Tales from Room 641A

March 9, 2010

Can I getta Vroom Vroom?

Filed under: Uncategorized — Tags: Firewall, Ford, Mobile Security — Josh @ 12:43 pm

I remember a day when it used to be firebirds on the road.. not firewalls. I do wonder.. and hope dearly, that there is an air gap separation between the in car wifi systems and the actual vehicle systems. One can just envision driving down the road, and suddenly, your car speeds up, slows down, and a voice comes over the in car phone ” Credit card number or the car won’t stop!”

Ok.. Ok.. a wee bit movie plot threat, but there are so many vectors and threats this could open. Anyone have a new ford I can play with?

Comments (0)

March 3, 2010

XKCD

Filed under: Uncategorized — Tags: Sysadmin — Josh @ 11:08 am

Oh How true

http://xkcd.com/705/

Comments (0)

February 3, 2010

China has the Root!

Filed under: Uncategorized — Tags: China, Root Certificate, security — Josh @ 11:17 am

China’s Root Certificate Authority

For such a short article, this creates some major questions.

Let’s begin..

1. This is the general information from the CNNIC:

China Internet Network Information Center (CNNIC), the state network information center of China, was founded as a non-profit organization on Jun. 3rd 1997.

CNNIC takes orders from the Ministry of Information Industry (MII) to conduct daily business, while it was administratively operated by Chinese Academy of Sciences (CAS). Computer Network Information Center of Chinese Academy of Sciences takes the responsibility of running and administrating CNNIC. CNNIC Steering Committee, a working group composed of well-known experts and commercial representatives in domestic Internet community supervises and evaluates the structure, operation and administration of CNNIC.
CNNIC INFO

So where the original article states: “CNNIC is said to be controlled by the Chinese government” is correct.

So, with the Chinese Government now controlling a root certificate, what is to stop them from performing man in the middle attacks?

BUZZZ- Stop right here and read Gerv Responds

If the hijacking is done “on a nationwide scale”, then someone should be able
to produce some actual evidence of it. Download the bad cert, email us a copy,
and we will act.

How would you like it if I locked you up or fined you because I thought you
were a criminal and didn’t want to “wait until the foreseeable crime happens”?
CNNIC is innocent until proven guilty – an important cornerstone of justice. If
their abuses are as widespread as you say, then producing evidence to prove
them guilty should not be difficult.

Gerv

A very valid point by Gerv, there are more and more of us…. security minded individuals out there. Surely if a Government was going to mIm, one of us would notice it. Unless of course the government has control of the entire countrywide network and can do client-side /server-side ssl for every connection it wants to watch.

Idea works like this:

Client wants to access https:\\bobmarket.cn. They fire up their mozilla browser and tap it in.
That ssl hand shake goes out across the network until it hits the router or router 1 hop outside of bobmarket.cn’s POP. At that location, a piece of network gear(possibly a load balancer, or just an SSL accelerator box) initiates the client-side SSL with a certificate signed by the CNNIC. Encrypted Tunnel to the SSL Accelerator Established, and the client thinks the tunnel is to https:\\bobmarket.cn.

Now comes the fun part, the SSL accelerator then forwards the unencrypted traffic to the real front-end of bobmarket.cn, and initiated the SSL handshake there, using bob’s real certificate. Traffic flows, everyone is happy, and the information is decrypted for anyone to read.

ISSUES with that scenario- What is bob returns a packet along a different route, not through the same SSL accelerator that has the encrypted tunnel. That packet would hit the client and be dropped, as the client doesn’t have a session with bob. Perhaps stateful SSL Accelorators on all the connections into bob?

Please point out other issues as you see them, I’m not the end all be all of security.

Comments (0)

December 3, 2009

SETI – School machines…. Criminal Alien Seeker?

Filed under: Uncategorized — Tags: ADMIN, Installs, SETI — Josh @ 2:29 am

School admin resigned over SETI Installs

So the School district has police looking for potential criminal charges? As I understand, his position was: Information technology director. Therefore, can he not authorize any and all software for district installs?

Another article states that he “had permission from a previous administrator”. If that is true, it just goes to show how important documentation of authorization is.

Was the installation of SETI software a on an entire district worth of computers wrong? Possibly
Did it cause the district to lose money or have to replace systems at a faster rate? Possibly
Is it worth a resignation? Not in my mind, perhaps a slap on the wrist and an uninstall of all the installs, but resignation.. a little much eh?

Comments (0)

December 2, 2009

Off topic, but it just gets me.

Filed under: Uncategorized — Tags: Chan — Josh @ 12:39 am

So I was cruising 4chan looking for some new off the wall pics or gifs. (always have some good ones) when I saw a mention of a place called 12chan. I made the mistake of looking it up.

Let me preface by saying I support freedom of speech and net neutrality, but.. I can’t support this.

http://www.encyclopediadramatica.com/index.php/12chan (wiki-esk explanation of 12chan , not official!)

12 chan seems to be a channel devoted almost entirely to pedophiles. How it continues to operate without issue, is somewhat of a mystery to me. While channels such as this exist, the exploitation of children will continue. (if need exists, someone will supply)

The current IP reports assigned to the Netherlands (Amsterdam to be precise), and the dns name is registered to a man in Australia.

Domain ID:D129541584-LROR
Domain Name:12CHAN.ORG
Created On:26-Sep-2006 02:35:26 UTC
Last Updated On:13-Nov-2009 00:30:20 UTC
Expiration Date:26-Sep-2011 02:35:26 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:43937107-NSI
Registrant Name:Trevor Issac
Registrant Street1:37 Tranquility Cct
Registrant Street2:
Registrant Street3:
Registrant City:Helensvale
Registrant State/Province:Queensland
Registrant Postal Code:4212
Registrant Country:AU
Registrant Phone:+1.61413590441
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:

I just don’t get it. I can understand the want for some to look at adult images/videos on the web. But what is it about the illegal and somewhat sickening images of the 12chan and boards like it?

What can be done? Are we truly helpless in this internet world?

Comments (0)

November 30, 2009

Filed under: Uncategorized — Josh @ 1:18 pm

Its that kind of monday!

Comments (0)

November 27, 2009

Filed under: Uncategorized — Josh @ 3:50 am

XKCD… How right you are. Sorry professors, but you know it’s true! :-p

Comments (0)

November 23, 2009

TSA

Filed under: Uncategorized — Tags: Chicago, CYAS, security, TSA — Josh @ 10:57 pm

Schneier on TSA

Good evening fellow hat wearers. After a recent trip to Seattle, I have a little security venting to do. My flight plan was home to chicago— chicago to Seattle.

My flight to chicago was rather uneventful, enjoyable even. Arriving in Chicago, I made my way to the transfer gate. As we lined up like cattle to enter the pen, I noticed 3 TSA agents and a little push cart by the door.. oh whatever could be happening?

On the loud speaker ” We will begin boarding now… and the TSA will be doing random screenings of carry on luggage” Great…

In Short.. Yes I got picked. Yes I made it through fine.

To vent: The TSA inspection was pure CYAS (Cover Your Ass Security). The inspection was an opening of one of my backpacks zippers, glancing in, and waving me on. (note: my pack has no less than 5 different zipper compartments, and was loaded with wires and electronics) A true waste of time and resources.

Comments (0)