Stepping back into Wireless Security

wifi-crack Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2).  At the time, I assumed the Nest app talked directly to the thermostat.  Not true.  It just needs internet to talk to it’s servers where it receives the commands and preferences from the app.  Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network.  First, I needed to asses which devices, like the Nest, would be unable to make the transition.  Luckily, most of these devices don’t need anything more then internet access.  One was moved to a hard line and the last attached to a Radius capable wireless bridge.  I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!

Continue reading “Stepping back into Wireless Security”

SSL problem, it wasn’t me!

broken keyI just assumed that the problem was related to my recent SSL renewal.  Turns out, Google security recently published Distrusting WoSign and StartCom Certificates and removed them from chrome.  How did I miss this?  It turns out that the SSL on my site has been broken on Chrome for some time.  It must be that I have been using Brave recently as my daily browser.  I moved this site to letsencrypt.org and it’s working fine for everyone now.  I don’t even know how much time I waisted on this one.  wow.

Ubiquiti’s USG router steps up with dual wan support!

I was very excited to discover this feature listed in my Unifi controller today.  You can now repurpose the VOIP port to act as a WAN2.  The ironic part is that i don’t believe the VOIP port serves any actual VOIP function as of yet.  I’ve been recommending these USG routers since I learned of their existence. Unfortunately a lot of my clients want dual WAN and until now, the Unifi Security Gateway fell short.  No longer, Ubiquiti has a really great product line with the Unifi.  I am continuously discovering great new innovation with the latest update to their software, firmware, or cloud platform.  I have been waiting for this!

Unifi WAN2 option

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to create some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.

Just participated in my first podcast for Hart Attack!

It was fun, we talked about technology, hacking, and corporate oppression.  Unfortunately, there wasn’t time for hope.  I’ll have to come back on to explain that it’s not all doom and gloom.   Episode 117 airs on Saturday evening.  Downloads available sometime after here.  Here is a link to more shows:

Hart Attack Home

Hart and I have worked together for some time.  He is a mogul of all things horrific.  Now he takes on the horror of the modern day with a political/news podcast.

Defcon 2016 photos and videos

Close ups of my much coveted badge.  Some hardware and base stations of the wifi village.  Both Information Society and Berlin played on Saturday night!  Shot a video of an amazing demo from the Car Hacking Village.  A car modified to play games instead of driving.  Also, the best of my flight home.  Some great pictures of Hoover dam and some of the solar farms and mesas as we few home.

defcon 2016 badge closedefcon 2016 badge chipdefcon 2016 wifi villagedefcon 2016 wifi village 2 
Continue reading “Defcon 2016 photos and videos”