Geek « Whipped Cream Difficulties

Archive for the ‘Geek’ Category

More on Blue Hydra.

Sunday, August 7th, 2016

Earlier, I wrote “It runs! It works! Mostly. Kind of.”

I’ve been banging on Blue Hydra in my spare time since Thursday, and I stand by that statement. Here’s what I’ve run into so far.

The README is pretty clear, and I didn’t have any problems installing the required packages. (I don’t have an Ubertooth, so I skipped that one. We’ll come back to the Ubertooth later.)

First problem, which was actually very tiny: I know next to nothing about Ruby, other than that cartoon foxes are somehow involved, so the phrase “With ruby installed add the bundler gem” was more like “I don’t speak your crazy moon language”. Google cleared that up pretty quickly: the magic words are gem install bundler.

Next problem: running bundle install resulted in an error stating that it couldn’t find the Ruby header files. It turns out that, while my Ubuntu installation had Ruby 2.1 installed, it didn’t have the ruby-dev package installed. sudo apt-get install ruby-dev fixed that issue.

Next problem: the SQLIte Ruby gem failed to install when I ran bundle install. It turns out that I also needed the sqlite3-dev package as well. And with that installed, the bundle built, and I could do ./bin/blue_hydra.

Which gave an error stating that it didn’t have permissions to open a handle for write. Okay, let’s try sudo ./bin/blue_hydra (because I always run code from strangers as root on my machine; everyone knows strangers have the best candy). And that actually worked: Blue Hydra launched and ran just fine. In fairness, this may be a configuration issue on my machine, and not an issue with the software itself.

In playing with it, I’ve found that it does what it claims to do. Sort of. It’s been able to detect devices in my small lab environment with Bluetooth discovery turned off, which is impressive. I also like the fact that it stores data into an SQLite database; other Bluetooth scanning tools I’ve played with didn’t do that.

However, it seems to take a while to detect my iPhone; in some instances, it doesn’t detect it at all until I go into Settings->Bluetooth. Once I’m in the Bluetooth settings, even if I don’t make a change, Blue Hydra seems to pick up the iPhone. Blue Hydra also has totally failed to detect another smart phone in my small lab environment (and I have verified that Bluetooth was both on and set to discoverable.)

Now, to be fair, there may be some other things going on:

I’ve also observed previously that Bluetooth under Ubuntu 15.10 didn’t work very well. At all. So at one point on Saturday, just for giggles, I upgraded Project e to Ubuntu 16.01.1 LTS. And shockingly (at least for me) Bluetooth works much much better. As in, I can actually pair my phone with Ubuntu and do other Bluetooth related stuff that didn’t work with 15.10. That seems to have mitigated the discovery issues I was seeing with Blue Hydra a little, but not as much as I would have liked. (Edited to add 8/8: Forgot to mention: after I upgraded, I did have to rerun bundle install to get Blue Hydra working again. But the second time, it ran without incident or error, and Blue Hydra worked immediately aftewards (though it still required root).)
I was using the Asus built-in Bluetooth adapter in my testing. Also just for giggles, I switched Blue Hydra to use an external USB adapter as well. That didn’t seem to make a difference.
In fairness, Blue Hydra may be designed to work best with an Ubertooth One. The temptation is great to pick one of those up. It is also tempting to pick up a BCM20702A0 based external adapter (like this one) partly to see if that works better, partly because I don’t have a Bluetooth LE compatible adapter (and this one is cheap) and partly because the Bluetooth lock stuff is based on that adapter. (Edited to add 8/8: I’m also tempted by this Sena UD100 adapter. It is a little more expensive, but also high power and has a SMA antenna connector. That could be useful.)
It may also be that I have an unreasonable expectation. Project e is seven years old at this point, and, while it still runs Ubuntu reasonably well, I do feel some slowness. Also, I think the battery life is slipping, and I’m not sure if replacements are available. I’ve been thinking off and on about replacing it with something gently used from Discount Electronics: something like a Core i5 or Core i7 machine with USB3 and a GPU that will work with hashcat. Maybe. We’ll see. Point is, some of my issues may just be “limits of old hardware” rather than bugs.
And who knows? There may very well be some bugs that get fixed after DEFCON.

tl, dr: Blue Hydra is nice, but I’m not yet convinced it is the second coming of Christ that I’ve been waiting for.

Posted in Apple, Bluetooth, DEFCON 24, Geek, linux, Nokia, project_e, Radio, Ruby | 4 Comments »

DEFCON 24: August 7, 2016 updates.

Sunday, August 7th, 2016

The presentations on the conference CD are here, if you’re looking for something specific that I didn’t mention. I’m still going to try to provide links to individual presenters and their sites, simply because I believe those are the most recent and best updated ones. Just to be clear, I’m not trying to rip off anyone else’s work, which is why I link directly. I want to provide myself (and possibly other interested folks) with one-stop shopping for the latest versions of the things I’m most interested in.

Sean Metcalf’s “Beyond the MCSE: Red Teaming Active Directory” isn’t up yet, but it will be here when he gets around to it. (This isn’t a shot at him; if I was in Vegas right now, uploading my presentation would be the last thing on my mind, too.) That site does have his Black Hat presentation, “Beyond the MCSE: Active Directory for the Security Professional”.
Haven’t found an updated copy of Master Chen’s “Weaponize Your Feature Codes” presentation yet, but the GitHub repo with his code is here.
The slides for Joe Grand and Joe FitzPatrick’s “101 Ways to Brick your Hardware” are up on the Grand Idea Studio website.
And the slides for “BSODomizer HD: A Mischievous FPGA and HDMI Platform for the (M)asses” are also on the Grand Idea Studio website.
The material from the Six_Volts/Haystack “Cheap Tools for Hacking Heavy Trucks” presentation will be here within a week of the conference, according to the presenters. Here. Shake hands with danger.
The GitHub repo with the slides and the code from the Anthony Rose and Ben Ramsey “Picking Bluetooth Low Energy Locks from a Quarter Mile Away” talk is here.
Here are the slides and the whitepaper from Marc Newlin‘s “MouseJack: Injecting Keystrokes into Wireless Mice”.
The slides from the Rogan Dawes and Dominic White “Universal Serial aBUSe: Remote Physical Access Attacks” will be here eventually, according to the presenters, and the tools will be here (ditto).

This takes us into today. I’ve been at this for about an hour and a half now. I’m not proud. Or tired. But I do have some other things I want to do, and I think it is a bit early to expect Sunday presentations to be up. I’ll end this one for now, and see if I can do another update tomorrow. Also, I want to do a further write-up on Blue Hydra, possibly tonight, maybe tomorrow as well.
If you are a presenter who’d like to provide a link to your talk (even if it is one I didn’t specifically call out) or you have other comments or questions, please feel free to comment here or send an email to stainles [at] sportsfirings.com.

Posted in Bluetooth, DEFCON 24, Geek, Radio | Comments Closed

DEFCON 24 notes: Hail Hydra!

Thursday, August 4th, 2016

GitHub repository for Blue Hydra.

I’m jumping the gun a little, as the presentation is still a few hours away, but I wanted to bookmark this for personal reference as well as the enjoyment and edification of my readers.

Edited to add: quick update. Holy jumping mother o’ God in a side-car with chocolate jimmies and a lobster bib! It runs! It works! Mostly. Kind of.

If I get a chance, I’ll try to write up the steps I had to follow tomorrow. Yes, this blog is my personal Wiki: also, while the instructions in the README are actually pretty good, I ran into a few dependency issues that were not mentioned, but are documented on Stack Overflow.

Posted in Bluetooth, Bookmarks, DEFCON 24, Geek, linux, Radio | Comments Closed

DEFCON 24: 0-day notes.

Wednesday, August 3rd, 2016

Another year observing DEFCON remotely. Maybe next year, if I get lucky, or the year after that.

The schedule is here. If I were going, what would I go to? What gets me excited? What do I think you should look for if you are lucky enough to go?

(As a side note, one of my cow-orkers was lucky enough to get a company paid trip to Black Hat this year. I’m hoping he’ll let me make archival copies of the handouts.)

(more…)

Posted in Android, Apple, Bluetooth, Books, DEFCON 24, Geek, Phones, Radio | 2 Comments »

Obit watch: August 2, 2016.

Tuesday, August 2nd, 2016

Seymour Papert. NYT. MIT A/I Lab.

I never met him, but as a very young person with my first computer, Papert’s work, especially with LOGO, was a huge influence on my thinking.

Posted in Geek, Obits | Comments Closed

Memo from the sentencing desk.

Tuesday, July 19th, 2016

Remember Christopher Correa, the St. Louis Cardinals “director of baseball development” who plead guilty to hacking the Houston Astros player database? (Previously.)

46 months in prison. $279,038 in restitution.

In other news, Former LA County Sheriff Lee Baca was supposed to be sentenced yesterday. The former sheriff, as you may recall, plead guilty to lying to federal investigators. He had agreed to take a plea, and the prosecution, in turn, had agreed to seek a sentence somewhere between probation and a maximum of six months in prison.

Yesterday, the judge in the case threw out the plea agreement.

Six months in prison for the man who ran the Sheriff’s Department “would not address the gross abuse of the public’s trust … including the need to restore the public’s trust in law enforcement and the criminal justice system,” Anderson said.

…

Baca must now choose among several unappealing options. He could go ahead with the sentencing and accept whatever punishment Anderson has in mind. He could withdraw his guilty plea and go to trial, taking his chances with whatever charges the government might decide to bring. He could negotiate a new deal with federal prosecutors for a longer sentence that the judge would find more acceptable.

Former sheriff Baca has also been diagnosed as having Alzheimer’s disease, which may be one reason why the prosecution was so willing to agree to a relatively light sentence; if his condition gets worse, he may not be competent to participate in his defense, which could result in any trial being delayed.

Posted in California Über Alles, Geek, Law, Sports | 1 Comment »

Dallas.

Friday, July 8th, 2016

I went to bed pretty early last night (after a frustrating attempt to deal with Wells Fargo) and didn’t find out what was going on until 5 AM this morning. (Great and good friend of the blog RoadRich texted and emailed us, but we were sound asleep when things started breaking.)

I really haven’t even had a chance to look at the news yet, and don’t have any profound thoughts. But I wanted to get something up. Consider this an open thread for discussion and updates.

Dallas Morning News coverage.

Please keep in mind:

It is a sad state of things where I have to post this nearly daily. #DallasPoliceShooting pic.twitter.com/pFyWhgtyOB

— Stephen Kiskamp (@skiskamp) July 8, 2016

In a semi-related vein, this is an interesting thread from Reason’s “Hit and Run”. Part of my answer to this is: the author is asking this question less than 24 hours after the incident took place. All the facts were not in, and probably still are not in even now. Why should the NRA (or any other organization) be making public statements until we have all the facts?

Edited to add: Been tied up. Apologies. The reports I’m seeing now pretty much all state that the dead gunman was killed by a breaching charge attached to a police robot. The temptation is great to make Asimov jokes, but the situation is too serious, so I’ll just link to this Statesman article which quotes the “executive director of a nationally recognized police active-shooter training facility in San Marcos” as stating it was “unprecedented but perfectly legal.”

Posted in Cops, Explosives, Geek, Guns, Law, Politics, Texas | Comments Closed

My latest million dollar idea…

Wednesday, June 22nd, 2016

An all-natural, organic, made from renewable resources, energy drink.

The main ingredients will be the livers of polar bears, walruses, and moose. Possibly in a suspension of cod liver oil, with natural flavorings to make it a little more palatable.

Posted in Food, Geek, Mammals | Comments Closed

Random notes, philosophical asides, bookmarks, endorsements, and other things.

Tuesday, June 21st, 2016

Some things I think are interesting, some I want to bookmark, some I want to plug, something for everyone, a comedy tonight! I am going to try to put these in some kind of rough topic order…

“Introduction to GPU Password Cracking: Owning the LinkedIn Password Dump”.

I Sea, “a mobile app that claimed to help users locate refugees adrift at sea”, appears to be a complete fraud.

The developers swapped information, including screen shots of a static image and a weather tool that one person claimed was used to mislead users into thinking they were looking at live images of the sea. Others noted that the app had been coded to tell users that their login credentials were invalid.

Bonus: the NYT mentions my third favorite security blogger, @SwiftOnSecurity. (Sorry, SecuriTay, but I’ve had my photo taken with the Krebster, and I know Borepatch. Third is still good enough for a medal, if this was the Olympics.)

And it isn’t just that the coding is screwy: PopSci makes a pretty strong argument that what I Sea claims to do is physically and logistically impossible.

To provide images of 1 percent of the total area of the Mediterranean would run over $1 million. And that’s just for one set of still photos. If the app were to provide up-to-date imaging, as it claims, the images would need to be refreshed regularly, at $1 million each time. And that cost is for unprocessed data, Romeijn says. Processing will cost more, as will the licensing fees required to make those images available to the public.

And those satellites make one pass a day, so you’re not getting “real-time” imaging, no way, no how.

The Oakland PD mess, summarized. Yes, I’m linking to an anonymous person on Facebook, but much of the information in this summary has already been reported in the media: this is more of a handy round-up if you haven’t been following this mess from the start. (Hattip: Popehat on the Twitter.)

And speaking of Popehat: the guys get shirts! Women, too. I just ordered mine: not only is $23 very reasonable for a shirt these days, and not only do I like Popehat, but I think Cotton Bureau does good stuff. (You may remember them from the BatLabels “Henchman” shirts, which are back in print! Hoorah!)

Flaming hyena #32: Democratic congressman Chaka Fattah.

In addition to racketeering conspiracy, Fattah was found guilty of bribery, bank fraud, mail fraud, money laundering, making false statements to a financial institution, and falsification of records.

A bunch of other folks took the fall with him, including Herbert Vederman:

Through cash payments to the congressman’s children, college tuition payments for his au pair and $18,000 given to help purchase a vacation home in the Poconos, prosecutors said, Vederman bought Fattah’s support in seeking appointment by the Obama White House to an ambassadorship.

(Hattip on this one to Mike the Musicologist.)

Prominent (well, in Chicago, anyway) Chicago journalist Neil Steinberg decides to pull the old “look how easy it is to buy an assault rifle” trick. So he goes to a gun store…

…and they deny his purchase because he’s a drunken wife-beater. (I have seen other versions of this story that state BATF first issued a “delay”, then a “deny” (BATF doesn’t have to give a reason for “deny”), Steinberg threatened to write that they were “denying” his purchase because he was a journalist, and the gun shop then decided to point out that he was a drunken wife-beater. However, this version seems to me to be to be the best sourced, and it doesn’t mention any BATF verdict.)

But at least he had the good taste to go with a Smith and Wesson M&P 15.

Posted in Bookmarks, Clippings, Clothing, Endorsements, Geek, Guns, Law, Politics, Shirts, Theatre | Comments Closed

Random thought.

Friday, May 27th, 2016

Is there a use case for a shot timer app for an Apple Watch?

I’m aware of existing ones for the iPhone; I’m just wondering if having the same information, or a subset, available on your wrist – probably linked to your phone – is something that people would find useful?

Posted in Apple, Geek, Guns | Comments Closed

Obit watch: May 12, 2016.

Thursday, May 12th, 2016

Jok Church, creator of the “You Can With Beakman & Jax” comic and the “Beakman’s World” television show.

I know a lot of people who loved “Beakman’s World” and anybody who teaches science to children is doing the lords work, as far as I’m concerned. Thing I didn’t know: Church was also Christo’s webmaster.

Mark Lane, noted JFK assassination conspiracy theorist.

Posted in Art, Christo, Geek, History, TV | Comments Closed

Obit watch: April 22, 2016.

Friday, April 22nd, 2016

Your Prince obit round-up: NYT. Star-Tribune. LAT coverage. WP.

“Poor Lonely Computer: Prince’s Misunderstood Relationship With The Internet” from NPR.

I feel much the same way about Prince as I did about Bowie. I wouldn’t call myself a fan, I never saw him live, but thinking back on it, he turned out a lot of music I like. “1999”. “Little Red Corvette”. “When Doves Cry”. “Let’s Go Crazy”. And every now and then, I’ve been known to spontaneously start singing “She wore a raspberry beret, the kind you find in a second-hand store…” much to the annoyance of my cow-orkers.

And I didn’t realize it until yesterday, but he actually wrote “Manic Monday”.

Also among the dead, according to the A/V Club: Richard Lyons, co-founder of Negativland.

Posted in Clippings, Geek, Music, Obits | Comments Closed

Whipped Cream Difficulties

Archive for the ‘Geek’ Category

More on Blue Hydra.

DEFCON 24: August 7, 2016 updates.

DEFCON 24 notes: Hail Hydra!

DEFCON 24: 0-day notes.

Obit watch: August 2, 2016.

Memo from the sentencing desk.

Dallas.

My latest million dollar idea…

Random notes, philosophical asides, bookmarks, endorsements, and other things.

Random thought.

Obit watch: May 12, 2016.

Obit watch: April 22, 2016.

Pages

Happy Amazon Fun Time!

Archives

Categories

Blogroll

BugMeNot

Firearms Reference

People who deserve your support.

Poetry

Reference

RIP

Twitter

Twitter Catholico

Webcomics I Like (without reservation)

Meta

November 2024
M	T	W	T	F	S	S
« Oct
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30