Tuesday, March 4, 2014

Table Saw Tune-up Checklist

Tools Needed

  • Wrench to remove blade
  • Dial Indicator
  • Ruler
  • Vacuum
  • Compressor
  • Dry Lubricant
  • Top Cleaner
  • Scouring Pad
  • Top Wax (Paste Wax)
  • Emery cloth
  • Center punch and hammer\

Steps

  • UNPLUG SAW
  • Blow out the motor
  • Clean out the inside of the saw.  You’ll thank me later.
  • Check the stability of the stand and any table extensions.  Tighten or replace
  • Arbor: Sideways movement (Bearings)
  • Arbor: Rotate and check with Dial Indicator
  • Arbor Washer: burrs, bends, blemishes
  • Blade: Good fit on Arbor, hole is centered, doesn’t wobble
  • Pulley and Belt: High Spots, fraying, worn spots, cuts, cracks
  • Plug in saw
  • Belt while saw is on: Doesn’t climb the pulleys, straight travel
  • UNPLUG SAW
  • If Belt Replacement suggested, Segmented belt?
  • Pulleys: Aligned on center? Ruler runs between?
  • Pulleys: If cast, is the hole drilled on center?
  • Square the fence to the table
  • Square the blade to the table using the fence:
    • Raise the blade
    • Move the fence to the blade: Front and back blade tips should touch
    • If not, loosen trunnions underneath table
    • Move blade into alignment
    • Clamp blade between fence and some wood
    • Apply loctite and tighten trunnions
  • While underneath table, clean out worm gears of blade elevator and pitch or angle set
  • Lubricate worm gears with dry grease
  • Tune Mitre Gauge:
    • Polish down tight spots with emery cloth
    • Dimple the guide bar with a center punch to solve loose spots
  • Clean the top to remove paint, stains and finishes
  • Apply a paste wax to the top and leave overnight
  • Clean the blade with a specialty blade cleaner to remove pitch and other residue.

Repeat Regularly

  • Clean blade
  • Blow out motor
  • Wax the top
  • Check for vibration


Distilled from a doc that mentions http://thesawshop.com/

Monday, February 3, 2014

February Infosec Links

Security

The PCI Council is delusional: claims the standard is solid when breach after breach confirms it is not.  Blames the victims for poor architecture.
http://www.bankinfosecurity.com/interviews/pci-council-responds-to-critics-i-2175

Good overview of the security landscape.  Good tools with easy configuration will be key.
https://securosis.com/blog/securitys-future-six-trends-changing-the-face-of-security

Cryptography


Privacy


Training

A hackable iOS App used to teach the OWASP Top Ten Mobile App Vulnerabilities.  Great tool to catch up with mobile security and secure application design.

Tuesday, January 28, 2014

DEFCONbots - Genetic Al-Gore-isms v.01 Test



Video of the laser+servosx2 test rig.  Not enough granularity for the contest, but it's a start.

Tuesday, January 7, 2014

Finalized: January InfoSec Links

Security

Researcher gets hacked and details how he investigated, mitigated, and responded to it.  Enjoyable 'mea culpa.'
https://securosis.com/blog/my-500-cloud-security-screwup

Sigh...It's not just Target that was a target over the holidays:
http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/

Krebs gets the details on how Target was compromised.  Malware on each POS relaying data back to the attackers:
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

Cryptography

Interesting perspective on RSA and NSA kerfuffle.  Emgage the community around RSAC to counter the actions of the company, RSA.
http://www.mckeay.net/2014/01/06/still-going-to-rsa/


CryptoLocker's new Sibling PowerLocker.  Back...up...everything:
https://www.schneier.com/blog/archives/2014/01/powerlocker_use.html

Privacy

Essay on Twitter's block/unfollow implementation. Serious insight into how public services chose to protect user privacy:

Well reasoned counter-arguments to the surveillance state excuses:
http://addxorrol.blogspot.de/2014/01/why-intelligence-reform-is-necessary.html

Internet governing bodies meet to discuss how to fight pervasive monitoring (seen as an attack on the internet):
https://www.w3.org/2014/strint/

Privacy concerns from Angry Birds?  Why aren't customer usage statsencrypted?  Anyone could read this information...
http://www.theregister.co.uk/2014/01/27/leaking_smartphone_apps_nsa_gchq/

Training

Matasano teams up with Square (the Credit Card Merchant Aggregators) for an exploit CTF through a web browser:
http://www.matasano.com/matasano-square-microcontroller-ctf/

Wednesday, December 18, 2013

December InfoSec Links

NSA and Government
Shame on Feinstein: There is a cost to surveillance.
http://www.siliconvalleywatcher.com/mt/archives/2013/12/shame_on_feinstein_co.php?utm_source=buffer&utm_campaign=Buffer&utm_content=buffer54e85&utm_medium=twitter
RSA took $10mil to backdoor their crypto libraries.
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220
EFF reviews how the CFAA ruined lives and slowed innovation out of fear:
https://www.eff.org/deeplinks/2013/12/2013-review-tragedy-brings-cfaa-spotlight
Getting the ungettable: The NSA's Tailored Access Operations Unit
http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html
Backdoors R Us: NSA's backdoor catalog
http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html
Practical Tamper-evident Techniques
http://www.wired.com/threatlevel/2013/12/better-data-security-nail-polish/


Security and Cool Exploits
Via Chavaukin: 10 things Security should stop doing in 2014
http://blog.anitian.com/2014-stop-doing/
Acoustic cracking of PGP keys.  Fantasy attack made real:
http://www.cs.tau.ac.il/~tromer/acoustic/
SD Card Hacking
http://www.bunniestudios.com/blog/?p=3554

Target Breach Madness
International cards and those associated with a zip code fetch a premium:
http://krebsonsecurity.com/2013/12/non-us-cards-used-at-target-fetch-premium/
Putting a face on the Target breach:
http://krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-target/
Target's faster checkout system explained:
http://www.quora.com/What-is-the-new-instantaneous-payment-system-being-used-at-Target
All PINs in the world leaked! (Tongue in Cheek)
http://pastebin.com/2qbRKh3R

Also hilarious: What happens when the common folk get a glimpse at the code behind:
https://twitter.com/neave/status/415533230579019777/photo/1

Monday, December 16, 2013

Bench Power Supply Complete!

Thanks to SYN Shop, the Las Vegas Hackerspace, I completed a bench top power supply.  I took a class that helped me build one from a kit.  The kit itself produced a 5v out and a configurable out that I ended up making 8.5 for Arduino.

One of the challenges of the class was to take that kit and enhance it.  I removed the resistor on the configurable channel and replaced it with a 10K Ohm potentiometer from Radio Shack.  This allows me to configure it for between 2 and 14.5 volts!



Some time later, I got tired of the alligator clips I used to connect to the two rails.  I replaced them with a barrel connector and switch.  My initial schematic was woefully flawed, however.  If I had completed it, I would have shorted the rails to ground through the switch, blown the fuse, and possibly smoked the voltage regulators.  Yeesh.

Thanks again to SYN Shop and Javid, the teacher who's kit made this possible.

Thursday, November 14, 2013

InfoSec Links for Thursday, November 14, 2013



Adobe Breach Link Blitz:
Root Cause: Cold Fusion
Also Owned: Limo Company to the rich, famous and well connected.  Note the targeted attacks (often called spear phishing) based on the original hack:
AT&T owned too:

An interesting article on how most security amounts to Integration concerns and not true security problems.
Also, putting financial security in perspective: