Mon, 24 Jul 2006
The Empty Vessel Project
It may not be up for much longer due to creative differences, but I'm rather
proud of a new web design that went live last week. It's for
The Empty Vessel Project.
Acording to the web site it is
"an action, art, and sustainability
experiment. We salvaged EV, a WWII rescue boat, to create a space for
re-imagining the post-industrial urban environment. We are a non-profit,
volunteer-run organization and encourage participation on all levels."
It should be an interesting few weeks of comparing and contrasting the new
version to my version. I'll keep a
permanant link to my code.
posted at: 18:25 | path:
/brooklyn |
permanent link to this entry
Libpam 0.79-3 in Sid
So it's official. I can run Debian on the desktop again! The one thing holding
me back was
libpam
in sarge. Then I upgraded to Etch but it still couldn't give realtime priority
to a user. So I installed Ubuntu Dapper and it did. JACK applications would run
smoothly. But despite it's fabulosity in popular culture, I don't really like
the superficiallity of Ubuntu. Debian with chrome rims, basically.
When the Macbook gets shipped back I'm dual booting Sid and OS X. Yeah!
posted at: 17:24 | path:
/debian |
permanent link to this entry
Sun, 23 Jul 2006
Citizen Engineer - Consumer Electronics Hacking and Open Source Hardware
Lady Ada is a fellow at
Eyebeam.
Phillip Torrone is the editor of
Make
magazine. They both find, make and document hacking consumer electronics
devices. Phillip began the session with some covers from popular mechanics
magazine in the 1950s. One featured a drawing was a family test flying ther new
personal helicopter they built themself! And to make it even more ridiculous it
was being towed by a car! His point was this is the kind of idealism of
construction, progress and mechanical tinkering was commonplace in the post war
era. Then something happened and all Americans forgot that they could make
their own grown up toys.
That's all changing now with the convergence of software and hardware on digital
consumer devices. The session was mostly a gallery of cool stuff people have
made on the web and some of the legal and political issues surrounding
intellectual property of inventions.
Here's the link list
posted at: 15:08 | path:
/hopenumbersix |
permanent link to this entry
Sat, 22 Jul 2006
Wireless Security Flaws
This workshop was absolutely shocking. It focused on backbone level Internet
routing protocols and IP hardware management protocols being broadcast over
802.11 frequencies in urban areas. Absolutely insane. It reminded me of an
eariler workshop where someone spoke of a client who had a 802.11 signal
bridging his co-lo'd servers subnet over a river to his main office, including
VoIP traffic! Raven, Eric and Brandon described how they have decoded packet
captures with
OSPF,
BGP and other kinds of
IGP traffic.
This stuff can effect thousands of users if it's working incorrectly. Putting
it over radio waves is just stupid, so why are people doing it?
They offered no answer for this question, just confirmation that time and time
again new packet captures are sent to their
public email address containing
this traffic. I can't stress how stupid this is. If something happens to the
network broadcasting this traffic, whole chunks of the Internet can dissapear!
The next part was about IP level device management protocols found on the air.
Namely SNMP and sometimes even telnet. IP devices include switches, firewalls
and routers. Many of these devices have no crypto or require a service contract
and firmware update to add crypto. Cisco is notorious for this.
So how does one obtain packet captures? With open source software of course!
Ethereal can capture any kind of
ethernet traffic, while
Kismet can
capture any kind of 802.11 traffic over your radio. Both save captured packets
to a file on disk which you can decode later.
posted at: 23:55 | path:
/hopenumbersix |
permanent link to this entry
Lockpicking
Locking picking is an ancient tradition. The concept is that a lock is a metal
passage that has a bunch of bars running parallel to the passage. The bars are
different sizes so when you insert a key, it presses the bars out of the way
and the lock opens. This is obvious. What isn't obvious is that it's extremely
simple to bypass or simply fake a key with some cleverness.
I was only interested in this workshop because I have a bicycle lock with a
lot
of history behind it. The current revision has changed the entire system to
a non-tubular design sometimes used in safes. This lock requires much time and
special skills to pick and would probably not be worth it for most potential
theievs.
The basic idea of lockpicking is not too different than any other kind of
security. You need a specialized tool for every job. But once you have those
tools any lock is worthless to whatever it's supposed to be securing. There is
a large
web community discussing all
aspects of lock picking.
The most interesting part of the demonstration was how a $35 fortified master
combination lock was bypassed with a small metal stick.
posted at: 18:34 | path:
/hopenumbersix |
permanent link to this entry
Fri, 21 Jul 2006
The Future of Wireless Pen Testing
Around 2001
802.11 became
very widespread in consumer devices. Laptops and little access points, wireless
"gaming adaptors" (aka a wireless media bridge) and even PDA phones. The
problem is that all the security features in the written and accepted spec are
broken.
Renderman mentioned a flaw in
802.11i which is sometimes called WPA2 by Cisco, which is where I first heard about
it. It has a nice feature where if an associated device sends a packet with the
wrong
Michael MIC
checksum in too short of a time, the radio shuts down for 60 seconds and
kicks all the other devices. This is supposed to be a security feature. In
those 60 seconds you can power up your own AP with the same SSID and grab all
their data to a network you own.
Dragorn mentioned that
802.11w is supposed to address
packet authentication better.
Probably the most interesting part was a discussion of driver level exploits
that can give the exploited code access to the hardware's memory, bypassing any
kind of operating system controls. It can also go straight to the memory where
the operating system's kernel lives and break that. Cool!
I asked the question of how to properly secure a 802.11 network since both WPA
and WEP are broken by design. Dragorn's response is to open the radios and
secure everything on layer 3 with a VPN.
posted at: 20:21 | path:
/hopenumbersix |
permanent link to this entry
Friday Night Keynote. RMS Is Crazy
Richard M Stallman
is the founder of the
GNU movement since
publishing the GNU Manifesto in 1985. He is speaking right now at HOPE. He gave
some shouts to
Defective By
Design and talked about how the
GPL
version 3 will
try and prevent further manipulation of GNU code by adding clauses defining
freedoms related to DRM. The GNU
project's legal arm is the
Free Software
Foundation, which is a group of
lawyers who work to ensure software freedom stays that way.
ed. I am a
member of the FSF, so I'm definitely biased
He seems very touchy and came off as distracted during the first part of the
speech. Then he attempted a joke where he wore a halo and crowned himself a
saint of the GNU church of
Emacs. He then uttered the quip
that
vi vi vi is the
editor of the beast, which was damn funny. So yeah. He's crazy...
...but totally cool because he redeemed himself during the Q/A session.
Almost every person had an antagonistic question concerning his idealism and he
aptly challenged each one. The cool part about RMS is that he's 100% consistant.
Free Software makes us free thus is good for humanity; proprietary software
removes freedom thus is bad for humanity. Can't beat that really.
posted at: 17:37 | path:
/hopenumbersix |
permanent link to this entry
Magnetic Stripe Technology and the New York City MetroCard
Joseph Battaglia is pretty damn cool. He heard about
card
bending and got curious. Why the hell are people getting free fares by some
weird urban lore of intentionally breaking discarded metrocards? He figured it
out and explained it and basically the entire proprietary metro card magnetic
stripe format from 2004. Of course this format has been changed due to the large
mainstream media attention the security flaw got.
I'll try and be concise cause this one is really deep.
Cubic is the name of the
company that made the
magnetic stripe
algorithm for the MTA. It's different than
other cards, for example a starbucks gift card in that it has a non-standard
sequence of binary data encoded on to the magnet. Fortunately, to be compatible
with the global market for these little swipey card things it conforms to a
number of ISO standards. Namely
ISO 7810,
ISO 7811, and
ISO 7813. Yea! reference
points.
Mr Battaglia use these and more (including the patents Cubic filed with USPO)
to implement a
card
read/write chart which he
published.
posted at: 13:00 | path:
/hopenumbersix |
permanent link to this entry
How to Steal Someone's Implanted RFID - And Why You'd Want To
Annalee Newitz put an RFID
implant in her arm to prove a point. Then she talked to us about how simple,
cheap and insecure it was. This procedure is commonly used in a very ethical manner for
tagging pets and livestock. A company called
VeriChip
makes human implantable tags containing personal data. They sell them off as
good for the emergency room when you might not be able to communicate nor have
any identifying paper on your person. Whatever. The shit they implanted in Ms.
Newitz's arm is a simple pet tag. A totally unencrypted
RFID transponder running at
13.56mhz. Anyone who can listen on that frequency can record the signal in it's
entirety. Then if they have the antenna to transmit the same signal, can clone
that tag. Stupid. Maybe good for inventory...maybe only good for these kind of
demos.
Newitz paid $400 for her implant, but did not recommend this method. Her
co-presenter, Jonathan Westhues said that any skilled body piercer can implant
it for about $20. The parts can cost another $20. So you'd only be out $40 if
you wanted to get your very own implant.
Newitz also had a good quip referencing her
Democracy
Now! appearance. When Liz Mcintyre asked "What if Hitler had RFID?".
Newitz's response was that genocidal dictators did just fine killing millions
before digital technology. Blaming RFID on mass murder is barking up the wrong tree.
posted at: 12:00 | path:
/hopenumbersix |
permanent link to this entry
Tue, 18 Jul 2006
Weekly Band Fixation
There is something about a group of sad, earnest and pissed off people making
music together that gets me extremely excited. Add to that a singer with an
charmingly bitter voice using the word "fucking" in what I can gather the
most honest way possible. Yeah.
A Better Son/Daughter is an uplifting
song about faking it till you're making it despite the horrible feelings you
have inside.
posted at: 15:21 | path:
/music |
permanent link to this entry
Bike Racers Shave Their Legs
One last update because I forgot to mention it before. I didn't pay attention
at first until I saw two guys feeling each other's legs and commenting on how
smooth they were at the prospect park race. I know that swimmers shave their
legs to lessen the surface tension of water but c'mon, surface tension of air
is dramatically lower than that of water. Then I
found
the answers I was looking for. I must say there were some good looking guys
and gals out there tonight. I probably looked pretty silly at the finish line
with no shirt and excessive body hair. I guess I'm not up on the tradition.
posted at: 02:22 | path:
/cycling |
permanent link to this entry
My First Prospect Park Summer Slam Race
...almost killed me. No, no! In a good way! Seriously. Tonight was an
individual scratch race of three laps. There was a visible police presense so
we took one neutral pace lap to test the waters then three more around for real. I was
so freaked out by the speed and closeness of each rider. It's intensely exciting to be in a pack of over 30 people going
25 miles per hour by pedaling. All I could hear is back cogs and tires.
Right from the first sprint I got freaked out when two rider's pedals hit, made
a spark and shockingly no one went down. I was right behind them and I didn't
have the nerve to try and sprint past. The front of tha pack was gone by the
time I went down the top of the first hill.
My gearing is way to low. I couldn't even keep pace on the big downhill. I
ended up finding three other riders at the same level as me and we all drafted
each other for the next two laps. They kicked my ass on the final uphill. I
absolutely cannot do the uphill to save my life. Hardest physical challenge
ever. Seriously. But hey, I finished! And not dead last.
posted at: 01:33 | path:
/cycling |
permanent link to this entry
Mon, 17 Jul 2006
Rilo Kiley is impossible to download anywhere but P2P or iTunes
In the search for a downloadable version of the Rilo Kiley album
The
Execution of All Things I have come to the conclusion that it is
impossible to download without participating in iTunes or sharing with an
anonymous "friend". Emusic, Yahoo music and
Saddle Creek's own store do not offer mp3 or vorbis versions of the record. I
wonder if this is an exclusive agreement between Apple and Saddle Creek? WIth
the commercial success of Bright Eyes I wouldn't doubt it.
posted at: 18:16 | path:
/music |
permanent link to this entry
Thu, 13 Jul 2006
Ubuntu has an old nmap
OS fingerprinting is one of the cooler parts of nmap. Unfortunately, it appears
that these fingerprints change as vendors release OS updates. Today, nmap
identified a Macbook Pro running 10.4.7 as running 10.3. Another good reason to
build network security packages from source.
posted at: 14:18 | path:
/debian |
permanent link to this entry
Tue, 04 Jul 2006
I broke my Macbook
Better said, my Macbook broke. I took it apart, put it back together and it
wouldn't turn on any longer. Since
I paid Apple an excessive amount to replace
broken hardware, I just sent it back, and I was welcome. I hear Apple has a
sophisticated
power management
unit. Whatever. I won't tempt fate. Word to the
wise. Don't follow
these
instructions.
posted at: 14:38 | path:
/computer_hardware |
permanent link to this entry
