SSL problem, it wasn’t me!

broken keyI just assumed that the problem was related to my recent SSL renewal.  Turns out, Google security recently published Distrusting WoSign and StartCom Certificates and removed them from chrome.  How did I miss this?  It turns out that the SSL on my site has been broken on Chrome for some time.  It must be that I have been using Brave recently as my daily browser.  I moved this site to letsencrypt.org and it’s working fine for everyone now.  I don’t even know how much time I waisted on this one.  wow.

Ubiquiti’s USG router steps up with dual wan support!

I was very excited to discover this feature listed in my Unifi controller today.  You can now repurpose the VOIP port to act as a WAN2.  The ironic part is that i don’t believe the VOIP port serves any actual VOIP function as of yet.  I’ve been recommending these USG routers since I learned of their existence. Unfortunately a lot of my clients want dual WAN and until now, the Unifi Security Gateway fell short.  No longer, Ubiquiti has a really great product line with the Unifi.  I am continuously discovering great new innovation with the latest update to their software, firmware, or cloud platform.  I have been waiting for this!

Unifi WAN2 option

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to created some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.

Just participated in my first podcast for Hart Attack!

It was fun, we talked about technology, hacking, and corporate oppression.  Unfortunately, there wasn’t time for hope.  I’ll have to come back on to explain that it’s not all doom and gloom.   Episode 117 airs on Saturday evening.  Downloads available sometime after here.  Here is a link to more shows:

Hart Attack Home

Hart and I have worked together for some time.  He is a mogul of all things horrific.  Now he takes on the horror of the modern day with a political/news podcast.

Defcon 2016 photos and videos

Close ups of my much coveted badge.  Some hardware and base stations of the wifi village.  Both Information Society and Berlin played on Saturday night!  Shot a video of an amazing demo from the Car Hacking Village.  A car modified to play games instead of driving.  Also, the best of my flight home.  Some great pictures of Hoover dam and some of the solar farms and mesas as we few home.

defcon 2016 badge closedefcon 2016 badge chipdefcon 2016 wifi villagedefcon 2016 wifi village 2 
Continue reading “Defcon 2016 photos and videos”

Playing with screenshots & Snapchat

You think you can beat it? (snapchat screenshot detection) Snapchat is a popular multimedia chat app with an allegedly vanishing history. Users can send pics or videos and set an expiration in seconds. After viewing the content for the prescribed duration… poof, it’s gone.  I was bored and playing with my wife when I noticed that the app sends an alert to the sender when their message is captured using iOS’s screen capture function. I was actually impressed with the forethought. Unfortunately, that impression did not last long.  It took me less then 20 minutes and only 3 messages to take advantage of Snapchat’s prebuffering to capture the message permanently without revealing that I had even viewed it. I did this all with the latest Snapchat on the latest iOS on a stock iPhone 6s+ (no jailbreak).  Honestly I find this kind of thing in a lot in applications not designed specifically for security.  Non authenticated data is sent before the authentication for speed or some other performance reason that negatively impacts security.  Kinda like client side authentication, sure there is a reason for it, but that doesn’t make it a good idea.  I am certainly not the only one to figure this out.  It seems that the basics of this method have been known for at least a year.

UPDATE (6-15-16):  Tested again with newest Snapchat app.  still working.