Network Equipment Default Passwords

Over at IOError.org,
Aes has put together a pretty cool database of the default usernames
and passwords for a whole host of network equipment.  When you
turn up at that new work site only to find that you can’t log into anything,
you could do worse than looking up the make and model and giving the
defaults a try!

Check out the list here.  Don’t foget to let Aes know how you get on!

Alternate Lego Building Techniques

I always found that the problem with Lego was that although amazing things could be built, they never fell down in a realistic manner.

With my brother we did the creative destruction using bangers, but this tended to be 1) very loud, 2) damaging to the lego and 3) bloody dangerous to life and limb of 10 year olds. Nevertheless, fireworks did prove an effective way to destroy traditional lego buildings (Video anyone?)

At playtimes, therefore, the object was to decide if either construction or wanton destruction was the object of the play and modulate the build technique accordingly.

Using common 4×2 lego bricks, it’s possible to make constructions that behave in a far more dynamic fashion when blown up \ knocked down \ hit with toy cars. My problem as a kid was always that lego buildings were brill in every respect in every way except for those temporary constructions made only to be creativly destroyed.  creative, realistic destruction and lego don’t go together.  Here is presented a breif ananlysis of other methods for building with lego to construct more deformable buildings.

Use explosives
Pretty effective technique for reducing lego buildings to constituent parts.  Carries side effects such as extreme noise,  bloody dangerous and tends to both leave scorch marks on the lego and break the parts into smaller pieces than intended.  Much smaller. Many of what are now my sons lego blocks carry residual burn marks from my own experiments as a youngster.

Sideways block building
The technique is simply to ensure that the building rests together.  make the walls by having the studs on the side.  Looks best when the studs face outwards.  Interlock the blocks like normal.  Use short blocks.  If you are patient, use ‘thinnies’ like 6×1 or 4×1.  insert doorframes and windows in the correct orientation.  use the long technics bars for joists.  Be patient with this method and it will pay dividends.

Sideways block building has the potential to provide the most realistic results.  It should be completely feasible to built 2 or 3 story buildings.  Fully sloped roofs will be hard though.  perhaps hybrid the technique with the playing card method.

At destruction time, you will like the results: those technics roof beams fall in a most realistic way. 

Playing Cards
In this Technique, use playing cards and 2 x 4 bricks on end to build large open structures which deform most marvelously.  Use the blocks sparingly: spared them out at the corners so that one brick can support 4 card corners.  Fill in the walls with upright blocks if necessary, but I find that huge carpark type building look great when open.

In the past, buildings of 20 floors with 6 packs of cards have been built and demolished. 

CD floors
Pretty much the same as playing card floors really, but use those AOL CD’s instead.  Pretty easy to build free standing structures as tall as a room: say 12 feet with no problem. Careful when it comes down: CDs falling from ceiling height can hurt a bit

Destruction Techniques
Apart from the earlier mentioned method for desposing of standard lego structures, I generally find that the best way to ‘blow ’em up’ is to chuck 2×2 squares at them.  these tend to cause just the right amount of damage without it taking too long.
More recently, I’ve been using a BB Gun equipped remote control tank.  Marvellous!

Harbin Snow and Ice Fair 2005

ImageThe air is so cold it freezes your stinging tears to your face; the sun
is so low it escapes to leave you in darkness by mid-afternoon; the
trees are so gray, barren, and hard they could be concrete; the river
ice is so thick it actually supports entire buildings.  This is
Harbin, China’s northernmost (and easternmost) metropolis. Over 17
years, as this eight-meter-high horse sculpture indicated, the festival
has grown in size, complexity, and elaborateness; where the snow
festival had a single massive sculpture before, a handful of these now
appeared.  This year’s snow festival was officially called “The
17th Annual China Harbin Sun Island International Snow Sculpture Art
Fair.” more

Mambo’s Developer Team Breaks with Miro

The developer team for Mambo, (the leading CMS which runs the TurboTas site), has left
the project over a dispute with Miro, the copyright owner. It seems Miro
setup the Mambo Foundation in a much different way than the developers
expected, as they explain in the story link.

The reason for this is the announcement
earlier this week that Miro was working on the ‘Mambo Foundation’. One
of the main reasons for this announcement is the fact that this
foundation was to be formed without consulting the actively involved
community members such as core developers, 3rd party developers,
translators, documentors, etc…

Since Miro hasn’t been active in the community at all for some time now, it seems they are just trying to cash the latest success of the CMS at LinuxWorld SF.

At the moment all ‘troops’ are gathering at www.opensourcematters.org, where it has become clear that the future of the CMS is secured.

The majority, if not all, active community members support the core
developers team in their decision and wish to release a first stable
version of the new CMS, formerly known as Mambo.

Go to the forums on mamboserver.com and you will see all kinds of
things happening there. The head developer sent a letter to the
community to let then know the status. See http://www.opensourcematters.org/ for the letter and all of the details.

Unix Lab at Bell Disbanded, Bye bye Dept 1127

In 1969, UNIX was created at Bell Labs.

For decades, the source of the AT&T dialect of UNIX
came from the researches of workers in department
1127.

When the "Baby Bells" split from "Ma Bell," department 1127 survived. When
AT&T and Lucent split, 1127 survived.

But the new reorg at Bell Labs finally breaks up what’s
left of 1127 entirely. Theory people will go to one place,
systems people to another, I’m told. I’m not sure what happens
to those who fall in neither camp. There was no malice, so far
as I can tell — just an administrative reorg forced by recent
cutbacks and layoffs and departures that left the whole research
area with too many managers and too few researchers.

Ken Thompson retired to California.
Brian Kernighan is a Professor at Princeton.
Doug McIlroy is a Professor at Dartmouth.
Rob Pike and Dave Presotto and Sean Dorward are at Google.
Tom Duff is at Pixar.
Phil Winterbottom is CTO at Entrisphere.
Gerard Holzmann is at NASA/JPL Lab for Reliable Software.
Bob Flandrena is at Morgan Stanley.

To the best of my knowledge, Dennis Ritchie and Howard Trickey
remain, enisled.

A former employee at 1127 remarked:

"My take is that 1127 probably reached Schiavo status when Rob, Presotto,
et al. fled west to Google.
"But it’s still sad to see the final demise, both of a
particular institution and as a further nail in the coffin
of the sort of research environment Bell Labs once represented."

That may be the worst effect. DEC Labs are gone. XEROX PARC
transmogrified into "Palo Alto Research Center Inc." on 4 January
2002. It’s a waning of research potential.

Ave atque vale, guys. "And thanks for all the fish."

Peter H. Salus

SCO LKP Module contained…. Wait for it… Linux Code

It’s really worth reading the Deposition of SCO Employee Erik W Hughes. He confirms that the Linux Kernel Personality
did indeed include Linux kernel code, and as a result, both UnixWare
7.1.2 and 7.1.3 included Linux kernel code until May of 2003.

Remember that to have done so such
inclusion would have to be under the GPL — yet the question that is
left unanswered, tantalizingly, by the deposition is this: in what way
was the Linux kernel "included" in LKP? Did the UnixWare kernel somehow
make use of the Linux kernel binary? If so, how — and would the use be
intimate enough to have created a "work based on the program" as the
GPL puts it? If not, how was the kernel "included"? Was kernel source
code reused in the UnixWare kernel, as one anonymous source  claimed ages ago? Firm answers to
these questions cannot be gained from this deposition alone, but IBM probably does know, and
we’re definitely getting warmer. And more and more, it looks like SCO’s
goose is cooked.


No wonder SCO is now talking about trying to
survive as a tech company even if they lose the litigation. It also is
now apparent why SCO tried to say the GPL is unconstitutional, void,
voidable, etc., anything to try to make it not be binding on them.
Please don’t anyone ever again tell me that we don’t need the GPL. Look
at the role this champion license has played in SCO v. the World.

Source: Groklaw

So how easy is it really to crack a WEP key?

I keep reading all those articles that decry Wireless as an insecure
pile of old pants.  I thought it would be interesting to actually
try and crack a WEP key just to see how easy it really is.

Generally I err on the side of caution so the traffic on my home
wireless network is also encrypted using SSL and there is a firewall to
prevent any old oik using my internet bandwidth.  I also use MAC
address filters and have any security options that my AP and NICS both
support turned on.

Nevertheless I though it would be smart to try out some wireless attack
techniques.  This is the first article of a series of Practical
Attacks.

I began with my home network up and running normally with my AP set
not to beacon, with 128 bit WEP enabled and a single workstation
running which I’m using to surf normally etc.  MAC level security is enabled so that only designated stations can talk.

The toolkit I used to undertake this project is Security oriented Linux
distro called Auditor.  In a second laptop with a supported NIC, I
booted the Auditor distro.

Once Auditor was booted and running, I made some writeable space I used
the ramdisk as it seemed pretty big.  Next I set up the wireless
card into monitor mode (this is the radio equivalent of putting the NIC
into promiscous mode: it captures averything).

The hack itself was a three stage process:

  • Start sniffing the network capturing packets to file
  • Start retransmitting sniffed packets to cause the IV count to rise
  • Once we have enough (100K+) IV packets, start a crack program to recover the WEP key using the sniffed packets as a source.

I started capturing to a file using the airodump program:

airodump ath0 capture.cap

As well as capturing to disk, the very handily showed the number of
packets captured and specifically the number of  IV packets
received.

Next I ran the aireplay program:
aireplay -i ath0
This began capturing from the network and displayed suitable packets to
transmit.  The trick I found was to select a packet vith the
correct BSSID and which was not addressed to the broadcast
address.  When the IV count did not start to go wild, I just
stopped aireplay and ran it again.

Aireplay caused me a few problems as every few hundred packets the
whole AP seemed to fall over.  The fix seemed to be to ensure that
the laptop that was using the AP remained nice and active and to limit
the transmit rate for aireplay.  Without this change the attack would not have suceeded as the IV count stopped rising.

After around half an hour of fiddling around I had 150K of IV packets captured, so I started the crack program:
aircrack -q 3 -f 2 capture.cap
Aircrack loaded the packets containing the IV’s and commenced a much reduced exhaustive attack.

When I say much reduced I mean that the WEP key was printed on the screen in a little under 6 seconds.

From secured AP to open network in less than an hour.  I guess
it’s now obvious that WEP is not man enough to protect your
network.  Don’t assume that WPA is any better though.  Check
back soon for for articles in this series: coming up soon is a long range attack using a high gain antenna.

TurboTas 2005

Disclaimer: Please note that I tried this technique on my own
network.  If you try this on a network which you do not have
permission to use, you risk prosecution!

125 Miles is the new 802.11b record

Four young amateur radio operators from Ohio were again dubbed world
champs of long-distance wireless networking at the annual DefCon WiFi
Shootout. These guys more than doubled the 55.1 mile record they set
last year. Way to go!

All day Friday and through the night Team PAD
braved rain, lightning and winds over 30 mph to setup and test their
equipment at their mountaintop base outside of Las Vegas, Nevada. On
Saturday July 30 at 11am they successfully made a 125 mile link using
802.11b and ran network applications with their remote team in the
mountains West of St. George, Utah.

Everybody Loves Eric Raymond Comic

Everybody Loves Eric Raymond is a funny, geeky comic strip sitcom about
a group apartment in which, inexplicably, Richard Stallman, Linus
Torvalds and Eric Raymond are all roommates. The jokes are ALL
free/open source software in-jokes, but they’re often very funny, and
the idea gets tons of bonus points for being so stupendously weird and
well-executed. Check it out via the IT Chuckles section here.

Michael Palin Travels Online

Image

Michael Palin

If like me you followed the intrepid Michael Palin in his numerous adventures on TV, you might be pleasantly surprised to learn that you can read all his memoirs from the trips online.  Alas, these are not ebooks which you can download, but this is still a really cool thing. Check them out via the eBooks Links here.

Another look for the TurboTas site

PHPNuke has been getting harder and harder to upgrade
recently.   although it’s OpenSource, a premium is required
to get the biggest, bestest, faster version.  Non payers have to
wait for a couple of months after release before they can download it.

While this works really well, and the ‘nuke authors certainly deserve
reward for their efforts, the need for cash is causing security patches
to be very hard to get for those without a subscription. 

I’ve decided therefore to kiss goodbye to phpNuke and move to something
else.  A quick trawl of the OpenSource CMS sites will show
literally hundreds of products now all of which perform a similar
function to PHPNuke.

In the end, I’ve gone for a CMS that I’ve not even used before called Joomla
One of the most powerful selling points has been that I’ve managed to
migrate the article and user data without massive effort.

Please let me know what you think of the new site.  Expect the layout to change over the next few days!

TurboTas July 2005

Google Celebrates 36th Moon Landing Anniversary

In honor of the first manned Moon landing, which took place on July 20,
1969, Google have added some NASA imagery to the Google Maps interface
to help you pay your own visit to our celestial neighbor. Happy lunar
surfing.  Don’t expect the API to work though: I already tried to add the Russian spacecraft and failed! more

Google Earth general release

Okay, so now we know what those google folks have been spending all
that IPO cash on. Google Earth is the next istallment of Googles GIS
suite. If you haven’t already seen it, imagine Google Maps with the
satellite images rendered in lovely panable, zoomable tiltable 3D along
with all the metadata you can shake a big fat stick at. Add elevation
data and a mini app which lets you set your own points of interest and
you and you have a truly awesome map tool. more

Paper Enigma Machine

Download this one-page PDF file & print. You can then cut out the strips, and build your own fully functional Enigma
machine. This machine is compatible with the original 3-rotor German
Enigma used during World War II. For simplicity it omits the "ring
settings" and plug board, but the primary workings of the machine are
captured in this model. Great as an educational tool more

HTTP Request Smuggling Vulnerability

Multiple vendors are vulnerable to a new class of attack named ‘HTTP
Request Smuggling’ that revolves around piggybacking a HTTP request
inside of another HTTP request, which could let a remote malicious user
conduct cache poisoning, cross-site scripting, session hijacking, as
well as bypassing web application firewall protection and other
attacks. CERT has ranked this attack and the associated vulnerabilties
found in multiple products as High Risk. more

Analyzing social networks from Enron email logs

Jeffrey Heer has taken the first steps in developing a very powerful
exploratory data environment for e-mail corpora, using the Enron e-mail
corpus as a motivating data set. The interface unifies information
visualization techniques with various algorithms for processing the
e-mail corpus, including social network inference, message
categorization, and community analysis. Though still in a developmental
phase, enronic shows promise as a platform for more tightly coupling
manual and automated data analysis. more.

Full Brain Simulation Courtesey of IBM

An effort to create the first computer simulation of the entire human
brain, right down to the molecular level has just been launched. The
“Blue Brain” project, a collaboration between IBM and a Swiss
university team, will involve building a custom-made supercomputer
based on IBM’s Blue Gene design. The hope is that the virtual brain
will help shed light on some aspects of human cognition, such as
perception, memory and perhaps even consciousness. more

Swim with the fishes without tanks

An Israeli Inventor has developed a breathing apparatus that will allow
breathing underwater without the assistance of oxygen tanks. This new
invention will use the relatively small amounts of air that already
exist in water to supply oxygen to both scuba divers and submarines.
The invention has already captured the interest of most major diving
manufacturers as well as the Israeli Navy. more

DARPA Grand Challenge Semis Announced

DARPA announced the 40 Grand Challenge teams selected to advance to the
National Qualification Event. The teams come from a variety of
backgrounds including universities, individuals, corporations, and a
high school. U.S. Department of Defense Joint Robotics Program (JRP)
offers free use of Autonomous Vehicle Practice Facility to all DARPA
Grand Challenge semifinalists. more

15 minutes to crack a WEP key

As if you needed any further warnings that WEP is rubbish, here is a
short demo of a wireless WEP attack. This is a very interesting
technique, where packets are injected to the access point, making it
release weak IVs. You’ll think twice about WEP after this! This is
really important: even though there is not much traffic on the AP, we
generate our own by replaying a single packet over and over again! more