At least for just a second or two.

There is a problem that I have been fighting with. Lately many security testers are becoming like the TSA... Trained to look for very specific things.

For example, TSA agents appear to be focused on looking for things like scissors, containers with the ability to hold more then 3 to 3.4 ounces of fluid. Rather then looking for threats we are focusing our TSA to look for specific things.

And that is the problem with many penetration tests today, they are looking for specific things. Many of us are reducing our craft to the search for XSS, XSRF and SQLi vulnerabilities (just to name a few). However, I would say that a test that looks for only those types of vulnerabilities is sub-par at best.

Here is why. We need to be looking at how the application and the network functions. We need to understand how it is transferring data from the back end to the web front-end. We need to try to understand how the data is being segmented and protected. All of this requires us to try and understand how the application works. Trying to understand how something worked used to be the goal and definition of hacking.

Do you see the difference in perspective? If you are hunting for missing patches and other vulnerabilities you will find them, but you are missing out on the bigger (and probably more important) picture.

This goal with looking for specific vulnerabilities is weakening our profession in two ways. First, it is locking us into very small and well defined roles. Unfortunately, this type of mindset is driving many of the audit standards that help us get work. Audit standard X says we should look for Y vulnerability, so that is what we look for. Second, and somewhat related, there are a number of outstanding tools that are automating that process. If at any point in your career the opportunity exists to replace you with a tool your employer/customer will do it.

If we continue to allow this to happen the modern penetration tester will quickly become a thing of the past. We will have been replaced by a number of tools that look for the same defined sets of vulnerabilities.

The reason I am writing this is the past couple of tests I have been on the tools have turned up squat. In-fact a couple of the customers use the exact same tools I use on a regular basis. However, I have been able to find fairly major holes in their applications or network architectures without tools. I just start messing around with different applicants and accounts. To be honest, this approach is where I started. I strongly believe that this is where a good number of you started as well. We probably do our best work this way.

Automation and tools are great. I love all of the wonderful tools I have on my computers. But they are not sufficient to do a penetration test. If they are, we are all in big trouble. Run the tools, automate and print reports.

However, when the tools are done running. It is time to get back to basics. Consider a new definition of "Hack Naked", put all of your tools away and just use what you have at your disposal. A browser, a OS and a couple of test accounts are all you need.

-strandjs

One of the most asked questions we have gotten since we started PaulDotCom is: "How do I get started in information security?". This is a great question, and the following guide will get you started:

1. Be curious - The first and most important characteristic you need to succeed in information security is curiosity. I have to say that I started by being curious. I was 7 years old and I took a class on how to use an Apple IIe computer (back then you had to write programs to make the computer do anything). I remember sitting in front of the Apple IIe (my parents eventually bought one) and staring at the glowing screen and the green flashing cursor, just wondering what I could make it do. I watched the movie "War Games" and wanted a modem so bad, but my parents forbid it, saying that I would cause global thermo-nuclear war (I told them I only wanted to play chess, but they didn't believe me). I guess that's part of your homework, go back and watch two of the best hacker movies on the planet, "War Games" and "Sneakers".
2. Work in information technology - Most people I encounter who want to get into information security want to know, "How do I become a hacker?". I don't think its something that you become, I think its something that you are, coupled with something that you are shaped into. The best information security professionals are those that have been "In The Trenches", working as a help desk technician, systems administrator, or network engineer. Working in these positions will gain you an understanding of how things work, which lays the foundation to learn how to break them and make them do things they were not intended to do.
3. Setup a home network/lab - First, setup a home lab. VMware makes free versions of their software, and there are thousands of pre-configured virtual hosts available on their web site. Don't just focus on setting up security tools either, try to setup a file server using Samba and lock it down (for example). This exercise can provide valuable experience. For example, I was on an interview once for one of my first UNIX systems administrator jobs and they asked me if I had experience with NFS. I said, "Sure do! I run it at home." They looked puzzled at first, but when I could answer all their technical questions about NFS, they, well, hired me. I also brought pictures of my computers at home to the interview. Now, I don't recommend that, but its one of those funny interview stories and it happened to work for me. However, it could have very easily had the opposite effect.

Actual picture Paul brought to his interview
4. Get involved with local groups - This is a great place to meet people in the field, exchange ideas, and ask questions. Its important to network as this is most likely how you will get a job in the field! Local groups in my area, for example, include 2600, defcon (DC401), Linux user groups, and several others. Also, there may be a "Hacker Space" in your area as well, so be certain to find one and participate in it. If there is no group of any kind in your area, then create one!
5. Go to conferences - Defcon is one of the larget conferences on the West Coast, and Shmoocon is a popular conference on the East Coast. This is another great place to network and there are several smaller conferences all across the country (such as NOTACON). SANS is a great place to learn and network, but most starting out in the field may not have an employer who will pay for training. There are many options, such as SANS @home online training or becoming a facilitator for SANS.
6. Read blogs & listen to podcasts/webcasts - There is so much information on the web about our field that it is overwhelming. While you may specialize on certain systems or technologies, you need to have some level of understanding in all areas on technology. Keeping up with all this can be a full-time job in and of itself. My suggestion is to use an RSS news reader and subscribe to as many technology and security related resources as possible. Need some help getting started? You can download all the feeds from here and import them into your RSS news reader. Podcasts are free, and iPods are very cheap now, so you should be listening to podcasts. Of course we produce our own weekly show called PaulDotCom Security Weekly, and this thread in our forum discusses many of the other great podcasts on the net. Webcasts are free ways to get good information, and are available from SANS, Whitehat World, and many others.

Hacking Naked Helps Too
7. Take training classes and get certification - We've talked about SANS already, and there are several other places to get great training. Backtrack is a great security live CD distribution (also a great place to start for beginners) and its associated training classes have gotten great reviews. Don't shy from certification, but don't spend too much time getting certifications to pad the resume. Strike a balance - get a few certifications and see where it takes you, then spend some time and resources getting real-world experience. Get involved with an open-source project - even if you may not feel like you have the technical chops to participate in many open source projects. That's okay, if you are good at writing documentation and/or testing, you can be a valuable resource. This tack gets you familiar with the technology and gets you networked in the field.
8. Socially Network - Not only are social networks fun to hack, but they are one of the best ways to network in the field. Twitter has become a great tool for this, and even has the "Security Twits" group consisting of security people using Twitter. They have meetups at various conferences. Facebook and LinkedIN can also be valuable networking tools to help you meet people and find a job.
9. Write about stuff - A great addition to your resume are publications. Find a topic that you like and write something on it and submit it to various magazines and online resources to get published. This is looked upon favorably by employers, and gives them writing samples as well. Also, have a blog. Blog about stuff that you do, what you think about security, etc... If you keep it focused on security, you'll be in good shape. If you start blogging about farm animals and creamed corn, it may not be as useful. For examples of some of the things we have written, you can check out the papers page. For examples of presentations, see the presentations page.
10. Manage a machine that gets hacked - I know this sounds strange, but many people we interview say they got their start when their machine got hacked. This is not to say that you would let a machine get hacked (be careful if you plan to do this and setup honeypots/honeynets), but this can provide valuable experience and further motivate you to explore the field of information security.

I want to thank the members of the PaulDotCom mailing list for sharing their ideas and thoughts on this subject. You can read the full thread in the archives that inspired this post.

Paul Asadoorian
PaulDotCom

Here at PaulDotCom Security Weekly we have this thing for wireless of all kinds. Wireless cards, cables, antennas, 802.11, RFID...the list goes on. We're always on the lookout for something neat and useful. We found that in the Asus EEE line of netbooks. They are small, usually feature Atheros wireless cards, and have a huge modding community. The small form factor is also something that works well for wireless assessments, whether covert or sanctioned. The size is conducive to easy transport in a small space or as a second laptop while traveling.

To those aims, the Asus 4G Surf (amongst others in the EEE family) works well, however the small internal wireless antennas don't offer much flexibility or range. We need to take some cues from the EEE modding community and extend the hardware to support a better antenna. So, here's how to add an external RP-TNC antenna connector to the Asus EEE 4G Surf.

Tools and parts you will need:

A small Phillips screwdriver

Electrical tape

A drill and appropriately sized drill bits

A flat instrument for gently prying the case apart (such as a plastic putty knife or a fingernail)

A u.FL to RP-TNC pigtail (about 6 inches works well)

First, we need to get this little machine open. To do that we need to remove the memory door cover on the underside by removing two small Philips screws.

Then we need remove the rest of the screws on the underside of the case. While we are there, remove the battery and set it aside.

Once removed, we need to remove the keyboard to access the screws underneath. To do this, loft the rear of the keyboard and push in the 3 small retaining tabs (near the screen). The keyboard should lift up from the rear allowing you to carefully disconnect the ribbon cable in the front.

Removing the keyboard will reveal several screws on the metal plate underneath the keyboard.

Separate the top section of the case from the bottom; start at the bottom right and work your way around to the screen and down the left hand side. Once you reach the left hand side, rotate the top of the case slightly in a counter clockwise direction in order for the case to make it past the ethernet and sound ports.

Once the top has been separated, remove the main board from the case to access the underside of the board and wireless card. Next, remove the several small cables to separate it from the case.

Last but not least, remove the microphone from the case. It should pop out easily and stay attached to the board.

All that is left holding the board hostage in the case are three small clips at the front edge of the laptop. Pushing the tabs aside with your finger will liberate the board.

In order round the corner on our hack, we will also need to separate the display from the base. This will allow for safety while drilling the hole for the RP-TNC connector and allow us to wedge it all back together. The display can be removed by removing one screw from the outer edge of each hinge and then it should lift straight out.

I found an interesting place for the RP-TNC connector. At the right hand edge of the laptop, what appears to be the "hinge", there is a small silver disc. This disc is just a sticker; peel it off and we are left with a spot that looks as if it was made for the connector. I used my handy drill press in the workshop to create an appropriate hole where the sticker used to be (I believe that it was 5/16ths of an inch). This could certainly be accomplished with a hand drill as well.

Due to the cramped quarters in this section of the case, I had to route the pigtail connector for the external RP-TNC connector through the right hand display hinge. Fortunately, this is also how cables are passed into the display form the main compartment.

At this point we can start the reassembly process. I found that it was easiest to attach the RP-SMA external connector to the case first, and then reinstall the display.

The final step before reassembly is to attach the u.FL end of our pigtail to the wireless card. I elected to leave one of the internal antennas attached, and placed a small piece of electrical tape over the other, and disconnected internal antenna connector. We don't want this nice conductive connector inside of the case causing a short!

In order to complete the reassembly (just follow the disassembly steps in reverse, yes it is that easy), we need to modify the top half of the case in order to accommodate the internal parts of the RP-TNC connector. On the underside of the hinge cover, we need to remove a small bit of plastic. I did this with my Dremel and a small grinding stone.

Reassemble, and we are done! Attach an appropriate RP-SMA antenna of your choice and begin your assessments, now with more power!

As a bit of an update, I quickly discovered that the location of the external connector was just a bit too tight. It pushed out the side of the case a little bit and as a result, compromised the connection on the inside of the connector. This quickly failed.

I added some additional space to the outside of the case with a new connector, utilizing the same location. I added a spare dome shaped piece, with an extra large hole drilled on the inside to accommodate the flange on the external connector. Fasten the connector to the dome, and a little two part epoxy later and we have a solid connector with plenty of room. Here's a look at the final result:

Now, any idea where the dome shaped piece came from? Glad you asked! It was a plastic foot that was supposed to be affixed to the bottom of some piece of furniture. It met with all sorts of power tools in the workshop for holes, trimming and finishing. Now, what to use the three other feet on...?

Enjoy! Let us know how your hacks turn out.

- L

Resources

EEE 4G Surf from Asus: http://eeepc.asus.com/global/product700-spec.html

EEE User Forums: http://forum.eeeuser.com/

FAB Corp u.FL to RP-TNC Pigtail http://www.fab-corp.com/product.php?productid=2680

One of the questions that we get on a regular basis is "Are there any good tools for SQL Injection?"

There are a number of great tools that do this commercially like Core Impact and Cenzic Hailstorm. However, many tools will simply alert you that a SQL Injection vulnerability exists then leave it at that.

We are penetration testers so proof is kind of important. Simply stating that you found a SQL injection vulnerability because your tool said so is not enough.

To that end, I would like to introduce you to sqlmap.

First up, I would like to say thanks to the developers Bernardo Damele A. G. and Daniele Bellucci.

Now I would like to show you a short video of the tool.

Why does this tool rock?

Glad you asked.

First, it has the ability to process results from burpsuite and webscarab with the -l option:

Like..

# ./sqlmap.py -l /tmp/webscarab.log/conversations/

It also has the ability automatically dump data. For example it can dump the database version and the tables in the database.

To do this you would use the --dump-all switch like:

# ./sqlmap.py --dump-all -u "testurl.com"

Next, it has the ability to use googledork search strings. Yep, thats right googledorking and SQL Injection... Honestly, does it get any better?

# ./sqlmap.py --dump-all -g "site:testsite.com ext:php"

The above command will have google crawl a website and pull all pages with a php extension. After sqlmap has a nice list of targets it tries to attack them.

Finally, and in my humble opinion most importantly, it can get you a SQL shell.

To do this use the --sql-shell option and it will try to give you a shell.

# ./sqlmap.py --sql-shell -g "site:testsite.com ext:php"

Very nice!!!

Once again, I want to drive home the importance of proof. Our jobs as testers is to demonstrate risk. To do that we need to act like a threat and interact with a vulnerability. Simply stating that a tool said there is a vulnerability is not enough. Also, we should be after what the attackers are after.... Data! What better place to get data then a SQL database?

strandjs

We have been promising for a few week a write-up on SSLStrip and now we have finished it!!!!

SSLStrip from John Strand on Vimeo.

SSLStrip basically strips the SSL session between the attacker and the victim. This allows the attacker (or tester) to see all of the data that is being sent to the user in clear text. As far as the server is concerned it is a valid encrypted session. There are a few interesting things going on with this attack. First from a pen-test perspective it only articulates even more how dangerous man in the middle attacks are when leveraged correctly. Funny thing about that... arp cache poisoning is just as effective as it was 5 years ago. It is getting clearer and clearer to me that if an attacker gets access to an internal network it is pretty close to being over. So if you are doing pen-testing and you don't Man in the Middle... Get on board and start doing it. Now for the second issue. User training. We tell our users that they need to be careful to not click on links for strangers and be carefull what websites they should not go to, but we rarely demonstrate that risk. Why do organizations do pen-tests? The do it to demonstrate risk. Otherwise they tend to do nothing. Is there any reason why we would expect anything less from our users? The reason I bring this up is that when we do user education we really need to be doing some live demonstrations. For example, we need to demonstrate a browser being compromised. We can also use tools like SSLStrip to demonstrate why that HTTPS is so important. We can also use tools like Web Monkey in the Middle from Dsniff to demonstrate why those certificate pop-ups are kind of important. I know I am tilting at windmills with user education. Just a hopeless romantic I guess. strandjs

First a little background...

For those of you that are no familiar with the conference, Shmoocon (hosted by the fine folks at the Shmoo group, an independent security "think tank") is a small hacker/sercurity conference on the Washington, DC, typically some time during the month of February. This past February was no exception.

One of the great things about Shmoocon is the ability to provide instant feedback to the presenter, while the presentation is happening. Ever been to a conference or presentation where you just knew there was something "rotten in Denmark", or you wanted to make a point about some minute, but essential overlooked detail? Shmoocon enables and encourages every attendee to tall the speaker to task: They provide a foam stress ball (aka a Shmooball) at registration for each attendee (and offer more for sale, proceeds going to charity). The organizers encourage you to throw them at the presenters when you have a point to make, or when you think that you're being sold a bill of goods.

As a result, the closing ceremony of the conference has typically found the Shmoo group founder, Bruce Potter, amidst a barrage of shmooballs. Why? Because the attendees could.

In 2007, a group of folks unveiled their Shmooball cannon at closing ceremonies and unloaded at Bruce. It was multi-shot, made from PVC and a 2-stroke leaf blower. It was a great concept, but it was smelly and not incredibly efficient.

This is when I had thoughts of doing better. In 2008, I created a version that was much like a shoulder fired grenade launcher. In 2009, I decided I needed to take it up a notch.

This is the story of the building of the 2009 Shmooball cannon.

I had great plans for 2009 after items that I learned form 2008. I wanted something that was light, easily carried, and easily reloaded. I thought I had come up with a fantastic way to accomplish all 3: create a pistol style cannon, fed with easily detached tubing, and house all of the mechanical and pressurized bits in a backpack.

I came up with my original concept right after Shmoocon 4 in 2008. In typical fashion, I didn't begin the actual execution until 4 weeks before con. Add a wife, baby and large quantities of snow into this mix, and there isn't a lot of time left for construction.

As a result of my procrastination, I realized that I needed to source all of my parts locally: Home Depot, Lowes, Radio Shack and the local paintball supply. I affectionaltly refer to this type of construction "Hacking Home Depot": Come up with an idea, and spend 4 hours wandering the aisles of the home improvement store looking for appropriate parts, and how you can modify them with tools on hand to meet the end gaol. Tons of fun.

Here is what I came up with.

As you can see, I've accomplished the pistol portion fairly well. The barrel is made from 2.5 inch schedule 40 PVC electrical conduit, with a female thread adapter at the butt end, glued with PVC cement. The muzzle break happened to be a feature of the conduit, as a way to connect two lengths together without the need for additional couplers.

The grip was constructed out of a 3 inch to 2 inch schedule 80 PVC "Y" adapter. A table saw was used to trim off the to section of pipe that wasn't needed. The barrel is attached with a clamp at the front end, and 5 minute epoxy was used at the butt end of the threaded adapter. The outer portion of the threaded adapter was almost an identical fit for the internal diameter of the 3 inch "Y", os it was used as a glue point. With out some additional material at the front end of the barrel, it would have off by about 3/8 of an inch. A 2.5 inch female coupler was sacrificed to the shop saw, and utilized as a spacer at the front of the barrel.

The actual grip was simply constructed out of a short length of 2 inch PVC with a female threaded adapter on the end. Screwed into the adapter was a threaded clean out plug. The hand grip was not glued, so that parts could be added later (safety switch, trigger and batteries), and so that they could be easily replaced.

At the end of the barrel a make threaded 2.5 inch adapter was used for the butt end. Unfortunately, 3 Lowes stores later (the only store that carried 2.5 inch PCV conduit), I was never able to find 2.5 inch endcaps. I did find 2 inch endcaps, and fortunately these were a close enough fit into the end of the male threaded adapter. Because they weren't a tight fit, PVC cement wasn't an option here, so both halves were sanded with the Dremel and glued with 5 minute epoxy.

The pistol is then attached to the valve assembly through standard air tool coiled hose, utilizing 1/4 inch NPT quick release adapters. The barrel end cap was drilled in the drill press, and threaded with the brass adapter. Yes, the PVC is soft enough to have the brass cut it's own threads, I like to hold on to the brass fitting with a pair of vice-grips and welder's gloves, and run the brass fitting through the blowtorch for a few minutes. This makes the thread cutting almost like a hot knife through butter.

At the valve end, I needed to increase the size of the 1/4 inch NPT coiled hose to meet the 1 inch threaded inlet of the i inch water sprinkler valve. This is accomplished with several steel step down adapters and plenty of teflon tape.

Next is the hub of the operation, the 1 inch lawn sprinkler valve. In the 2009 cannon construction, the valve was used as it came from the manufacturer, activated with an 24V solenoid. While we could modify this valve to be pneumatically triggered for faster operation, the solenoid application works just fine.

Feeding the valve is a set of male threaded adapter and end cap, but this time fitted with a 5/8 inch paintball regulator. From there, our 20oz compressed CO2 is attached with a shutoff and quick disconnect. the paintball regulator in this case is a necessity, as the paintball CO2 tank is typically charges somewhere from 800 to 1200 PSI. This pressure, if unregulated to much less (80 to 120 PSI), will quickly turn all of our PVC components into shrapnel. Carrying that around a con full of people would not be a good idea...

The last point to mention is the firing mechanism. We need to provide 24V to the solenoid to operate it, allowing the air to propel the Shmooball form the cannon. However, 18v, delivered by two standard 9v batteries wired in series works just fine. the negative lead is connected to the solenoid, and the positive os wired to two switches in series; this way both need to be closed in order for the cannon to fire. I elected for a standard momentary pushbutton for the trigger, and a light up, shrouded saftey switch for the safety.

In order to deliver the 18V to the solenoid, I needed a cable that I could quick disconnect from the hand grip where the batteries and the switches were, to the valve located at the other end of the coiled air tool hose. I happened to have a CAT5 cable and wall jack insert in hand, so I elected to use those. In a twist of fate, the wall jack insert fit perfectly inside the end of the threaded clean out end cap.

A 1/4 inch hole was drilled in the end of the clean out end cap, the jack placed inside, and held in with 5 minute epoxy.

Once complete, I found the it was nearly impossible to undo the little clip on the CAT5 cable in order to release it form the jack, due to the insert now being recessed behind 1/8 inch of PVC!. So, the clean out end cap had to be ground down to provide a rounded edge to allow access to the CAT5 cable clip.

So, it looked pretty good at this point. That was, until I test fired it 24 hours before the whole assembly needed to be dropped off for transport to the conference. Let's just say that the test fire didn't have the expected results.

I had figured that the failure was due to not having enough airflow from the valve to the barrel. I had figured that it might be a problem ealier on, so I had purchased extra parts as a backup plan.

What I didn't realizes was how far my backup plan would have to go, until 2 hours before con opened. The results of the hotel room testing, the the frankenstein creation are what are shown below.

So, let's start with the upgrade to the coiled tool hose. It was replaced with a new endcap with a 1 inch brass threaded "hose barb" fitting. I found this bad boy in the plumbing section for flexible hose for artesian well water systems. That sucker was 12.99 for a darned fitting!

Regardless, it was attached to a 1 inch clear vinyl tube with a hose clamp , which was then paired to a PVC 1 inch threaded hose barb at the valve end.

Now it required an act of congress to breach load (undo CAT5, unscrew pistol (not endcap!), load, re-screw pistol, connect CAT5, arm, fire.), so muzzle loading with a wood ramrod became the next choice.

Unfortunately, during the hotel room tests, Paul and I also discovered another fatal flaw. The 20oz paintball tank could not feed the delivery system with enough air fast enough to propel the shmooball from the barrel more than 6 feet (and with the sound of a dying cat as well). What we really needed was a tank that could hold a large volume of air that could be recharged from the slow paintball tank, but released quickly.

Fortunately, Paul had suggested that we bring along the 2008 shoulder fired cannon. I also had the hindsight to pack too many tools and extra teflon pipe tape.

The 2008 version featured a large tank mated to an identical sprinkler valve. Thank goodness for modular parts; we scavenged the 2008 tank to replace the direct feed from the paintball tank.

The scavenged tank is fed by a 20oz paintball CO2 tank via remote kit with a 5/16 inch threaded quick release. I needed to convert the 5/16 to 1/4 to mate up with the old regulator in the 2008 design, so a capsule of 1 inch end caps was created to make the adapter (drill endcap, heat fitting, thread, PVC cement to 1 inch PVC pipe). This capsule is then attached using 1.4 inch hose barbs and standard air tool hose to a air tool regulator (more Home Depot hacking!), and then to more hose with a barb drileld and threaded into the tank.

The tank was originally intended for another application, so it features some additional twists and turns. However, the main chamber is 3 inch schedule 80 PVC with an end cap, reduced to 2 inches, fed to 2 inch 90 degree elbows, reduced to 1.5 inches, reduced to 1 inch, ending in a 1 inch male threaded adapter. That's a LOT of PVC fitting, which are of course glued together with PVC cement.

What Paul and I ended up with at the end of our cannibalization was a pistol design that was appropriatley powered, but with a much larger "back end support" than anticpated. Now, the tank, CO2 and valve didn'f fit so well, and ended up looking like a particle accelerator out of Ghostbusters. Backpack was quickly abandoned in favor of using gaffer's tape to directly strap the tank to my back, and the CO2 tank to my thigh. Nothing like intentionally strapping yourself to a bunch of potentially explosive compressed air!

After all was said and done, it was a huge ugly looking success. We learned a lot this year, and made a few notes:

• Pack extra tools and parts. The valve actually failed on stage during the presentation on the build of the cannon. Looks like over pressurization one too many times.

• Bring extra CO2 on stage! I ran out during the demo. Paul got me more. :-)

• Plan early, start construction even earlier! This will allow for more testing and sourcing of more appropriate parts. Sure, hacking Home Depot is a great challenge, but sometimes you have to know when you are beat!

• Use lots of teflon pipe tape. Thought you used enough? Use more. Some is good, more is better, but too much is just enough.

• Have fun and be safe. Remember, melting and or pressurizing PVC and sprinkler valves is not recommended by the manufacturer!
  

See you at Shmoocon 6 in 2010, cannon in hand. In hand? Maybe there is something else in the works...

I just wanted to make a quick posting about the fun event we had this past weekend. Geeks got together to help each other install Linux, while drinking beer and eating pizza. I have a tough time coming up with a better Saturday plan for my day :) Special thanks to Larry for setting up the facility, and the SNENUG group who as always has fun attending the event. Some interesting installs included: * Centos 5 on an older dual-nic PC to be used as a firewall * MythTV using MythBuntu * I flashed Larry's Asus WL-530g with an unlocked version of uClinux * Puppy Linux got installed on some older Compaq hardware (with a dvorak keyboard layout, which was interesting) * I attempted to install OpenWrt on my Routerboard 532, but the lack of a CF reader = FAIL. See OpenWrt instructions here. We plan to hold this event again in the spring as well, so stay tuned! Thanks to all who attended! PaulDotCom

I just wanted to make a quick posting about the fun event we had this past weekend. Geeks got together to help each other install Linux, while drinking beer and eating pizza. I have a tough time coming up with a better Saturday plan for my day :)

Special thanks to Larry for setting up the facility, and the SNENUG group who as always has fun attending the event. Some interesting installs included:

* Centos 5 on an older dual-nic PC to be used as a firewall

* MythTV using MythBuntu

* I flashed Larry's Asus WL-530g with an unlocked version of uClinux

* Puppy Linux got installed on some older Compaq hardware (with a dvorak keyboard layout, which was interesting)

* I attempted to install OpenWrt on my Routerboard 532, but the lack of a CF reader = FAIL. See OpenWrt instructions here.

We plan to hold this event again in the spring as well, so stay tuned! Thanks to all who attended!

PaulDotCom

This is just my advice, and is actually a very nebulous thing to answer. I'll tell you what has worked for me over the years. I'm just breaking the surface, and still learning from my own advice.

My (sage?) Advice

* Read all you can find! - the Internets have exploded with all sorts of information on electronics projects, kits, you name it. I'll have some stuff in the reading/websites section below with some specifics

* Find a mentor - One locally is great and is also a way to meet new people and get ideas. Consider your local 2600/Defcon/Maker group. At a minimum, stop in on the local HAM radio club. For what it was worth, my mentors ended up being my Dad, who was an EE and my grandfather who was a swamp yankee/inventor.

* Take something apart - Now certainly you might not want to take apart that nice $3000 flat panel TV, but find something appropriate. Check yard sales for cheap electronics, or even on trash day. For beginners, stay away from TVs and Microwave ovens (when you get some smarts they are full of good parts...). Don't discount kids toys; they can take you down the road of circuit bending! With these scenarios you won't feel bad if you break something that was broken, cheap or free. Explore! You own the hardware! Figure out what all those unknown little bits do by looking up spec sheets on the internet.

* Think of ways to make something better - You know all that crap, I mean valuable electronics, you just picked up? If something works, how would one of them be made better or how could it be made to do something else? For example, we picked up a "baby boom box" at a yard sale for a quarter. My daughter LOVES it, but it is loud, and doesn't have an off switch. See? Take it apart and add a (baby proof) switch to disconnect the positive battery lead, and add a potentiometer (variable resistor; sort of like a dimmer switch) in line with the positive speaker wire. When she's done with it in a few years, take another look at how you could have improved that design; instead of the potentiometer what about replacing an output resistor. This can get even more fun, as you can start circuit bending!

* Mind your voltages - ...and of course your positives and negatives. Don't swap them, and don't over power them (unless you read all about those power regulation chips). Making these mistakes is a great way to let the magic smoke out of your electronics. Double (even triple) check your wiring. With higher voltages (such as direct mains power), they can easily let the magic smoke out of you. Start small.

* Don't be afraid to follow in the footsteps of others - Read someone else's projects and recreate them, or in many lucky cases, build them from a kit. It is a great way to learn how to solder/desolder and learn the principles and about the parts. Learn from someone else's experience and mistakes and even improve on the design. Eventually your path will drift, and you'll be on your own road, even if it is just a slight deviation at first. Modify your kit!

* Learn to solder - Yeah, you had to figure that was coming. Also, learn to de-solder. Use all of those valuable electronics you picked up to practice both; you aren't learning on your project this way. Practice makes perfect! Yes, re-solder the pieces you just practiced removing. When you are done, you can even be left with a bunch of parts to use in another project, that are often worth more apart then the sum of the free/cheap whole. A great way to build an inventory of bits and wire.

* Start with the basics - Learn basic electronic principles; completing a circuit, switches, etc. Even though they are old, don't hesitate to use analog devices like 555 timers, transistors, capacitors, resistors and so on. Venture into microcontrollers such as Arudino and PICs as you get more comfortable. Learn how to read schematics - even the basics will take you along way.

Tools

You'll need a few things to get started of course. Start small. Go ahead and buy just what you need to work on your first project. See if you can borrow some from a friend (but return them!) for a bit. Certainly, try out the moderately priced soldering iron from Radio Shack to get started...

Here's what I find is most helpful:

* A multi-meter - I don't know how I missed this on the podcast, but this one is a must. Even a cheap digital one would be good. My Grandfather would suggest going analog to start in order to learn the basics and the tool itself.

* Dremel with grinding and cutoff wheels

* Drill press and bits, in a pinch, a hand drill (electric or otherwise) will work.

* Soldering station - I like Weller, but I have a generic. Variable temperature is best. Note, don't file down new, modern tips. They are caoted and filing ruins them.

* De-soldering iron. A "solder sucker" is Ok, but tends to be frustrating. De-soldering wick is good too.

* Small screwdrivers, jewelers screwdrivers, torx, and any other security screw bits. It is all about having the right tool for the job. This coming from a guy who just upgraded the hard drive in his MacBook Pro with a jewelers flat head screwdriver for phillips screws, and a filed down jewelers flat head to remove #25 Torx screws.

* Set of small metal files (for sharpening your cheap soldering iron, and filing down flathead screwdrivers.)

* A pair of "extra hands". A magnifying glass or head mounted loupe (both in conjunction with a good light source) is also a huge plus.

* Pliers and wire cutters are also a great idea. As are a pair of wire strippers (your teeth get tired after a while).

Reading/Websites

There is tons of info out there. Here are some of the places I learn and take inspiration from:

* Make - This is the mecca of all things hack. A little of everything, and they've really blown the doors off this thing for the whole community, making this info and reporting available for everyone.

* Hackaday - A daily dose of hacking goodness on all sorts of topics. Good brain food and they've recently started a series about all the piece parts.

* LadyAda - Limor Fried's website. Kits (at AdaFruit Industries), and general blog about electronics goodies.

* Citizen Engineer - A new video series on hardware hacking how-tos

* Nuts and Volts Magazine - Pure electronics projects that you can adapt the concepts to your own projects.

* Instructables - All sorts of step by step tutorials on all types of hacks, crafts and electronics.

INSECURE Magazine Issue 17 has been released for July 2008 and contains an article written by yours truly. I want to first give credit where credit is due to Charlie Vedda from the Packet Protector project, who was instrumental in putting some firmware together in order to make this project a reality. This is a project I have been tinkering with for quite some time and am excited to finally have it in print. Also, special thanks to Larry who helped me with some early versions of the project as well.

So, how do you build a "secure" wireless network on the cheap? (Note "secure" is in quotes, and I do the double finger quote thing when I say it too). Well, you'll just have to read the article I guess, but here's an excerpt:

"Many organizations are faced with the challenge of providing a “guest” wireless network. This network is intended to provide your guests, such as contractors, visiting faculty, patients, or training rooms, consultants, with wireless access to the network. In most cases guests will require access to the Internet, with little or no need to connect to your organizations private network. There are many ways to solve this problem, with the best being to purchase a separate Internet service and completely separate it from the rest of your network."

The article then goes on to tell how to build the network and various other security tips. This is based on many experiences I've had both attacking wireless networks and having to defend them, so I hope you can put it to good use!

Enjoy!

PaulDotCom