Using DevOps to Move Faster than Attackers

Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
Source: Vulnerabilitys & Threats

How Threat Hunting Can Help Defend Against Malware Attacks

By Kris Merritt (Vector8) and Justin Swisher (Anomali)

Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently, leveraging threat hunting techniques developed to identify and pattern malicious behavior evident in malware like Petya.

Specifically, our data source for analysis is a Microsoft Windows Sysinternals tool called Sysmon. In short, Sysmon provides an authoritative source of what’s happening on a computer by linking all observable activity on that system back to the responsible process(es). This is a boon for real-time threat hunting as well as forensic analysis; the conventional follow-on data collection to obtain such details is no longer required. In other words, Sysmon has high resolution and animation (see descriptions of these terms). Read this blog post for further information regarding Sysmon as a detection, hunting, and analysis tool.

By sending Sysmon events to an aggregation point for further querying and historical analysis, our analysis of Petya was limited only by speed of thought, not tooling or data gaps. In this case, the aggregation point is Elastic’s open source “Elastic Stack,” which consists of a Logstash aggregator, Elasticsearch cluster backend, and Kibana web user interface frontend.

Our test environment was a fresh Windows 10 install on a Virtual Machine, preloaded with Sysmon v6, a custom configuration, and a logger that feeds events to Vector8’s analysis platform (Sysmon + Elastic Stack). We copied over a confirmed sample of the Petya malware (027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745) to the machine. Next, we manually ran the malicious DLL via rundll32.exe on the command line with the flag “#1” to activate the malware.

Sysmon analysis
Command line execution of the Petya malware

The following events are recorded by Sysmon and forwarded to the Vector8 cloud platform for analysis. This details how the malware behaves and provides insights into how to detect or prevent similar malware from executing in the future.

  1. The first thing that happens is that Rundll32.exe (the parent process) writes a copy of the DLL to ‘C:Windows’. This activity is unusual, but not necessarily malicious on its own.
    • Sysmon event ID 11 (File Created)
      Image: C:WindowsSysWoW64rundll32.exe
      
      TargetFilename: C:Windows7cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
  2. Rundll32.exe then accesses raw disk several times, presumably to modify the MBR. Accessing raw disk is abnormal, as it bypasses the filesystem structure to access the disk sectors directly. This level of disk access is not normal operations and is very suspicious, especially by Rundll32.
    • Sysmon event ID 9 (Raw Disk Access Read)
      Image: C:WindowsSysWOW64rundll32.exe
      
      Device: DeviceHarddisk0DR0
    • 1 access to the current working volume (DeviceHarddiskVolume2) and 24 accesses to DeviceHarddisk0DR0
  3. Rundll32.exe schedules a task to force reboot of the system 60 minutes from time of execution. Rundll32 creating a scheduled task is a suspicious pattern that should trigger a hunter to investigate.
    • Sysmon event ID 1 (Process Created)
      CommandLine: /c schtasks /Create /SC once /TN "" /TR "C:Windowssystem32shutdown.exe /r /f" /ST 16:06
      
      ParentCommandLine: rundll32.exe 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745.dll,#1
  4. Rundll32.exe writes a .tmp file in the user’s LocalTemp directory. Temp files created in this directory would not normally cause alarm, unless linked to another more suspicious event.
    • Sysmon event ID 11 (File Created)
      Image: C:WindowsSysWoW64rundll32.exe
      
      TargetFilename: C:UserstanooAppDataLocalTemp95.tmp
  5. Rundll32.exe kicks off the .tmp file it wrote earlier and directs it to a named pipe. As referenced above, since this .tmp file is now communicating with another process over a named pipe, a hunter would want to investigate the .tmp file as this is unusual behavior as well.
    • Sysmon event ID 1 (Process Created)
      Image: C:UserstanooAppDataLocalTemp95.tmp
      
      CommandLine: "C:UserstanooAppDataLocalTemp95.tmp" .pipe{77A05906-5A7D-4442-8140-0899A3C4423C
    • When 5695.tmp runs (Sysmon event ID 1), we get its hash (02EF73BD2458627ED7B397EC26EE2DE2E92C71A0E7588F78734761D8EDBDCD9F), which open source research and VirusTotal results purport to be mimikatz
    • Sysmon pipe events show the pipe creation by rundll32.exe and access by 5695.tmp
      • Sysmon event ID 17 (Pipe Created)
        Image: C:WindowsSysWoW64rundll32.exe
        
        PipeName: {77A05906-5A7D-4442-8140-0899A3C4423C}
      • Sysmon event ID 18 (Pipe Connected)
        Image: C:UserstanooAppDataLocalTemp95.tmp
        
        PipeName: {77A05906-5A7D-4442-8140-0899A3C4423C}
  6. Rundll32.exe writes a file called dllhost.dat to C:Windows, which is a very suspicious event as dat files are not normally written to that directory.
    • Sysmon event ID 11 (File Created)
      Image: C:WindowsSysWoW64rundll32.exe
      
      TargetFilename: C:Windowsdllhost.dat
    • Open source research corroborates this file write and has concluded it is a legitimately signed psexec
    • Since dllhost.dat wasn’t executed in our sampling (due to our VM not meeting malware checks), we don’t get this file’s hash
  7. The tmp file accesses another running process, lsass.exe. This event could be a solid candidate for a hunting trigger as it could be indicative of credential harvesting or some other abuse of Windows’ security authority service (lsass.exe). It is not unusual for lsass.exe to be accessed, but a .tmp file doing so is highly unusual.
    • Sysmon event ID 10 (Process Accessed)
      SourceImage: C:UserstanooAppDataLocalTemp95.tmp
      
      TargetImage: C:Windowssystem32lsass.exe
      
      CallTrace: C:WindowsSYSTEM32ntdll.dll+a5314|C:WindowsSystem32KERNELBASE.dll+290ad|C:UserstanooAppDataLocalTemp95.tmp+3390|C:UserstanooAppDataLocalTemp95.tmp+369a|C:UserstanooAppDataLocalTemp95.tmp+25e9|C:UserstanooAppDataLocalTemp95.tmp+4577|C:WindowsSystem32KERNEL32.DLL+8364|C:WindowsSYSTEM32ntdll.dll+65e91
    • Lsass.exe then accesses the malicious rundll32.exe
      • Sysmon event ID 10 (Process Accessed)
        SourceImage: C:Windowssystem32lsass.exe
        
        TargetImage: C:WindowsSysWoW64rundll32.exe
        
        CallTrace: C:WindowsSYSTEM32ntdll.dll+a5ea4|C:WindowsSystem32RPCRT4.dll+6576f|C:Windowssystem32lsasrv.dll+ceed|C:WindowsSYSTEM32SspiSrv.dll+11a2|C:WindowsSystem32RPCRT4.dll+77d63|C:WindowsSystem32RPCRT4.dll+3450f|C:WindowsSystem32RPCRT4.dll+3739a|C:WindowsSystem32RPCRT4.dll+4a2b4|C:WindowsSystem32RPCRT4.dll+491cd|C:WindowsSystem32RPCRT4.dll+49a7b|C:WindowsSystem32RPCRT4.dll+29c1c|C:WindowsSystem32RPCRT4.dll+2a09c|C:WindowsSystem32RPCRT4.dll+4438c|C:WindowsSystem32RPCRT4.dll+45beb|C:WindowsSystem32RPCRT4.dll+386ea|C:WindowsSYSTEM32ntdll.dll+325fe|C:WindowsSYSTEM32ntdll.dll+330d9|C:WindowsSystem32KERNEL32.DLL+8364|C:WindowsSYSTEM32ntdll.dll+65e91

Petya activity
Activity related to the execution of the Petya malware from 27 June 2017, as seen in Kibana

Petya Execution Infographic

Petya Execution Timeline

See an in depth view of Petya’s execution timeline with this infographic.

VIEW NOW

The result of this type of analysis provides some crucial insights into the behaviors this malware exhibits. These behaviors can be examined and turned into defensive measures such as hunting triggers or even preventative measures through endpoint tools, network tools, or system policies.

For this example, there are a number of behavior patterns we can key on:

  • Process writes a .tmp file, and that .tmp file is later run as a process
  • A .tmp file accesses lsass.exe
  • A schtasks.exe process command line includes the “shutdown” switch
  • Rundll32.exe writes files
  • The string “pipe” is found in a process’ command line
  • A .dat file is written to c:windows
  • Raw access reads to DR0 volume

Note that these patterns are all based on endpoint process metadata, like Sysmon output. It’s also important to point out that the fidelity of each of these patterns depends on what is normal in your environment.

Threat hunting can be used as a powerful tool not only to detect malicious behavior missed by other security measures but also drive a deeper understanding of how malicious software, actor tools, and behaviors work and how to proactively detect or prevent them.

Anomali partners with Vector8 to provide threat hunting services. To find out more about this service, see our Professional Services page.

This is a joint blog between Anomali and Vector8. Vector8 provides threat hunting services leveraging tools, techniques, and expertise introduced in this blog. For more information on Vector8, visit them at https://www.vector8.io/


Source: Honeypot Tech

Pioneers winners: Make it outdoors challenge

To everyone’s surprise, the sun has actually managed to show its face this summer in Britain! So we’re not feeling too guilty for having asked the newest crop of Pioneers to Make it outdoors. In fact, the 11- to 16-year-olds that took part in our second digital making challenge not only made things that celebrate the outdoors – some of them actually carted their entire coding setup into the garden. Epic!

The winners

Winners of the second Pioneers challenge are…

We asked you to make it outdoors with tech, challenging all our Pioneers to code and build awesome projects that celebrate the outside world. And we were not disappointed! Congratulations to everyone who took part. Every entry was great and we loved them all.

We set the challenge to Make it outdoors, and our theme winners HH Squared really delivered! You best captured the spirit of what our challenge was asking with your fabulous, fun-looking project which used the outdoors to make it a success. HH Squared, we loved Pi Spy so much that we may have to make our own for Pi Towers! Congratulations on winning this award.

Watching all the entry videos, our judges had the tricky task of picking the top of the pops from among the projects. In additon to ‘theme winner’, we had a number of other categories to help make their job a little bit easier:

  • We appreciate what you’re trying to do: We know that when tackling a digital making project, time and tech sometimes aren’t in your favour. But we still want to see what you’ve got up to, and this award category recognises that even though you haven’t fully realised your ambition yet, you’ve made a great start. *And*, when you do finish, we think it’s going to be awesome. Congratulations to the UTC Bullfrogs for winning this award – we can’t wait to see the final project!
  • Inspiring journey: This category recognises that getting from where you’ve started to where you want to go isn’t always smooth sailing. Maybe teams had tech problems, maybe they had logistical problems, but the winners of this award did a great job of sharing the trials and tribulations they encountered along the way! Coding Doughnuts, your project was a little outside the box IN a box. We loved it.
  • Technically brilliant: This award is in recognition of some serious digital making chops. Robot Apocalypse Committee, you owned this award. Get in!
  • Best explanation: Digital making is an endeavour that involves making a thing, and then sharing that thing. The winners of this category did a great job of showing us exactly what they made, and how they made it. They also get bonus points for making a highly watchable, entertaining video. Uniteam, we got it. We totally got it! What a great explanation of such a wonderful project – and it made us laugh too. Well done!

The Judges’ Special Recognition Awards

Because we found it so hard to just pick five winners, the following teams will receive our Judges’ Special Recognition Award:

  • PiChasers with their project Auqa (yes, the spelling is intentional!)
  • Sunscreen Superstars, making sure we’re all protected in the glorious British sunshine
  • Off The Shelf and their ingenious Underwater Canal Scanner
  • Glassbox, who made us all want Nerf guns thanks to their project Tin Can Alley
  • Turtle Tamers, ensuring the well-being of LEGO turtles around the world with their project Umbrella Empire

Winners from both our Make us laugh and Make it outdoors challenges will be joining us at Google HQ for a Pioneers summer camp full of making funtimes! They’ll also receive some amazing prizes to help them continue in their digital making adventures.

Massive thanks go to our judges for helping to pick the winners!

Pioneers Make it Outdoors Raspberry Pi

And for your next Pioneers challenge…

Ha, as if we’re going to tell you just yet – we’re still recovering from this challenge! We’ll be back in September to announce the theme of the next cycle – so make sure to sign up for our newsletter to be reminded closer to the time.

The post Pioneers winners: Make it outdoors challenge appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Visual Privacy Management in User Centric Open Environments (VISION) project presents scientific paper at Annual Privacy Forum 2017

The Horizon 2020 project ‘VisiOn’ participated in the Annual Privacy Forum 2017, one of the biggest events at E.U. level in the field of privacy and data protection, and presented a scientific paper entitled “Privacy Data Management and Awareness for Public Administrations: a Case Study from the Healthcare Domain”.
Source: Cybersecurity and digital privacy newsletter

Source: Privacy Online


Source: Zologic

WTB: New “WPSetup” Attack Targets Fresh WordPress Installs

The intelligence in this week’s iteration discuss the following threats: Adobe Patches, Android Malware, Cloud Leaks, Point-of-Sale, Ransomware, Remote Access Trojan, and Windows Protocol Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

GhostCtrl Is an Android RAT That Also Doubles as Ransomware (July 17, 2017)
A new Android Remote Access Trojan (RAT) called “GhostCtrl RAT,” has been used in a wave of attacks against Israeli healthcare organizations. GhostCtrl RAT is a variant of OmniRAT, which targets four operating systems: Android, Linux, macOS and Windows. GhostCtrl tries to hide itself by masquerading as popular applications. It has a large amount of functions such as data exfiltration, audio and video recording, ransomware, controlling bluetooth, and more.
Recommendation: Ensure that your company’s firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity.
Tags: RAT, Android, Malware

New “WPSetup” Attack Targets Fresh WordPress Installs (July 14, 2017)
A campaign was discovered that took place in May and June that targeted fresh installations of WordPress which allowed an attacker to take over the hosting account. The attackers scanned for a URL used by new installations of WordPress, “/wp-admin/setup-config.php.” The URL, if present, indicates that the user did not complete the installation steps. An attacker is able to go through the first steps of the installation and enter their own database server information. This allows an attacker to create an admin-level account on the victim’s server, which gives the attacker the ability to run any PHP code on the hosting account.
Recommendation: Website administrators should always make sure that their WordPress installation is complete as soon as possible. Additionally, website administrators should also use a web application firewall to block unwanted access. One can also use a “.htaccess” file to limit access by IP address.
Tags: WordPress, Vulnerability

A .NET malware abusing legitimate ffmpeg (July 13, 2017)
A new wave of malware that records videos and spies on user activities is being distributed in a new campaign, according to researchers. First discovered in 2015, the malware’s objective is to spy on a user’s banking activities. The malware contacts a Command and Control (C2) server over TCP. The C2 server requests information on the infected machine, and then sends the infected machine a list of targeted banks which are saved in the registry. The legitimate program “FFmpeg” is downloaded and used to record videos of the victim. The recording event is triggered when the victim opens a website associated with banking. The video is then sent to the C2 server encoded in Base64.
Recommendation: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (don’t rely on single security mechanisms – security measures should be layered, redundant, and failsafe). Also take a look at processes running in your computer in the background that should not be running. If there are unexpected processes running, you should terminate them and run a virus scan immediately.
Tags: Malware, FFmpeg, Banking

Meet Ovidiy Stealer: Bringing Credentials Theft to the Masses (July 13, 2017)
A new credential-stealing malware called “Ovidiy Stealer” has been found being advertised for sale on Russian-speaking marketplaces, according to Proofpoint researchers. The malware is offered for purchase for 450-750 Rubles (approximately $7-13 USD). Ovidiy Stealer is being distributed via emails with compressed executable attachments or links to an executable download. The malware can steal information from multiple web browsers and credentials from targeted applications on a Windows OS machine.
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders.
Tags: Crenditla theft, Ovidiy

New Ransomware Threatens to Send Your Internet History and Private Pics to All Your Friends (July 13, 2017)
Two malicious applications were discovered in the Google Play Store to contain malware called “LeakerLocker,” according to McAfee researchers. Researchers call the malware a form of ransomware except that it does not encrypt files. Instead the malware gathers information from the infected device and then displays a screen that threatens to share the data unless a payment is made. LeakerLocker can read various forms of data including Chrome history, device information, email address, pictures, as well as random text messages and call information.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. Use the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. In addition, it is important to review the permission the application will request and comments from others who have downloaded the application. Furthermore, it is paramount that mobile devices be kept up-to-date with the latest security patches and employ trusted antivirus software.
Tags: Ransomware, LeakerLocker, Mobile

Telegram-based Katyusha SQL injection scanner sold on hacker forums (July 12, 2017)
A Russian-speaking hacker is offering an automated SQL injection vulnerability scanner tool, called “Katyusha,” for sale on an underground forum. The tool is based on the open source Arachni web app security scanner. Katyusha is controlled via a web app and it can be monitored using the Telegram messenger. In addition to identifying SQL injection flaws within websites, the tool is able to perform actions such as brute-forcing logins, dumping databases, and uploading web shells.
Recommendation: Properly sanitize user provided data to prevent injection attacks. Using prepared statements and stored procedures, implementing escape schemes, properly limiting privileged accounts, and using input validation are also different steps you can take to better protect your company from SQL injections attacks.
Tags: Telegram, SQL, Vulnerability

Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts (July 12, 2017)
UpGuard researchers discovered in late June that the Israeli technology company, “Nice Systems,” controlled an Amazon S3 storage bucket that was misconfigured. The bucket was configured to be publicly accessible, and the data was downloadable by anyone who was able to guess the correct web address. The data was available for download for approximately one week, according to researchers. The files stored consisted of 14 million Verizon customer records with each record containing cell phone number, full name, and their account PIN.
Recommendation: Always make sure your cloud storage is properly configured. Experts have been warning companies that Amazon S3 buckets are too often misconfigured. Leaked data can be used by extortionists in an attempt to make money. Ensure that any cloud storage services you use are properly configured to only allow access to trusted and authorized users. Require multi-factor authentication for access to the most sensitive materials you store.
Tags: Verizon, Breach

LockPOS Joins the Flock (July 12, 2017)
Arbor Networks researchers have discovered that an inactive C2 server for the “FlokiBot” Point of Sale (POS) malware has recently become active. Interestingly, the C2 is not distributing FlokiBot but was instead identified to be distributing a new strain of POS malware dubbed “LockPOS.” Additionally, researchers believe that the same actors behind FlokiBot are responsible for LockPOS because both are distributed by the same botnet have a mutual C2 host.
Recommendation: Customer facing companies that store credit card data must actively defend against Point-of-Sale (POS) threats and stay on top of industry compliance requirements and regulations. All POS networks should be aggressively monitored for these type of threats. In the case of FastPoS infection, the affected networks should be repopulated, and customers should be notified and potentially offered fraud protection to avoid negative media coverage and reputation.
Tags: POS, LockPOS

Spam Campaign Delivers Cross-Platform Remote Access Trojan Adwind (July 11, 2017)
The “Adwind” Remote Access Trojan (RAT) has reappeared in a spam-distribution campaign, according to Trend Micro researchers. The spam emails attempt to trick recipients into following a malicious URL to download a PDF file. This download will install the Adwind RAT that is capable of filming and retrieving videos, exfiltrating data, keylogging, stealing credentials, and taking pictures or screenshots.
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders.
Tags: RAT, Adwind


Source: Honeypot Tech

The Heart of Maker Faire

We at the Raspberry Pi Foundation find it incredibly rewarding to help people make and share things they love. It’s amazing to be part of an incredibly creative community of makers. And we’re not the only ones who feel this way: for this year’s Maker Faire UK, the team over at NUSTEM created the Heart of Maker Faire, a Pi-powered art installation that is a symbol of this unique community. And to be perfectly frank, it’s bloody gorgeous.

The Heart of Maker Faire

NUSTEM’s new installation for Maker Faire UK 2017, held on 1st & 2nd April at the Centre for Life, Newcastle-upon-Tyne. Visitors wrote notes about things they love, and sealed them in jars. They then read their heart rates, and used the control boxes to associate their jar and heart rate with a space on the shelves.

A heart for the community

NUSTEM is a STEM outreach organisation from Northumbria University, and the makers there are always keen to build interactive projects that get people excited about technology. So at this year’s Faire, attendees passing their installation were invited to write down something close to their heart, put that note in a jar, and measure their heart rate. Then they could connect their heart rate, via a QR code, to a space on a shelf lined with LEDs. Once they placed the jar in their space, the LEDs started blinking to imitate their heart beat. With this art piece, the NUSTEM team wants to say something about “how we’re all individuals, but about our similarities too”.

NUSTEM on Twitter

Still beating. Heart of #MakerFaireUK

Making the heart beat

This is no small build – it uses more than 2,000 NeoPixel LEDs, as well as five Raspberry Pis, among other components. Two Pi 3s are in charge of registering people’s contributions and keeping track of their jars. A Pi Zero W acts as a central hub, connecting its bigger siblings via WiFi, and storing a MySQL database of the jars’ data. Finally, two more Pi 3s control the LEDs of the Heart via a script written in Processing. The NUSTEM team has made the code available here for you “to laugh at” (their words, not mine!)

Heart of Maker Faire shelf

The heart, ready to be filled with love

A heart for art

Processing is an open-source programming language used to create images, graphs, and animations. It can respond to keyboard and mouse input, so you can write games with it as well. Moreover, it runs on the Pi, and you can use it to talk to the Pi’s GPIO pins, as the Heart of Maker Faire team did. Hook up buttons, sensors, and LEDs, and get ready to create amazing interactive pieces of art! If you’d like to learn more, read Matt’s blog post, or watch the talk he gave about Processing at our fifth birthday party earlier this year.

Matt Richardson: Art with Processing on the Raspberry Pi – Raspberry Pi Birthday Event 2017 – Talks

Matt Richardson: Art with Processing on the Raspberry Pi Sunday 5th March 2017 Raspberry Pi Birthday Event 2017 Filmed and edited by David and Andrew Ferguson. This video is not an official video published by the Raspberry Pi Foundation. No copyright infringement intended.

To help you get started, we’re providing a free learning resource introducing you to the basics of Processing. We’d love to see what you create, so do share a link to your masterworks in the comments!

World Maker Faire

We’ll be attending World Maker Faire in New York on the 23rd and 24th of September. Will you be there?

The post The Heart of Maker Faire appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Industrial Internet Creating Transformational Business Value

This is the second in a two-part blog series on trends in next-generation digital efficiency. In part one, I wrote about how commercial fleet vehicle management systems can drive efficiency while reducing CO2 emissions. To learn more, check out the eBook we created in partnership with GE Ecomagination titled “Digital Efficiency: Driving Decarbonization and Unlocking Business Value Across Industries.”

One of the most pressing global economic challenges today is the global productivity slowdown. That’s why I’m excited to share how the Industrial Internet has made marked advances resulting in both economic and environmental benefits, demonstrating the potential of what is to come as new solutions are developed, deployed and scaled across industries. There’s never been a more promising time for global, industrial digitization solutions.

 

Improving Digital Efficiency

Numers superimposed on a piece of machinery to represent a smart factory.

For most industrial segments, improving the efficiency of industrial machines by a mere 1 percent used to require a dedicated new technology introduction cycle that can take up to 10 years to develop. Today, thanks to the Industrial Internet, benefits are exceeding far beyond the traditional 1 percent target, without a lengthy technology introduction cycle or replacing hardware.

The industrial sector accounts for the largest share of energy consumption delivered and accounts for more than half of total delivered energy. This is why the Industrial Internet is transformative and opens the door to accelerated resource productivity and reduced environmental impact across global industrial systems such as power generation, oil and gas, aviation and rail transportation.

 

Renewable Energy: GE’s Brilliant Wind Farm

People in T-shirts and hardhats check out a laptop while wind turbines twirl across the landscape.

One of my favorite examples of the transformational change capable with the Industrial Internet is seen in the way GE’s PowerUp Platform has been extended to enable GE Digital Wind Farm. With this solution, GE extends analytics and optimization beyond a single wind turbine to the entire wind farm. GE harnessed the power of the emerging Industrial Internet to create the Digital Wind Farm, a dynamic connected and adaptable wind energy platform that pairs wind turbines in a wind farm with digital infrastructure to optimize efficiency across the entire wind farm. The GE Digital Wind Farm solution generates up to 20 percent more energy output thanks to the GE Predix-ready gateway with Intel technology.

This platform can account for the wind farm’s topology, surrounding geography, wake effects, and other inputs to control individual wind turbines and optimize the operation as a whole. Through these techniques, the Digital Wind Farm technology boosts a wind farm’s energy production by up to 20 percent and could help generate up to an estimated $50 billion value for the wind industry. The Digital Wind Farm uses interconnected digital technology to address a long-standing need for greater flexibility in renewable power.

 

The Future Looks Bright

A woman examines rows of light-emitting diodes (LEDs).

As seen with GE’s Digital Wind Farm solution, Intel processors underline GE’s Predix solutions and provide both high power and flexibility. Powerful processors embedded in machines allow for software developed on Predix to run at the most effective point, embedded either in operations or in the cloud. Scaling out other solutions across industries in this manner, the combination of GE software and Intel hardware will provide the foundation for digital efficiency by enabling the development of Industrial Internet applications that provide the full range of potential economic and environmental benefits.

To be sure, a new world of possibilities is being unlocked through the Industrial Internet and digital solutions currently available and under development are just the tip of the iceberg. At GE and Intel, we are excited about the opportunity to play a role in helping to confront global resource challenges and accelerate the pathway to the low-carbon economy using digital technologies. The future has just begun and the best is yet to come.

To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

The post Industrial Internet Creating Transformational Business Value appeared first on IoT@Intel.


Source: Network News

Taking the first step on the journey

This column is from The MagPi issue 58. You can download a PDF of the full issue for free, or subscribe to receive the print edition in your mailbox or the digital edition on your tablet. All proceeds from the print and digital editions help the Raspberry Pi Foundation achieve its charitable goals.

About five years ago was the first time I unboxed a Raspberry Pi. I hooked it up to our living room television and made space on the TV stand for an old USB keyboard and mouse. Watching the $35 computer boot up for the first time impressed me, and I had a feeling it was a big deal, but I’ll admit that I had no idea how much of a phenomenon Raspberry Pi would become. I had no idea how large the community would grow. I had no idea how much my life would be changed from that moment on. And it all started with a simple first step: booting it up.

Matt Richardson on Twitter

Finally a few minutes to experiment with @Raspberry_Pi! So far, I’m rather impressed!

The key to the success of Raspberry Pi as a computer – and, in turn, a community and a charitable foundation – is that there’s a low barrier to the first step you take with it. The low price is a big reason for that. Whether or not to try Raspberry Pi is not a difficult decision. Since it’s so affordable, you can just give it a go, and see how you get along.

The pressure is off

Linus Torvalds, the creator of the Linux operating system kernel, talked about this in a BBC News interview in 2012. He explained that a lot of people might take the first step with Raspberry Pi, but not everyone will carry on with it. But getting more people to take that first step of turning it on means there are more people who potentially will be impacted by the technology. Torvalds said:

I find things like Raspberry Pi to be an important thing: trying to make it possible for a wider group of people to tinker with computers. And making the computers cheap enough that you really can not only afford the hardware at a big scale, but perhaps more important, also afford failure.

In other words, if things don’t work out with you and your Raspberry Pi, it’s not a big deal, since it’s such an affordable computer.

In this together

Of course, we hope that more and more people who boot up a Raspberry Pi for the first time will decide to continue experimenting, creating, and learning with it. Thanks to improvements to the hardware, the Raspbian operating system, and free software packages, it’s constantly becoming easier to do many amazing things with this little computer. And our continually growing community means you’re not alone on this journey. These improvements and growth over the past few years hopefully encourage more people who boot up Raspberry Pis to keep exploring.
raspberry pi first step

The first step

However, the important thing is that people are given the opportunity to take that first step, especially young people. Young learners are at a critical age, and something like the Raspberry Pi can have an enormously positive impact on the rest of their lives. It’s a major reason why our free resources are aimed at young learners. It’s also why we train educators all over the world for free. And encouraging youngsters to take their first step with Raspberry Pi could not only make a positive difference in their lives, but also in society at large.

With the affordable computational power, excellent software, supportive community, and free resources, you’re given everything you need to make a big impact in the world when you boot up a Raspberry Pi for the first time. That moment could be step one of ten, or one of ten thousand, but it’s up to you to take that first step.

Now you!

Learning and making things with the Pi is incredibly easy, and we’ve created numerous resources and tutorials to help you along. First of all, check out our hardware guide to make sure you’re all set up. Next, you can try out Scratch and Python, our favourite programming languages. Feeling creative? Learn to code music with Sonic Pi, or make visual art with Processing. Ready to control the real world with your Pi? Create a reaction game, or an LED adornment for your clothing. Maybe you’d like to do some science with the help of our Sense HAT, or become a film maker with our camera?

You can do all this with the Raspberry Pi, and so much more. The possibilities are as limitless as your imagination. So where do you want to start?

The post Taking the first step on the journey appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Cloud AV Can Serve as an Avenue for Exfiltration

Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
Source: Vulnerabilitys & Threats

Ultrasonic pi-ano

At the Raspberry Pi Foundation, we love a good music project. So of course we’re excited to welcome Andy Grove‘s ultrasonic piano to the collection! It is a thing of beauty… and noise. Don’t let the name fool you – this build can do so much more than sound like a piano.

Ultrasonic Pi Piano – Full Demo

The Ultrasonic Pi Piano uses HC-SR04 ultrasonic sensors for input and generates MIDI instructions that are played by fluidsynth. For more information: http://theotherandygrove.com/projects/ultrasonic-pi-piano/

What’s an ultrasonic piano?

What we have here, people of all genders, is really a theremin on steroids. The build’s eight ultrasonic distance sensors detect hand movements and, with the help of an octasonic breakout board, a Raspberry Pi 3 translates their signals into notes. But that’s not all: this digital instrument is almost endlessly customisable – you can set each sensor to a different octave, or to a different instrument.

octasonic breakout board

The breakout board designed by Andy

Andy has implemented gesture controls to allow you to switch between modes you have preset. In his video, you can see that holding your hands over the two sensors most distant from each other changes the instrument. Say you’re bored of the piano – try a xylophone! Not your jam? How about a harpsichord? Or a clarinet? In fact, there are 128 MIDI instruments and sound effects to choose from. Go nuts and compose a piece using tuba, ocarina, and the noise of a guitar fret!

How to build the ultrasonic piano

If you head over to Instructables, you’ll find the thorough write-up Andy has provided. He has also made all his scripts, written in Rust, available on GitHub. Finally, he’s even added a video on how to make a housing, so your ultrasonic piano can look more like a proper instrument, and less like a pile of electronics.

Ultrasonic Pi Piano Enclosure

Uploaded by Andy Grove on 2017-04-13.

Make your own!

If you follow us on Twitter, you may have seen photos and footage of the Raspberry Pi staff attending a Pi Towers Picademy. Like Andy*, quite a few of us are massive Whovians. Consequently, one of our final builds on the course was an ultrasonic theremin that gave off a sound rather like a dying Dalek. Take a look at our masterwork here! We loved our make so much that we’ve since turned the instructions for building it into a free resource. Go ahead and build your own! And be sure to share your compositions with us in the comments.

Sonic the hedgehog is feeling the beat

Sonic is feeling the groove as well

* He has a full-sized Dalek at home. I know, right?

The post Ultrasonic pi-ano appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic