Sunday, July 31, 2005
Airlink AR315W - update
Using infrared to hack a hotel
Hotel TV systems are the most serious target from a privacy standpoint because they are connected to databases that contain information about guests.
Laurie said the vulnerability lies with how hotels have implemented the backend of infrared systems, placing control of the system at the user end, where the TV is located, rather than at the server end with administrators.
Laurie found that the backend systems in many hotels around the world don't have password protection or other authentication schemes to prevent unauthorized users from gaining access to them through the TV. And they fail to use encryption to protect data as it's transferred and stored.
The only hardware an intruder needs is a laptop running Linux, an infrared transmitter and a USB TV tuner. Laurie said the attack can also be performed using the infrared port built into many laptops.
Monday, July 25, 2005
SSL handshake process
- Client sends in a ClientHello message with the version number of SSL the browser uses and the ciphers and data compression methods it supports.
- Server acknowledges with a ServerHello message. This message contains a session ID and the ciphers and compression schemes that the server and client have in common.
- Server sends its public key encapsulated within its certificate
- Server concludes the negotiation with a ServerHelloDone message
- Client sends a ClientKeyExchange message that it created using the server's public key. It contains the session ID chosen by the client. This session ID is encrypted by the client using the server's public key.
- At this point both the server and the client send the ChangeCipherSpec message indicating to each other that they are ready for encrypted transmission
- Both send Finished messages containing the digest of the communication so far.
- Handshake complete. Secure session established.
Since the client initiates a communication, it is the clients responsibility of proposing a set of SSL options to use for the exchange.
This is the application layer security. You could be trying to login into your bank's site, or might be trying to purchase something from Amazon. This process happens everytime a new secure session needs to be established between your client (browser) and a server. Pretty much the entire ecommerce between end-users and online businesses depends upon this..
Saturday, July 23, 2005
Airlink AR315W router sucks
I spent around 2-3 hours trying to install this Airlink AR315W router, but couldnt get it to connect with my Verizon DSL. Googling or Yoddling (searching on Yahoo) didnt help much either. All the links that came back, are from link farms which are filled with Google ads. No luck :(
I tried both, PPPoE as well as Direct connect options, but they always came back with "No connection". In my older Netgear router, I didnt have to enter a username/password for the PPPoE connectivity. But the Airlink router asks me for a username/password. So I had to dig up my records to find it. Anyways to cut a long story short, even with the username/password, it didnt connect.
I tried calling their support. After the phone rang 15 times, I got the voice mail with a message stating "All our representatives are busy dealing with other customers, please leave your name, brief message and number. We will get back to you". I havent heard from them since morning. The airlink folks dont even have any support forums or message boards. Even the manual didnt contain any elaborate troubleshooting steps. Goddamn.
Lesson #1: Always buy stuff from reputed brands. Never ever fall for cheap stuff.
Friday, July 22, 2005
Gentoo installed finally
Now comes the tough part of installing: Apache, Java, PHP, Perl, Tomcat, CVS, MySQL etc etc. Might even install a wiki.
At this point I am not sure, how would I keep up with the security patches from the Gentoo dev guys. Need to figure out that one.
Wednesday, July 20, 2005
Finally installed Gentoo
|BGP, FTP, HTTP, HTTPS, IMAP, IRC, NNTP, POP3, |
RTP, SIP, SMTP, SNMP, SSH, SSL, Telnet, UUCP, ...
|Transport lr.||DCCP, OSPF, SCTP, TCP, UDP, ...|
|Network lr.||IPv4, IPv6, ICMP, ARP, IGMP, ...|
|Data link lr.||Ethernet, Wi-Fi, Token ring, FDDI, PPP, ...|
|Physical lr.||RS-232, EIA-422, RS-449, EIA-485...|
Gentoo, et tu?
I thought, I had found nirvana in Gentoo.. but seems like all other things in Linux, this one too needs late night tweaking to get it to work. Aaah, I am exhausted.
Tuesday, July 19, 2005
Airlink wifi router with WPA for cheap
I did a Google search on the adapter and didnt see any horror stories, so went ahead and ordered it. As far as I can tell, its a great deal and would give you WPA protection besides faster speed with 802.11g - 54mbps, than 802.11b. Check out one of earlier entries on how to protect your network using WPA
I will blog about how well it works after I install it and try it out.
One more thing, they are also selling a 200 GB harddisk with 5 year warranty for under $60 bucks. Go for it, while it is cheap. I plan to use it as my Network Attached Storage. (I once paid $100 for a 512 MB hard disk waaay back in 1998)
Greasemonkey RIP, atleast for now
I guess, this all started out when Joe Gregario wrote an article in XML.com about putting his private key in the Greasemonkey script to decrypt secure content.
So one thing to keep in mind is not to jump on something which promises to be cool and secure, without letting it get tried and tested by the world out there. Same is said about security algorithms also. Dont try to invent your own algorigthm. Use an existing one.
Monday, July 18, 2005
What is a Honeypot
Honeypots are designed to capture any activity that happens, so that it can be later played back or analyzed to protect other more valuable machines in the network. Honeypots are used for detection, prevention and also to learn various hacking approaches.
Honeyd is a Honeypot program that creates virtual daemons on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.
So all you budding hackers/crackers out there. Next time you "break" into a system, dont consider that to be something boastworthy. You might have broken into a honeypot and all your activities might have been recorded, without your knowledge.
Saturday, July 16, 2005
Gentoo on my server - II
Expect the posting to be light until I get Gentoo installed. (hopefully over the weekend).
Most spam contains a virus
Monday, July 11, 2005
kedrosky.com snapped up by domain squatters?
Registrar Name....: Register.comI used to read his blogs regularly. Too bad, now its gone.
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com
Domain Name: kedrosky.com
Created on..............: 09 Jul 2001 10:00:00
Expires on..............: 09 Jul 2005 13:05:11
Kedrosky & Assoc.
1400 - 700 W.Pender Street
Vancouver, BC V3K1K7
Phone: (604) 638-2525
Sunday, July 10, 2005
Gentoo on my new server
I settled on Gentoo after reading a couple of reviews. The power of Gentoo is the flexibility it offers the user to select and choose whatever the user wants to install, without forcing it down the users throat like some other friendlier distros. Aah, finally I can install some package with full control of what goes along with it. Ofcourse, this means that the installation goes a lot slower and is a much more conscious effort for the user. Gentoo forces the user to choose each option along the installation path. The documentation that came along, explains why we need to do what we need to do and gives some fundamental knowledge about the same.
I'll probably post a review once I am done installing it. So far so good.
Saturday, July 09, 2005
Useful netstat command for windows
netstat -b -v -o -n -a
Here is what the options mean:
- -b : Displays the executable involved in creating each connection or listening port.
- -v : When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables.
- -o : Displays the owning process ID associated with each connection.
- -n : Displays addresses and ports in numeric form.
- -a : Displays all connections and listening ports.
Thursday, July 07, 2005
Setting up Apache webserver as a reverse proxy
Here are the steps to setup an apache server as a secure ssl proxy
Basic 2.0.50 Apache setup: (for a higher version of apache, replace you version number string from the setup below)
- Download Apache 2.0.50 from: http://apache.roweboat.net/httpd/http-2.0.50.tar.gz
- Become 'root' user
- Extract all files from the gz archive
- gzip -d -c httpd-2.0.50.tar.gz | tar xvf -
- Setting up ssl-aware apache
- cd apache-httpd-2.0.50
- ./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-ssl--enable-proxy --enable-proxy-connect --enable-proxy-http --enable-rewrite
- make install
- Now start your httpd server
- /bin/apachectl start
- Test installation by typing http://localhost
- Now stop httpd server
- /bin/apachectl stop
- Configuring Apache for SSL Proxy support
- Add the below specified lines to your apache config located in /conf/httpd.conf
- LoadModule proxy_module modules/mod_proxy.so
- LoadModule proxy_connect_module modules/mod_proxy_connect.so
- LoadModule proxy_http_module modules/mod_proxy_http.so
- Add the proxypass directive
- ProxyPass /abc https://someotherserver
- Get a "real world" certificate from verisign or thwate or someone else and install it into apache
- mkdir /conf/ssl.key
- mkdir /conf/ssl.crt
- cp real-world.crt /conf/ssl.crt/.
- cp real-world.key /conf/ssl.key/.
- make sure you specify the correct servername in the ssl.conf (located in /conf/ directory)
- Add the following line to under the in the ssl.conf
- SSLProxyEngine on
- Starting apache with SSL enabled configuration
- To start apache with ssl enabled :httpd -D SSL
- Test installation by typing https://
Secure your proxy server !!!
Wednesday, July 06, 2005
Google map hacks
Tuesday, July 05, 2005
Bypassing mail attachment blocking filters
This is mainly done for security reasons. In the past few years, the network admins have learnt that viruses and/or spammers trick the users into clicking on executable stuff in the mail and then take advantage of buffer overflow exploits.
So what do you do if you really really want to send someone an exectuable attachment? If you use PGP, GPG, or S/MIME to encrypt your mail before sending it out, then it would sail right past the mail attachment blocking filters.
ps: If you want a free personal digital certificate to use S/MIME, check this out from Thwate: http://www.thawte.com/html/COMMUNITY/personal/index.html
Copyright Anand Jain 2004, 2005. All rights