Born at 11:36AM on May 23, 2008, weighing in at 8 pounds and 1 ounce and measuring 19" Brayden Lee will be responsible for the hacking naked ad campaign:
Mom, baby, and dad are all going great, and working hard taking care of PaulDotCom 2.0 :) (Lots of tcpdumps and TCP/IPs).
Cheers,
PaulDotCom
Larry did a fantastic job with the Shmooball Cannon, it was featured on Make Magazine and Hack A Day. It was such a huge success that we produced a video detailing how it was made, including several takes of Paul getting shot:
This video will also be added to our video feed and our YouTube channel:
Video Feeds: 
YouTube: PaulDotCom YouTube Channel.
Look for more videos to come!
PaulDotCom
Larry & I hosted our first Linux Installfest this past weekend, and it was a huge success. Everyone had fun, ate pizza, drank beer, and spun our propellers installing Linux and just being extra geeky for a day. I made a blog posting detailing the event (including pictures) which you can find here.
PaulDotCom
Over the past few months I've been contemplating a few projects for some WRTSL54GS routers with OpenWrt, however I really need these to have a high gain antenna on the WRTSL54GS. As you may recall, this model has a fixed antenna, with no option for adding one. I decided that I needed to fix that "design flaw".
Note: By adding various antennas to this device it may become possible to violate your local or federal regulations on output power. Be careful!
First off, we need to open the WRTSL54GS up. The screws are located under the rubber feet. Once apart, we need to de-solder the current, fixed antenna from the board. Follow the LMR cable from the antenna to the board, and de-solder both strands of the LMR from the board.
Once removed, the board should reveal two pads on which we need to solder our new connector.
Once de-soldered, we can remove the antenna from the case by pinching the end of the antenna on the inside of the connector. This will compress the size so that the outer locking ring will pass through the mount.
We need to make sure that we have an appropriate connector to attach a new antenna to. I happened to have scavenged parts from an old Linksys BEFSX series model. This old router had an internal PCMCIA card with two pigtails, one end with the standard RP-TNC antenna connector.
I removed the connector at the other end of the cable, as it is not important. I gave it a good pull, but certainly a pair of wire cutters will get the job done.
Strip the LMR cable back so that the inner and outer conductors are staggered. Match up the lengths that you need with the two pads to verify your length - the smaller inner conductor will be attached to the smaller pad on the board, while the outer conductor will be attached to the larger pad. Don't solder them together! This will create a short, and render your antenna inoperable, possibly even frying your router!
We also need to modify the case so that the external portion of the connector will fit through. My connector at the base was 3/4 of an inch, so I drilled a 3/4 inch hole into the edge of the case, right near the original connector.
Part of the selection of this location was so that it would still be at the top of the unit, and the board has a notch out of it at this location. The notch leaves a handy place to be able to fit the additional portion of the connector between the board and the edge of the case.
Once mounted, solder the LMR form our new connector to the board as described earlier. I utilized some electrical tape to maintain the bend in the LMR and to hold it down to the board. This allows me to have both hands free to solder!
Once complete we can reassemble our router and show off our new connector.
One of the nice features of using the RP-TNC connector is that we can reuse antennas from most of our other Linksys devices!
Have fun adding new antennas!
- Larry "haxorthematrix" Pesce
larry /at/ pauldotcom.com
I've just posted a how-to over at wrt54ghacks.com on adding a removable antenna to the WRTSL54GS versions 1.0 and 1.1. This modification will allow you to use all manner of antennas with RP-TNC connectors with your router.
Check out the posting here.
As always, comments are welcome.
- Larry "haxorthematrix" Pesce
larry /at/ pauldotcom.com
Technology is a wonderful thing, and I love nothing more than to experiment with it. As security professionals, its in our best interest, and the best interests of the organizations we set out to protect, to understand new technology and the implications for security. I truly believe that you cannot understand how to secure something until you've had some hands-on time using it. This is part of the reason why you will see us on many of the popular social networking sites such as Linkedin, Facebook, and even MySpace (I won't link to them, but you can find both myself and Larry on at least Linkedin and Facebook by our email addresses, see the Contact Page). The latest experimenting: you can now find me on Twitter (Larry too!). These are turning out to be some fairly useful networking tools, but present some risks and interesting attack scenarios.
For example, recently Twitter added the ability to send updates to Twitter, and receive updates from the people you are "following" via Jabber. This is very handy, "TWITTER" just shows up as another entry in your buddy list. To update your own Twitter page, just send the text to the "TWITTER" buddy. When someone you follow makes an update, Twitter sends it as a Jabber IM message back to you. You can do the same thing with SMS text messages. The danger? This allows me to put content in one place, and using the Twitter network, push it to potentially thousands of people automatically! This means if you can send some sort of exploit, or even a link to an exploit, and post it to people's twitter accounts, it gets sent to a potential wide audience. This sounds like the Smurf 2.0 attack to me (sorry, I couldn't resist). You would of course need to hijack someone's twitter account, or discover an XSS in the twitter web site, or some sort of authentication bypass. However, one of those vulnerabilities in the Twitter system could be extremely damaging due to the nature of the Twitter network. Not only do you have the ability to send malicious content to people's browsers, but you can also send exploits to Jabber clients and people's cell phones, all by just posting small amounts of content to one person's Twitter page!
Ah, but you say, what are the chances of this type of vulnerability? Nitesh Dhajani already found one.... This vulnerability allowed anyone who knows your phone number to essentially hijack your Twitter page. I was surprised not to see this exploited in the wild.
All:
In collabortation with SNENUG (The Southern New England Network Users Group), OSHEAN, and PaulDotCom, we are proud to bring you a good 'ole fashion Linux installfest! Got an old PC hanging around? Bring it by! Got a dusty old ipod or wireless router? Come get help with installing Linux, a free operating system that is fun to learn and hack with.
Members of PaulDotCom (Larry and Myself), in addition to some other Linux "gurus" will be at OSHEAN for a full day on Saturday April 5, 2008 to assist people installing Linux.
For more information and to register for this event click here.
I hope to see you all there (however seating is limited so be certain to register at the link above).
Cheers,
Paul
All:
We have created a promotion video for the SANS course I authored called "SEC535 - Network Security Projects Using Hacked Wireless Routers":
Sign up for this course today:
SANS Orlando (Comes with your very own copy of Linksys WRT54G Ultimate Hacking by Paul Asadoorian and Larry Pesce!
If you are interested in this course and cannot attend the Orlando conference please contact me (paul /at/ pauldotcom.com) for more information.
PaulDotCom
Security incidents come in many forms, from attackers breaking into computers, unauthorized attempts to sniff wireless networks and collect information, and stolen laptops or phones. This example is the latter, a stolen smartphone. What follows is the incident response procedure that I followed once I found out my phone had been stolen. Its not a comfortable feeling to know that someone else has control over a device containing your information. However, you must remain calm and follow some sort of incident response procedure. Sometimes this is not as easy as it sounds (as you will see below). Once the incident is over the most important thing you must do is learn from it. Hopefully you can learn from my experience.
This all started with one of the things I enjoy most in this world, and thats sushi (In fact Josh just pointed out that I was the one who introduced him to sushi, and now he has an entire site named after this fabulous food!). I was going out to eat with my family and was talking on my iPhone on the way. I pulled into a spot in the parking lot, got out of the car and went into the restaurant where I draped my long trenchcoat over the chair on the table behind me. After feasting on some sushi ("slammin' salmon" roll was awesome) we paid the bill and I all of a sudden realized I did not have my phone. I searched my pockets, no iPhone. I thought, "well, I must have left it in my coat". I searched my coat, no iPhone. I searched around the table and the table behind us where my coat had been, no iPhone. I then thought, "well, it must be in the car". I searched the car, making everyone get out all while I cursed aloud, and no iPhone. I went back into the restaurant and searched the tables again, no iPhone. The conclusion, someone had stolen my iPhone when I either dropped it getting our of the car or when it fell out of my coat pocket.
So I called my wife in a panic, explaining to her how someone else now has possession of my phone, which not only contained countless pictures of our last vacation and family (mostly pictures of the dog), but also had access to ALL of my email accounts. I was on my way to a family members house to get a flashlight to do a more thorough search of the car, as I was still in disbelief that someone stole my phone. Human instinct is a funny thing, even though I have training in computer incident response (even worked a few cases of data theft) I was still in great disbelief that someone would actually steal my phone. Another search through the car, guess what no iPhone. My only saving grace was that I left my home phone number with the restaurant in case the phone magically appeared. On my way home I still thought there would be a chance that they found my phone and called the house to tell me. I got home, no phone call and still no iPhone.
I picked up my wife's phone as soon as I got home and dialed 611, the number for direct access to AT&T customer service. I waded my way through the options and discovered that I could report the other phone line, and associated phone, lost or stolen right through the menu, after of course being prompted for the billing zip code. Thats right, the only authentication you need to cancel the other line is the billing zip code. This means you can use anyone's AT&T phone to disconnect the other line on that account, and all you need is access to that phone and the billing zip code (most people put their address on the phone in case its lost, how ironic). If you are a smart phone thief, you can disable the other line when you steal a phone.
My iPhone had access to all of my email via passwords stored on the phone itself. My first step was to change all of my email passwords immediately. Once that was done I also changed the pin number to my voicemail. There was nothing sensitive in my email lately (i.e. a password emailed from a credit card or bank account), but I wanted to be certain that no one used the phone to check my email. I checked the email logs on one of the email servers I controlled and it showed that no one had used it to access my email. I started feeling a little better. Calls to the phone were going directly to voicemail while the phone was missing, and my guess is that the thief turned the phone off and removed the SIM card, or the battery died. In either case I wanted to be certain there we no calls made from the phone, so we activated our account online with AT&T and checked the call logs, which showed calls to my voicemail (which was normal as my voicemail forwards to YouMail, which is a great service). Now I feel slightly better, and my wife, as always, puts things in perspective and points out that it was not my car or laptop that was stolen, and that no one was hurt (however, the thought of having the opportunity to defend my iPhone appealed to me, if ever so briefly).
I did call the police, who weren't much help and told me that I need to go back to the scene of the crime or come to the station to file a report. Since the damage was done, I did not follow through with a police report. However, had I not been in such disbelief, I would have most likely called the police on the spot.
I try to look at all incidents, especially ones that have financial impact, as a learning experience. What could I have done better? Also, what can I do better/different in the future to have a positive impact on the outcome? Below is a list that I hope we can all learn from:
I hope that you read the above and learned something about how to protect your information. I hope that you use this information to make changes to your security strategy, whether it be protecting your personal information, or your organization's secrets.
PaulDotCom
All:
First, let me remind all of you that the official web site and blog for our "Linksys WRT54G Ultimate Hacking" book is alive and well! So, go to http://wrt54ghacks.com right now for up-to-date information, behind the scenes pictures, WRT54G Hacking Links, and more! We are very excited to have completed the book, and even more excited to continue to provide information on embedded device hacking via the http://wrt54ghacks.com web site and blog.
First order of business, our book is shipping! W00t! You can purchase it via Amazon by clicking here.
Next, we have a winner of our book contest! The contest was to be the first person to send us a picture of themselves with the book. Doing so would win you (Compliments of the PaulDotCom Security Weekly Crew):
And the winner is......Dave! Who submitted a wonderful picture of himself holding the book and two WRT54G routers (whoops, don't drop one :).
Congrats Dave!
Stay tuned, good things coming...
Paul "PaulDotCom" Asadoorian
All:
After almost a year from when we had the first spark of an idea to do something with a WRT54G and hacking, we are very proud to announce the release of the sample chapter and table of contents:
Chapter 3: Using Third-Party Firmware
The complete book will be available for purchase after June 15th. We are in the process of scheduling and booking appearances on various podcasts and interviews, so if you would like to have us on your show, just drop us a line and we will put you on the book reviewer list.
The official WRT54G Hacking book web site will feature errata, new projects, pictures, and updates to any/all of the projects in the book. It is still under development and will be released with the book in June. The link will be:
Look for some updates in the coming weeks.
Cheers,
Paul & Larry
We tried this from Shmoocon 2007 with an EVDO connection and learned a great deal :) Now we have a good Internet connection and plan to stream the live show from SANS to the Internet in near real-time.
Come hear us entertain the SANS students, talk to audience members, and present some of the cool WRT54G projects from our book.
The the live stream should be active about 5:30 PM PST, Wednesday April 4, 2007.
When active, the live stream can be found at:
http://hydrogen.oshean.org:8000
We have found that VLC is the best program to use when listening to the stream (ogg). It runs on Linux, Windows, and OS X. Please join us, and thanks for listening! Tell all your friends!
The PaulDotCom Security Weekly Crew
Those of you out there who have ever moved know that it isn't always the most fun experience, but one of those things you just gotta do in life. Some may also know that it doesn't always go so well :) We are experiencing "technical difficulties" with our moving process to say the least.
So, how does this relate to computer security? It doesn't really, but I feel better "blogging" about it :) Also, the podcast, TV show, and consulting business won't be operational until sometime late next week as myself and the rest of the crew tackle life, wiring/networking, and racking servers. This only affects our labs and podcast studio, all web pages, audio, and video content will be available.
We are looking forward to getting back to business in our new location, both my family, the entire podcast team, and those that help out with the consulting business. We have so much good stuff still to come, such as our one-year podcast anniversary special, special articles, two more TV show episodes in the works, a new web site hosting company complete with many new web site upgrades, and more!
Speaking of which, if you are a web developer and have experience with CSS and Movable type please drop us a note, we are interesting in speaking with you (psw /at/ pauldotcom.com).
For now, enjoy the latest AirPwn video and stay tuned!
.com
Before I depart for a much needed vacation I would like to communicate our mission, goals, and intentions to all of the loyal PaulDotCom fans/listeners/subscribers.
The original idea for this podcast was based on a monthly presentation I used to do which covered the month's security vulnerabilities, research, news, how topics, etc... When that died on the vine, I felt this void, like I needed a vehicle to carry my message. I spend a great deal of time keeping up with events in the security world and take great pleasure in sharing it with anyone who will listen. Then I heard about podcasting and thought, "Hey, that sounds like a great medium for the content that I have, and it could be great fun!". Yes, podcasting is a buzz term, but in looking at the underlying technologies, it just made sense. Record a show each week that covers security news, then people can listen to it anytime (I think that on the commute to work is the most popular).
So we set off to SANS LA to record our first podcast. Through some magic and stroke of luck, we also managed a very timely interview with Marty Roesch. I flew home on the plane loaded with raw Audacity files for episode 1 and the interview, and nothing else. No real blog, no RSS feed, no wiki, no recording equipment, no headphones (I had ear buds), zero audio engineering knowledge, and only the beginnings of a team (not certain if Larry had even made the commitment at that point yet).
Fast forward to today, and we have a very successful blog, wiki to hold show notes, interviews with some of the best and brightest in the field, 30+ shows under our belt, a full recording studio, a TV show, a frappr map with globe listeners, and a full team of people who make this all possible (Thanks to Larry, Nick, Andy, Mason, Dave, Jennifer, Snort/Sourcefire, OSHEAN, Syngress, Core, and all the FiT members, especially George). We've also gone through a lot of changes, very fast (okay lightening speed). We've tried numerous show formats, had our bad shows, and our good shows. The one thing that we have kept constant throughout is that we are true to ourselves and don't pretend to be anything else. Other than that, we never really thought people would listen, and never took a step back and thought about what we want to accomplish.
So here we are today, a show that features security professionals hanging out, drinking beer, talking shop, and having fun. We have found our niche being the entertaining and informative podcast. We've pushed the envelope with hacking stories, burping, farting, porn references, nipple shows, and all sorts of stuff that just wouldn't fly in a professional environment. If you asked any of us why, you'd get the same response as you would when as asking a mountain climber why they chose to climb the mountain, because it was there. For us, its because, well, we could. From this point on, it stops, and we get back down to business.
The new PaulDotCom will be more professional. We will continue to be entertaining, but not grotesque. Its easy to be entertaining when there are no rules, unfortunately this leads to offensive material. We want to reach a larger audience and serve more if the community. In order to do that we're turning down the raunchy from 11 to 3. Our new challenge will be to maintain a funny and entertaining podcast while upholding a higher standard of professionalism. This means that we will need to put more thought and effort into our show, which we believe is a worth while effort. We are not selling out, but merely looking to better ourselves and our show as a whole. So, we would now like to announce the official PaulDotCom Security Weekly mission statement:
"PaulDotCom Security weekly's mission is to provide free content within the subject matter of IT security news, vulnerabilities, and research. We strive to use new technologies to reach a wider audience across the globe. The mixture of technical content and entertainment will continue to set a new standard for podcasting and Internet TV."
In closing, I would like to thank the most important people of all, YOU, the listeners! Without you we'd just be a bunch geeks drinkin' beer (yes, we will still drink beer) and geekin' out. Thank you for listening.
Look for even better things to come....
PaulDotCom Security Weekly Crew
Paul.com, Larry, "Twitchy", & "The Mason"
Being the geek that I am I finally decided it was time to get a phone that did more than just make calls. There are a few reasons for this, such as wanting to experiment more with bluetooth, hack around on Windows Mobile, use a headset in the car to avoid crashing, and increase my geek status :)
I decided to go with the XV6700 from Verizon:
Having just picked up the phone Wednesday night, here are my initial impressions:
More to come!
.com
The Sennheiser PC 150 headset is supposed to be a very high quality headset. It is an older model, replaced by the PC 160 (Which I have on order).
I researched headsets thoroughly before I bought one, and Sennheiser's got all good reviews. I also own a pair of regular Sennheiser headphones for the podcast which I love (and I actually where em' during the day at work too. CAUTION: When you wear noise canceling headphones at work, make certain you have a rear view mirror in your cube).
There was some debate about 1/8" jacks vs. USB. Mac users beware of USB headsets, they don't all work with OS (like the ones from Sennheiser). I opted for the 1/8" jacks because in a pinch they can plug directly into the mixer for the podcast. I also plan to use them primarily for Skype calls and playing music at work. Oh yeah, if you've got a powerbook or other Mac laptop, be certain to get an iMic2 and don't be a dumbass like me and try to plug a mic into the line-in port, because, well, it doesn't work :)
Wishing everyone a happy and safe holiday season. Be certain to check out our short holiday video clip:
Short Video Clip Direct Download Link (iPod Video)
We will be taking some time off, returning the week of January 2, 2006. There are good things coming in 2006. For now, eat, drink, and be merry... (I certainly will :)
.com
With his old friend Steve Marley and 3 ghosts of Tech Christmas past in tow, Scrooge is confronted with the decisions he is making and the life that he has had before…
Are you a geek not in the Christmas spirit? Do you "bah" and "humbug" at your users when they ask you to fix their printer or clean spyware from their computers? Well, nothing gets people in the Christmas spirit more than a good old fashioned Christmas Carol story, and this one is well-done and really funny if you are a geek. So go check it out! It was put together by the Friends In Tech
My ghost of Christmas past would have shown me opening an Apple IIe :)
.com
I have updated my links so that you do not have to leave the site to view my links collection. They are now all pulling from Del.icio.us, a fantastic bookmarking site. Here's how it works:
- I install a button in firefox that lets me post the current page to my del.icio.us bookmarks
- Each bookmark can have one or more "Tags" (categories really)
- The top of the links page represents my "Tag cloud", which is a listing of all my tags.
- The larger the text, the more sites I have put in that tag
- The listing below will always have my last 25 sites that I tagged
- I will be working on adding descriptions
My username on Del.icio.us is "kungfuhacker", in case anyone wants to tag links for me.
Enjoy!
.com
"Linksys last month switched the standard model of its ubiquitous WRT54G wireless router from Linux to VxWorks, starting with the "series 5" version. Now, LinkSys is shipping a Linux-based WRT54GL model that it says it created specially for Linux hobbyists, hackers, and aficianados. The L version is identical to the "series 4" WRT54G units that Linux hobbyists have long enjoyed hacking, according to the company."
This is an interesting move by Cisco/Linksys. The new versions of the WRT54G, dubbed "series 5", will run VxWorks and have half the RAM and flash of previous versions (going from 4Mb of flash and 16Mb of RAM, to 2Mb of Flash and 8Mb of RAM). VxWorks is a slimmed down OS intended for embedded devices and Linksys says this will offer come speed improvements. This is very different from the WRT54GL model, which runs Linux and is intended to be hacked and the last remaining 54g to run Linux. Some sites I've read say, "stock up now". I think I will do just that right now...
"The final release of Mozilla Firefox 1.5 is now available for download from GetFirefox.com for most major operating systems or from the mirrors. Users of the release candidates should receive the update soon.
Well, it has arrived, Firefox 1.5. The Mozilla folks have made improvements to the software updating system (to gain more popularity in the corporate space no doubt), user interface enhancements, and security improvements to name a few. I'm still trying to get a handle on the new features, but a full listing can be found here.
Go get it now!
.com
"Wireless enthusiasts have been repurposing satellite dishes for a couple years now. This summer the longest link ever was established over 125 miles using old 12 foot and 10 foot satellite dishes.
This is cool, can't wait to build one. They state that they can grab wireless networks from 8 miles away. Sweet!
.com
Podcast Links
401.369.9820
