitor, its switch, the Raspberry and part of the cables.

At the end, this is my Magic Mirror!

Next steps? Integrate it with a microphone, a speaker and Google Assistant!

Friday, 12 January 2018

DDE Attack

In the recent weeks we are more and more often reading news that talks about attacks that exploit DDE technology, Botnets that exploit the DDE attack, Ransomware that are distributed via DDE attack and so on.
Well, this is the right time to clarify this technology and this new attack way.

Let's start from the basics, what is DDE?
DDE, which stands for Dynamic Data Exchange, it is an interprocess communication system (IPC) introduced for the first time in 1987 with Windows 2.0.
This technology and its functionality have been largely supplanted by OLE - Object Linking and Embedding. However, DDE is still used due to its simplicity.

Like macros, DDE is a legitimate feature of Microsoft Office and allows to share a set of data between applications. For example, you could create a Word document linked to an Excel document so that the data in the first one will be updated automatically whenever are you changing Excel spreadsheet data.

In which way this attack is bring out?
Performing a DDE attack is very simple. Just add the string {DDEAUTO} to call the DDE feature, , in the text of a Microsoft Word document, followed by the command you want to run, all within the braces.

Can it be used only in Office documents?
No, not only Microsoft Office documents.
This attack can also pull off via Outlook, by sending an email, an email or an appointment, known as "calendar" in company jargon.

Now we are going to create a formatted content using Microsoft Outlook's "Rich Text Format" (RTF) and insert the malicious code inside it and save it as email. Next step will be to attach this one to the email we'd like to send, write a a title and a text to attracting victim's attention and push it to open it.

What can you do with this attack?

In which DDE attack would be used:

  • to send a computer in Denial Of Service (DOS) by running countless instances of a specific software until the available resources are saturated;
  • running software or scripts that could give full control of the computer to the attacker;
  • download malware to use to exfiltrate data.

How to recognize fraudulent content?
When you are opening the file, a warning message is showed to you. It is warning yo that the file has an external contents and asks for confirmation to continue.

If your chiose has been "YES", a new message will be displayed asking if you want to run a specified application. The in example below the command / application quoted is "cmd.exe".

However, it should be noted that the information concerning the execution of the command can be hidden or omitted by editing the syntax of the malicious code.

How to defend yourself?
When the warning message realated external contents has popped out, clicking "No" block the attack attempted.

You can also defend yourself better by changind setting and display all messages in text format.
However, this workaround involves the deactivation of all formatting, colors and images from all incoming e-mails and consequently some contents could not be rendered.

Why this new attack?
Cyber criminals are starting to use DDE technology because it is different from macro and because they are always looking for new ways to mislead the victim.
For years we are witnessing attacks based on the macro but fortunately you can disable this technology and therefore prevent malicious content from being automatically performed when the file is opened.
This new way, though it has some limits dictated by the interaction with the user, could lead an untrained or careless person to think that it is an error that occurred due some file's errors.
In the last weeks this new attack way has grown exponentially thanks to the fact that you do not have to send attached to the email documents of Microsoft Office or PDF, but just attach another email or a "calendar".

Please note, this article was created in the end of October 2017, but only at this time I have been able to publish it.