Donnerstag, 16. Oktober 2014

SSL issues again

Here is a blogpost on the issue called POODLE, which was discovered by Google some days ago.
It is not Heartbleed but it could lead to an impact again.

Montag, 11. August 2014

[Raspberry, Arduino] First Project

Now its the first weekend of my vacation and i thought it would be a great idea to play around with some "toys" (my wife would say) i bought a while ago.

So i have:

  • Raspberry pi B
  • Arduino Uno rev3
  • analog temperature sensor
  • breadboard
  • a lot of wires :-)

First of all installed raspbian on the raspberry. Raspbian was downloaded from the official raspberry side and written to the sd card. Not that hard.

Arduino and the sensor

First i started with the arduino and the analog sensor.
The TMP36 sensor has three connections,
  1. 5V
  2. GND
  3. Analog 0 (A0)
Its quite easy when everything was connected i startet the first programm:

int sensorPin = 0; // to use A 0
void setup()
{ Serial.begin(9600);  // baud rate for serial console
void loop()  {
 int reading = analogRead(sensorPin);  // read the sensor
 float voltage = reading * 5.0;
 voltage /= 1024.0; 
 Serial.print(voltage); Serial.println(" volts");
 float temperatureC = (voltage - 0.5) * 100 ;  
 Serial.print(temperatureC); Serial.println(" degrees C"); // print to console

The program will write the actual temperature to the serial console.

Raspberry and Arduino

So, now i would like to have the output on my raspberry pi. Taking a look around i found the idea to connect it via i2c.

The connection raspberry <---> arduino is as follows

SDA <---> A 4
SDL <---> A 5
GND <---> GND

Now we need to install i2c-devel and python-smbus on the raspberry. Arduino just needs to include Wire.h.
Please see the guide above for the single steps.

What you need on Arduino side is basically:
#include <Wire.h>
#define SLAVE_ADDRESS 0x04
for gettint and recieving data you need
 I wrote a combination from the old script and a new one, maybe you get the idea
#define SLAVE_ADDRESS 0x04
int output = 0;
int input = 0;
int state = 0;
int sensorPin = 0;
double temp;
double c1;
double c2;
void setup() {
 pinMode(13, OUTPUT);
 // initialize i2c as slave
 // define callbacks for i2c communication
 void loop(){
  delay (1000);
  double c1 = GetExtTemp();
  double c2 = GetIntTemp();
  Serial.print(c1); Serial.print(" : ");Serial.println(c2);
// callback for received data
void receiveData(int byteCount){
 while(Wire.available()) {
  input =;
  Serial.print(input);Serial.println(" in");
  if (input == 1){
   if (state == 0){
    digitalWrite(13, HIGH); // set the LED on
    state = 1;
   } else{
    digitalWrite(13, LOW); // set the LED off
    state = 0;
  if(input == 2) {
   output = (int)c1;
  if(input == 3) {
   output = (int)c2;
// callback for sending data
void sendData(){
// Get the internal temperature of the arduino
double GetExtTemp(void)
 delay (100);
 int reading = analogRead(sensorPin);
 double voltage = reading * 5.0;
 voltage /= 1024.0;
 double temperatureC = (voltage - 0.5) * 100 ;
 temp = temperatureC;
 return (temp);

double GetIntTemp(void)
 unsigned int wADC;
 double t;
 ADMUX = (_BV(REFS1) | _BV(REFS0) | _BV(MUX3));
 ADCSRA |= _BV(ADEN); // enable the ADC
 delay(20); // wait for voltages to become stable.
 ADCSRA |= _BV(ADSC); // Start the ADC
 while (bit_is_set(ADCSRA,ADSC));
 t = (wADC - 324.31 ) / 1.22;
 return (t);
On raspberry side you can do (python):
import smbus
bus = smbus.SMBus(1)
deviceaddy = 4x04 // same addy as above
bus.read_byte_data(deviceaddy, 2) // 1,2,3 should work
With the arduino programm above you should be able to recieve:

  1. Switch LED ON/OFF
  2. Get external tempereature from analog sensor
  3. get internal arduino temperature

Update: Well, i killed it somewhere, i dont get an correct data on my raspberry while the arduino serial output is all good. If someone has an hint :-)

Donnerstag, 3. Juli 2014

How i see a website

Sometimes i visit a website (yes i really do) and sometimes i like to take just another look onto it.

So i come around one of mine for example, i can see a nice owncloud login page. Well lets dig a bit deeper

#> curl -I
HTTP/1.1 302 Found
Date: Thu, 03 Jul 2014 10:07:22 GMT
Server: Apache/2.4.6 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1

Okay, running Ubuntu and Apache. Nice to know but there is a redirect? 302, so lets see

#> curl
<title>302 Found</title>
<p>The document has moved <a href="">here</a>.</p>
<address>Apache/2.4.6 (Ubuntu) Server at Port 80</address>
Ah, you want me to use https, okay lets go
curl -I -k
HTTP/1.1 200 OK
Date: Thu, 03 Jul 2014 09:58:15 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3-1ubuntu2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: Sameorigin
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *
Set-Cookie: oc29fecb4bf3=vjqdmo6ltkct6s23utu92c2l21; path=/; HttpOnly
Content-Type: text/html; charset=utf-8
So, you use PHP, lets google the version number.... 
Okay so its saucy.

Nice security flags by the way :-)

and the stories go on ....

Mittwoch, 25. Juni 2014

some security features

I have a tiny vserver running an "RedHat like OS". Mostly i use it for my owncloud stuff, saving some files and reading my RSS files. So it is a nice playground for features especially in case of security.

Today i installed two tools:

  1. suricata
    ( is an IDS/IPS system which was originally founded by the homeland security. It is free and open source, the advantage regarding Snort is that it is able to use multiple CPUs.
  2. mod_security
    ( is an apache module which adds some security extensions like XSS prevention.
Suricata needs to be installed by hand, as the packages are not available on the repos. But it isnt that hard if you follow some instructions and the documentation.
When you have all the files you need there are some additional steps.
  1. create  /etc/suricata/ and /etc/suricata/rules
  2. any copy all the .config files to /etc/suricata, you will find them within the suricata source package
  3. change to suricata and fetch all the files from
  4. Now we need to adjust some settings within the suricata.yaml file, for example which modules you will use. Important is to enable the logging to file and syslog, so we can run suricata in daemon mode. Just take a look on the other options. Basically you can adjust settings for everything suricata can handle.
  5. Finally start it: suricata -c /etc/suricata/suricata.yaml -i eth0 -D
  6. It will log all it output to /var/log/suricata
mod_security can be installed via repos.
yum install mod_security_crs.noarch mod_security_crs-extras.noarch

after restart of the httpd it will be running by default. You can find the output for debugging and auditing within the httpd log directory.