Orange Pi One

Got this little board a few weeks ago, for the cheaps. From what I have read it is a capable computer in a very small form factor.

I don’t know what to do with it just yet, need to look at the pin-out diagram to see what I have to play with and what is available in the form of expansions.

Maybe I will just hook up the small SDR dongle through USB together with a GPS and let is suck ADS-B out of the air. Or perhaps listen to POCSAG, the 380 – 395Mhz TETRA band, slurping data. Maybe just use the dongle for it’s intended purpose, catch DVB-T signals and display on the small 14″ POS screen.

Anyhow, need to think a bit about this.

Wifi Pineapple Mark II

I connected my Wifi Pineapple Mark II to the network and googled some for password recovery as I had not been able to log into the box, I bought it second hand and wanted to explore, but there was no documentation available as much of the documentation had been updated to reflect modern versions of the Pineapple.

I managed to get in .. but then it timed out, I don’t know why yet.

I was playing with the idea of porting the Improbinator script I wrote for the ESPduino to emulate lots of devices, spraying the air with probe frame requests, but I need to get into the box first and get a foot hold.

Fun thing: colleagues talked about somebody at the office planned to hold a session, discussing Wifi and security .. I’d like to show up with a Mark II and Mark V and explain what Improbinator does and Karma on the V.

Firmware upgrading an old Linksys WRT54GL

home network

I have a pretty simple network at home and internet services are provided through a ethernet TP/RJ-45 jack in the hallway where no computers are located we put the blue boxes in a cupboard. The office, a few meters away is connected over wifi via an extender which also converts to wired ethernet.

This morning I checked if there were any firmware updates available for the Linksys WRT54GL v1.1, which had firmware version 4.30.14 or lower dated pre-2015, there was a more recent update from the Linksys updates pages, at version 4.30.17 (ETSI) for hardware version 1.1.

Downloaded it and flashed it, waited for the device to come back up … it never came up.

Moved it into the office and hooked it up directly to the small wired network and were able to reach it, reconfigured some bits and restarted it a few times. The radio/wifi part seems to be dead after the upgrade but everything else works. Finalized the reconfiguration and shut it down, moved it back to the cupboard in hope of having shaken up the bits in the box enough to have it working again. Radio/wifi still dead.

Rumbled through a few boxes and dug up the other Linksys WRT54GL, connected it in parallel with the other one and added a wire between them to bridge them together. It’s almost back to a state before the upgrade attempt, except the radio and wifi.

To Linksys: please spin out a new update, so I can revive the wifi. I’m holding back update of the secondary device until you have done this.

Update: I contacted the Linksys support through their chat option, chatted with a technician for about 15 minutes and it got solved! The solution was embarrassingly simple; toggle the channel from 11 to 4 .. SSID appeared and when connected I had internet access. I had tried that several times, even with cold restarts in between. Well, now happy customer. This WRT54GL box was bought in 2007 and I could still get support for it, serial number was legit and in their rolls.

The Nintendo NES Classic Edition

I happened to see a tweet floating by, a friend asked if anyone was interested in buying her Nintendo NES Classic Edition, I thought for a second or two .. I was interested! Requested approval from wife and got it!

Since I had never owned a NES console, just played at friends places and thought our 3+ year old son would enjoy it, I replied back, “I’m interested”.

One or two days later, I picked up the console. It spent another two or three days on a shelf as I did not have the energy to unbox and hook up the system, tough week.

This morning, a Saturday morning, I unboxed and connected the system, played a few games, some muscle-memory still present and it was really fun. I have not had the time to try out all games yet, it’s packed with 30 games where I have played most of them but not all, some are “new” to me. I have not touched a NES console, the original, since around early 90’s.

Tried to teach son to play Pacman, his attention span is too short and within a minute he was doing other things.. but at least I have the console and it will be used the next couple of weeks. Hopefully he will eventually discover it and spend some time on it, enjoying the games.

The only downside with this little console is the length of the controller cable, too short, will get an extension cord and possibly by another controller + extension cord.

Passwords in Enterprise settings

You are presented a login prompt, asking for a username, you enter your username and are presented with the password prompt, you type your minimum 1 uppercase, 1 number , 1 special character and hit enter when you are at somewhere between 8 and 16 characters in length.

You have this password chosen because you remember it and as it rhymes with the password policy in place.

Imagine close to 90 machines, isolated little islands, where each password change timer has been started the first login or latest occasion you changed password, where these close to 90 machines are provided by different vendors, with different password policies, which have not been presented to you and each and every time you are forced to change password have to come up with a new long and easy to remember password with upper case, lower case, numbers and special characters .. and fail against the password policy.

Last time, on my sixth (6th) generation of passwords, where 2017&RedFireTruck was too simple or too short, I pretty much lost it. 17 characters, mixed upper and lower case and special character .. that is according to GRC: Password Haystacks, a search space of 4,225,684,238,917,218,534,300,824,429,126,495 combinations to brute force.

I emailed the vendors and asked for a description of their password policies and why I had to rotate passwords every 60 or 90 days and why authentication where not federated with LDAP to simplify authentication. No answer. None what so ever.

This is situation that CREATES bad security; long very complex passwords you need to change often, post-it notes with passwords are unfortunately common in offices and defeats it purpose of being secure.

As this article from Naked Security: NIST’s new password rules – what you need to know where NIST’s report has been summarized, condensed into human readable form, with good advice about how to achieve good password hygiene.

My personal belief is that passwords should be long and complex to a certain degree, where you either by muscle memory or by heart can remember your password without much thought, password changed should forced if suspecting breaches or leaks – a good password is a good password until broken, not by some administrators 40 to 90 day cycle. Check the above link to GRC as there is a strength-meter where you can test a similar to what you would use as a password – you should not test real “production” passwords as they could leak or sniffed by browser extensions.

The future is 2FA or MFA, Two-factor authentication or Multi-factor authentication. Either keyfob or Authenticator-applications on smartphones, SMS is dead.
Keyfobs spit out (usually) 6 digits on a small display, which you have to type in before they change, Authentication-applications work similarly but can also present you a notification dialog where you chose “Approve” or “Deny”, there is several flavors and the ones I have tested is Google Authenticator, Azure Authenticator, LastPass Authenticator and DUO Authenticator – all of them work similarly and requires a little bit of set up, but when you are done authentication is a breeze.

SMS-codes are dead. Even if sent as Flash-SMS (the ones that show up without the need to open app to read them) there is still a built-in TTL of 72 hours for delivery, within mobile networks there is actually NO real guarantee that the message will be received within these 72 hours. Also, since SS7 gateways has been found on the internet with no authentication, where messages can be read or redirected with little effort, there is no way of telling if bad guys are getting SMSs. SMS are sent in clear text, unencrypted and have no tamper-checks.

I’d like to see a wider adoption of Yubi-keys or similar, small hardware USB-dongles that emulates keyboards that can work in several modes depending of configuration, either spit out the same string over and over when you push the little button, or it can spit out a OTP, one-time-password on button-press.

To implement any of these methods on Linux-machines, there is PAM-modules available already. For Wintendo-machines I’m not so sure, but there is most probably implementations available as well.

Vendors seems to be out of touch with current information and methods. Or do not have means to implement changes until something really bad happens, like a breach or leak, but then it’s too late, the damage is already done and intruders might have gained footholds in the infrastructure. In such a case, all machines would need to be re-installed from scratch, from known verified physical installation media. Even that might be too late, there is usually updatable firmware in many parts and components of a computer, where (theoretically) malware could be hidden. A catastrophe waiting to happen.

Out of rage, when not being able to use the new fairly complex password to change password, I padded it with YourMomSucksDonkeyBalls and it didn’t complain when my new password had the length of about 40 characters or more.

I work with Enterprise customers and their business critical systems, I have several times attempted to get some information about each vendors password policy but they have never been able to present it to me, either they do not have them written down, only the admins know or it is for some reason secret.

Improbinator – My first ESPduino project

I committed my first ESPduino project to Github the other day, ESPduino – Improbinator.

ESPduino – Improbinator – Flood of faked 802.11 Probe Request Frames

Background: Living in a town with about 20 wifi-probes mounted on walls in the city center, which collects 802.11 Probe Request frames to measure and map visitor flows through the city kicked off the idea that I could dilute and skew the measurements by flooding the devices with a controlled stream of nearly-real looking but obviously faked probe request frames.

OUI Data: Collected by war-walking sessions around town and other cities and countries – both for client and router OUI’s.

It’s an open project, you could send pull requests or fork the project.

ESPduino

Yup, got myself an ESPduino which is a combination of an Arduino-compatible with an ESP8266 on-board.

This will be the platform for my little project, where I aim to run interference to disrupt the WiFi-based visitor-counting system the local town has installed.

As preparation I’ve been walking around town, trying to identify and photograph the installed devices and I have found 6 or 7 this far, rumor says they have 15-20 devices installed around busy walking streets and squares. I have also done some research and happened to find that a friend has been involved in a similar project previously, through my research I got a bit better picture of what they are doing and how their measurement of visitors/people are moving through town.

With my ESPduino and some clever coding, I can spray the air with faked frames, to make it appear as many people are walking by, through lists of popular OUI prefixes I can generate millions of what looks like genuine phones with WiFi from popular brands, with some focus of a particular fruit brand. This will probably screw up and skew the measurements so much that the data they collect will become pretty much useless.

I’m guessing the setup will be simple, after deploying the code to the ESPduino, the hard work is pretty much done, now the fun starts. With a powerbank of reasonable capacity, you could run the ESPduino for hours. As broadcasting the same MAC-addresses over and over would not be very useful, the program would change a few of them every minute, if you got 50 faked MACs and 5 of them got changed every minute, it would look like a busy street, people coming and going. This is going to be parameters you can tweak in the program.

Why am I doing this? Well, there is the privacy angle, I do not like to be monitored, I think I should be able to walk through the city without becoming a number or a hash in a database somewhere unless I participate with consent. All smartphones today has WiFi and unless you turn it off when leaving your home, you can and will be tracked and some point or another, most people aren’t even aware of this fact and won’t even give it a thought. I want to protect them as well as myself by throwing grit into the machinery, to make the tracking data less valuable as they can not trust it completely.

Furthermore, I aim to release the full source code along with a list of OUI-prefix, so everyone interested and able, can roll their own configuration in their copy of the source code, to minimize the risk of duplicate entries at the same time. Source code with instructions on how-to setup, configure and run the ESPduino.

Makerspace Västerås

Yesterday I did something I’ve been thinking about a lot the last couple of months, I started the Facebook group Makerspace Västerås to have a discussion platform for the possible creation of an actual makerspace in Västerås.
Now, some 30 hours later, there is about 35 members and we have discussions about the vision, I described my vision to get discussions going.

I’d really like to have access to a local makerspace, furnished with equipment and people with knowledge of how to use the equipment.

The information about what makerspaces are date the start of makerspaces to around 1995.

A few friends and I rented a basement in a regular apartment building and started programming, building and hacking devices in mid 1993, just among friends. When we shut it down a few years later, mid 1997, we counted in about 50 friends and probably as many that just came along with them. At the time we were just kids with soldering irons and assembly language on the screens, running BBSes (plural) from the basement, we had no jobs but we spent time and collaborated on pretty much everything, many of us have massively technical jobs today.

I’d like to bring my son to a functional makerspace, to teach him how to repair stuff, to repurpose things, basically to hack his world. I like the idea and would love to see it become a reality.

The move, in hindsight

Today it is a year since we packed up our home in boxes, shipped them off to storage and left for a two month journey towards our destination.

We have landed, unpacked, furnished and decorated our new home, in another city. Our way here was not a walk in the park, it was uphill struggle to keep sane, to not go completely bonkers and just endure. Our two year old son wasn’t all that happy but adapted when he saw us adapt to new surroundings and situations.

I kept blogging to keep sane and also to scribble down thoughts and daily progress. Some entries are short, others are a bit more meaty.

In chronological order, from beginning to end. (Use Ctrl-click to open each post in a new tab)
2015-07-30: We are leaving Home Base B19
2015-08-01: First day at Habitat L
2015-08-03: Hab L, Day 3
2015-08-04: Hab L, Day 4
2015-08-05: Hab L, Day 5
2015-08-07: Hab L, Day 7
2015-08-08: Hab L, Day 8
2015-08-12: Hab L, Day 12
2015-08-14: Hab L, Day 14
2015-08-16: Hab L, Day 16
2015-08-18: Hab L, Day 18
2015-08-19: Hab L, Day 19
2015-08-20: Hab L, Day 20
2015-08-21: Hab L, Day 21
2015-08-23: Hab L, Day 23
2015-08-25: Hab L, Day 25
2015-08-27: Hab L, Day 27
2015-08-29: Hab L, Day 29
2015-08-30: Hab X, Day 30
2015-08-31: Hab X, Day 31
2015-09-01: Hab B, Day 32
2015-09-02: Hab B, Day 33
2015-09-03: Hab B, Day 34
2015-09-05: Hab X, Day 36
2015-09-06: Hab B, Day 37
2015-09-07: Hab B, Day 38
2015-09-08: Hab B, Day 39
2015-09-09: Hab B, Day 40
2015-09-11: Hab B, Day 42
2015-09-12: Hab B, Day 43
2015-09-13: Hab B, Day 44
2015-09-14: Hab B, Day 45
2015-09-15: Hab B, Day 46
2015-09-17: Hab B, Day 48
2015-09-19: Hab B, Day 50
2015-09-20: Hab B, Day 51
2015-09-22: Hab B, Day 53
2015-09-24: Hab B, Day 55
2015-09-26: Hab B, Day 57
2015-09-28: Home base FLV5, Day 58
2015-09-30: The long journey is over

As predicted, I said before we took off onto this journey that “in a year or two, we’re gonna laugh at this madness” … and we do. This is one of the most crazy and slightly mental projects I have ever participated in, go live in a knapsack for almost two full months with a toddler and emerge alive from it.

Friends followed these almost daily blog posts, to keep up with what was going on, others who heard about this have read these entries and came back with a deeper understanding about how and what went on. Please comment.

To buy a book

I went looking for a book I read thousands of years ago, Clifford Stoll’s The Cuckoo’s Egg. Found it on printed media, no problem. But I mostly listen to books now a days, so I went looking for the audio book, because it exists… on tape.

The price for used tape is about $40.

That would trigger a few other costs if bought, like a USB-tape deck which is another $40 .. to just get it onto my phone.

I wish the book would get recorded as an audiobook again, either Mr Stoll himself narrating the book, or a professional at Audible. I’d buy it in a blink.

Update:
Found the C-SPAN video from 1989 where Clifford Stoll is interviewed about his book. Clifford Stoll.
Clifford Stoll: The call to learn
Tech Icons: Cliff Stoll

Telia – not so netneutral

Telia, not so netneutral
Telia, not so netneutral

I first received an SMS telling me that Telia now provides free surf on social media, Facebook, Instagram, Twitter, Whatsapp, Kik and so on, sounds good at first .. but this is how they want you to think, “what a great deal, now my measly 2G surf plan will last longer”. This is where you need to do some more thinking, to achive this they need to listen and filter your traffic to know which traffic is “free” and what traffic to count against your surf plan, let that sink in for a while.

This is not what we want done to the internet, road tolls or rather favoring selected services which skews the landscape of the internet, all internet traffic are created equal, traffic to and from sites and services should not be treated differently.

Now, about a day later I got a promotional mail from them as well, yet again I feel like screaming.

If anyone at Telia marketing department would read this, please go home, sit down and think this one through again, go back to work and pull this campaign back, dig a hole and throw it in, fill the hole and get another job. You are clearly not mentally fit for the job.

GTFO of my social media participation, it is my business what I do online and you should not treat it differently than anything else, your job is and should be to provide DUMB PLUMBING.

Theme fuckup

I fiddled around with some plugins and the then current theme completely shit itself, nothing worked and I was forced to commit to violence to get another theme in and from there choose yet another theme.

I haven’t customized it yet and it looks very ‘out-of-the-box’ at the moment. New header image, some day.

Anyways, I threw out a few really old plugins that were active but no longer served any purpose, looked them up and saw that they hadn’t been updated in 8 years. Yes, 8 years. Now gone and deleted.

Also while working a bit with the blog I decided to completely switch over the categories to English as they were mostly in Swedish, rearranged them into tree-structure to group them in a neat fashion.