Really?

Dallas Police Depart@DallasPD

Our apologies for the fruit Ninja tweet sent earlier. One of our kids played the game on our iPhone and unknowingly tweeted their score.

12:22am · 27 Jan 13 · Twitter for iPhone

Really? Seriously? I'm left wondering. Was this IPhone issued by the department? If it was, why was it where a child could reach it. If I was his superior, I would seriously be asking some questions. Maybe I'm jaded from the bs that happened with the ex-Mayor in Detroit.

Look, I get that Chefs bring their own knives, and that mechanics bring their own tools. However... BYOD is a bad idea. Tell me when has an accountant, a CEO, Lawyer, or any other business unit brought their own filing cabinet, corporate ledger, etc. Ok I know they have the briefcases, file folios and the like, but the damage is smaller with those. It's not everything.

I understand we have commoditized computers and technology, but people really need to think about what that piece of tech does before that hand it someone else.

Sure there are some questions, was it a work phone or a personal phone. If it's personal why does it have work stuff on it? If it's business why is he being handed to a kid, I'd be worried about them reading the other stuff on the phone.

Lastly I'm curious, would this officer hand his service weapon to his child to play with, or leave it laying around where the kid could get it? I'm sure he is shamed by this point, but seriously it is time to have grown up conversations about BYOD and how the devices are used outside of work.  

Can't wait for Friday

I found out tonight that the IASA (Information Assurance Student Association) is having their kick off meeting Friday. At 5. Time sucks, but meh.

I'm actually thinking of tossing my id in the bit-bucket for an officer position. Don't know which one yet. I'm sure that'll fly like the NX37602. There are some things I think we could do better as students. Yeah it means more work for us, but in the long run, it makes us better students. No it's not hacking each other. Although some Saturday CTF in L6 would't be too bad. If allowed.

I also got to do some reading on T.A.I.L.S. tonight. I figured I could't be the only one that was having problems with capture portals (have to log in to use wireless). Looks like I was right. And I have something to test on Friday now.

Also, new version of T.A.I.L.S came out tonight. Version 0.13.0.

There will be some more posts coming

So I've tested T.A.I.L.S, it comes with sshfs pre-installed. It's also really easy to use. It looks like all the traffic goes through T.O.R. Next step will to see if it works with the University's wifi.

I've been asked to do a talk on it.

I'm also going to do some write ups on the options I didn't use and why I didn't want to use them.

new to me tools

I like finding "new" tools. That doesn't mean that the tools themselves are new, just new to me.

In Information Security, I play mostly on the defensive side. Firewalls, nmap scans of my boxes (the ones I'm responsible for), centralized logs, and google advanced searching.

That doesn't mean I don't want to learn some attacker skills. I'm always trying to learn more, to add more value. Even if the majority of my job now, doesn't involve much security (other than the occasional firewall rule).

Therefore I'm reading books on hacking. The one I'm reading now is Dissecting the Hack: The F0rb1dd3n Network. In the STAR section's first chapter I came across 2 tools that seem to be useful. They're plugins for Firefox.

Passive Cache Search: Lets you search the Google cache of a webpage. Usually searching the cached page still pulls down pictures and other multi-media from the site. But Passive Cache is supposed to have a way to do it as text only from the Google cache

Advanced Dork: Tool to help create advanced Google searches. This one should be fun. It's the one I've been playing with the most out of the two.

Read Rework

Listening to the Exotic Liability the other week, a book was mentioned. Book called Rework. One of the casters (I know who, but not going to name drop here) said he requires his staff to read the book. Since I look up to the guy, hey we all have our info-sec heroes and he's one of mine, I got the book.

It's a business book written by the guys at 37Signals. It was actually a very fast read, and I was familiar with the concepts already. I didn't agree with everything in the book, but I agreed with the majority of it.

It contains concepts of why hiring Rockstars just to hire them is a bad idea. Why meetings suck the life out of your team. Don't chase the large customer, do what you think is right. Run it like you want to be the best you can be. The biggest thing I like in it was the Decisions and Quick Wins.

I have project coming up. I've been thinking that it's going to be a pain, and felt overwhelmed a few times. I'm going to set up the new web site for the Martial Arts School I teach at. Updating it to run on Drupal and the like. The book showed me I can do sections of it at a time, and go from there. Thinking up a finished product and pushing to that keeps you from being agile enough to change. Things won't be as good.

But if I start small, and go from there. Get the basic site up first, and then add things as needed, it'll be better. It'll give me time to move on feedback better. Which will make the site better.

So instead of installing drupal, getting blogs and forums set up, and user accounts, locked video section and all the different pages. I'm going to start with the basic drupal website. Add a few pages to it. And then add things as needed going forward.

Seriously the book is worth the read. It shows how you can be a lean mean company, hobby, or employee and ADD value instead of just being a Cog.

it's a start

So... I've mentioned the WIFU class a few times now (see the wifu tag below). I've gotten the first wireless card I needed. I still need at least 1 more. I don't have to have another of the same type, but why not? I've got an old desktop I'm going to hook it up on. I haven't started the class yet, but I have started playing around.

Anyway I've tested the usb wireless card in Backtrack4 from the live DVD, in my normal Sidux install on this box (my laptop), and now in the BackTrack4 virtual machine (VM) running on top of my Sidux install.

Tonight, I followed along with the Aircrack-ng tutorials while using the VM with the USB Wifi adapter. I was mostly interested in trying packet injection with the card from the Virtual.

Getting the packet injection to work took some set up. First you have to get the card in monitoring mode, and the test injection had a link to that tutorial. However I don't think it worked every time I tried it from the VM. Sometimes the packet injection would work, sometimes it would fail. I usually had to do airmon-ng stop on both the mon0 and wlan0, then start it again on wlan0 before the injection would work. Annoying but not enough to make me give up.

I was rather excited about getting injection to work, even if it was a bit dodgy. However, I'm not the kind that is willing to leave well enough alone. Since I don't have everything set up yet for the wireless lab I'm building, I decided to jumped ahead to the WPA/WPA2 cracking. (Note I have yet to crack WEP).

I got airodump-ng running on the network I wanted (my U-Verse 2WIRE access point), and could even see the only client (the Sidux install on the laptop, using the built in 3945 wireless chip). However I didn't see any authentication packets in airodump-ng. No biggy, the tutorial tells you how to fix that if you're not patient or only have 1 client.

I was able to deauthenticate the host operating system (Sidux), and even watched was WPA_Gui would reconnect. However airodump-ng never seen the authentication handshake. I tried looking at what was going on with wireshark,and could see the deauth packets going out. But no auth packets. The VM wasn't using the network either.

I'm going to have to get more hardware, I'm ordering the second card this weekend. There are some other things I'd like too... Netbook, desktop, multiple monitors, but that will take longer to get.

I was a little surprised at how easy it was to deauth a wpa/wpa2 connection, and wondering how many people around me are messing with other people by sending deauth packets. I mean after all, I live near one University that has an Information Assurance Program, and the other University I live near is well know for having a great Computer Science / Computer Engineering program. :-)

more on the Cert

So I mentioned in a little shocked. I got picked for a free cert course.

After some emails around on who was going to take what, I'm taking WiFu. I actually offered to take it, kind of. I still would have preferred Penetration Testing with Backtrack. But I have a better chance of getting a cert with WiFu and I think that is a little more important.

So for the last week or so (little longer probably), I've been looking at getting things together to do the course.

I'm going to get 2 Alfa AWUS036H and 1 BU-353 USB GPS Unit. The GPS isn't needed but will be fun to play with. And I'll finally be able to do Wardriving / Warwalking and map the data out, instead of just saying hmmm... But that's for another post.

I picked up a cheap old Gateway Celeron, 256 meg, 15 gig hard drive. I'm going to toss straight Debian on it, and attach one of the USB Network Devices to it.
I'm going to dig out my old Linksys wireless router, flash it with Linksys firmware (I can put dd-wrt back on it later), and hook the other Wifi device to my laptop running BackTrack. (If don't pick up another cheap PC first).

I'll update the blog as I go along.

Pidgin, Yahoo, and Debian Testing

So like lots of people, I've been having problems with Pidgin and Yahoo, after the upgrade. I followed several "work arounds". However every couple days it stopped working again.

If you followed the blog at all, you know I run Debian Testing right now. Currently, testing doesn't have the latest version of Pidgin that fixes the issue.

Instead of waiting, or changing my source lists, I went to the Debian Package pages and found the files I needed to get it to work.

If someone else wants to use DPKG to install just the files they need, here are the ones I needed:

libpurple0_2.5.7-1_i386.deb
libzephyr4_3.0~beta.2483-2_i386.deb
pidgin-data_2.5.7-1_all.deb
pidgin_2.5.7-1_i386.deb

Libpurple0 and pidgin-data were needed for pidgin. Libzephyr4 was needed for libpurple to install.

I've been busy, computer stuff.

So one of the things I wanted to do when I created this blog, was make it more professional than my live journal account. That failed. But I do tend to try and cover an array of things here, besides just working out. Which is what lead to those other two posts earlier. The ones about U-verse and Knoppix 6. I took longer entries that I saw people going to via google (in my site tracker report) and made 2 condensed versions so they wouldn't have to hunt through longer posts for them.

Two weeks ago, my laptop at home suffered bad things when I tried to upgrade my installed version of Sidux to the latest version via apt-get dist-upgrade. It resulted in me having no GUI to use. All the data was still on the drive, and as long as I didn't want to do anything that required a Grapical environment, I was ok. Sadly that made surfing the web and watching videos hard.

To fix it, I bought a new hard drive. 320gig for about $70.00 USD + shipping. After installing it, I tried the latest CD ISO of Sidux, only to have it do the same thing up the software upgrade. No GUI. Next I tried Gentoo, after 2 failed installs I said screw it. Then I tried something else, I don't remember, and didn't care for it either, so I tried Gentoo again. 2 more installs later, I finally had a working system. As long as I didn't want to use a GUI. Trying to install the GUI would cause the system to shut down. It'd be in mid compile, and the next thing I know, it's turned off.

So I went back to Debian, haven't ran straight Debian for a while. Set up and encrypted hard drive, which is nice, and Debian so far is the only one I've seen that give the option on install. Of course it took about 5 hours to erase and encrypt the drive. I got a working system, with a GUI, but didn't like that some of the software was old. Debian Lenny had verison .8 something of VLC, and Open Office 2.4. Which trying to upgrade to 3.0 was what caused the problem to start with on the laptop.

I told the system to update itself to the Unstable branch, I tend to run something based off Unstable or Testing anyway, and it removed my GUI and wouldn't give it back. I got the Debian Testing Nightly build install, and it installed fine. I told it to install KDE, my preferred GUI. It did. KDE 4. Which was ok, because I wanted to try KDE 4 out.

I don't like KDE 4. It's too Vista like for my tastes. I don't see why they have to chase what Microsoft is putting out for the GUI. I can't turn off Plasma (or if I can, I haven't found out how yet) so I can install non-Plasma themes from the theme site. I don't like the desktop widget. I like to store some files on my desktop. It's the way I am. They're files I refer to regularly, things like what episode is next in a series I'm watching, a list of commands, etc. I don't like the bars at the top of the windows, I'd like to change those. And lastly, I don't care for the slowness. Even scrolling / page up / page down in Ice Weasel (Debian's Firefox fork) is slow. It shouldn't be and wasn't under Gnome.

I'm thinking of installing XFCE and LDXE on the thing and see how those deal. I also have to find a way to get my old data off the old hard drive. I've gotten most of the tweaking done though.

I love finding new tools

TCPview, and netactview. They do the same thing, but one does it in Windows, the other does it in Linux.

Going through firewall logs Friday I found a box trying to hit Akamai Technologies' servers faster than once a second. Like 2 or 3 a second. The box lives on a part of the network with restricted outside access.

There was so much chatter in the logs I was looking at, it looked like it was the only box. The reason it caught my eye to start with was they all had Deny statements with them. Not knowing what the box was doing, we pulled it off the network. There have been infected user boxes before, from surfing sites that were a no no.

The other Network Engineer / Windows Admin today tossed TCPview on the box, it's basically a gui for netstat. Constantly updates in the window, and uses color codes too. However the box had been swept, put back on the network and updated.

I looked at the logs, thinking maybe the issue was a software update (as far as we know the sweep came back clean, the person who did the the sweep is off today), I saw several other boxes. Joking the other guy and I walked back to the area saying it's probably Adobe. Toss TCPview on it, and low, it is adobe updater.

I liked the tool. So I looked, turns out that netactview does the same thing in Linux. Very Nice.

I could do the same thing with netstat, but I hate watching text scroll by.