INSECURE Magazine Issue 17 has been released for July 2008 and contains an article written by yours truly. I want to first give credit where credit is due to Charlie Vedda from the Packet Protector project, who was instrumental in putting some firmware together in order to make this project a reality. This is a project I have been tinkering with for quite some time and am excited to finally have it in print. Also, special thanks to Larry who helped me with some early versions of the project as well.

So, how do you build a "secure" wireless network on the cheap? (Note "secure" is in quotes, and I do the double finger quote thing when I say it too). Well, you'll just have to read the article I guess, but here's an excerpt:

"Many organizations are faced with the challenge of providing a “guest” wireless network. This network is intended to provide your guests, such as contractors, visiting faculty, patients, or training rooms, consultants, with wireless access to the network. In most cases guests will require access to the Internet, with little or no need to connect to your organizations private network. There are many ways to solve this problem, with the best being to purchase a separate Internet service and completely separate it from the rest of your network."

The article then goes on to tell how to build the network and various other security tips. This is based on many experiences I've had both attacking wireless networks and having to defend them, so I hope you can put it to good use!

Enjoy!

PaulDotCom

All:

We are proud to announce that we've created our own Forums (http://forum.pauldotcom.com) for your enjoyment. Come there, register, post stuff, and be merry. Its a nice compliment to our Mailing List, and IRC Channel (#pauldotcom | irc.freenode.net), where you can come and be a part of the PaulDotCom community and talk security/geek/nerd stuff.

Cheers,

PaulDotCom

Born at 11:36AM on May 23, 2008, weighing in at 8 pounds and 1 ounce and measuring 19" Brayden Lee will be responsible for the hacking naked ad campaign:

Mom, baby, and dad are all going great, and working hard taking care of PaulDotCom 2.0 :) (Lots of tcpdumps and TCP/IPs).

Cheers,

PaulDotCom

Larry did a fantastic job with the Shmooball Cannon, it was featured on Make Magazine and Hack A Day. It was such a huge success that we produced a video detailing how it was made, including several takes of Paul getting shot:

This video will also be added to our video feed and our YouTube channel:

Video Feeds:

YouTube: PaulDotCom YouTube Channel.

Look for more videos to come!

PaulDotCom

Larry & I hosted our first Linux Installfest this past weekend, and it was a huge success. Everyone had fun, ate pizza, drank beer, and spun our propellers installing Linux and just being extra geeky for a day. I made a blog posting detailing the event (including pictures) which you can find here.

PaulDotCom

Over the past few months I've been contemplating a few projects for some WRTSL54GS routers with OpenWrt, however I really need these to have a high gain antenna on the WRTSL54GS. As you may recall, this model has a fixed antenna, with no option for adding one. I decided that I needed to fix that "design flaw".

Note: By adding various antennas to this device it may become possible to violate your local or federal regulations on output power. Be careful!

First off, we need to open the WRTSL54GS up. The screws are located under the rubber feet. Once apart, we need to de-solder the current, fixed antenna from the board. Follow the LMR cable from the antenna to the board, and de-solder both strands of the LMR from the board.

Once removed, the board should reveal two pads on which we need to solder our new connector.

Once de-soldered, we can remove the antenna from the case by pinching the end of the antenna on the inside of the connector. This will compress the size so that the outer locking ring will pass through the mount.

We need to make sure that we have an appropriate connector to attach a new antenna to. I happened to have scavenged parts from an old Linksys BEFSX series model. This old router had an internal PCMCIA card with two pigtails, one end with the standard RP-TNC antenna connector.

I removed the connector at the other end of the cable, as it is not important. I gave it a good pull, but certainly a pair of wire cutters will get the job done.

Strip the LMR cable back so that the inner and outer conductors are staggered. Match up the lengths that you need with the two pads to verify your length - the smaller inner conductor will be attached to the smaller pad on the board, while the outer conductor will be attached to the larger pad. Don't solder them together! This will create a short, and render your antenna inoperable, possibly even frying your router!

We also need to modify the case so that the external portion of the connector will fit through. My connector at the base was 3/4 of an inch, so I drilled a 3/4 inch hole into the edge of the case, right near the original connector.

Part of the selection of this location was so that it would still be at the top of the unit, and the board has a notch out of it at this location. The notch leaves a handy place to be able to fit the additional portion of the connector between the board and the edge of the case.

Once mounted, solder the LMR form our new connector to the board as described earlier. I utilized some electrical tape to maintain the bend in the LMR and to hold it down to the board. This allows me to have both hands free to solder!

Once complete we can reassemble our router and show off our new connector.

One of the nice features of using the RP-TNC connector is that we can reuse antennas from most of our other Linksys devices!

Have fun adding new antennas!

- Larry "haxorthematrix" Pesce

larry /at/ pauldotcom.com

I've just posted a how-to over at wrt54ghacks.com on adding a removable antenna to the WRTSL54GS versions 1.0 and 1.1. This modification will allow you to use all manner of antennas with RP-TNC connectors with your router.

Check out the posting here.

As always, comments are welcome.

- Larry "haxorthematrix" Pesce

larry /at/ pauldotcom.com

Technology is a wonderful thing, and I love nothing more than to experiment with it. As security professionals, its in our best interest, and the best interests of the organizations we set out to protect, to understand new technology and the implications for security. I truly believe that you cannot understand how to secure something until you've had some hands-on time using it. This is part of the reason why you will see us on many of the popular social networking sites such as Linkedin, Facebook, and even MySpace (I won't link to them, but you can find both myself and Larry on at least Linkedin and Facebook by our email addresses, see the Contact Page). The latest experimenting: you can now find me on Twitter (Larry too!). These are turning out to be some fairly useful networking tools, but present some risks and interesting attack scenarios.

For example, recently Twitter added the ability to send updates to Twitter, and receive updates from the people you are "following" via Jabber. This is very handy, "TWITTER" just shows up as another entry in your buddy list. To update your own Twitter page, just send the text to the "TWITTER" buddy. When someone you follow makes an update, Twitter sends it as a Jabber IM message back to you. You can do the same thing with SMS text messages. The danger? This allows me to put content in one place, and using the Twitter network, push it to potentially thousands of people automatically! This means if you can send some sort of exploit, or even a link to an exploit, and post it to people's twitter accounts, it gets sent to a potential wide audience. This sounds like the Smurf 2.0 attack to me (sorry, I couldn't resist). You would of course need to hijack someone's twitter account, or discover an XSS in the twitter web site, or some sort of authentication bypass. However, one of those vulnerabilities in the Twitter system could be extremely damaging due to the nature of the Twitter network. Not only do you have the ability to send malicious content to people's browsers, but you can also send exploits to Jabber clients and people's cell phones, all by just posting small amounts of content to one person's Twitter page!

Ah, but you say, what are the chances of this type of vulnerability? Nitesh Dhajani already found one.... This vulnerability allowed anyone who knows your phone number to essentially hijack your Twitter page. I was surprised not to see this exploited in the wild.

All:

In collabortation with SNENUG (The Southern New England Network Users Group), OSHEAN, and PaulDotCom, we are proud to bring you a good 'ole fashion Linux installfest! Got an old PC hanging around? Bring it by! Got a dusty old ipod or wireless router? Come get help with installing Linux, a free operating system that is fun to learn and hack with.

Members of PaulDotCom (Larry and Myself), in addition to some other Linux "gurus" will be at OSHEAN for a full day on Saturday April 5, 2008 to assist people installing Linux.

For more information and to register for this event click here.

I hope to see you all there (however seating is limited so be certain to register at the link above).

Cheers,

Paul

All:

We have created a promotion video for the SANS course I authored called "SEC535 - Network Security Projects Using Hacked Wireless Routers":

Sign up for this course today:

SANS Orlando (Comes with your very own copy of Linksys WRT54G Ultimate Hacking by Paul Asadoorian and Larry Pesce!

If you are interested in this course and cannot attend the Orlando conference please contact me (paul /at/ pauldotcom.com) for more information.

PaulDotCom