Shmoocon 2006: Wi-Fi Trickery or How to Secure, Break and Have Fun with Wi-Fi

Shmoocon 2006: Wi-Fi Trickery or How to Secure, Break and Have Fun with Wi-Fi: "Shmoocon 2006: Wi-Fi Trickery or How to Secure, Break and Have Fun with Wi-Fi

Franck Veysset and Laurent Butti, both from France Telecom R&D, presented several proof-of-concept tools at Shmoocon that use 802.11 raw injection. The first is Raw Fake AP. The original Fake AP is a script that generates thousands of fake access points. It is easy to spot because of tell-tale signs like the BSSID showing the AP has only been up for a couple milliseconds. Raw Fake AP tries to generate legitimate access points by modifying BSSIDs and sending beacon frames at coherent time intervals.

Raw Glue AP is designed catch probe requests from clients scanning for a preferred ESSID. It then tries to generate the appropriate probe responses to keep the client occupied.

Raw Covert was the final tool. It creates a covert channel inside of valid ACK frames. ACK frames are usually considered harmless and ignored by wireless IDS. The tool is really basic right now, there is no encryption and it doesn’t handle dropped frames."

(Via hack a day.)

LZMA challenge

LZMA challenge: "Today Steven committed the LZMA port and unlike bzip2 the algorithm doesn't seem to be patented. I have to admit that I was very impressed with the performance of the compressor after Todd showed me his results. The only downside seems to be the time it takes to compress something. Decompression speed is about the same as gzip or bzip2.

The issues at hand here are that this code is GPLd and is written in C++ for added obfuscation. What would make this algorithm very useful is if someone could write an actual free BSD licensed version with the exact same API as libz. In other words create a drop-in replacement for libz.

If you intend to take on this challenge, here are some guidelines:

* BSD licensed
* written per style(9)
* Written in C
* Should have a full regression test
* It should follow the OpenBSD coding and design practices

Happy coding!

Update: I should have done some more research. I was incorrect about bzip2 being patented. I searched the patent offices and only found references to it as being public domain. My bad, sorry for the confusion. Thanks to tedu to bring this to my attention."

(Via OpenBSD Journal.)

Toshiba’s HD DVD Players

Toshiba’s HD DVD Players: "

In March Toshiba will bring their new HD-AX1 and HD-A1 HD DVD players to the American market. They will play HD DVD discs as well as DVD discs, upconverting the latter to 720p or 1080i (over HDMI) if you so wish. Using HD DVD discs, the player can play back native HD in 720p or 1080i, also over the HDMI output.

The new HD DVD players will output copy-protected HD content through the HDMI interface in the native format of the HD DVD disc content of either 720p or 1080i. Through the HDMI interface, standard definition DVDs can be upconverted to output resolution of 720p or 1080i to complement the performance of a HDTV. As the conversion takes place in the player, the signal remains free from excessive digital-to-analog conversion artifacts.

SACD and DVD-Audio seem to be getting nowhere, and now HD DVD offers another hi-res audio option, with the inclusion of DD+ and DTS-HD.

The lossless mandatory formats include Linear PCM and Dolby TrueHD (only 2 Channel support is mandatory). The TrueHD format is bit-for-bit identical to the high resolution studio masters and can support up to eight discrete full range channels of 24-bit/96k Hz audio. Another lossless format (specified as an optional format) is DTS-HD. This employs high sampling rates of up to192k Hz.

Both models feature built-in multi-channel decoders for Dolby Digital, Dolby Digital Plus, Dolby TrueHD (2 channel), DTS and DTS-HD. The HD-XA1 employs the use of four high performance DSP engines to decode the multi-channel streams of the wide array of audio formats. These high performance processors will perform the required conversion process, as well as the extensive on-board Multi-Channel Signal Management including: User Selectable Crossovers, Delay Management and Channel Level Management.

The new HD DVD players can pass digital information to a Surround Sound Processor/Receiver via S/PDIF or HDMI. For Dolby Digital and DTS, the bitstream will be passed through both connections just as in a standard DVD player with the same interfaces. Dolby Digital Plus and DTS-HD content will be converted to a standard bitstream format that is compatible with any processor equipped with decoders of the respective formats and output through S/PDIF and HDMI. Additionally, all the audio formats for either DVD or HD DVD will be decoded to PCM and output via HDMI in either stereo or multi-channel.

The HD-AX1 will retail for an MSRP of $799.99, while the HD-A1 will go for $499.99. Let the HD war begin!

HiddenWires - Toshiba Introduces Line-Up of First HD DVD Players for the U.S. Market

Tags: HDTV, HD+DVD

"

(Via HDBlog.net.)

RPM Rollback in Fedora Core 4/5

RPM Rollback in Fedora Core 4/5: "

Fedora Core 4/5 uses yum for package management. yum is build on top of rpm, and pirut, pup, and yumex are graphical interfaces built on top of yum. Together, these tools provide a simple-to-use, powerful package management system.

One of the least-known secrets about rpm is that it can rollback (undo) package changes. It can take a fair bit of storage space to track the information necessary for rollback, but since storage is cheap, it's worthwhile enabling this feature on most systems.

Here are cut-to-the-chase directions on using this feature:

To configure yum to save rollback information, add the line tsflags=repackage to /etc/yum.conf.

To configure command-line rpm to do the same thing, add the line %_repackage_all_erasures 1 to /etc/rpm/macros.

Install, erase, and update packages to your heart's content, using pup, pirut, yumex, yum, rpm, and the yum automatic update service.

If/when you want to rollback to a previous state, perform an rpm update with the --rollback option followed by a date/time specification. Some examples: rpm -Uhv --rollback '9:00 am', rpm -Uhv --rollback '4 hours ago', rpm -Uhv --rollback 'december 25'.

(Via .)

LinuxDevices: Free Software Telephony Stack Gains Commercial Support

LinuxDevices: Free Software Telephony Stack Gains Commercial Support: "A company has launched with the goal of providing commercial support for a telephony stack comprised entirely of free software..."

(Via Linux Today.)

Apple Nearly Moved to SPARC

Apple Nearly Moved to SPARC: "taskforce writes 'Sun Microsystems Co-Founder Bill Joy claims that Apple nearly moved to Sun's SPARC chips instead of IBM's PPC platform, back in the mid-1990s. From the article: 'We got very close to having Apple use Sparc. That almost happened,' Joy said at a panel discussion featuring reminiscences by Sun's four cofounders at the Computer History Museum. An account of his entire presentation can be found on Cnet.'"

(Via Slashdot:.)

Gmail Mis.delivered

Gmail Mis.delivered: "An anonymous reader writes 'Google doesn't make many mistakes but when it does, boy, are they doozies! The latest is that Gmail doesn't care about periods in usernames. So mail sent to anonymous.coward@gmail.com is also delivered to anonymouscoward@gmail.com, even though these are two separate mail accounts. Google admits Gmail doesn't see periods, but no word on a fix yet.'"

(Via Slashdot:.)

Excellent Script to Backup MAC to a *Nix Machine

: "
#!/bin/sh

REMOTEHOST=host.to.backup.to
REMOTEPATH=/home/$USER/backup/directory

BASEDIR=`dirname $0`
cd $BASEDIR
LOGDIR=$BASEDIR/logs
LOGFILE=`basename $0`
/sbin/ping -t2 -rq $REMOTEHOST >& /dev/null
if [ $? -eq 0 ] ; then
LOADAVG=`ssh $REMOTEHOST uptime | sed 's/.*average: ([0-9]).*/1/g'`
if [ $LOADAVG -eq 0 ] ; then
test -d $LOGDIR || mkdir $LOGDIR
if [ -f EXCLUDES.$USER ] ; then
rm -f $LOGDIR/$LOGFILE.3
test -f $LOGDIR/$LOGFILE.2 && mv $LOGDIR/$LOGFILE.2 $LOGDIR/$LOGFILE.3
test -f $LOGDIR/$LOGFILE.1 && mv $LOGDIR/$LOGFILE.1 $LOGDIR/$LOGFILE.2
test -f $LOGDIR/$LOGFILE && mv $LOGDIR/$LOGFILE $LOGDIR/$LOGFILE.1
logger -i -p daemon.notice -t $LOGFILE 'Starting backup to '$REMOTEHOST''
rsync -e ssh -axv --exclude-from EXCLUDES.$USER --bwlimit=100 --delete
--delete-excluded --stats $HOME/ $REMOTEHOST:$REMOTEPATH > $LOGDIR/$LOGFILE 2>&1
tail -2 $LOGDIR/$LOGFILE | logger -i -p daemon.info -t $LOGFILE
else
echo No $BASEDIR/EXCLUDES.$USER
fi
else
logger -i -p daemon.notice -t $LOGFILE 'Load average on $REMOTEHOST is $LOADAVG - aborting'
fi
else
logger -i -p daemon.notice -t $LOGFILE 'Host is not on local network - aborting'
fi"

(Via MAC OS X Hints.)

Securelevels useless?

Securelevels useless?: "Several people wrote in about Jason Miller's article
How not to respond to a security advisory
in a SecurityFocus opinion column. The short version is that a
recent advisory shows that root can temporarily replace system immutable files (see
chflags(1)) by mounting over them.
That's not a shockingly new discovery (some people would even expect that to be the case), but Jason took offense in Theo's
vendor reply, which reportedly was 'Sorry, we are going to change nothing. Securelevels are useless.'.

Taking that statement literally, Jason concludes that OpenBSD should completely remove its
securelevel(7) implementation.

One obvious different interpretation would be that system immutable guarantees what the man page says, namely 'An immutable file may not be changed, moved, or deleted.', and not that it guarantees any read access will result in approved data. And there are other uses for securelevels besides chflags, and they need not all be equally useless. Or are they?

"

Nessus 3.0 on Ubuntu 5.10 (Breezy)

Nessus 3.0 on Ubuntu 5.10 (Breezy): "

I for one have no particular problems with the fact that Nessus has gone to a closed source model from version 3, with the exception that this means I can’t run Nessus on some of my platforms of choice (ie, Gentoo Linux). However, since a package is available for Debian 3.x, I wondered if it would work on Ubuntu.

"

(Via Security DevCenter.)

My security predictions for 2006 (finally!)

My security predictions for 2006 (finally!): "As I promised, my security predictions for 2006 are posted. Make sure you use them to make fun of me come next year! :-)"

(Via Security DevCenter.)

Anonym.OS: an OpenBSD Live CD for Anonymity?

Anonym.OS: an OpenBSD Live CD for Anonymity?: "Saad Kadhi writes:

Wired recently published
Anonymity on Disk, an article about using an OpenBSD-based Live CD called Anonym.OS and which was unveiled during Shmoo Con.

According to the Wired article, Anonym.OS will modify the 'network fingerprint' of stock OpenBSD to make it look like Windows XP SP1 (duh!). Moreover, it uses Tor which may result into slow performance.

See http://theory.kaos.to/projects.html for more information."

(Via OpenBSD Journal.)

My Second Post

Alrite people this is my second post
But now im gonna start really posting..

Will put up some of my favourite links here..