Clinically Awesome

Rode to Work

Thu, 15 Jul 2010 08:43:04 -0700

This time it was 19:40 in to work. I haven’t been sleeping well so I haven’t been riding. I need to get back on the horse.

Bogus Log Generator

Thu, 08 Jul 2010 11:33:00 -0700

I wonder what the legal implications might be of a framework that makes it easy to create generators for bogus but convincing log data.

Prosecution: “Your honor, I present to the court computer logs that show that the defendant participated in online activities for which he is charged.”

Defense: “Your honor, I present to the court computer logs that are completely falsified but are completely indistinguishable in form from the logs presented by the prosecution.”

Flying Monkies, GO!

Rode to Work

Wed, 30 Jun 2010 07:41:00 -0700

Actually, I’ve ridden to work about five times since I last posted about it. Totally different route now.

Distance: 4.4 miles
Moving Time: 18:09
Riding Music: Bassnectar - Mesmerizing the Ultra

I think the time is a personal best but I’ve only tracked it with the GPS twice now. Good riding music, but a little bland for my taste. Would be appropriate to play in a gym where they have that special selection of music that sounds upbeat but isn’t actually exciting.

Moving Time Home: 19:45 - stuck behind a couple slowpokes.

Anonymizer Universal on Anroid

Tue, 08 Jun 2010 20:10:00 -0700

Anonymizer Universal on Anroid:

While at Anonymizer I got to use Anonymizer Universal and I thought it was pretty sweet. It doesn’t take long with a packet sniffer on a popular public wireless access point to see that you have little protection if any without some sort of VPN. Anonymizer Universal is a commercial VPN service that protects your traffic on the local network and allows it to exit through Anonymizer. I got it working on my Android phone using a little hand-configuration. This doesn’t require the phone to be rooted/jailbroken; it’s part of the standard functionality. Note that while it works, it’s not a supported platform…

I'll Be Here All Week

Mon, 07 Jun 2010 22:11:37 -0700

Raffy: I'm quite surprised BP's networks aren't getting a "Free of charge" penetration test right about now
crunge: maybe they are
crunge: Raffy: however, if there are any security holes....
crunge: anyone?
crunge: not
crunge: getting
crunge: successfully
crunge: plugged.

No Longer With Anonymizer

Fri, 04 Jun 2010 21:30:45 -0700

I guess this is a bit late but it shouldn’t be Earth-shattering news to anyone. April 30th was my last day at Anonymizer. I had never before been in the position of leaving a job I liked but an opportunity fell into my lap that was too good to pass up. I’ve taken up a position as a security engineer at a Fortune 500 company in the Silicon Valley area that’s doing a lot of interesting things and has a lot of interesting challenges to wrestle with. As such, I had to relocate to the valley which, aside from moving away from my friends and family, was an exciting proposition.

There are a few things I’d like to say about Anonymizer. First and foremost is that they really are passionate about people’s privacy. Lots of people have said that it’s the perfect place for the government to back door to spy on us citizens. While that’s an accurate observation, at the time I left there was no back door, no special eavesdropping equipment or privileges for anyone, and no plans for those things to change. Unfortunately I can’t go into further detail without risking disclosing proprietary information. I believe in the products I used, Nyms and Anonymizer Universal, enough to continue using them to protect my privacy.

I would also like to mention that Anonymizer was a really interesting place to work. If you’re in the San Diego area and you think you know your stuff when it comes to networking, Linux, etc, it’s worth shooting them your resume.

Anyway, new beginning for me. This is the first time I’ve done security as the focus of my job rather than something orthogonal to my job. I expect I’ll have a lot more security stuff to talk about fairly soon. I was in the San Diego area for 12 years and while I liked it I’m excited to explore a new city. I expect to enjoy doing a lot of touristy stuff without having a short vacation window to explore the bay area.

wepwn

Thu, 27 May 2010 21:25:27 -0700

wepwn:

Some months ago I wrote a couple scripts to capture the workflow of cracking WEP. Essentially you could use the scripts to scan for targets and then specify the target to attack by ESSID or BSSID.

I came into a situation where I needed to learn python so I consolidated those scripts into a single python script and that is wepwn. It was developed on Backtrack 4 but may work on other Linux distros without modification.

I was reluctant to release it without much testing but it’s not going to get much testing in my environment beyond what I’ve done. I’d appreciate feedback, bug reports, or patches. Enjoy.

Our Savannah Monitor died today. I’m sorry, ‘zilla.

Fri, 21 May 2010 20:13:47 -0700

Our Savannah Monitor died today.

I’m sorry, ‘zilla.

UK to Kill off National ID Card Program

Wed, 19 May 2010 23:05:44 -0700

UK to Kill off National ID Card Program:

Way to go UK!

Two dads are better than none. Yes!

Wed, 12 May 2010 15:53:00 -0700

Two dads are better than none.

Yes!

Todo Sushi

Fri, 07 May 2010 21:30:09 -0700

Todo Sushi off of Carroll Canyon Rd. Tuna roll: good. Baby lobster dynamite roll: very good. Volcano roll: incredible.

Verizon Service for Android Purchase

Sat, 01 May 2010 17:19:20 -0700

When I went to buy my Droid Incredible the Verizon sales rep was very friendly and helpful. One thing that was lame was that he offered to sell me an 8GB or 16GB microSD card for my phone. I refused figuring I’m better off just picking one up at Fry’s or wherever. A few minutes later he pulls out a 2GB microSD card and says that it’s free. This seems like a totally shady upsell, not telling me it came with a 2GB card up front.

On the other hand, the second day with my phone I was trying to wiggle in the USB cable and a small thin bar of plastic above the USB connector snapped. Obviously it was my fault that it broke and I need to be more careful in the future. I went back to the store to talk about it and pick up a car mount for the phone. I explained that I had broke it and that it was still functional and my real concern was that this little piece of protruding plastic would catch on stuff. The same rep who sold me the phone looked at it carefully, made a note in the system about it and said that I could call an 800 number and get a new one under their 30-day Worry-Free Guarantee. This was all before I mentioned an intent to purchase the car mount.

The shady upsell in the beginning was weak, but the follow-up service for minor damage to my phone was excellent.

Walls Get Bombed

Sat, 01 May 2010 16:56:59 -0700

Walls Get Bombed:

I like graffiti so I’ve started a semi-public blog for graffiti. Check it out.

From "The Privacy Blog" Intelligence collection from open proxy servers

Sat, 01 May 2010 16:31:51 -0700

From "The Privacy Blog" Intelligence collection *from* open proxy servers:

The short version: you use an open proxy someone set up and the logs of what you’ve visited are stored there. Possibly those logs are poorly protected. It’s also possible that the proxy was set up with the specific purpose of surveillance.

Drinks at Hamilton's

Sat, 01 May 2010 01:37:29 -0700

Had some drinks at Hamilton’s in South Park. Seemed like a pretty nice place. Even if it weren’t, I had a few beers and a lot of friends there and those things alone would have made it a good time.

Droid Incredible - Not Seeing MP3s

Thu, 29 Apr 2010 20:24:00 -0700

Dropped a bunch of MP3s in the exiting Music folder in an organization structure similar to the existing one. It’s seeing none of the files that I added. If I figure out the issue I’ll post the solution. Sending the sound output playing the songs that were there to my care stereo via bluetooth went seemlessly.

Oh, it was me be stupid. I was using Amarok to copy media to it and adjusting the naming. I failed to put .mp3 on the end of the naming template. I don’t think I should have to. After all, what if I’m copying media of different formats?

Droid Incredible

Thu, 29 Apr 2010 17:55:00 -0700

Got a Droid Incredible this morning, upgrading from a first grn iPhone. This thing is sweet. Hopefully it will still be after the honeymoon is over.

Oh yeah, except that the mail app silently errors how when connecting to my mail systems which have certs signed by my private CA. and it won’t let me click through. People on the tubez say it won’t do self-signed either. I’ve imported my CA cert into the browser but that has not affected the mail application. And since I don’t know which CAs the mail client trusts I don’t know where I can try to get a free/cheap cert for my mail servers.

Studio Diner in Kearny Mesa. Friday night special was Sea Bass. It was excellent.

Fri, 23 Apr 2010 21:16:31 -0700

Studio Diner in Kearny Mesa. Friday night special was Sea Bass. It was excellent.

Peace Out, Guru

Tue, 20 Apr 2010 08:12:09 -0700

Peace Out, Guru

AssRace: Possible Advantage For A Rogue DHCP Server

Mon, 19 Apr 2010 09:49:54 -0700

One method for MITM attacks is to set up a rogue DHCP server. In this situation you’re in a race with the real DHCP server and you may not always (if ever) win.

I’ve been sitting on an idea for a couple weeks where under certain circumstances you could have a distinct advantage in the race. Specifically when the DHCP client is on WiFi. Before WiFi clients pull DHCP they usually have to associate with the access point which involves an exchange of packets. The idea was that you could have your rogue DHCP server listen for clients associating then immediately start spamming the client with appropriate DHCP replies. In this scenario you may be able to get your reply in before the client has even finished sending the request. The cool thing here is that if the network is encrypted but you’re wired in and the wireless just bridges to the wired network you don’t necessarily need the encryption key. You can see the association in the clear then start sending your DHCP messages on the wired network destined for the new client on the wireless network. Because that MAC address hasn’t been seen yet the switching infrastructure should just unicast flood the message everywhere so it should get to the target.

This morning I realized I’d probably never get around to actually implementing this idea, which is a shame given the snazzy name. I was looking at the RFCs for DHCP and it looks like the client picks an ID number and if your replies didn’t have that ID number then the attack probably wouldn’t work. Since you’re sending replies before you’ve seen the request you can’t know what the request is. Perhaps if you’re on the wireless network and the DHCP server is on the wired network you have a few microseconds of a head start. Perhaps you could guess the ID number the client will use somehow. Perhaps I’ve misinterpreted the RFC, I didn’t read through it closely. All that aside, maybe this will give someone else some workable ideas.