All posts by bob

A brief Kevin Mitnick tangent…

Taking a brief break from actual studying to take in some Kevin Mitnick. Kevin was an important figure in my younger days. I was associating with hackers and phone phreaks as early as high school. I was naturally curious, and very interested in technology and computers. Two exploits stand out in my mind.

In one, I social-engineered someone into sharing his Compuserve password with me, then logged in, changed the password and stayed online for two days straight, downing pitchers of powdered iced tea and eating peanut m&ms in bulk.

The other was far more serious. It’s probably a bad combination to have an interest in, and knowledge of, phone phreaking, and land a job at a telephone answering service. Somebody I knew knew somebody, and somehow I ended up working at a small answering service in the Wheaton, Maryland area. At first, everything was fine, I was excited to have a job and get paid.

Gradually, I let my guard down and began to take advantage of the situation. First, since I worked alone on weekends, I’d have my girlfriend over and get a little carried away in between calls. Second, I realized that the newer equipment, which did not have dialers or touch-tone buttons, nevertheless had a dialtone. I used the click method of pulse dialing and was able to get calls to go through. At my young age, I was naive enough to think that if it was an incoming-calls only line, then any outgoing calls made on them fell somehow outside the system and would never be noticed, tracked, or more importantly, billed.  I was wrong, oh so wrong. After making a number of calls to recorded information lines, some of them international, just because I could, I was brought into the office to discuss the matter.  It turns out that since it was an incoming calls only line, that did NOT mean that calls didn’t count. It meant that the customer did not choose a long distance service. I mean, why would they?  And do you know what happened when a customer did not choose a long distance service?  It happened to default on a very expensive service.  So the answering service got a very expensive bill, and invited me to explain what I did, why I did it, and most importantly, how I did it.

Apparently, they had worked out some sort of arrangement with my parents and the local military recruiter, and agreed that if I would talk to the recruiter, they would not press charges.  I talked to the recruiter, who told me I could be anything but a truck driver.  I was close, perilously close, to joining, when I realized that they COULDN’T force me to join; that there was no relationship between their threats and reality, or between law enforcement and the recruiter; and that by entertaining the recruiter, I had fulfilled my side of the bargain. I walked, and was never charged.

I kept a much lower profile after that, plus I found other interests to keep me out of the hacking and phreaking world for a while (girls, punk rock, girls, etc.).  But when the Mitnick thing happened, I was both aware and understanding. What happened to Kevin was very similar to what happened to a friend of mine. With my friend, he got arrested for LSD possession. When uninformed or aggressively corrupt agencies make drug busts, things can go wrong. He was charged with the entire weight of the LSD PLUS the medium on which it was delivered, which made it look like WAY more LSD than it actually was.  Similar to Kevin, accused of information theft in the many millions of dollars range, as though by merely looking at source code he can invalidate all of the R&D money that went into creating it.  I stand by my analogy.

I also went to at least one 2600 meeting in the general time period as the big bust happened at Pentagon City Mall — that notorious event which appears to have been orchestrated by the Secret Service where a bunch of hackers’ personal gear was confiscated. Though I wasn’t at that meeting, thank goodness. And I don’t think I was really close with any serious hackers. I read the magazines, I learned the tricks, but I had other things going on that prevented me from being a full-on lifestyle hacker.

Fast forward to now, when I’ve been in an infosec position for over nine years now, and performing infosec roles for significantly longer than that.  And this weekend, I finally got around to watching the 2600 film Freedom Downtime, a documentary about the Free Kevin movement, and about the terrible ordeal that Kevin had to endure, unfairly and unconstitutionally, because of the hype that a few people built up around him. There’s an extended interview with him as well from 2003, after things had cleared up for him.

I’m also reading his books. The Art of Intrusion has some great stories of exploits.

A few years back, I picked up one of his business cards somewhere. It’s a metal business card with an actual lockpick set cut out and ready to break off and use.  Genius.

Once I finish this book, it’s back to the studying grind for me. I just wanted to share, because reading and watching films about Kevin brought up memories of my own youthful hacker experiences.

Kindles are stupid; also, a review of “Basic Security Testing with Kali Linux 2” by Daniel Dieterle

I recently picked up “Basic Security Testing with Kali Linux 2” by Daniel Dieterle. Because of the price, I ordered it on the Kindle instead of a hard copy.  Plus I liked the idea of working tutorials with the Kindle rather than a book that needed to be held open.

Working through the book was engaging and fun. I followed along with the tutorials and the external download recommendations and continued tutorials, and enjoyed several exploits along the way.  It really helped to solidify my understanding of some of the tools in Kali, and when to use which tool.

I’m considering the intermediate book next. However, I’m confused by the Amazon listings.  According to Amazon, the Basic book was published in May 0f 2016, but the Intermediate book was published in November 2015.  I’d hate to think I’m buying an intermediate book that was already out of date…  So I’ll do some more research before pulling the trigger on that.

Meanwhile, I have a number of other security books in various digital formats: .pdf, .epub, etc.  I thought it would be useful to convert them to be usable on the Kindle.

Not as straightforward as one would suspect, and not as straightforward as vendor and open forums would lead oine to believe.

First, I copied all of them in their respective formats to the Documents folder on the Kindle.  Turns out, there are specific file types that are preferred by the Kindle.  So next, I converted them all to .mobi files and reuploaded them (via the USB cable, which is called sideloading).  They still did not show up on my home screen, which I was led to believe they would.

So I did some research.  Turns out, a lot of people have this problem. Some claim to have resolved it by converting the documents to .azw3 format, by uploading them one at a time, by performing strange sexual rituals with their kindle, or you get the idea.  There is no consistent solution that seems to work for everyone.

Beyond that, some say it’s not a problem at all, the Kindle just “needs time to index them.”  And you can find this out by searching your Kindle for a random string of characters. When you get no results found, click below on “Text in Books” to determine how many “Items Not Yet Indexed” are on your Kindle.  I currently have 23 books on mine that have not yet been indexed.  There does not seem to be an interface to manage or force the indexing.  Some say indexing takes minutes, others say hours.  Probably depends on the size of your books.

Actually there is a way to sort of force indexing.  Mount the Kindle via USB, go to <Drive:>\System\Search Indexes and delete everything in there, then eject it.  Now instead of 23 items, I have 53.  Yay.  Going to leave it like that for a while and see if that properly reindexes everything.

And… nope.  Indexed everything that was already there, but still hasn’t recognized the new content.  Fuck Amazon and their stupid-ass Kindles.

UPDATE: Finally found a post that mentions that sideloaded documents show up when you click “Downloaded” on the home screen.  How annoying and stupid.  They don’t show up under “All” — only under “Downloaded.”  Wouldn’t common sense tell you that “All” includes “Downloaded?”

I understand that Amazon has an incentive to make it more difficult toi upload non-Amazon material; after all, that’s their bread and butter. However, I’m not at all interested in spending a not-insignificant amount of money re-buying a number of books I already have.

Until I can resolve this issue, I’m far less likely to invest in Amazon Kindle content.

Kali Linux dumbassitude (on my part)

So I burned a recent copy of Kali Linux onto a stick, and was playing with it, then I decided I wanted a more permanent installation, so I went to one I had installed on a VM prior, without realizing that it was the older version.  I was wondering why apt-get update, apt-get dist-upgrade, and apt-get autoremove involved SO MANY PACKAGES and was fucking things up every time.

Turns out the image I had in my VM ISOs directory was 2016.1, and everywhere else was 2016.2.  I don’t even remember exactly when I downloaded that older version.  Couple hours wasted, should be back on track shortly.

Meanwhile, I found someone local who might be interested in putting together a local 2600 meetup.  That’s exciting.  Been a long time since I’ve been to a 2600 meeting.

Expanding X10 security systems limits and functionality with Raspberry Pi

I was initially happy with my X10 security system years ago.  It performed all the functions of a professional security system for a fraction of the price.  X10 components generally exhibit questionable manufacturing quality, but they’re cheap enough that it’s feasible to maintain spare parts and still stay “under budget.”

As time moved on, however, and computing power became more and more affordable, I started to take another look at X10 security.  Sure it’s dated, mostly losing market share to Zwave and other players. But there are still some rock solid components in the X10 arsenal.

I originally had the Protector Plus PS561 security console, along with the original 9-pin serial interface.  At some point I upgraded to the SC1200 security console and the CM15A USB interface. The SC1200 supports 16 security “zones,” comprised of door/window and motion sensors. That is its limit, as a self-contained unit, with no expansion.  I’m going to show you how to easily improve drastically upon that, limited only by your imagination and creativity, for almost zero investment beyond the initial expense of the console, interface and sensors.

I started with a Raspberry Pi 2B, freed up when a model 3 was purchased.  I installed mochad and Jim’s CM15A controller demo and made sure they were up and running first.  Once I could get responses from mochad, I knew I was making progress:

# echo ‘st’ | nc localhost 1099

should return a list of detected sensors.

At first, I worried I would have to write a daemon to monitor traffic on port 1099 to detect events in real time. When I realized that that entailed programming-wise, I put it off and used a periodic poll to port 1099 and parsed the results instead.  Once the results are parsed, they can be inserted into a database for monitoring sensor status and logging details. Later, I realized that mochad includes a Perl script, mochamon,pl, which demonstrates how to poll mochad (actually, MULTIPLE instances of mochad, if you so desire) for real time results, which is what I was looking for, for triggering purposes.

This is where the game gets fun.  Without a programming platform and mochad, you’re limited to the X10 console’s interface and its limits.  Since the X10 sensors generate their own random 6-byte identifier and transmit those by RF, and mochad detects all RF transmissions received by the security device, this means that with a little bit of work, you are no longer bound to the 16-sensor limit provided by the console interface. In fact, once you get your system programmed to your liking, you can deregister ALL of the sensors from the console and have your platform with mochad doing the heavy lifting.  You can even cheat the system, apparently, and send X10 commands directly to piggyback on the security console’s alarm using the “panic” command (and hopefully “disarm” when needed — this process needs testing).

More importantly, you can write your own logic and flow, and add external interfaces.  Maybe I want to be notified by SMS on certain events. Maybe only when “armed.”  Maybe I want to be able to “arm” and disarm the system via SMS. Maybe I want to use security events to trigger other Pi units in the house to start capturing video.

As you can see, adding mochad and a Pi to your existing X10 security system can turn your system into a state-of-the-art security portfolio, limited only by your imagination and coding skill.

2017-03-18 Update: Since writing this article, I have discovered that the console is no longer necessary at all.  So you can REALLY cheat the system. WIth just a CM15A and a bunch of sensors, you can create your own customized security alerting system using mochad and a Raspberry Pi.

So I’m totally enraptured by the new Chris Robinson track, Narcissus Soaking Wet

And I’ve been trying to decipher all of the lyrics, but I’m stuck a bit in the firs.t verse…  Great googly moogly, how the rest of it resonates, though.  The album comes out in July, if the rest of it is as good and as heavy as this, I might have to give up my worldly possessions and follow Chris around the planet.

Sour flowers grow, ripe and pink
__________ receives the day, to ______Thunder born and lightning days
Natural magic, mystic ways
The poorest known withstands the (way? weight?)
Oooh, let’s get inside (get inside)

Narcissus soaking wet, lost, but doesn’t know it yet
He has failed to see his true reality
Now he will remain a ghost
Chained to what he loves most
Cast away under pale skies
Oooh, let’s get inside (get inside)Hey baby, your temple or mine

Untethered, unbound, state of grace sold by the pound
If it falls let it crumble to the ground
Burn the commune down

How soon we forget the time that we spent
it comes at great expense, expectations and rents
Kiss the dice, let them roll, all our stories have been told
One million times, one million ways
Oooh, it’s all the same (all the same)
Hey baby, you know there ain’t no shame (ain’t no shame)

Untethered, unbound, state of grace sold by the pound
If it falls let it crumble to the ground
Burn the commune down
Burn the commune down

If there’s somethin’ you don’t know, you better ask somebody
If there’s somethin’ that you need, you better look around
If it’s love that you’re after, well you better listen
Said if you lived here, you’d be home by now

You said you’re gonna get yourself together
Get straight what you, said what you tangled up
And if you think that’s going to be easy
All I have to say, is oh, you shit outta luck
I mean look at all these pieces you’ve got to pick up
Pick ’em up.

Untethered, unbound, state of grace sold by the pound
If it falls let it crumble to the ground
Burn the commune down

Untethered, unbound, state of grace sold by the pound
If it falls let it crumble to the ground
Burn the commune down
Burn the commune down

2016 Day 1

First day of 2016 was somewhat productive as far as goals. Walked a couple of miles, played an hour of guitar, and spent time contemplating the structure of short- and long-term goals. So far I’ve got the following:

Walk or run 1000 miles this year. Today, 2/1000.
Play music 2 hours per week = 104 hours. Today, 1/104.
No smoking. Today, 1/365.
CW practice, 2 hrs per week – 0/104.