This has been a great book so far. Not only is Kevin a very sociable person but he is a very entertaining writer. His stories are amazing. To think that he left some out.
http://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037702
Watch is interview with Snubs on Hak5. “23 Questions with Kevin Mitnick”
Here is a tutorial on how to setup SARG (http://sarg.sourceforge.net/) – Squid Analysis Report Generator on Pfsense. If you don’t know what any of those words meant then here are some references.
I have recently setup a Pfsense router / firewall to replace my old “blue plastic” router that was purchased at the big box location. This solution has been working great. It has been in place for over a week and I have been adding configuration settings to it. One of the great tools included in this router is the ability to add packages. In particular one of the packages is SQUID. A proxy tool that can help monitor web traffic and also speed up performance.
I have used SQUID in the past and know it’s benefits and also issues. One great benefit is reports on web usage and traffic. The pfsense implementation also has a package for reporting on squid called lightsquid. Lightsquid is ok, but not my favorite tool for displaying information. I would rather use SARG. So I began to do a few searches and found some outdated information and ways to configure SARG. From these searches (NOTE: Most of the info below I was able to find from other forum posts)
Install SARG on pfsense
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/nano.tbz
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/sarg.tbz
cd /usr/local/etc/sarg/ cp sarg.conf.default sarg.conf nano sarg.conf
#Locatoin of log files - from pfsense settings access_log /var/squid/log/access.log title "Squid User Access Reports - SARG" graphs yes graph_days_bytes_bar_color orange #LOCATION of WEB PAGES output_dir /usr/local/www/squid-reports #Display usernames or IP resolve_ip no #Sort Order topuser_sort_field BYTES reverse user_sort_field BYTES reverse
cd /usr/local/bin chmod +x sarg
#crontab -e 01 * * * * root /usr/local/bin/sarg
Here are some example reports: (ip’s blocked to protect the innocent )
LANDING PAGE
DAILY REPORT
INDIVIDUAL USERID (IP)
GRAPH OF INDIVIDUAL
I prefer SARG because of the graphs and the look and fee. Let me know if you have any preference on reporting systems.
My wife went to a seminar today and came back with a good idea. That she and I should have an emergency contact card in our wallet. She also mentioned an ICE contact for our phones. I had not heard of ICE contacts, “In Case of Emergency” – here is a quick blurb from lifehacker – How to add an ICE contact to your phone
After some research I came up with a format for us to have a business card size emergency contact for us to carry. I used the Microsoft Word template called “pocket emergency contact reference.” You can download the template from the Microsoft office site
http://office.microsoft.com/en-us/templates/pocket-emergency-contact-reference-TC030001514.aspx
It is a quick and easy way to make an emergency contact card. I created one to put in my wallet, backpack, and bike bags. I typically carry my ID when I bike, but this would be valuable as well.
I’m a huge fan of a tool called nmap (nmap.org). It is a network tool that can do many things. The most simple is to determine if a host is active. Anytime I connect to any network I run a quick scan to see who my neighbors are on the network.
To do a network scan with nmap you only need one bit of information. Your IP address. Below is a scan from my local network. I was able to do a quick ipconfig to see my local IP was (192.168.2.118) armed with that information I can tell that the network segment is 192.168.2.1/24.
To scan the network you only need to issue the command
nmap -sP 192.168.2.1/24
Here is the result on my windows machine.
The scan took 9.16 seconds. This is a pretty fast network scan. In 9 seconds I was able to determine I have 12 devices connected, a few iphones, ipad, printer, and other machines.
I am always interested in performance and I wanted to see if my linux machine would do the scan faster. (NOTE: the windows machine is using a 802.11 G network and the linux machine is over the LAN bridge using Wireless G as well)
The Linux results of the same nmap command ran in 5.4 Seconds. In this simple test the linux nmap process was a bit faster.
Overall it is always a great idea to see what and how is around you when on a network. I did not go into more detail but you can always use nmap to do more investigation. I can cover that in a later article.
Happy scanning.
I get all types of security questions from home users. How do I secure my wireless so people can’t use it? How can I make sure people can’t steal files on my computer? How can I keep the kids from going to sites they are not suppose to be on?
For the last one, how to secure and block sites I recommend OpenDNS. Not only does open dns allow you to speed up your surfing (more on that later). It also allows you to monitor, maintain, and block sites that are used from your network.
To utilize OpenDNS you need to set your router’s dns service to use OpenDNS. This is a fairly simple task if you know how to admin your home router. In most cases your router is a (netgear, linksys, or dlink device). OpenDNS has instructions for most versions. Once you add their Primary (208.67.222.222) and Secondary (208.67.220.220) ip address to your router you are almost done.
You then create an account at openDNS and setup your rules. I choose the moderate setting and then modified it to block adult content and removed Proxy / anonymous sites (since I use wifi-vpn.com)
customized Settings
With a simple DNS change on your router you can now block all types of sites and specific urls. Example, if you wanted to block some specific port site or other url (www.xxxsomething.com) you would add this to the open dns block list. One of my colleagues at work has blocked facebook when his kids did not meet the grades or rules.
Once you have set your rules / filters for OpenDNS you can now monitor what is being done on your network. OpenDNS has great reporting to show you how much traffic you have done and what domains people go to. Here is a sample of what people have gone to on our Family cottage wireless network.
Overall OpenDNS is a great tool for your home or business. It can block unwanted sites and also track usage and sites people should not go to.
I am currently at microsoft techEd in Atlanta. Microsoft has some great things going on.
Any time you put 10000 geeks together you see a lot of tech. The main take away I found was that the iPad has won.
I see as many iPads as I do laptops. That is interesting especially at a Microsoft conference. This simple observation tells me that either Microsoft users like apple better than android or that the iPad is a better tablet.
You could argue that the iPad has been out longer, but is seems that most iPads l see are ipad2.
I am always interested in how secure my devices are? Is my data safe, can people get to my info, am I at risk of giving out any private information. The iPhone /iPad has proven to be pretty secure if you take precautions. Lock your screen and keep sensitive data out of the clear. The one interesting item you can hack is the backup. There is a lot of information to be gathered and searched in your simple backup. Many people don’t think twice about the sync that happens with your computer and iTunes. I’ll go into a little discussion on what can be seen.
Before I go too far into this information, it should be noted that this can be corrected by encrypting your backups. The process to encrypt your backup is a simple check box in iTunes. You can do this by connecting your iphone / ipad and selecting summary -> options -> encrypt iPhone backup.
Now that you have secured any future information let’s look at the wealth of informaiton that is now residing on your computer from your previous backups. Â To find your backups on a windows machine navigate to :
(Windows 7 or vista) - C:\Users\{your username}\AppData\Roaming\Apple Computer\MobileSync\Backup\
(Windows XP) - C:\Documents and Settings\{your username}\Application Data\Apple Computer\MobileSync\Backup
Once in the directory you will see your backup sets. Select one to look at. First we will start with the info.plist file. You can open this file with any text editor (xml formated file). This file contains the overall information regarding the ios device:
You can see in the screen capture above that this device name is “jimizphone”.
I know at this point you are thinking why is this stuff important. Well after some research and some reading I was able to find out what some of those files contained. Thanks to team over at hrgeeks in their great post here is some definitions of the files. These files are all .mddata files that can be viewed using a SQLite browser.:
Let’s review one of the files. I choose to look at the SMS log. This would be the most damaging file if someone could review what I have said. It could also be the target file for people looking for information (ex-wife, girlfriend, or business competitor). Using SQLite browser I did a select statement on the file “select * from messages” it returns records of text messages from the phone.
You can see from the image, that a record of all text messages was saved. I have not verified if the deleted items are saved but the information is clear enough. Your iPhone backup file contains in clear text your SMS text messages. It has the date, phone, message, and time stamp that can be searched.
Opening the contact list quickly allowed me to look at names and numbers that were stored on the phone. This could be dangerous for people who don’t want that information shared. A person would not need physical access to their phone, only access to their computer.
Armed with file name information you can also get other non-phone related information that may be stored by applications.
Facebook friend list – 6639cb6a02f32e0203851f25465ffb89ca8ae3fa
I did a quick check, and I was able to see all my facebook friends information (cell phone, email are hashed) but names and contact are available. This is interesting in that you can gather information outside of the phone that could be used against you.
So with a little information and a simple tool you can get a lot of information from an iPhone / iPad backup.
To view the email accounts accessed or setup on the phone you can view this file in a text view application:
Here is a list of all the photos in this post:
I’ve got a few hacking items I need to eventually get to.
First I’d like to make a Pirate box. I think the concept is great for parties, groups and overall travel. Pirate Box (http://wiki.daviddarts.com/PirateBox)
I also have not used my pineapple in a while. If you are not familure head on over to hak5 to read. http://www.hak5.org/store/wifi-pineapple-version-2
I’ve demo’d this for a lot of people who are interested in hacking. I need to update the tools on it.
I recently decided to keep my new years resolution and get more life insurance. Now that there are 4 children running around at our house it is important that they are taken care of in the event that I pass away.
I listen to Dave Ramsey and he is a believer in term life insurance. I would have to agree. Term insurance is basically that. You are buying insurance for a duration of time. In my case I decided on 20 years. The amount of time when my youngest would be independent.
To start the process I decided to also follow Dave’s advise. I contacted Zander Insurance.
A quick online form filled out and a confirmation email. Let me review prices and setup an appointment to get a health screen. So far the process has be inexpensive and painless (unless you are afraid of getting a blood test)
The only thing I would recommend against is going to other insurance sites. After my original quote from zander I decided to do a google search and do another online form to get a quick quote. That was a mistake, I’ve been getting spam for the last 2 weeks.
I use Filezilla as my main FTP client. It is a wonderful tool for ftp, ftps, scp (sftp) and other transfer protocols. I am getting a new laptop and needed to transfer / backup my settings. I have a lot of sites stored and did not want to go looking for all the username and password information.
Filezilla allows you to backup your information and transfer it to a new system. To do this you need to:
1. Open Filezilla
2. File | Export
3. select (export site manager entries and export settings)
4. Save the XML file to your hard drive.
This backup contains all your site manager information. It also stores your password in the clear. If you look at the XML file you can see the
If anyone has suggestions please let me know.
So today I updated my iPhone to 4.3.2 and Jailbroke it again. I always get asked why I jailbreak. The simple answer is because I like to hack devices. The more to the point reasons are the cool customizations. The business reason is simple, MyWi it allows me to make the device a wifi hotspot and always have internet where ever I go.
I used the redSn0w process to jail break. You can follow this process it is for 4.3.1 but but can work with 4.3.2 if you download the proper IPSW version. Lifehacker always has hst up to date version of the files.
My intial attempt failed. This is because I did not follow the steps for x64 and modify the affinity for redsnow.exe and set to cpu1
I also did not run redsn0w.exe as administrator. To do that you just need to right click on the exe and select (run as administrator)
These steps are all in the instructions. Have fun and enjoy if you do decide to jail break. Drop me a note with your experiences. I
I have not jailbroken my iPad yet. I do know this version will not do the iPad2
Update: I got a note from someone asking if I backed up my iPhone prior to jailbreaking. Yes, I used AptBackup for the jailbroken apps and did a lot of system file copy with ssh.
I went to a coffee shop today to do some work. Update a few documents and get some random things I have been putting off. As always I log onto the coffee shop wireless and connect to my VPN. (read other articles here and here).
After completing the items I had set out to do. I took some time to do some poking around on the wifi. Since wireless is basically you sharing a network with others, it is easy to see what people are doing. I used a simple nmap query to see who my neighbors are.
That scan showed me 5 active people and their IP. It also let me know that the router had HTTP running. Since I already knew the PC names and what ports they had open. (some one had a web server running). I decided to look at the wireless router. To my surprise it was running DD-WRT, my favorite router firmware. DDwrt is a very powerful router firmware that can turn a basic wireless router into a great device.
However there are a few settings you need to understand when using DDWRT. One in particular is to disable the default status page for unauthenticated users. This page shows a lot of information that you don’t want snooping people like me to see. Things like:
Not only was this on but I was able to also see the other computers on the network (with out doing a nmap scan). So everyone who had connected in the last 2 hours pc was listed on this page. I decided to push up a pic. My pc is called TP2.
This is scary to me because someone took the time to use a great opensource Firmware but not the time to properly secure it. It is also interesting to see the number of android devices that were using the wifi. I guess the same is true for iPhone devices.
I can’t stress this enough, when on public wifi use a VPN. If you don’t have one. Head on over to wifi-vpn.com and subscribe or purchase.
The other item on the list is BT, that is the backtrack vm that I started to do some network sniffing.
I have a few servers that I help maintain or use for VPN access. I have found on a few machines that when I use VPN to secure my connection at a coffee shop or any other public WiFi that some sites will not load. I have seen this issue before when using PPTP but had never taken the time to investigate. Sites like Digg would just not load. After a lot of investigation I as able to see a few obscure issues with the mtu size. The default PPP0 interface MTU size was 1396
Output of ifconfig:
ppp0
Link encap:Point-to-Point Protocol inet addr:192.168.240.1 P-t-P:192.168.240.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3
After some google searching I was able to see that my eth0 MTU was set to 1500. To correct the issue I increased the PPP0 MTU size to 1492. That change allowed the sites to load.
Manually change the MTU:
sudo ifconfig ppp0 mtu 1492
I was unable to find a clean permanent solution to keep this set. I tried the /etc/ppp/options and options.pptp. The work around I created was to modify the MTU size on the first PPP connection. I used the ip-up.local file to make this change on every PPP connection. The ip-up file is executed once a PPP (vpn) connection is started.
I added the following line to ip-up.local
After these changes every connection will set the mtu to 1492. This corrected my issue with browsing some sites.
I can now surf the web and get to any site.
What browser do you use. I’m a chrome user. Have been for about a year. The features that draw me to chrome are the very simple view with tabs, easy search by the address bar, and sync of the bookmarks. Also, did I mention speed.
These great features that set chrome apart are not part of both IE9 and the new Firefox. I’ve read the reviews of each and decided to try them for myself. I have to say that I’m impressed.
So far I’ve found that the good features (download manager, minimal window size, and speed) have all been addressed by firefox and ie9.
In terms of reasons to use a browser, I’ve been in love with firebug on firefox for a long time for development. however, recently I’ve been using the inspect element in chrome as well.
In my own personal test I was taken by the performance of FireFox. It appeared to run faster and open quicker than before.
Though I’ve started using FireFox as the default browser for the last 2 days, I have also been using ie9.
IE9 has incorporated a lot of nice features from both FF and chrome. I even like the on browser modal notification for downloads and issues.
Overall both browsers have succeeded in adding new features, being faster, more secure, and more of a minimal feel. Can’t wait to see what else is coming.
I am frequently creating Visio diagrams to use for software development or web applications. I typically use the built in elements and icons. Recently I have found it difficult to find some items that I would like to have in my designs. The great team and group over at OSA (www.opensecurityarchitecture.org) have many tools to both help with designs but also elements in the designs.
If you are not familiar with OSA I would recommend looking at some of their patterns or their library to understand how this great group can be useful. They help both visually display IT standards but also security standards.
Recently I have been using their Creative Commons released Icon set to help in my designs. Simple icons like padlocks, wifi signals, users, and servers. Not only are they good looking but it is very functional. It never hurts to have a design that is both elegant and useful.
About Me