HiR Information Report
Covering security, programming, systems administration and other interesting topics.
Updated: 35 weeks 5 days ago
Links for 2009-12-29 [del.icio.us]
- innismir.net — Arduino Project #1: Trivial Morse Beacon
- Make: Online : Virtual iPhone in AR app on iPhone
Sup dawg, we heard you like iPhones. - QDB: Quote #300877
Merry xmas from smtp (yeah, a few days late now) - SQUARE Payments are neat. And a security risk… | The Edge of I-Hacked
I'd really like to see what hevnsnt would do with this. - Make: Online : Amazing sci-fi short film done for $300
I was expecting this to be cheesy, but it was well executed!
Free Antiviruses
I'm not a huge proponent of anti-virus. It's not that I think I won't get one. It's just that I'm usually running an OS that's not a big target for viruses. I can't even list one AV tool specifically for OS X, BSD or Linux, but I'm sure something exists. I just stick with NoScript and RequestPolicy on FireFox to keep the browser malware at bay.
With Windows 7, I figured it might be time to look into AV, if for no other reason to get rid of the nagging system tray icon warning me that my computer might be at risk. Then, just today, Keith posted a list of free AV solutions for Windows. I went with MS Security Essentials. It stays out of the way for the most part from what I've seen, but it's not like I've tried pulling up a bunch of Russian Serialz, Crax & w4r3z sites or any crap like that -- A move I'd consider to be asking for trouble.
I know plenty of readers are Windows users, by choice or by force (employer?)
What have you had the best luck with? What other anti-malware tools are you using for yourself or for others who already hosed their systems up?
With Windows 7, I figured it might be time to look into AV, if for no other reason to get rid of the nagging system tray icon warning me that my computer might be at risk. Then, just today, Keith posted a list of free AV solutions for Windows. I went with MS Security Essentials. It stays out of the way for the most part from what I've seen, but it's not like I've tried pulling up a bunch of Russian Serialz, Crax & w4r3z sites or any crap like that -- A move I'd consider to be asking for trouble.
I know plenty of readers are Windows users, by choice or by force (employer?)
What have you had the best luck with? What other anti-malware tools are you using for yourself or for others who already hosed their systems up?
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
From the comments: Apache + UserDir + Chroot on OpenBSD
In the comments on the OpenBSD 4.6 OAMP article, azhax and I hashed out how to get UserDir functioning in a chroot. I don't usually need UserDir, but it's a common configuration for multi-user systems such as those found at universities and ISPs. It's definitely worth covering.
UserDir is the configuration directive in Apache that lets you use tilde shortcuts for users' web directories. ex. http://some.server.edu/~axon/
The first thing you need to do is realize that when Apache is running in a chroot in the default OpenBSD install, Apache can't access anything outside of /var/www. The default OpenBSD apache install comes with a directory created for this: /var/www/users
First, edit /var/www/conf/httpd.conf and uncomment the "UserDir /var/www/users" line, and delete or comment out the "UserDir disabled" line. Use whatever editor you're happy with, but you may need to chmod it first, or use :w! in vi, since the file is read-only.
Then, I created a directory for my user account, gave myself ownership of the directory and created a public_html symlink to my home-directory. Keep in mind some ftp servers do not like to follow symlinks in the name of security, but SCP or SFTP might do just fine with this.
$ sudo mkdir /var/www/users/axon$ sudo chown axon /var/www/users/axon$ sudo ln -s /var/www/users/axon ~axon/public_html
And finally, I restarted apache. "apachectl restart" doesn't always work properly, so start it manually after stopping it with apachectl.$ sudo apachectl stop$ sudo /usr/sbin/httpd
Thanks go to azhax for asking how this one is done. It's definitely more involved than your average Ubuntu Server install, where only a public_html directory is needed in users' home directories and little else. If you find that most of your users will need web directories, you may want to create a script to put in /usr/local/sbin that you can run with sudo after running adduser just to make it a little easier.#!/bin/sh#addwebdir.sh#syntax: addwebdir.sh [username]mkdir /var/www/users/$1chown $1 /var/www/users/$1ln -s /var/www/users/$1 ~$1/public_html
UserDir is the configuration directive in Apache that lets you use tilde shortcuts for users' web directories. ex. http://some.server.edu/~axon/
The first thing you need to do is realize that when Apache is running in a chroot in the default OpenBSD install, Apache can't access anything outside of /var/www. The default OpenBSD apache install comes with a directory created for this: /var/www/users
First, edit /var/www/conf/httpd.conf and uncomment the "UserDir /var/www/users" line, and delete or comment out the "UserDir disabled" line. Use whatever editor you're happy with, but you may need to chmod it first, or use :w! in vi, since the file is read-only.
Then, I created a directory for my user account, gave myself ownership of the directory and created a public_html symlink to my home-directory. Keep in mind some ftp servers do not like to follow symlinks in the name of security, but SCP or SFTP might do just fine with this.
$ sudo mkdir /var/www/users/axon$ sudo chown axon /var/www/users/axon$ sudo ln -s /var/www/users/axon ~axon/public_html
And finally, I restarted apache. "apachectl restart" doesn't always work properly, so start it manually after stopping it with apachectl.$ sudo apachectl stop$ sudo /usr/sbin/httpd
Thanks go to azhax for asking how this one is done. It's definitely more involved than your average Ubuntu Server install, where only a public_html directory is needed in users' home directories and little else. If you find that most of your users will need web directories, you may want to create a script to put in /usr/local/sbin that you can run with sudo after running adduser just to make it a little easier.#!/bin/sh#addwebdir.sh#syntax: addwebdir.sh [username]mkdir /var/www/users/$1chown $1 /var/www/users/$1ln -s /var/www/users/$1 ~$1/public_html
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Windows 7 on a MacBook: Kind of a pain to install
But it's sweet once it works with all the drivers installed
Let me step back a bit. I already had a license for Win7 Home Premium upgrade. That means I had to install it on top of Windows XP or Vista. So, I had to install XP Home first, which I also had a license for. Getting XP up and running was the root of my issues.
A while back ago, Apple pushed out an EFI update that supposedly removed the necessity to use BootCamp to install Windows or any other OS, really. With a spare partition on my hard drive, I decided to clobber Ubuntu, and install Windows XP over it. That ended up trashing the entire partition table, and bricking my MacBook.
Time Machine to the rescue. 3 hours later, I had restored my OS X partition from bare-metal to a point-in-time backup where the only thing I lost was 30 minutes of browser history. In other words: it worked perfectly. 45 minutes later, XP was installed, but the boot.ini file was pointing to the wrong partition. Using the XP recovery console to attempt a repair, I had whacked my partition table. AGAIN. Wash, Rinse, Repeat.
You need XP SP2 or higher, as it turns out. I guess I should have read the entire Boot C(r)amp manual first. I used BootCamp Assistant to create the partition this time, instead of partitioning it during restoration with the OS X install CD. Once XP Home SP2 was installed, I was without any drivers. The OS X CD supposedly contains them, but it was showing up as a blank disk when inserted. I wasn't worried about video drivers, or audio, or anything other than getting it on the network so I could activate Windows and commence the upgrade to Windows 7. For that, I ended up using a Linksys USB wireless adapter (and the driver CD). Then it was home-free.
Windows 7 installed fine without a lot of problems. It had many of the drivers already built-in, including the wireless. The audio and touch-pad drivers were sub-par, though. Other things like the iSight had non-existent support. Again, the OS X DVD I have wasn't showing the drivers under Windows 7 either and the BootCamp download from Apple wouldn't even run. I finally found a BootCamp driver download on the Digiex forum. Of course, you will want to use third-party supplied drivers at your own risk, but it seems to be working pretty well.
All in all, I burned almost an entire waking day attempting to get Win7 installed on my MacBook. A good part of that was the initial install of XP. Going straight to Win7, at least once you have the drivers, is probably not too bad. I can't stress enough how important it is to have a good Time Machine backup before you start, though.
End result:
Let it never be said I'm completely bigoted when it comes to Microsoft. My wife has been using 7 for a few months, and I'm already digging it. This may be Microsoft's best Windows release since Windows 2000, which I also had plenty of good things to say about.
Time will tell as I put it through its paces, but usability is just as good as OS X now that all the drivers are working properly, and this is a rather comfortable operating system for daily use.
Let me step back a bit. I already had a license for Win7 Home Premium upgrade. That means I had to install it on top of Windows XP or Vista. So, I had to install XP Home first, which I also had a license for. Getting XP up and running was the root of my issues.
A while back ago, Apple pushed out an EFI update that supposedly removed the necessity to use BootCamp to install Windows or any other OS, really. With a spare partition on my hard drive, I decided to clobber Ubuntu, and install Windows XP over it. That ended up trashing the entire partition table, and bricking my MacBook.
Time Machine to the rescue. 3 hours later, I had restored my OS X partition from bare-metal to a point-in-time backup where the only thing I lost was 30 minutes of browser history. In other words: it worked perfectly. 45 minutes later, XP was installed, but the boot.ini file was pointing to the wrong partition. Using the XP recovery console to attempt a repair, I had whacked my partition table. AGAIN. Wash, Rinse, Repeat.
You need XP SP2 or higher, as it turns out. I guess I should have read the entire Boot C(r)amp manual first. I used BootCamp Assistant to create the partition this time, instead of partitioning it during restoration with the OS X install CD. Once XP Home SP2 was installed, I was without any drivers. The OS X CD supposedly contains them, but it was showing up as a blank disk when inserted. I wasn't worried about video drivers, or audio, or anything other than getting it on the network so I could activate Windows and commence the upgrade to Windows 7. For that, I ended up using a Linksys USB wireless adapter (and the driver CD). Then it was home-free.
Windows 7 installed fine without a lot of problems. It had many of the drivers already built-in, including the wireless. The audio and touch-pad drivers were sub-par, though. Other things like the iSight had non-existent support. Again, the OS X DVD I have wasn't showing the drivers under Windows 7 either and the BootCamp download from Apple wouldn't even run. I finally found a BootCamp driver download on the Digiex forum. Of course, you will want to use third-party supplied drivers at your own risk, but it seems to be working pretty well.
All in all, I burned almost an entire waking day attempting to get Win7 installed on my MacBook. A good part of that was the initial install of XP. Going straight to Win7, at least once you have the drivers, is probably not too bad. I can't stress enough how important it is to have a good Time Machine backup before you start, though.
End result:
Let it never be said I'm completely bigoted when it comes to Microsoft. My wife has been using 7 for a few months, and I'm already digging it. This may be Microsoft's best Windows release since Windows 2000, which I also had plenty of good things to say about.
Time will tell as I put it through its paces, but usability is just as good as OS X now that all the drivers are working properly, and this is a rather comfortable operating system for daily use.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Guest Post: Setting up a Pfsense firewall
This is a guest post by BIOSshadow. You can follow him on Twitter and at his blog, Geek Crack.
Pfsense is a free, as in speech and beer, firewall for home, business, and any other purpose you can think of. It's based on FreeBSD, so it's very stable and has a very good TCP/IP stack. It has a serious feature list.
I have to explain how little PfSense needs in the hardware department. My setup is an old desktop computer that a client gave me because it "went bad." The power supply unit blew out during a lightning storm in the middle of the night. Anyway, it's a single core Intel processor, I am not sure what speed, with 512 MB of RAM, and a 40 GB hard drive. Now the only reason I have 40 gig is because it was easier to keep in there than fight the case, and put in a 10 gig I had around. So any basic computer you have around will work. But as with any computer, the more memory the better. I will get into that later.
You will need a video card/monitor and keyboard and of course a Pfsense CD. USB keyboard will work, a PS/2 won't need to load extra drivers. After the install and a little configuring is done, you can remove the video card/monitor and the keyboard, you can do everything through the web panel or SSH connection, if you turn it on.
Now onto the setup. (Note: For the screenshots I am using VirtualBox. This for the screenshots only). When it boots up to the bootloader, you want to boot with default, either by waiting for the timer to run out or by hitting enter.
Now if you have two NICs, which I recommend, you do not need to setup VLANs, but you can. If you only have one NIC, you need to setup at least two VLANs.
Now this is one of the great things about Pfsense that I can't find anywhere else: You unplug the ethernet cables, and it askes you to plug in the LAN cable into the LAN NIC. Then it does the same for the WAN cable and NIC. Now if you want to setup a DMZ with third NIC this where it do it.
Pfsense will ask you if you want to proceed and then build the config files and startup all the daemons, like the Web Panel and others. Congrats! You have running Pfsense firewall, but everything is in memory and running from the CD. If you want run it like this then you are set, but if the power goes out you will have to set it up again using a backup config file or from scratch. If you want to install to a hard drive you will need to type "99" and hit enter to continue.
The hard drive installation is menu-driven and easy to use. If you are having issues, feel free to edit the setting and accept when done.
Select "Install PfSense" and select the hard drive you want to use. Format the disk and select "use this Geometry".
If you are lucky enough to have a muilti-processor system or are using a embedded system, select those options. Now remember this is "muilti processor" not "muilti-core processor".
Now Pfsense is installed and ready to go. Just restart it and remove the disc.
After the reboot, we will need to setup local IPs and their ranges. Unless, of course, you have a separate DHCP server, then set it up to connect to the server.
The IP settings are all up to you, I used a normal home setup for the sanity of my family (networked printers, NAS, and etc.) just remember the IP you give Pfsense, because you will need it to access the Web Panel.
Now you are all set up. You can unplug the monitor and keyboard, and other stuff were using for set up.
Now back on your computer, open up a browser and go to the IP of Pfsense. The default username is "admin" and the default password is "pfsense".
Of course, you want to change the password and if you want, you can change the username as well. To do so on the red navigation bar at the top, hover over system and click on General.
To enable SSH, which I recommend, you need to go the the Advanced section of the System Menu.
If your ISP is like mine, your MAC address is tied to the account and if you use it, you don't get access to the Internet. To edit it Go to Interfaces and then WAN.
Now you have working Pfsense firewall, have fun!
There are a few things Pfsense lacks, like a Squid proxy and A/V scanner. But it makes it up with its packages. It has quite a few packages, but remember: the more packages, processes and packets it handles, the more memory it uses and the lag increases. But they have packages for Snort, Squid, SquidGuard, and an A/V scanner.
Well there it is: a completely setup and configured Pfsense, with A/V scanning, proxy and traffic monitor.
Pfsense is a free, as in speech and beer, firewall for home, business, and any other purpose you can think of. It's based on FreeBSD, so it's very stable and has a very good TCP/IP stack. It has a serious feature list.
I have to explain how little PfSense needs in the hardware department. My setup is an old desktop computer that a client gave me because it "went bad." The power supply unit blew out during a lightning storm in the middle of the night. Anyway, it's a single core Intel processor, I am not sure what speed, with 512 MB of RAM, and a 40 GB hard drive. Now the only reason I have 40 gig is because it was easier to keep in there than fight the case, and put in a 10 gig I had around. So any basic computer you have around will work. But as with any computer, the more memory the better. I will get into that later.
You will need a video card/monitor and keyboard and of course a Pfsense CD. USB keyboard will work, a PS/2 won't need to load extra drivers. After the install and a little configuring is done, you can remove the video card/monitor and the keyboard, you can do everything through the web panel or SSH connection, if you turn it on.
Now onto the setup. (Note: For the screenshots I am using VirtualBox. This for the screenshots only). When it boots up to the bootloader, you want to boot with default, either by waiting for the timer to run out or by hitting enter.
Now if you have two NICs, which I recommend, you do not need to setup VLANs, but you can. If you only have one NIC, you need to setup at least two VLANs.
Now this is one of the great things about Pfsense that I can't find anywhere else: You unplug the ethernet cables, and it askes you to plug in the LAN cable into the LAN NIC. Then it does the same for the WAN cable and NIC. Now if you want to setup a DMZ with third NIC this where it do it.
Pfsense will ask you if you want to proceed and then build the config files and startup all the daemons, like the Web Panel and others. Congrats! You have running Pfsense firewall, but everything is in memory and running from the CD. If you want run it like this then you are set, but if the power goes out you will have to set it up again using a backup config file or from scratch. If you want to install to a hard drive you will need to type "99" and hit enter to continue.
The hard drive installation is menu-driven and easy to use. If you are having issues, feel free to edit the setting and accept when done.
Select "Install PfSense" and select the hard drive you want to use. Format the disk and select "use this Geometry".
If you are lucky enough to have a muilti-processor system or are using a embedded system, select those options. Now remember this is "muilti processor" not "muilti-core processor".
Now Pfsense is installed and ready to go. Just restart it and remove the disc.
After the reboot, we will need to setup local IPs and their ranges. Unless, of course, you have a separate DHCP server, then set it up to connect to the server.
The IP settings are all up to you, I used a normal home setup for the sanity of my family (networked printers, NAS, and etc.) just remember the IP you give Pfsense, because you will need it to access the Web Panel.
Now you are all set up. You can unplug the monitor and keyboard, and other stuff were using for set up.
Now back on your computer, open up a browser and go to the IP of Pfsense. The default username is "admin" and the default password is "pfsense".
Of course, you want to change the password and if you want, you can change the username as well. To do so on the red navigation bar at the top, hover over system and click on General.
To enable SSH, which I recommend, you need to go the the Advanced section of the System Menu.
If your ISP is like mine, your MAC address is tied to the account and if you use it, you don't get access to the Internet. To edit it Go to Interfaces and then WAN.
Now you have working Pfsense firewall, have fun!
There are a few things Pfsense lacks, like a Squid proxy and A/V scanner. But it makes it up with its packages. It has quite a few packages, but remember: the more packages, processes and packets it handles, the more memory it uses and the lag increases. But they have packages for Snort, Squid, SquidGuard, and an A/V scanner.
Well there it is: a completely setup and configured Pfsense, with A/V scanning, proxy and traffic monitor.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Personal Radio Serice
The United States has 4 sets of frequencies under the category of "Personal Radio Services" which any one can use with certain restrictions on power output, antenna height and location. There are three others (MICS, WMTS and GMRS) under this category however they require that you are either a medical care facility or have special permissions or certification to use.
No FCC License Required Frequency Bands:
I also found that CB radio used to be the old 11 meter HF amateur radio band. The nice thing about HF radio is that its range is greater than line of sight due to atmospheric bounce. The FCC limits the power on most of these frequencies because in order to amplify a signal they have to take great care in not creating interference on other frequencies.
GMRS radios are readily available but require a license to use. The GMRS radio license allows for the use of repeaters and higher output. FRS and GMRS share several frequencies, the difference is that GMRS radios are allowed to broadcast at 5W instead of just 500mW.
You can find FRS/GMRS radios just about any where for under 20$, MURS radios range from
50$ to 100$, CB's range between 40$ to 100$, I couldn't find anyone selling LPRS.
Links:
CSG, Computer Support Group, Inc. and CSGNetwork.Com , "Glossary" (Accessed Dec 2009)
http://www.csgnetwork.com/
http://www.csgnetwork.com/gmrsfreqtable.html
http://www.csgnetwork.com/frsfreqtable.html
http://www.csgnetwork.com/mursfreqtable.html
http://www.csgnetwork.com/cbradiofreq.html
http://www.csgnetwork.com/lprsfreqtable.html
http://www.csgnetwork.com/micsfreqtable.html
Federal Communications Commission. " Personal Radio Services" (Accessed Dec 2009)
http://wireless.fcc.gov/services/index.htm?job=service_home&id=personal_radio
See also:
HAM it up!
http://www.h-i-r.net/2009/04/ham-it-up.html
Introduction to Proximity Cards
http://www.h-i-r.net/2008/09/introduction-to-proximity-cards.html
No FCC License Required Frequency Bands:
- CB (26 & 27 Mhz) HF 4W AM Carrier, 12 W PEP Single Side Band
- MURS (151 & 154 Mhz) VHF FM 2 W
- LPRS ( 216-217 MHz) UHF FM 100mW
- FRS(462-467 Mhz) UHF FM 500 mW
- MICS - Health Care Services - (402-205 Mhz) FM UHF
- WMTS - Health Care Services - (1429 to 1432 MHz)-(1395 to 1400 MHz)-(1429 to 1432 MHz) - FM UHF
- GMRS (462-467) - Certification required - FM -UHF 5W+
I also found that CB radio used to be the old 11 meter HF amateur radio band. The nice thing about HF radio is that its range is greater than line of sight due to atmospheric bounce. The FCC limits the power on most of these frequencies because in order to amplify a signal they have to take great care in not creating interference on other frequencies.
GMRS radios are readily available but require a license to use. The GMRS radio license allows for the use of repeaters and higher output. FRS and GMRS share several frequencies, the difference is that GMRS radios are allowed to broadcast at 5W instead of just 500mW.
You can find FRS/GMRS radios just about any where for under 20$, MURS radios range from
50$ to 100$, CB's range between 40$ to 100$, I couldn't find anyone selling LPRS.
Links:
CSG, Computer Support Group, Inc. and CSGNetwork.Com , "Glossary" (Accessed Dec 2009)
http://www.csgnetwork.com/
http://www.csgnetwork.com/gmrsfreqtable.html
http://www.csgnetwork.com/frsfreqtable.html
http://www.csgnetwork.com/mursfreqtable.html
http://www.csgnetwork.com/cbradiofreq.html
http://www.csgnetwork.com/lprsfreqtable.html
http://www.csgnetwork.com/micsfreqtable.html
Federal Communications Commission. " Personal Radio Services" (Accessed Dec 2009)
http://wireless.fcc.gov/services/index.htm?job=service_home&id=personal_radio
See also:
HAM it up!
http://www.h-i-r.net/2009/04/ham-it-up.html
Introduction to Proximity Cards
http://www.h-i-r.net/2008/09/introduction-to-proximity-cards.html
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Sci-Fi: Kourier or Deliverator?
Pardon the Snow Crash reference. Two of the main characters were "delivery folks". One, a pizza deliverator with a formidable car for such tasks. The other was a skateboard Kourier. At any rate, I both chuckled and boggled over this one.
Pizza delivery. On a skateboard. In the middle of Main Street in Kansas City, MO and right at the beginning of peak Lunch Hour. WTF?
Pizza delivery. On a skateboard. In the middle of Main Street in Kansas City, MO and right at the beginning of peak Lunch Hour. WTF?
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
HiR's Best of 2009
Well, it's almost the end of 2009, so it's time once again for the best of HiR!
Top content
#1: Still reigning the top of the chart for the second year in a row: the DIY Lock Picks Series.
Using commonly available tools and materials such as a few pairs of pliers, a dremel or bench grinder, hack-saw blades, old windshield wipers, and even street-sweeper bristles, we went through and showed you how to make your own set of reliable lock picks and tension wrenches. Most of the hits seemed to come from Google Image Search, where people were looking for lock pick templates.
In the #2 spot this year: The Evil WiFi Series of articles.
The greedy access point stuff has been around for a while, and it's known as "karma" in the infosec industry. Digininja brought easy karma to the La Fonera with Jasager. Browser exploits are nothing new but Metasploit is boss. Hamster and Ferret were a bit of a game changer, introduced last year by Errata Security. They made it easy to import cookies from network traffic.
I'm pretty sure I'm the first one to have tied them all together into a portable system so evil and sinister that it even schooled some of the most paranoid and wary hackers at DefCon 17. I gathered more than 1,000 live session cookies from hundreds of different machines over the course of the weekend.
This was probably my favorite project of 2009. It's too bad that DefCon is the only real time I've used it on live targets. I just don't have it in me to take over a coffee shop or an office park with this rig. It'd be too easy, and morally wrong. Makes me wish I was a pentester again. I'd wreak havoc with it.
Many other outlets picked up the story. Among them: Dark Reading, Hak 5, Daily Radar and Remote-Exploit. From there, it started hitting the social bookmarking sites as well.
Coming in at #3: The OpenBSD/Apache/MySQL/PHP and chroot articles.
I don't know why, but they seem to spike on occasion from StumbleUpon. For instance, this last week, I got about 2,000 hits on the series in two days and then its hits went back down to normal again. Strange. And it's not the first "viral" spike like this in 2009. That's how the series made its way to #3.
Perhaps more people are using OpenBSD to host web-apps than I'd thought?
#4: Testing an ATX power supply - Again. It was on the 2008 list as well.
I wasn't even spot-on accurate in my article, but plenty of the information there is useful enough to get you started.
Some of our more knowledgeable readers picked up the slack and left some more really good advice in the comments of this post.
It seems to have gotten its share of traffic because ATX power supplies go out frequently, and the first place that do-it-yourselfers turn to is Google. This article is read many times per week.
#5: Open Letter from Geeks to IT Recruiters and Hiring Managers
There were tons of mixed reactions to this. Almost all non-managerial geeks cheered me on. Several hiring managers raised their glass and linked to the post. Others scoffed and told me to get a life, since there's no way I'll ever understand what it's like until I am in charge of hiring people. Some even went as far as to say I wouldn't make it as a hiring manager. What bleeds leads, and this controversial diatribe picked up some serious hits when I first put it out.
Down to #6 from our #2 spot in 2008: Tethering.
Even if it is against the terms-of-service agreement, tethering rocks and people everywhere know it! It's a fundamental way to bypass the web filter at the office, school or library, and it's a way to stay off of hostile networks at conventions like DefCon, although it by no means grants you a shield of immunity at such events. It's also great for instilling envy into my fellow transit riders when I-35 turns into a parking lot. I should probably dig out my notes from the September '09 2600 meeting, where I discussed tethering in a bit more detail.
Up two spots from last year to #7: Jornada WiFi Scanning
It's smaller than any NetBook, but more powerful than some of the ultra-tiny gadgets like the ZipIt. It's a great balance of form and function, and despite the fact that these relics have been out of production for nearly a decade, people are still searching for ways to make good use of them. This is another useful series that didn't really go viral, but people keep finding it via search.
#8: CHDK
CHDK is practically essential for anyone who owns a Canon camera. It unlocks potential that's great for HDR photography or just getting the most out of your relatively inexpensive camera.
#9: BSD Vs. Linux
Everyone loves a good holy war. Among geeks, few get as heated as the ones over which software is better. I tried to take a balanced approach to this one, as I'm generally an operating system agnostic. I come off as a BSD zealot sometimes, because I'd like more people give the underdog a chance once in a while.
Of the underdogs, I feel OpenBSD's probably one of the most useful, particularly for those interested in security.
#10: DefCon 17 Coverage
DefCon is usually kind of a big deal among hackers. It's a good show every year, and this was my second year in a row. Some of the HiR crew made it to DC6, 7, 8 and 9, but we took a break. Here's hoping I can make it again next year. With Blizzcon happening the same weekend as DefCon 18 (my wife's kind of a WoW nerd) it should be interesting.
Top content
#1: Still reigning the top of the chart for the second year in a row: the DIY Lock Picks Series. Using commonly available tools and materials such as a few pairs of pliers, a dremel or bench grinder, hack-saw blades, old windshield wipers, and even street-sweeper bristles, we went through and showed you how to make your own set of reliable lock picks and tension wrenches. Most of the hits seemed to come from Google Image Search, where people were looking for lock pick templates.
In the #2 spot this year: The Evil WiFi Series of articles.The greedy access point stuff has been around for a while, and it's known as "karma" in the infosec industry. Digininja brought easy karma to the La Fonera with Jasager. Browser exploits are nothing new but Metasploit is boss. Hamster and Ferret were a bit of a game changer, introduced last year by Errata Security. They made it easy to import cookies from network traffic.
I'm pretty sure I'm the first one to have tied them all together into a portable system so evil and sinister that it even schooled some of the most paranoid and wary hackers at DefCon 17. I gathered more than 1,000 live session cookies from hundreds of different machines over the course of the weekend.
This was probably my favorite project of 2009. It's too bad that DefCon is the only real time I've used it on live targets. I just don't have it in me to take over a coffee shop or an office park with this rig. It'd be too easy, and morally wrong. Makes me wish I was a pentester again. I'd wreak havoc with it.
Many other outlets picked up the story. Among them: Dark Reading, Hak 5, Daily Radar and Remote-Exploit. From there, it started hitting the social bookmarking sites as well.
Coming in at #3: The OpenBSD/Apache/MySQL/PHP and chroot articles.I don't know why, but they seem to spike on occasion from StumbleUpon. For instance, this last week, I got about 2,000 hits on the series in two days and then its hits went back down to normal again. Strange. And it's not the first "viral" spike like this in 2009. That's how the series made its way to #3.
Perhaps more people are using OpenBSD to host web-apps than I'd thought?
#4: Testing an ATX power supply - Again. It was on the 2008 list as well.I wasn't even spot-on accurate in my article, but plenty of the information there is useful enough to get you started.
Some of our more knowledgeable readers picked up the slack and left some more really good advice in the comments of this post.
It seems to have gotten its share of traffic because ATX power supplies go out frequently, and the first place that do-it-yourselfers turn to is Google. This article is read many times per week.
#5: Open Letter from Geeks to IT Recruiters and Hiring ManagersThere were tons of mixed reactions to this. Almost all non-managerial geeks cheered me on. Several hiring managers raised their glass and linked to the post. Others scoffed and told me to get a life, since there's no way I'll ever understand what it's like until I am in charge of hiring people. Some even went as far as to say I wouldn't make it as a hiring manager. What bleeds leads, and this controversial diatribe picked up some serious hits when I first put it out.
Down to #6 from our #2 spot in 2008: Tethering. Even if it is against the terms-of-service agreement, tethering rocks and people everywhere know it! It's a fundamental way to bypass the web filter at the office, school or library, and it's a way to stay off of hostile networks at conventions like DefCon, although it by no means grants you a shield of immunity at such events. It's also great for instilling envy into my fellow transit riders when I-35 turns into a parking lot. I should probably dig out my notes from the September '09 2600 meeting, where I discussed tethering in a bit more detail.
Up two spots from last year to #7: Jornada WiFi Scanning It's smaller than any NetBook, but more powerful than some of the ultra-tiny gadgets like the ZipIt. It's a great balance of form and function, and despite the fact that these relics have been out of production for nearly a decade, people are still searching for ways to make good use of them. This is another useful series that didn't really go viral, but people keep finding it via search.
#8: CHDKCHDK is practically essential for anyone who owns a Canon camera. It unlocks potential that's great for HDR photography or just getting the most out of your relatively inexpensive camera.
#9: BSD Vs. LinuxEveryone loves a good holy war. Among geeks, few get as heated as the ones over which software is better. I tried to take a balanced approach to this one, as I'm generally an operating system agnostic. I come off as a BSD zealot sometimes, because I'd like more people give the underdog a chance once in a while.
Of the underdogs, I feel OpenBSD's probably one of the most useful, particularly for those interested in security.
#10: DefCon 17 CoverageDefCon is usually kind of a big deal among hackers. It's a good show every year, and this was my second year in a row. Some of the HiR crew made it to DC6, 7, 8 and 9, but we took a break. Here's hoping I can make it again next year. With Blizzcon happening the same weekend as DefCon 18 (my wife's kind of a WoW nerd) it should be interesting.
Top Referrers: Of course, we have to thank others who found our content useful enough to link to us. The top 10 NON-Search referrers in 2009, listed in order of most referrals were:
#1: i-Hacked#2: StumbleUpon#3: Hak5#4: Twitter#5: Dark Reading#6: Carnal0wnage/AttackResearch#7: YCombinator Hacker News#8: PaulDotCom#9: Lockpicking 101#10: Some guy whose spanish readers really loved our whiteboard hack (wtf?)
Top HiR search terms of 2009:This is what people searched for that landed them here one way or another. Most of these are no surprise. #9 boggles me but I know what article it refers to, I just don't know why it got searched for so often.
#1: epoch fail#2: bsd vs. linux#3: make your own lock picks#4: lock pick templates#5: jasager ferret#6: hir#7: information report#8: jasager#9: comment: a revocation certificate should follow #10: luggage zipper pulls
It's also worth mentioning that our RSS feed is on fire lately, and those don't even count as website hits.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Open Source DJ Mixxxing. Oontz Oontz Oontz Oontz
Mixxx.
I've been playing with Mixxx for a while now. Not quite as fully-featured as some of the cheapware DJ Mix stuff that I was only able to find for Windows. Mixxx shows a lot of promise. It's open-source and cross platform. Get your dance party on!
I like the fact that I can jack an external USB sound device in and it gets recognized, so you can cue up your next track on your headphones while the main track is on the house speakers.
Yes. I have Rockell and Nine Inch Nails showing on that screen at the same time. LOL.
I've been playing with Mixxx for a while now. Not quite as fully-featured as some of the cheapware DJ Mix stuff that I was only able to find for Windows. Mixxx shows a lot of promise. It's open-source and cross platform. Get your dance party on!
I like the fact that I can jack an external USB sound device in and it gets recognized, so you can cue up your next track on your headphones while the main track is on the house speakers.
Yes. I have Rockell and Nine Inch Nails showing on that screen at the same time. LOL.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
VirtualBox tip: Disk errors? Try emulating SATA.
I had to do this to get both OpenSolaris and FreeBSD 8 working properly in VirtualBox. During boot, or occasionally during Installation, the VM would completely spaz out. The Guest OS would start dropping disk errors all over the place. Like this:
The solution ended up being easy. Detatch your VDI disk image file from the emulated IDE controller.
Create a new virtual SATA controller.
Click the stack of disks next to the new controller to browse for .VDI images
Then re-attach your exiting VDI file to the SATA controller.
This simple tweak was all that I needed. The virtual machines seem to run just fine now. If you're having trouble with some guest OSes working in VirtualBox and it appears to be related to disk errors, give this a shot. Oddly, OpenBSD, Haiku and Ubuntu have worked just fine with the default settings and emulated IDE controller. So far, OpenSolaris and OpenBSD are the only ones I've really had problems with.
The solution ended up being easy. Detatch your VDI disk image file from the emulated IDE controller.
Create a new virtual SATA controller.
Click the stack of disks next to the new controller to browse for .VDI images
Then re-attach your exiting VDI file to the SATA controller.
This simple tweak was all that I needed. The virtual machines seem to run just fine now. If you're having trouble with some guest OSes working in VirtualBox and it appears to be related to disk errors, give this a shot. Oddly, OpenBSD, Haiku and Ubuntu have worked just fine with the default settings and emulated IDE controller. So far, OpenSolaris and OpenBSD are the only ones I've really had problems with.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
How to better fix the GDM "face browser" login issue
It's really not that hard. I went poking through the documentation for gdm-simple-greeter and found an option outlined called disable_user_list. It took me a bit to figure out how to disable the feature, and I broke gdm a bunch of times before googling it and finding a great post by [daten] on the Fedora forums that outlines it.
So first, if you followed my angrily-penned directions from last night, undo that with these steps:
In a terminal window, execute:
$ sudo dpkg-reconfigure gdm
(select gdm instead of xdm at the dialog box)
$ sudo /etc/init.d/xdm stop
(X11 will bail. Go ahead and login at the console prompt)
Continue as below, starting with the gconftool-2 command. You don't have to stop gdm, obviously. You can just start it.
If you didn't switch to xdm first...
Now, we can simply tell gdm to disable the user list with a lengthy gconftool-2 command. Make sure you scroll to see the whole thing:
$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type bool --set /apps/gdm/simple-greeter/disable_user_list true
Log off. The change may not take effect until you stop and start gdm. If you still see the user list, press ctrl-alt-F1 to get to the console, log in and run the following commands:
$ sudo /etc/init.d/gdm stop
$ sudo /etc/init.d/gdm start
At that point, you should have a new, still squishy and pretty login screen without the face browser of doom.
FYI, "axon" wasn't filled in automatically, I had to type it. This is much better!
So first, if you followed my angrily-penned directions from last night, undo that with these steps:
In a terminal window, execute:
$ sudo dpkg-reconfigure gdm
(select gdm instead of xdm at the dialog box)
$ sudo /etc/init.d/xdm stop
(X11 will bail. Go ahead and login at the console prompt)
Continue as below, starting with the gconftool-2 command. You don't have to stop gdm, obviously. You can just start it.
If you didn't switch to xdm first...
Now, we can simply tell gdm to disable the user list with a lengthy gconftool-2 command. Make sure you scroll to see the whole thing:
$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type bool --set /apps/gdm/simple-greeter/disable_user_list true
Log off. The change may not take effect until you stop and start gdm. If you still see the user list, press ctrl-alt-F1 to get to the console, log in and run the following commands:
$ sudo /etc/init.d/gdm stop
$ sudo /etc/init.d/gdm start
At that point, you should have a new, still squishy and pretty login screen without the face browser of doom.
FYI, "axon" wasn't filled in automatically, I had to type it. This is much better!
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Fixing Ubuntu's broken excuse for a login screen
This is fscking unacceptable. Yah, it's slick. All windows-esque. Whatever. I hate it. I'd like to be able to type my user name in, and not have a freaking list of enumerated accounts sitting there on my damn login window. Now get off my lawn *shakes cane*
Today, it finally annoyed me enough that I'd be willing to do whatever was needed to fix it. How about a real display manager?
In a terminal window, run:$ sudo apt-get install xdm
You'll get a prompt. Select xdm.
Then, log off from your workstation, and hit Ctrl-alt-F1 to go to the text console. Log in with your user account and run the following commands to shut down gdm and start our new, tasty xdm.
$ sudo /etc/init.d/gdm stop$ sudo /etc/init.d/xdm start
New, ugly but functional login screen. Yay.
By the way, the link to the Debian logo is buried in the xdm configuration file /etc/X11/xdm/Xresources. If you really want to change it, you can edit this config file and/or Bring out the Gimp and start crack-a-lacking.
fin.
Today, it finally annoyed me enough that I'd be willing to do whatever was needed to fix it. How about a real display manager?
In a terminal window, run:$ sudo apt-get install xdm
You'll get a prompt. Select xdm.
Then, log off from your workstation, and hit Ctrl-alt-F1 to go to the text console. Log in with your user account and run the following commands to shut down gdm and start our new, tasty xdm.
$ sudo /etc/init.d/gdm stop$ sudo /etc/init.d/xdm start
New, ugly but functional login screen. Yay.
By the way, the link to the Debian logo is buried in the xdm configuration file /etc/X11/xdm/Xresources. If you really want to change it, you can edit this config file and/or Bring out the Gimp and start crack-a-lacking.
fin.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Flyback transformers and CRT discharge. OF DEATH.
Last week, our friend Mike was attempting to power an ionocraft with the flyback transformer from an old 15" Gateway CRT. There was a bit of fear (or overdeserved respect) for the high voltage source. I gave a little quick lesson on how to discharge the CRT before diving into the project, but I figured it deserved a little more detail, and that you guys would at least find it interesting.While it's true that you wouldn't want to simply grasp the exposed anode and yank it off of the CRT, it seems there's a lot of misinformation and urban legends around flyback coils, CRT discharge, and sudden death. People make it sound like you'll surely shatter the monitor if you don't electrocute yourself first. Legend has it that CRTs are fragile, and one false step can turn them into a deadly fragmentary grenade.
First, let me state that the "shock" factor of a monitor or CRT comes mostly from the fact that the CRT itself acts as a giant capacitor. A capacitor is simply two conductors separated by a dielectric. It so happens that the mesh grid, thick glass, and other energized components in a CRT make a pretty good capacitor which can hold a charge for a long time, even when it's not powered on. That part is NOT a myth.
Even if you do get bitten (I've been, only once, and yes, it hurt), the chances of a lethal electrocution are slim to none, so long as you're not touching an ENERGIZED HV coil, such as if the power supply for the monitor or TV is turned on.
As for the "explosion" or "implosion" hazard of CRT monitors? All modern monitors are designed with a mesh or metal layer inside that keeps the CRT from rapidly failing. Frogman and I have tried breaking many CRTs of various sizes and we've never seen any spectacular failures before. The glass is very thick, and you're most likely to break the little vacuum seal nub at the CRT's tail, or shatter the narrow neck than any thing else. It'll simply hiss and be done with. It's pretty boring, really. It's not a bad idea to wear safety glasses when handling a CRT, though. They're made of glass, which can chip even if the hazard of implosion is virtually nil.
Still, one should remain careful when handling CRTs or otherwise poking around inside devices that use high voltage transformers. As always, we can't be held responsible for your mishaps, and a live flyback transformer is nothing to treat lightly. Some can put out tens of thousands of volts, and most aren't current-regulated. They can cause harm.
I'll use my Mac SE/30 (the Blackintosh) for an example of how to safely discharge a CRT. First, you want to make sure it's unplugged and powered off before you even open it.
On the left, the large suction cup device is the anode. It runs back to the high voltage flyback transformer seen toward the upper right of the photo. This Mac hasn't been powered on in a few months, but the CRT may still hold a capacitive charge. The HV transformer in this model might put out 10kV when energized, but only a fraction of that charge, if any, may remain in the CRT itself.
The way to discharge it is to take a jumper wire, attach one end to a metal screwdriver with a well-insulated handle, the other end to the chassis ground of the monitor. You can do this with an alligator-clip jumper wire, or just grab any old wire you have, strip the ends, and make sure it's connected to the chassis and to the metal screwdriver shaft.
Gently pry up the edge of the cup.
Pry up until you can see the anode plugged into the body of the CRT.
And then, make sure the screwdriver touches the anode. You're done.
If you must remove the anode, you can keep using the screwdriver to pop the anode out of the CRT housing. At this point, you can touch the anode, the flyback transformer and the CRT without fear of being zapped. Of course, I wouldn't recommend intentionally touching the HV gear unless you absolutely must (for instance, to replace a damaged CRT or flyback transformer). As a matter of practice, you should just leave the HV stuff alone if you don't have a good reason to be working on it. It's pretty well insulated in newer monitors and TV sets and shouldn't cause you much problem.
It's common practice to re-ground the HV anode if you're tinkering with high voltage experiments such as CCCKC's ionocraft. It's not really a requirement though. Chances are, the energy stored between the corona wire and the ground skirt of the ionocraft isn't even noticeable, but better safe than sorry.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
awk over non-interactive ssh sessions
I had trouble wrapping my brain around this one today. I was attempting to grab the second field of ps(1) output to display only the PID of a given process. Of course, if we had pgrep and pkill, this would be a no-brainer. But we don't.
Note, when I use grep on ps(1) I also pipe it through grep -v grep (which ignores any line containing the pattern "grep") so that grepping for some_process doesn't end up like this:
root 751 200 0 Jun 25 ? 3:11 /usr/sbin/some_process -d
axon 2429 222 0 4:54:59 pts/1 0:00 grep some_process
First attempt:
ssh somebox "ps -ef | grep some_process | grep -v grep | awk '{print $2}' "
The output, though, was the whole line out of ps.
root 751 200 0 Jun 25 ? 3:11 /usr/sbin/some_process -d
I attempted escaping the ticks, double ticks, escaped double ticks, double quotes, and all kinds of madness. Nothing was working. I was getting either a whole ps line (as if awk wasn't even there) or syntax errors from awk.
Finally, I ask a co-worker (the biggest shell geek I know) pointed out that it was being frobbed by two separate shells. He gave me a somewhat complicated line to use, but I figured out an easier way. The second shell was interpreting $2, thinking I was referencing a shell argument, and was passing nothing to awk. Solution? Escape $2.
ssh somebox "ps -ef | grep some_process | grep -v grep | awk '{print \$2}' "
751
Hooray! Hopefully this helps some poor sysadmin somewhere when the time comes to reference variables remotely in something like perl or awk.
Note, when I use grep on ps(1) I also pipe it through grep -v grep (which ignores any line containing the pattern "grep") so that grepping for some_process doesn't end up like this:
root 751 200 0 Jun 25 ? 3:11 /usr/sbin/some_process -d
axon 2429 222 0 4:54:59 pts/1 0:00 grep some_process
First attempt:
ssh somebox "ps -ef | grep some_process | grep -v grep | awk '{print $2}' "
The output, though, was the whole line out of ps.
root 751 200 0 Jun 25 ? 3:11 /usr/sbin/some_process -d
I attempted escaping the ticks, double ticks, escaped double ticks, double quotes, and all kinds of madness. Nothing was working. I was getting either a whole ps line (as if awk wasn't even there) or syntax errors from awk.
Finally, I ask a co-worker (the biggest shell geek I know) pointed out that it was being frobbed by two separate shells. He gave me a somewhat complicated line to use, but I figured out an easier way. The second shell was interpreting $2, thinking I was referencing a shell argument, and was passing nothing to awk. Solution? Escape $2.
ssh somebox "ps -ef | grep some_process | grep -v grep | awk '{print \$2}' "
751
Hooray! Hopefully this helps some poor sysadmin somewhere when the time comes to reference variables remotely in something like perl or awk.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Rant: Hackerspaces do not foster cybercrime!
Two things pissing me off today. First: Vitriolic and audacious comments on this otherwise awesome article about hackerspaces in STL Today. Some excerpts from the comments:
The authorities need to keep a close watch on these people. Perhaps their source of funding will be hacking bank accounts.
Trying to include teenagers can get complicated. Personally, I feel open access to tools for cyber hacking, learning how to steal passwords, and other mischief can be inappropriate at that age. Even university students get caught up trying to make a name for themselves. [ . . . ] I was a founding member of CCCKC but these are reasons I chose to leave the group. I don't want to be labeled a cyber hacker by association.
Fortunately, there's some sanity and fact-checking in the comments, too.
And then there's news about Forskningsavd (a Swedish hackerspace) getting raided for something completely unrelated to the hackerspace. Further, the seizure of property seems completely bizarre given the stated reason for police intervention.
So, I'm feeling ranty. Here's some background on how my local hackerspace deals with "Cyber hacking and other mischief"
Shortly after CCCKC's grand opening, a series of courses were taught on cyber-security. These four sessions were very popular, covering the basics such as understanding the difference between hubs and switches, and eventually covering powerful tools such as nmap, Hamster & Ferret, Metasploit, and Maltego. The courses provided enough demonstration to scare people into being more cautious while teaching them how to avoid being victimized. Nothing was covered that hasn't been hashed over online a thousand times already, but it was very cool to get a guided tour through the maze of cyber-security and to be able to tinker around in a hands-on lab environment.
Around the same time, locksport also took off. A solid-core door got drilled out, had eye-screws put into it, and became a standing board of different locks to play with. The Lock Picks & BBQ series was also a big hit. People would come out, grill some meat, and then learn about the mechanics of simple locks.
Critical thinkers absolutely love to explore dynamic boundaries, and very few boundaries are as controversial and exciting as the enigmatic balance of attack resistance vs. usability in both physical security (locks and surveillance) and information security (firewalls, encryption and vulnerability exploitation). It's no wonder some of the worlds most intelligent people have dabbled in security. Richard Feynman, for example, picked locks at Los Alamos for fun and pranks.
Now, several hackerspaces are uniting with an international VPN that's going to be much like a digital Capture The Flag game. We're calling this effort "The Warzone Project" and it'll give people a safe, isolated environment to practice their skills in information security systems.
The thing is, there's already a lot of very detailed information on the web and in books when it comes to breaking all kinds of security systems. Demonstrating them in a lab environment gives people a safe place to "get it out of their system" much like Grudge Night at the local drag strip gives teenagers a safe place to race their cars so they aren't endangering people on public roads. The lab environment also allows people to legally learn about more aspects than they could in their own homes, and to take a shot at mastery in defense by understanding both sides of an attack.
"Hackerspaces are about learning, sharing and collaboration."Folks, every hackerspace takes on a personality of its own based on what the members are interested in. Some hackerspaces focus on electronics or take an art, metal/woodworking and maker approach. Some tend to focus on programming microcontrollers or building robots. Others are busy tackling so many eclectic projects that they don't even have a core focus. They all have some things in common, though: Hackerspaces are about learning, sharing and collaboration.
Writing the code and creating the control infrastructure for a botnet takes dedication and lots of work. Poring through source code, looking for bugs and creating a working exploit is no small feat. It can take years to fully master exactly how locks work and how to manipulate the parts inside. Indeed, learning in a lab environment teaches patience. It teaches respect for the systems. Learning is hard, but it's good for you.
Compare that to the modern criminal reality: Right now, anyone in the world can rent a cadre of botnet computers for just a few dollars and use them to send spam, to host fake bank websites, to obscure their attacks or to use in a massive denial-of-service attack. Anyone can look up the latest zero-day exploits and use them for bad things. Anyone can buy a bump key and start opening about 30% of the locks that key will fit into. Subversion is easy.
If subversion is your goal, you would be silly to waste your time learning all the minutiae of systems from hackerspace denizens. Cyber criminals already know this. Apparently, some people still don't get it.
Update
I thought I'd share a quick list of things we've worked on and had talks about lately at CCCKC:
The authorities need to keep a close watch on these people. Perhaps their source of funding will be hacking bank accounts.
Trying to include teenagers can get complicated. Personally, I feel open access to tools for cyber hacking, learning how to steal passwords, and other mischief can be inappropriate at that age. Even university students get caught up trying to make a name for themselves. [ . . . ] I was a founding member of CCCKC but these are reasons I chose to leave the group. I don't want to be labeled a cyber hacker by association.
Fortunately, there's some sanity and fact-checking in the comments, too.
And then there's news about Forskningsavd (a Swedish hackerspace) getting raided for something completely unrelated to the hackerspace. Further, the seizure of property seems completely bizarre given the stated reason for police intervention.
So, I'm feeling ranty. Here's some background on how my local hackerspace deals with "Cyber hacking and other mischief"
Shortly after CCCKC's grand opening, a series of courses were taught on cyber-security. These four sessions were very popular, covering the basics such as understanding the difference between hubs and switches, and eventually covering powerful tools such as nmap, Hamster & Ferret, Metasploit, and Maltego. The courses provided enough demonstration to scare people into being more cautious while teaching them how to avoid being victimized. Nothing was covered that hasn't been hashed over online a thousand times already, but it was very cool to get a guided tour through the maze of cyber-security and to be able to tinker around in a hands-on lab environment.
Around the same time, locksport also took off. A solid-core door got drilled out, had eye-screws put into it, and became a standing board of different locks to play with. The Lock Picks & BBQ series was also a big hit. People would come out, grill some meat, and then learn about the mechanics of simple locks.
Critical thinkers absolutely love to explore dynamic boundaries, and very few boundaries are as controversial and exciting as the enigmatic balance of attack resistance vs. usability in both physical security (locks and surveillance) and information security (firewalls, encryption and vulnerability exploitation). It's no wonder some of the worlds most intelligent people have dabbled in security. Richard Feynman, for example, picked locks at Los Alamos for fun and pranks.
Now, several hackerspaces are uniting with an international VPN that's going to be much like a digital Capture The Flag game. We're calling this effort "The Warzone Project" and it'll give people a safe, isolated environment to practice their skills in information security systems.
The thing is, there's already a lot of very detailed information on the web and in books when it comes to breaking all kinds of security systems. Demonstrating them in a lab environment gives people a safe place to "get it out of their system" much like Grudge Night at the local drag strip gives teenagers a safe place to race their cars so they aren't endangering people on public roads. The lab environment also allows people to legally learn about more aspects than they could in their own homes, and to take a shot at mastery in defense by understanding both sides of an attack.
"Hackerspaces are about learning, sharing and collaboration."Folks, every hackerspace takes on a personality of its own based on what the members are interested in. Some hackerspaces focus on electronics or take an art, metal/woodworking and maker approach. Some tend to focus on programming microcontrollers or building robots. Others are busy tackling so many eclectic projects that they don't even have a core focus. They all have some things in common, though: Hackerspaces are about learning, sharing and collaboration.
Writing the code and creating the control infrastructure for a botnet takes dedication and lots of work. Poring through source code, looking for bugs and creating a working exploit is no small feat. It can take years to fully master exactly how locks work and how to manipulate the parts inside. Indeed, learning in a lab environment teaches patience. It teaches respect for the systems. Learning is hard, but it's good for you.
Compare that to the modern criminal reality: Right now, anyone in the world can rent a cadre of botnet computers for just a few dollars and use them to send spam, to host fake bank websites, to obscure their attacks or to use in a massive denial-of-service attack. Anyone can look up the latest zero-day exploits and use them for bad things. Anyone can buy a bump key and start opening about 30% of the locks that key will fit into. Subversion is easy.
If subversion is your goal, you would be silly to waste your time learning all the minutiae of systems from hackerspace denizens. Cyber criminals already know this. Apparently, some people still don't get it.
Update
I thought I'd share a quick list of things we've worked on and had talks about lately at CCCKC:
- Assisting JayDoc, a not-for-profit medical charity for the needy
- Joined more than a dozen hackerspaces live via webcam for the synchronous hackathon.
- Projected a game of Tetris onto a wall in downtown KC
- Building, studying and using the MakerBot
- Ran tech support and helped make BarCampKC 2009 a success
- Built a Twitter-bot (that's currently on the fritz)
- Set up a silk-screen lab for emblazoning logos onto things.
- Got good press in INK KC
- Set up a MIDI music workstation
- Built a compressed air T-shirt cannon
- Got a bunch of people familiarized with Arduino programming
- GPSes, computer interfaces for them, and Geoc... "finding things people hid somewhere"
- Search engine optimization
- Robotics
- Hacking the car-buying process
- Intro to Craps (the casino game)
- Server/telecom racks
- Electronics
- Robotics
- Radio Controlled Toys
- Photography
- Scrapbooking/Crafts
- E-Textiles (like gloves that work with touchscreens, LED embroidery, etc)
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
VirtualBox: full-screen resolution for OpenBSD (FreeBSD?)
One thing I love about VirtualBox is the Guest Additions package, for Windows and Linux guests. It allows you to resize the window and get an instant resolution change to go along with it. When you start playing with some of the more obscure OSes, though, there's no guest additions. This includes OpenBSD.
To get OpenBSD's guest to run X at full-tilt, I had to do some hacking and tinkering. First, I had to set a custom video mode in VirtualBox. Use the VBoxManage utility on the host platform (VBoxManage.exe on Windows, VBoxManage on Linux, /Applications/VirtualBox.app/Contents/MacOS/VBoxManage on OS X) and do the following where [VM-name] is the name of the VM and [WxHxBPP] is the resolution and bit-per-pixel you're running your host OS at, such as 1280x800x16. In my case, my MacBook's native resolution is 1280x800 and I really don't mind running X.org at 16bpp for a guest OS.
VBoxManage setextradata [VM-name] CustomVideoMode1 [WxHxBPP]
Next, boot OpenBSD or FreeBSD in the VM and use the block of text below as your /etc/X11/xorg.conf file. Backup your existing one if it exists. By default, OpenBSD 4.6 doesn't ship with an xorg.conf file, just using the default config. Be sure to modify the Depth, DefaultDepth and Modes toward the end of the configuration file to match the resolution and BPP you set with VBoxManage. As this will be the only resolution and depth in the configuration file, it should be forced to use this mode if it's supported.
Section "ServerLayout"
Identifier "X.org Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Keyboard0" "CoreKeyboard"
EndSection
Section "Files"
ModulePath "/usr/X11R6/lib/modules"
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
FontPath "/usr/X11R6/lib/X11/fonts/TTF/"
FontPath "/usr/X11R6/lib/X11/fonts/OTF"
FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
EndSection
Section "Module"
Load "dbe"
Load "dri"
Load "extmod"
Load "glx"
Load "freetype"
EndSection
Section "InputDevice"
Identifier "Keyboard0"
Driver "kbd"
EndSection
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "wsmouse"
Option "Device" "/dev/wsmouse"
Option "ZAxisMapping" "4 5 6 7"
EndSection
Section "Monitor"
Identifier "Monitor0"
HorizSync 31-80
VertRefresh 30-100
VendorName "Monitor Vendor"
ModelName "Monitor Model"
EndSection
Section "Device"
Identifier "Card0"
Driver "vesa"
VendorName "InnoTek"
BoardName "VirtualBox Graphics Adapter"
BusID "PCI:0:2:0"
EndSection
Section "Screen"
DefaultDepth 16
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
SubSection "Display"
Viewport 0 0
Depth 16
Modes "1280x800"
EndSubSection
EndSection
When you launch startx, you should get full screen resolution in a huge window, but may need to use the [HostKey]-F key combo to switch to full-screen mode.
Enjoy!
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Cyber Monday? How about MAKE some gifts?
This year, I'm planning on building as many gifts as I can. This is why I was so frustrated with Radio Shack earlier this month. So far, I've got three gifts almost completed, all of which are electronic. I start with an experimenter breadboard like the one shown*, then go bananas. Once I have something working the way I like it, I solder it to perfboard. There are tons of great ideas in books and online. You can always find cool things to assemble yourself at Evil Mad Science, The Maker Shed, Sparkfun or LadyAda.
If you can't solder or don't quite grok electronics, you can try crafts such as woodworking, cooking, leather working, knitting/sewing, or anything else that you put your time, knowledge and heart into. Chances are, it'll mean more to the recipient than a gift card, some clothes, or whatever device you happen to burn your cash on. Maybe donate some of the grip you save to help save lives? Several initiatives are out there to provide clean, drinkable water to those in need. There's local emergency response and hardship relief, hope for cancer patients and a host of other organizations worthy of your help this season.
How about less consumerism and more love? Get excited and make things!
* The circuit on the breadboard is completely bogus. Sorry, peeps. No clues until December 25th!
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Mastery through persistence and gradual learning
Who of us haven't wistfully recalled the scenes in The Matrix trilogy where facts and skills were modularized into chunks of data that could be dropped into the human brain within a matter of seconds?
Real life doesn't work that way. Taking an example from the trilogy: Kung-Fu requires individual neurological paths to be gradually awakened, certain muscle groups to be conditioned, and a particular mindset to be adopted. Mastery of Kung-Fu lies far beyond going through its motions. One may "know Kung-Fu" but one cannot master it without persistence; Mastery involves learning many small things over time while conditioning your body and mind to perform all of the physical and mental tasks necessary to the art.
Shift the subject from Kung-Fu to something many readers of HiR can likely relate to: system administration. It's not an individual skill or a trait. It's a mindset that requires a combination of critical thinking and knowledge of tens of thousands of little facts.
Examples:
This post was an inevitable one. I've been mulling over the topic for weeks now, and some conversations on Twitter combined with two awesome articles on Staying Sharp and Fake Achievement sealed the deal. Mastery comes only through hard work. It takes practice, dedication, and frequent use of the skills to maintain. Sometimes that maintenance, the "staying sharp" part does seem quite mundane, but it's very important. Use it or lose it.
The person I was talking to admitted lack of command-line skills (hence the reliance on crutch tech), but I happen to know he's got a good head on his shoulders and could choose mastery. Let's say you have a Linux server running Apache and you really want to host 10 different sites on it. You need to use Apache's VirtualHost feature. Will you settle for performing the task with a crutch and move along, or will you put in the effort to truly master Apache (even if only its VirtualHost feature) so that you can do it again easily in the future?
Learning by example is one way to do it. The Twitter conversation that happened yesterday was about the merits of "crutch technology" system management tools such as cpanel, plesk, webmin and virtualmin. By extension, you could include any easy-to-use "wizard" GUI or web app that ultimately makes simple changes to flat configuration files or performs certain changes that could be done by executing system commands: smit (on AIX), Manage Computer (On Windows) and the like.
Crutch tech can be leveraged in the name of learning by example. Tools like smit and virtualmin make changes that can be observed. By simply figuring out what the tools do for a given action, you can extrapolate how the process works. By building on the crutch's examples and reading the documentation, one can master the skill and lose the crutch.
The ones you look up to might make things look easy, but you rarely get to see the years of hard work that went into what they are. This goes for athletes, hackers, racers, physicists and everyone else who has put in the work to master something.
Real life doesn't work that way. Taking an example from the trilogy: Kung-Fu requires individual neurological paths to be gradually awakened, certain muscle groups to be conditioned, and a particular mindset to be adopted. Mastery of Kung-Fu lies far beyond going through its motions. One may "know Kung-Fu" but one cannot master it without persistence; Mastery involves learning many small things over time while conditioning your body and mind to perform all of the physical and mental tasks necessary to the art.
Shift the subject from Kung-Fu to something many readers of HiR can likely relate to: system administration. It's not an individual skill or a trait. It's a mindset that requires a combination of critical thinking and knowledge of tens of thousands of little facts.
Examples:
- Locations of hundreds of little pieces of configuration data
- Names of scores of system commands
- Hundreds of collective options for those system commands
- Syntax of aforementioned configuration data and system commands
- Menu options and other madness for dozens of popular applications and services such as Apache, sendmail, MySQL and ssh to name just a few.
This post was an inevitable one. I've been mulling over the topic for weeks now, and some conversations on Twitter combined with two awesome articles on Staying Sharp and Fake Achievement sealed the deal. Mastery comes only through hard work. It takes practice, dedication, and frequent use of the skills to maintain. Sometimes that maintenance, the "staying sharp" part does seem quite mundane, but it's very important. Use it or lose it.
The person I was talking to admitted lack of command-line skills (hence the reliance on crutch tech), but I happen to know he's got a good head on his shoulders and could choose mastery. Let's say you have a Linux server running Apache and you really want to host 10 different sites on it. You need to use Apache's VirtualHost feature. Will you settle for performing the task with a crutch and move along, or will you put in the effort to truly master Apache (even if only its VirtualHost feature) so that you can do it again easily in the future?
Learning by example is one way to do it. The Twitter conversation that happened yesterday was about the merits of "crutch technology" system management tools such as cpanel, plesk, webmin and virtualmin. By extension, you could include any easy-to-use "wizard" GUI or web app that ultimately makes simple changes to flat configuration files or performs certain changes that could be done by executing system commands: smit (on AIX), Manage Computer (On Windows) and the like.
Crutch tech can be leveraged in the name of learning by example. Tools like smit and virtualmin make changes that can be observed. By simply figuring out what the tools do for a given action, you can extrapolate how the process works. By building on the crutch's examples and reading the documentation, one can master the skill and lose the crutch.
The ones you look up to might make things look easy, but you rarely get to see the years of hard work that went into what they are. This goes for athletes, hackers, racers, physicists and everyone else who has put in the work to master something.
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Tools of the day: nmap 5.10 Beta 1, Shodan beta
Two seriously awesome blips across my infosec radar today:nmap 5.10BETA1 was released. New .NSE scripts, performance enhancements, OS fingerprints and minor fixes abound. Definitely worth checking out.
Shodan Beta. This computer/port/network search-engine is, as Mubix put it, "a game-changer. " Some of my favorite queries so far:
Shodan Beta. This computer/port/network search-engine is, as Mubix put it, "a game-changer. " Some of my favorite queries so far:
- ProFTPD country:BR (Vulnerable FTP servers in Brazil via Hevnsnt)
- port:23 list of built-in commands (unpassworded shells via HD Moore)
- Live View (via me, finds lots of Axis Webcams)
- jetdirect (find networked printers, maybe good for FTP Bounce scans?)
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR
Google Wave Invite Nominations
This is what it looks like when you finally get to nominate folks to join Google Wave:
I've had Wave since October 8, and I am just now able to nominate folks.
Update: All the Wave invites I had are now spoken for. Thanks for all who participated!
Here's how it works. Leave a comment with your email address in base64 encoded format, and I'll invite you if you're among the first eight to do so. Your email address absolutely must be in base64 format or I'll just ignore you. If you don't know how to convert text to base64, you can do some research. Hint: ALL YOUR BASE64 ARE BELONG TO US. Consider this an extremely easy challenge. Keep in mind (as written above) that invites aren't actually mailed out instantly. In my case, it took about 8 days from nomination to Google Wave access. Be patient!
Example: my email address in Base64 is YXgwbkBoLWktci5uZXQ=
I've had Wave since October 8, and I am just now able to nominate folks.
Update: All the Wave invites I had are now spoken for. Thanks for all who participated!
Here's how it works. Leave a comment with your email address in base64 encoded format, and I'll invite you if you're among the first eight to do so. Your email address absolutely must be in base64 format or I'll just ignore you. If you don't know how to convert text to base64, you can do some research. Hint: ALL YOUR BASE64 ARE BELONG TO US. Consider this an extremely easy challenge. Keep in mind (as written above) that invites aren't actually mailed out instantly. In my case, it took about 8 days from nomination to Google Wave access. Be patient!
Example: my email address in Base64 is YXgwbkBoLWktci5uZXQ=
HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network.
This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR