Status update:
I’m back in Vegas for Defcon and it’s going swimmingly. so much so that i might get some actual swimming in.
Thanks to the late night help of Professor Franklin i have improved and redeployed the Defcam!
Category: Software
Software
Status update:
With this last message Rex clearly considers the matter closed. I am offered no explanation or path to resolution. The only explanation is that they need to explain nothing. I am often referred to their terms of service.
The most baffling part is that i am left wondering how this is “for the security of all our users”? i mean, They allow for strangers to create new accounts all the time. i have already created an alternate Google Play account to buy the very software that started this mess. (This time, i have severed these devices ability to communicate with google. Good luck killing the apps now. mahahahaha!)
It seems Google has been tripping all over themselves lately. This latest demonstration of their own massive incompetence is just one more nail in their coffin. They provided zero protection, only huge annoyance to someone who was once a vocal advocate of their products and services. Goodbye Google.
Google Play support agent suggests waiting a year for problem to go away. (audio)
I have been struggling with a Google Play suspension. For some reason, google policy is not to discuss suspensions. period. Not even to resolve them. I have been battling with email and phone support for days, but this last communique was just too good not to share. In this recording, the Google Play support agent admits nothing can be done and suggests i wait a year for the problem to resolve itself. (edited to remove personal details and to shorten length)
New security updates overtake jailbreak advantages.
There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated. Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority. This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors. Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.
I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.
* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.
Open source artisanal iOS Jailbreak released using only grass fed locally sourced exploits.
A long time in the works, this is the first completely open source jailbreak to be released for an almost current version of iOS (11-12.1.2). This is an interesting jailbreak. It is semi-tethered, but unlike previous jailbreaks, this can at least be untethered from the device itself. Using Cydia Impactor, you can side load the unc0ver app and install the jailbreak directly from the app. it also allow the easy rejailbreak upon reboot or battery drain. Great work all around despite the remaining bugs and instability (it is still beta. Huge thanks to the efforts of @pwn20wnd and @sbingner). To be honest, there are very few tweaks and apps that are ready for iOS 12, but i am excited to see the tradition of jailbreaking continue. I have cydia again! For the first tine since I closed down my own cydia repo. C’mon developers, do you thing!
UPDATE: This problem was resolved in b38.
My laptop is dead. long live my laptop…
I am restoring my laptop to an iMac temporarily because I need it’s data and I don’t trust my backup being the only place that information exists. hopefully i’ll have this all resolved next week.
my Asterisk PBX is back!
After Google killed XMPP support for Google Voice, I no longer had a house phone. I was using my Google Voice number as a home phone and for the gate info our building. This lead to the whole system being ignored and neglected. By the time the SD card gave up the ghost, even the backups were in poor shape. I rebuilt the whole system fresh from the latest RasPBX dist and it’s working better then ever. Bought a real DID so i could continue to use Google Voice on our handsets at home. It’s great to have my Asterisk back.
art, Culture, hardware, Internet, Raspberry Pi, Recreation, retro, revolution, Science, Security, Software, technology, Travel, Wi-Fi
Back to reality after another amazing DEFCON!
I met a pile of incredible people. Bought some amazing toys (for science), some i’ve even got working. Saw some talks and demos. Talked to some of my heroes and listened to even more. I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives. I played with the ECU of a fake car! now i just have finish building the DarkNet Badge! enjoy my pictures. The hat data is still being analyzed. I’ll try to build something out of it eventually.
I just got this very funny error on an ancient system!
I am guessing that Symantec in 1993 did not expect anyone to be using this software 25 years later. Little did they know, I would want to repair the file system of an ancient emulated system.
Hosted Unifi controller with Let’s Encrypt SSL!
UPDATE: this is all outdated, go here.
I have been consolidating some of my sites onto a single hosted Unifi controller. Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller. second frustration, java. once you get over that, it’s super easy.
I had some issues with the initial migration. i ended up having to start over. handy command to remove unifi controller with all it’s configuration and data. apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.
Getting started with SSL, I learned mostly from here. First create a CSR with unifi through command line…
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>
this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/). Now we need to feed the CSR into certbot. Note that at this point, i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for. Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der
Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller. Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.
Continue reading “Hosted Unifi controller with Let’s Encrypt SSL!”