Logging your connectivity

I had a message this morning from a friend who was having intermittent disconnection issues on their internet. The network itself was fine and, when using another provider, that too was working so it came down to evidence gathering to support the case to the ISP to investigate.

As a quick throw together, we came up with the following using wget and a batch file to repeat the command every x minutes.

Continue reading “Logging your connectivity”

Grabbing Video (back) from YouTube

Image Credit: Neuroventilator / Flickr
Image Credit: Neuroventilator / Flickr

Usual Disclaimers Apply: This guide should not be used to subvert copyright restrictions. Responsibility falls to the user to ensure they are not breaking the laws of the country in which they reside or breaching any restrictions placed on content published in, or on infrastructure where other jurisdictions and/or terms of service may apply. Ignorance is no defense*, if you don’t like the regulations as they stand, exercise your democratic rights and propose a solution for change. Continue reading “Grabbing Video (back) from YouTube”

“Factory” resetting an OpenWRT router

There are many reasons to re-flash your  home router with a different OS than the one the manufacturer has cobbled together, the Misfortune Cookie attack (US-CERT) is just one of them, Having been involved in the testing of a number of domestic xDSL routers, I have a rather low opinion on the amount of care put into the default security levels of consumer devices (but that is not what this post is about).

Image Credit: commons.wikimedia.org
Image Credit: commons.wikimedia.org

I have chosen to utilise OpenWrt on one of my internal wireless access points, and – during a reconfiguration of the network, I managed to bork the settings by not paying attention. With an out-of-the-box device, there is usually a ‘Reset’ button you can hold in while powering up the device which will clear all settings and return you to the initial un-configured state. This is not quite the case with OpenWrt, but it is still a fairly easy process to return your router to a known state, and begin the configuration process again.

  • Disconnect WAN cable
  • Unplug power to router
  • Set your computers IP address to:
    • IPv4 Address: 192.168.1.2
    • Netmask: 255.255.255.0
    • Gateway: 192.168.1.1
  • Re-power your router, pressing the ‘reset’ button when the status light begin blinking (fast)
  • Using PuTTY (or your favourite *TELNET* client), connect to 192.168.1.1 and you should see the OpenWrt prompt. Type the commands below (in red) to reset the router to it’s initial, preconfigured state:
-----------------------------------------------------
root@(none):/# mount_root
jffs2 is ready
jffs2 is ready
switching to overlay
root@(none):/# firstboot
This will erase all settings and remove any installed packages. Are you sure? [N/y]
y
/dev/mtdblock3 is mounted as /overlay, only erasing files
root@(none):/# reboot –f
  • Unset your static IP and have fun reconfiguring your router.

PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST

So, a friend* of mine asked me yesterday, (following my posting of an article), what I thought of a particular password manager – I obviously wanted to answer her question. I then decided that since I was in for a penny, I might as well be in for a pound and here we are, (hopefully) fixing my response, and posting it in a more readable format.
The status post that launched a thousand words...
The status post that launched a thousand words…

TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.

Continue reading “PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST”

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”

Managing Behaviour & Technology – A Night with NEAL

Managing Technology
Image Credit: IBoomMedia/Flickr CC: by-nc-sa

I’ve just arrived back from an evening session on “Managing Technology and Behaviour @ Home” run by Andrew Cowie, Heather Eccles and Alan Curtis from NEAL (Northern Education Access Loop).

I surprised myself by enjoying the session, it wasn’t that I personally learned anything technical, it was all about the presentation of the material which was simply outstanding.


Continue reading “Managing Behaviour & Technology – A Night with NEAL”

Credential Security …again

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.

Don't put all your (credential) eggs into one basket
Don’t put all your (credential) eggs into one basket

It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.

For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

Continue reading “Credential Security …again”

Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]

Initial Configuration (via Web Browser)

In the previous article, we set up (at least) two network interfaces. The first, facing the Internet (the WAN) and the second facing the internal network (the LAN).

In our instance, our WAN interface will simply pass traffic onto our existing internal network, where it is subject to existing rules and management, while the LAN interface will become the first node of our new ‘Teenage Subnet’ through which our older boys (and possibly their friends) will access the network resources (including access to the Internet).

The new network: Users are seperated into subnets

So, anyway, we have a machine happily whirring away running pfSense and two interfaces configured, the WAN and the LAN. Now we need to connect up and get things configured.

Continue reading “Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]”

Standing on the Wall

Image Credit: US Army / Flickr (CC: by)Today I was discussing the recent work by the New Zealand Police in bring a number of people up on charges for their part in an international pedophile ring. While I’ll save you from the details (you can do your own reading using this article as a starting point), some of the alleged offenses are pretty horrific. Suffice it to say, the conversation quickly turned to how soul-destroying it must be for the OCEANZ team and organisations such as ECPAT. Continue reading “Standing on the Wall”

Path of Exile – Crowdsourcing Funds

Image Credit: Grinding Gears (Path of Exile) - Supporters pack Kiwi (in game pet)The very excellent MMO “Path of Exile” by Kiwi game developer Grinding Gear Games has managed to raise US$2.5 million (yes that’s million, little finger to the corner of your mouth Dr Evil styles…) through crowd-sourcing future development funds from the online gaming community.

This is not the first success they’ve had with funding via the web but, as an indicator – the climbing value of funding is testament to the belief their community has in the work they are doing with the game.

A personal HUGE congratulations goes out from my keyboard to the Grinding Gear team, it’s awesome to see New Zealand companies doing so well on the world stage without resorting to filling paddocks with cows. 🙂