XBox Live via an OpenWRT router

One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.

Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.

Continue reading “XBox Live via an OpenWRT router”

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”

When USB goes bad…

Image Credit: Jenn Durfey / Flickr (CC: by) So, I decided to give running a linux distro *solely* from a USB 3.0 flash drive… the install itself was fairly simple and painless, the pain only started on the reboot.

The drive failed, and I was dropped to the rather unfriendly >initfs prompt.

I tried a few things, from fixing the failed superblocks

dumpe2fs /dev/sdc1 | grep superblock
fsck -b [ALTERNATE SUPERBLOCK # e.g. 32768] /dev/sdc1

…to  trying to repair the file system

sudo fsck -fp /dev/sdc1

…and even forcing the filesystem ‘read only’ state back to read-write.

hdparm -r0 /dev/sdc

At which point I was 2 beers into the problem and getting a little… impatient. The last link however gave me two other possibilities:

  1. The drive itself may be faulty (it’s apparently somewhat common for poor soldering to cause this ‘read-only’ condition)
  2. Run a utility from the drive manufacturer to low-level format the drive and start again (waay too easy, and a WINDOWS based until – it would be like admitting defeat!)

I considered adding a third beer to the problem solving mix, then decided that it’d just be easier to go with option 2… a quick search later and I was on the Apacer support site and 337kb away from solving the problem.

Apacer Repair ToolWell, almost. Trying the ‘format’ option didn’t work (bad partition table / read-only state and all) so, ‘Restore’ it was, and.. we’re away! Low-level formatted, and ready to retry the install.

<burp> 🙂

Technology and Recreation – a recipie for AWESOME

For gadget geeks like myself, there’s always been an opportunity to mix technology with what we do when AFK (away from keyboard).

My first heart monitor watch *had* to be imported because no one in this country was selling the IR receiver (connecting through a DB9 (serial) cable no less.. for the more normal, serial cables were “how things were done” before the simplicity of USB arrived). Continue reading “Technology and Recreation – a recipie for AWESOME”

ASUS Garmin A10

I got one of these phones when they first came out – they were pretty awesome back then, however over time they have been orphaned on older, vulnerable iterations of Android and they simply don’t have what it takes to be a primary device any longer.

Because of this – I’m currently looking to root the phone and install upon it a modified ROM which will give me *just* what I need to turn this into a useful device for sitting in the car.

I got one of these phones when they first came out – they were pretty awesome back then, however over time they have been orphaned on older, vulnerable iterations of Android and they simply don’t have what it takes to be a primary device any longer.

Because of this – I’m currently looking to root the phone and install upon it a modified ROM which will give me *just* what I need to turn this into a useful device for sitting in the car.

Step #1 – Hard Reset to Factory Defaults.

  • Turn the phone OFF
  • While holding the volume UP button, press and HOLD the power button
  • Keep holding the buttons until ‘Clear User Data’ is displayed in text on the phone’s screen.

The phone will continue to boot after factory resetting the device (note, items on the Micro SD card will NOT be affected – you would need to reformat that independently yourself.

Step #2 – Find a ROM.

  • The new firmware needs to enable the more recent features of Android without overtaxing the processing power or battery capacity of the aging device…
  • Suggestions?

The sky is NOT falling (is it?)

The Summary Version:

The impending Android Malware Apocalypse is overrated, over-hyped and overused to sell more apps and extend control onto mobile devices. That said, it is a perception widely pushed by the media who copy and paste vendor news releases thus the public are beginning to accept the threat as being real. My opinion is that the available attack vectors are currently quite limited and nowhere near as bad as the industry press and mobile vendors are making out. You can’t blame them for pushing the stories though, one group makes its money getting eyeballs to articles, the other by selling cures to the risks…

What we can do as an industry is limited by the overall reluctance for users to double check what they are doing, coupled with the difficult situation created when differentiating device/product or service in a low-margin, rapidly evolving market.

Continue reading “The sky is NOT falling (is it?)”

NetHui 2011 – Day 1: Digital Citizenship – 21st Century Parenting

21st Century Parenting – Challenges and Solutions

Lee Chisholm, Operations manager, NetSafe

This was an obvious choice as a session for me to attend, and it opened with an attention grabbing quote…

“Three times as many smart phones every minute are activated than there are babies being born” – Hans Vestberg, CEO of Ericsson

This quote sets the stage for the overwhelming influx of technologies into our lives and especially the lives of our children. The problem is, parents are being fed these lines time and again to the point where many throw in the towel and give up trying to stay current with what their children are doing.

Even more worrisome than the parents giving up, is the parents abdicating the responsibility of teaching and modelling these skills to schools. Schools do not have the resources to do this stuff alone

Continue reading “NetHui 2011 – Day 1: Digital Citizenship – 21st Century Parenting”

Ubuntu 11.04 (Natty) + WiFi working on EEE

When Ubuntu 11.04 released, things went backwards for the EEE. If the wireless adapter was enabled, Natty would hang soon after login – it turns out this was due to a kernel issue similar to that experienced in its predecessor.

But, as per many things in the open software world, the community has come up with a solution which I’ve summarised below.

  1. From here, download the latest kernel files which should be named as follows:
    • linux-headers-2.6.39-999_2.6.39-999.[LatestDateTimeStamp]_all.deb
    • linux-headers-2.6.39-999-generic_2.6.39-999. [LatestDateTimeStamp]_i386.deb
    • linux-image-2.6.39-999-generic_2.6.39-999. [LatestDateTimeStamp]_i386.deb
  2. Then, from a terminal window, install them in the SAME order they were downloaded i.e.:
    • sudo dpkg -i linux-headers-2.6.39-999_2.6.39-999.[LatestDateTimeStamp]_all.deb
    • sudo dpkg -i linux-headers-2.6.39-999-generic_2.6.39-999. [LatestDateTimeStamp]_i386.deb
    • sudo dpkg -i linux-image-2.6.39-999-generic_2.6.39-999. [LatestDateTimeStamp]_i386.deb
  3. Restart your EEE (with WiFi enabled) and login.

Good luck! (YMMV)

Skype Beta 2.2.0.25 for Linux – Webcam WORKING!

Skype for LinuxUgh – finally, after much backward and forward (even to the point I dragged out a Windows laptop) I’ve tracked down the issue which was stopping my embedded webcams (which otherwise works in all other applications) from working with the latest beta of Skype for Linux.

The solution is this (thanks Ubuntu Forums):

for 32-bit Linux / Skype

sudo mv /usr/bin/skype /usr/bin/skype.original
sudo echo -e "#!/bin/bash \nLD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skype.original" > /usr/bin/skype

for 64-bit  Linux / Skype

sudo mv /usr/bin/skype /usr/bin/skype.original
sudo echo -e "#!/bin/bash \nLD_PRELOAD=/usr/lib32/libv4l/v4l1compat.so skype.original" > /usr/bin/skype

I found the command to build the script didn’t work out for me

$ sudo echo -e "#!/bin/bash \nLD_PRELOAD=/usr/lib32/libv4l/v4l1compat.so skype.original" > /usr/bin/skype
bash: !/bin/bash: event not found

So, I built my own script

sudo nano /usr/bin/skype

and pasted in the lines to build the script

#!/bin/bash
LD_PRELOAD=/usr/lib32/libv4l/v4l1compat.so skype.original

Of course, the script needs to be made executable

sudo chmod +x /usr/bin/skype

Then all that remained was to make sure no instances of skype were running, and re-launch skype from the menu.

For me, the video came up once Skype had loaded, from other discussions, some people may need to restart their machines.

Getting an XT USB Modem working in Ubuntu

Given that I’m rocking Ubuntu 10.04 on my beloved ASUS EEE 1005PE, I had a need to be able to use my Telecom XT T-Stick (a.k.a. ‘ZTE Corporation MF636 HSUPA USB Modem’) via Ubuntu.

The issue with these particular devices is that they respond to the system by default as a CD drive or USB hub so Ubuntu (with the stick in it’s native form) doesn’t see it as a modem device.

To turn off the function, and make the device a nice simple USB modem, you can do some jiggery pokery using ‘usb_modeswitch’ to switch off the autorun feature…

OR

you can send the AT command “AT+ZCDRUN=8” to the modem.

I chose option two and used a windows machine with a terminal client, but for anyone wanting to avoid using windows, you can achieve the same result* using minicom (sudo apt-get install minicom)

*let me know if you choose to do this as it’d be nice to include the command lines used for completeness of this guide.

Continue reading “Getting an XT USB Modem working in Ubuntu”