Wardriving -- IN MY NEIGHBOURHOOD?

Sunday, 14 September 2008 20:51

access point hacking neighborhood security wardriving wifi
I can't believe it. Someone is actually wardriving around my neighborhood!

Arg - A My wife just informed me that this guy has been out side our house across the street for the past 3 days at the same time. This time, she noticed that he's on his laptop. I know there are about 6 APs here. 4 Of them are mine ;) I have two secured networks, one to my internal network, and a second directly connected to the internet - for testing. I have 2 more, one is a public wifi AP that hasn't been up in a while. And my fourth, I was playing with trying to setup a mesh network.

He wasn't on any of those.

I know that across the street there is a AP, I don't know anything about it though. And I've scene one other secured.

I'm going to grab some gear from work to track down the unknown unsecured wireless AP and get that secured - that way, I can control what this guy connects too. I'll take down my public AP for maintenance ;) Then, I'll setup my spare to my direct internet connection and leave it open for him. Of course, I'm not THAT nice - I'll ensure to log all traffic to see what I can see and if I'm around when he is, see if I can snag some details ;)

I'll be nice and post a sign on my window identifying that connecting to any public AP on my network is subject to my packet inspection and some other legalize. Not my fault he didn't take the time to read my AUP ;)

I'll post any updates later.
 

The boy who cried wolf - with a twist

Thursday, 11 September 2008 09:35

blog security twist wolf
In a time not so long ago, in a place not so far away, there was a boy. Part of this boys job included watching the fences around his fathers farm. This farm had a large number of chickens. Lots and lots of chickens. Some where bigger, some smaller. Some where so big they couldn't leave the farm even if they wanted too. 

On one particular day, it was identified that there was a hole in one of the fences. Not a big hole, but enough that a small wolf could get in if it so choosed. The boy ran to his father and yelled come quick - there is a hole! The father came out, looked at the hole and proclamed that it wasn't a big deal. The father sent all the workers home for the weekend and told them to fix the hole when they could. 

Time past. No wolfs entered the farm where the hole was but they saw that it was there. 

A few weeks later, the boy came running to his father again - there's a hole! This time is a was a bigger hole. The father came out and looked at it - said yes, its a hole. But at most, only a few chickens would be lost or hurt. He had a second person look at the hole and he said that he knew about the hole! He then went on to say that for this hole, it would require a wolf to get close enough to the hole, and a chicken to be close to the hole before any damnage would happen. So they desided to fix it later. 

The boy started to get upset. He wondered what was the point of looking for holes, when his father desided that the hole didn't matter. 

-- To be continued -- 


 

Restore a partimage backup to loopback

Sunday, 07 September 2008 21:57

dd how-to linux loopback losetup partimage
  1. You need a file to mount as a HDD device - using DD, the following will instantly create a file of SIZE Gigabytes: 
    • dd if=/dev/zero of=myharddisk.img bs=1000 count=0 seek=$[1000*1000*SIZE]
  2.  You need to make this file look like a block device (Choose a free /dev/loop device):
    • losetup /dev/loop0 myharddisk.img
  3. Start partimage manually from the command line, pointing to your loop device
    • partimage /dev/loop0 backupfile.000
  4. Remove the file from the loop device
    • losetup -d /dev/loop0
  5. Mount the new file on a directory
    • mount myharddisk.img /path/to/dir -o loop
  6. Enjoy the backup's files
 

Aggravation Rummy

Monday, 01 September 2008 10:56

aggravation cards how-to rummy
My wife and I are helping clean up my mom/dads house. In the process we found the rules to one of our favorite games: Aggravation Rummy.

This game requires 2 Decks and is played with jokers
Played with 3-7 players

Start by shuffling the two decks together. Deal 10 Cards to each player, and place one card face up. There are 7 contracts that must be filled before you can continue into the next round.

  1. 3 sets of 3
  2. 1 set of 3 and a run of 4
  3. 2 sets of 4
  4. 2 runs of 4
  5. Run of 4 and a set of 4
  6. 4 sets of 3 
  7. Run of 7 and a set of 3
Melding Rules
The above table shows the initial meld requirements. Having laid down your initial meld you can add more cards to your own and other players' melds in the same or subsequent turns.

In runs, aces count high or low but not both. J-Q-K-A and A-2-3-4 are allowed but K-A-2-3 is not. There is no rule against a player laying down two consecutive runs in the same suit, such as 3-4-5-6 and 7-8-9-10 of hearts, as separate runs, but once they are on the table separate runs must remain separate - runs cannot be joined or split.

A set can consist of any three or more cards of the same rank - identical cards can be included. A pair (needed for hand 14) is two cards of the same rank. There is no rule against a player melding two sets of the same rank.

Jokers and twos are wild. A set or run may contain any number of wild cards to substitute for missing cards, however it may not excide more then 50% of the original meld. The player must specify (if it is not clear) whether the meld is a run or a set, the rank of the set, and the rank and suit of a run. Wild cards once melded cannot be moved - a player who holds the real card represented by a melded wild card is not allowed to substitute the real card for the wild card.

Buying

When it is your turn, you are able to buy the face up cards. You can only buy the cards when you are able to lay down your meld, or use the card in an existing meld after you have already laid down your meld. The penalty for buying the card, is you much pick-up all face up cards in the pile.

Scoring
Play ends when a player "goes out" by getting rid of all the cards from their hand. This can be done by putting down all the cards in melds or by discarding one's last card. Each of the other players scores penalty points for the cards they are holding:

Wild cards (Jokers and 2s) 20
Aces 15
Picture cards 10
3s to 10s 5

At the end of the 15 deals, the player with the lowest score is the winner, the next lowest is second, etc.
 

Security? That's Obscure!

Monday, 18 August 2008 23:23

blog Rant security

Is it me? or has information security completely changed? Give you a bit of a background - I live, breath, eat and sleep computer security. I'm not one of those"masturbating monkeys" as Linus puts it (I was gonna write this blog post, before Marcel told me about his rant about security guys).

I do; Intrusion Detection, Protocol Analysis, Threat and Risk Management - I also do digital forensics etc. I get my hands dirty where ever I can. I'm not one to point out an issue, and say fix it - I prefer to get in there and work with the people in the know to fix the issue as well.

I commend Dan Kaminsky for the epic work done on the DNS flaw - I only wish I had of sent that email to him the 2nd day after the biggest co-ordinated patch release in history. I had almost nailed the issue.

But, that's not what this rant is about. I remember a day when security people were feared - if someone from IS was coming, it probably meant something you were doing was wrong - and you hoped they passed your desk onto someone else's. Now a days it almost seems as tho security is a joke. No back swing for me - I can just sit there and yell - "Somethings wrong!" till I'm blue in the face.. or say "hey, I gotta do this to make sure your safe". Even if there is no impact, no requirements, no nothing - We still get hassled about what we need to do.

Then - it seems as tho, it must be the next big carer boom - the market is flooded with these so called CISSP certified IS professionals. I can't stand them - I'm sure most of them can't even tell the difference between TCP and UDP. Let alone the fact that IPSec is a protocol just like tcp/upd/icmp/gre etc etc etc.

I'd like to see them figure out a routing issue that causes information leakage - or why an IDS can only see half a conversation. Arg.

Don't get me wrong - security needs to change from the police and fire to an EMS type job. Don't be there to police and put out fires. But be there before things happen making sure everyone is safe -- and when something does happen know how to deal with that, and the cleanup afterwards.

For those of you in IT - listen to you security people - not all of them want to stop you from doing things - just keep you safe. A good security person will not only tell you it's not safe - but help solve and make it safe - or at least explain why it's not safe and why there is no alternative.

Good luck, and don't play in the street - try the back yard as an alternative ;)

 

More Articles...

Page 7 of 16

«StartPrev12345678910NextEnd»

Main Menu

Login Form



feed-image Feed Entries

Who's Online

We have 6 guests online

Tags

This will be shown to users with no Flash or Javascript.

Geek Score

My computer geek score is greater than 97% of all people in the world! How do you compare? Click here to find out!

My Geek Code

My 2007 Geek Code (Degeeked)

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/CM/CC/IT d+(-) s+:- a- C+++(++)$ ULC++++(+++)$ P+(---)>--- L++++$ !E--- W+++ N+ !o K--? w-- O- M-- V-- PS PE Y+ PGP+ t 5- X+ R- tv+ b DI+++ D G e h---- r+++ y++++ *(reset)>reset
------END GEEK CODE BLOCK------