Archive for the ‘Radio’ Category

Newer Entries »

DEFCON 18 notes: Day 1.

Sunday, August 1st, 2010

I’m running a little behind, between running around with Andrew and Mike the Musicologist, and some technical issues (DEFCON 18 has a secure wireless network, but it hasn’t been stable), but I’ll post updates when I can. I’ll also add links to the presentations as they go live, or as I find them. If you have questions, I’m willing to try to answer them, but I’d suggest you email the presenter first. If you are a presenter who wants to respond to my comments, I welcome that.

“Build a Lie Detector/Beat a Lie Detector”: This was the first presentation I attended; it was a pretty awful one. The presenters started 15 minutes late and opened with a crappy rap performance (differing tastes in music, fine, but when you’re running 15 minutes behind schedule, the rap should be the first thing to go). Once they actually got going, they spent too much time on a general history of justice systems and of the polygraph. When they did finally get to the technical aspects of their presentation, it amounted to “Oh, yeah, we built this lie detector based on this paper these other guys posted” (with, to be fair, some minor modifications). I walked out of this presentation before the end, which is something I rarely do at DEFCON.

Build your own UAV 2.0 – Wireless Mayhem from the Heavens!“: On the other hand, Renderman and his partner did an excellent job with this one And not just because they played “Thunderstruck” before the presentation started (playing music is okay, even if I don’t like your choice of music (and I like “Thunderstruck”), as long as you start on time), or because they started on time, or because they actually had video of their UAV launching rockets. (Edited to add 8/10/2010: added link to DEFCON 18 slides and video on Gremlin’s website.)

Key takeaways for me from this one:

  • You have two choices for stabilization systems. Thermopile based systems work in the infrared range and are very cheap, but have problems in certain weather conditions. Inertial based systems are more expensive, but offer all-weather capability, and are rapidly coming down in price.
  • Arduino based control systems dominate at the moment, but there’s some interest in developing systems based on the Beagle Board.
  • There’s off the shelf Zigbee based hardware that can easily be used for telemetry, and offers a 10-12 mile range.
  • You can get cheap and decent video out of board cameras, but transmitting video is a harder problem; for good range, you need to work on frequencies that require an amateur license.
  • GPS systems with a 10 Hz refresh rate are down to $80 or so. Most of the GPS systems I’ve dealt with have a 1 Hz refresh rate, which isn’t good enough for UAV use; it was news to me that faster systems are that cheap now.
  • Foam airframes are cheap and easy to repair.
  • Practical UAV applications, other than launching rockets; warflying with kismet, communications relay (imagine a UAV that could hover on station and serve as a repeater in areas of poor radio coverage), search and rescue (imagine a UAV that could survey a wide area looking for signs of a lost hiker, or recon an area where a search and rescue beacon was picked up), and post-disaster recon. I hadn’t thought much about that last one, but now that Renderman’s brought it up, I find that exciting. The theory here is: you send your UAV into areas that your disaster relief staff haven’t physically visited, and it returns good quality imaging of exactly what the damage is and how accessible the area is (have the roads collapsed? Are they under water?). From that, you can develop priorities (damage in this area doesn’t look too bad, we can hold off for a day; these people look like they need immediate help) and plans to get needed resources into the area.

“Exploiting Digital Cameras”: Another solid presentation. Basically, Isacson and Ortega did some clever banging on the firmware of the Canon Powershot series of cameras, found that these cameras have an embedded interpreter, documented that interpreter, and developed some simple exploits using it. The exploits are somewhat limited; you can’t launch malware on an attached computer, for example, but you can do things like turn on the microphone, display arbitrary images on the camera, and modify EXIF data.

“DCFluX in: Moon-bouncer”: A decent presentation on the theory and practice of radio communication using moon-bouncing, satellites, and other methods. I’m going to gloss over the details of his talk and refer you to the presentation when it goes up, as there was a great deal of technical information in it related to historical and amateur radio usage; I’m not sure the majority of my readers are that interested in ham radio, and those who are would be better served getting their information from the source.

Black Ops Of Fundamental Defense: Web Edition“: So here’s a high-level summary of Kaminsky’s talk. Now that the DNS root certificates are digitally signed, we have the ability to use DNSSEC and the Domain Keys Infrastructure (DKI) to do all kinds of cool stuff, including end-to-end email authentication (so you can be sure that the email you got from Bank of America is actually from Bank of America, and not from some random Nigerian), and to do these things in a scalable way.

Kaminsky’s new company, Recursion Ventures, is building (and plans to release shortly) a set of tools that will allow for the easy deployment of DNSSEC. Kaminsky also gave a brief overview of how DNSSEC works, and touched on a few interesting points related to his research. (For example, not only is it possible to run DNS over HTTP, but Kamisky’s figures show performance over HTTP is actually better than normal DNS.)

(Edited to add 2: The link above goes to a page on Recursion Ventures web site where you can view the slides from Kamisky’s version of this talk at Black Hat 2010. I did not see the Black Hat version of this talk; I do not believe the DEFCON 18 version was significantly different. It may have been shorter, and there is some Black Hat specific material in those slides. Also, I’m aware the actual title (“Black Ops of Fundamental Defense: Introducing the Domain Key Infrastructure”) differs from the title in the DEFCON 18 schedule; I chose to stick with the DEFCON title to make cross-referencing easier.)

Edited to add: I’m sorry if anyone is disappointed, but I did not go to the “Weaponizing Lady GaGa, Psychosonic Attacks” panel.

Posted in DEFCON 18, Geek, Music, Photography, Planes, Radio | 3 Comments »

0 Day DEFCON 18 notes.

Thursday, July 29th, 2010

This year, I got in on Wednesday, which reduced the stress level considerably. Mike the Musicologist met me here; Andrew “Swordfish Trombone” Wimsatt is flying in tonight.

Mike and I had a pretty good (and cheap!) dinner Wednesday night at Four Kegs, which some of you may recognize from “Diners,  Drive-Ins, and Dives“.

DEFCON 18 panels that I may, or may not, attend, but will point out for Lawrence‘s benefit:

Weaponizing Lady Gaga, Psychosonic Attacks

I’ve already missed the “Hardware Black Magic: Designing Printed Circuit Boards” and “Go Go Gadget Python: Introduction to Hardware Hacking” panels, but I figure most of the information from those is on the DEFCON 18 CD.

Panels I want to attend:

I’m torn between the annual “Making of the Badge” panel, and the “How To Get Your FBI File (and Other Information You Want From the Federal Government)” panel. If I do get moving that early, I suspect I’ll end up at the latter one.

Build a Lie Detector/Beat a Lie Detector“. My desire to attend this is mostly based on nostalgia. When I was a young boy, my dad gave me several of the Radio Shack 50-in-1/100-in-1/250-in-1 electronic kits for Christmas. One of the projects in those was always a lie detector, and I always built that project.

Build your own UAV 2.0 – Wireless Mayhem from the Heavens!” How could anyone not go to that panel?

Exploiting Digital Cameras“. Another panel that seems designed to push multiple buttons on my user interface at once.

DCFluX in: Moon-bouncer“. Looks like it could be a fun panel on alternative methods of communication in a critical situation, like moon-bounce (something I’ve heard of from the amateur radio community).

Black Ops Of Fundamental Defense: Web Edition“. Dan Kaminsky. Again, enough said.

Extreme Range RFID Tracking“. I haven’t gotten that deep into RFID hacking yet (though I might change that this year), but I’m interested in this long-range low-power radio device stuff. Also, this is one of two Padget talks I want to see.

Jackpotting Automated Teller Machines Redux” The Black Hat version of this talk is already getting a lot of attention.

I’m having trouble deciding between “This Needs to be Fixed, and Other Jokes in Commit Statements“, which sounds like it could be very funny, and “Insecurity Engineering of Physical Security Systems: Locks, Lies, and Videotape“; I have a lot of respect for Tobias’ work.

Practical Cellphone Spying” is the other Padget talk I want to see.

We Don’t Need No Stinkin’ Badges: Hacking Electronic Door Access Controllers“: besides the title reference, this might make good background for that novel. I’m also considering “Wardriving the Smart Grid: Practical Approaches to Attacking Utility Packet Radios” as another possibility; I’d really like to see both.

Physical Security : You’re Doing It Wrong!” Well, if he’s going to talk about how to get vendors to take you to lunch, sure!

Physical Computing, Virtual Security: Adding the Arduino Microcontroller Development Environment to Your Security Toolbox“. I’ve been thinking about getting into microcontroller hacking, and this seems like it might be a good introduction to the Arduino (which is one of the environments I’ve considered).

Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device – URFUKED” and “Programmable HID USB Keystroke Dongle: Using the Teensy as a Pen Testing Device“: it sounds like there could be a lot of overlap between these two panels.

The Search for Perfect Handcuffs… and the Perfect Handcuff Key“. You never know when you might need to get out of a pair of handcuffs…

I haven’t decided between “Attack the Key, Own the Lock“, which sounds like it may be a rehash of some panels at previous DEFCONs, and “Constricting the Web: Offensive Python for Web Hackers“, which pushes the Python button.

Electronic Weaponry or How to Rule the World While Shopping at Radio Shack“. Not a lot of information on the DEFCON site; I’ll probably go and leave if I get bored.

Breaking Bluetooth By Being Bored“. I’m fascinated by Bluetooth attacks, so this is a must-see for me.

Panels I won’t be attending:

Getting Root: Remote Viewing, Non-local Consciousness, Big Picture Hacking, and Knowing Who You Are“. The usual hippie horse-pucky.

Any suggestions from anyone else who may be attending? Or presenting? Or wanted to go, but couldn’t?

Posted in Bluetooth, DEFCON 18, Food, Geek, Photography, Python, Radio | 1 Comment »

Miscellaneous crap.

Wednesday, June 30th, 2010

The City of Austin has flushed the low-flow toilet rebate program. However, you can still get a free low-flow toilet: you just have to fill out an application and, if you’re approved, pick up your toilet from an approved toilet vendor.

The 2010 Bulwer-Lytton contest results are out.

Edited to add 1: Oh, what the heck. By way of Ace of Spades, a WP review of the greatest concert ever. Where “greatest concert ever” is defined as “complete disaster”.

Edited to add 2: Derek Lowe has a new post up in the “How Not To Do It” series. It appears that a lab at the University of Missouri underwent explosive renovations after some hydrogen and oxygen got together for a hot date. Photos of the aftermath at the link.

Edited to add 3: The HouChron has interrupted their “WE’RE ALL GOING TO DIE!” watch to let us know that Dr. Demento is ending his radio show. Why, yes, this is the same story that Slashdot and Lawrence brought you almost a month ago.

Edited to add 4: As I’ve noted in the past, my newspaper reading during the weekends can be spotty. So I missed this Ben Wear article in the Statesman about the MetroRail ridership figures. (Hattip: Blue Dot Blues, by way of Battleswarm.)

Edited to add 5: Headline from the HouChron: “Dear Abby says what to do when grandma spoils the kids”. Somehow, I suspect Dear Abby’s answer does not involve a Taser.

Speaking of Popehat, I think this is a great post by Patrick, but I’m a very bad person; whenever I read the phrase “Res Ipsa Loquitur”, all I can think of is “Ipsa this, you p—y little b—h!

Posted in Clippings, Explosives, Geek, Guns, Law, Music, Politics, Radio, TV, Writing | Comments Closed

The Hidden World of Girls.

Monday, June 14th, 2010

I’m a day late and a few bucks short on this (somehow I missed it the first time around) but I did want to put up a link to this story from NPR’s “The Hidden World of Girls” project, featuring my friend Pat Cadigan.

(Lawrence and I discussed this: I get the Pat Cadigan beat, he gets the giant spider beat. Seems like a fair split to me.)

Posted in Books, Clippings, Music, Radio | Comments Closed

Radio, radio.

Sunday, March 28th, 2010

I wanted to call out this James Rainey column in the LAT, about LA’s Pacifica affiliate, KPFK, and the infighting there.

There’s two money quotes in this piece, both of them talking about early evening host Ian Masters:

He also has been outspoken in rejecting KPFK programming, and especially fundraising, that he sees as increasingly taken over by fear-mongering and conspiracy theories, like the 9/11 “truther” movement. In a speech a few months ago at All Saints Episcopal Church in Pasadena, Masters derided fund drives that he said recommend “communing with extraterrestrials and munching mung beans and colonic irrigation and drinking liquid silver and not immunizing your kids is the way to a more sustainable and spiritual Pacifica.”

The other quote:

“It seems to me,” one member of the vanguard wrote last year, “that Ian Masters does not believe the United States is really that bad.”

Posted in Clippings, Media, Radio | Comments Closed

Project updates.

Monday, November 9th, 2009

Project e update: I took the machine up to 2GB of memory earlier this week; it turned out to be much harder than I expected, mostly because getting the memory access door off the machine took more effort than I expected.

I just finished doing a clean install of Ubuntu 9.10 on Project e; I went the clean install route, instead of doing an upgrade in place, because there were some things I wanted to clean out, and I didn’t really have a whole lot invested in the current system. (However, I didn’t re-partition and blow away /home.) So far, wireless seems much more stable; no connection drops yet. Ethernet just works, straight out of the box (no loading of modules) and Bluetooth seems to work as well, modulo some flakiness in listing devices.

This install also took more effort, and more time, than I expected. However, much of that was my fault; the process for creating USB install disks changed from 9.04 to 9.10, and the instructions on the Ubuntu website are not clear on how to do that under OS X. I ended up having to move the 9.10 ISO over to the netbook and use the USB startup disk creator to make a bootable flash drive. I don’t see this as an Ubuntu problem as much as a “thought I knew what I was doing, should have read the docs first” problem.

Question: does anyone know of a good Karmic-compatible eeePC tray utility, now that eeepc-tray has been end of lifed?

6.00 update: I’ve been tied up dealing with some personal issues that I don’t want to go into here (for reasons of other people’s privacy) and haven’t had as much time as I would like to work on this. I’ve gone through all of lecture 2, and I’m hoping to knock out the assignment and move on to lecture 3 this week.

School: Registered for CSYS 4334, “Implementing Information Systems In Organizations” (in other words, more SQL Server 2005) and CSYS 4330, “Advanced Networking/Network Security” next semester. That second one should be fun.

Posted in asus_eee, Bluetooth, Lazyweb, linux, netbook, project_e, Radio, School, WiFi | 1 Comment »

Project e: Part 2: The Ubuntuing

Sunday, August 23rd, 2009

Before I begin, a couple of notes:

First, I’d like to publicly acknowledge D. D. Tannenbaum as the first person to actually leave a real substantive comment on Whipped Cream Difficulties. (There was one spam comment before his, which I guess makes some sort of pathetic statement about the state of the Internet.) Thank you, sir.

Second, another size comparison:

IMG_0334 (Modified)

That’s my (somewhat beat up, as I’ve been toting it for a while) copy of Learning Python, 3rd Edition. As you can see, the eee is only slightly larger than the book; you can’t see this in the photo, but it is substantially thinner. I wanted to get a weight comparison between the two as well, but I don’t have a scale that will work well for that purpose; manufacturer’s quoted weight for the eee is 2.9 pounds.

On to The Ubuntuing.

(more…)

Posted in asus_eee, Bluetooth, CompScI, Endorsements, Geek, linux, netbook, Nokia, project_e, Radio, Thanks, WiFi | Comments Closed

Project e: Part 1, the unboxing

Friday, August 14th, 2009

I’ve been wanting a netbook for a while now.

Why?

It isn’t because I’m unhappy with my MacBook; I love the MacBook (especially now that I’ve taken it up to 4 GB). I love it so much that the MacBook has almost become my primary desktop machine (pushing the beige G3 down on the stack; I’m now mostly using that for word processing and updating the SDC pages). Because the MacBook has become more of a primary machine, disconnecting everything to take it on the road has become an increasingly unattractive proposition.

What about the Nokia N800? Nice machine, very handy, very useful for checking email and some web browsing. Also great for running Maemo Mapper. But the N800 has been discontinued; while there’s a pretty active open source community right now, I don’t know how well that’s going to hold up in the future. Doing LINUX development on it is possible, but painful. And I’m getting to the point where I have trouble seeing the screen unless I zoom to 120% or 150%; doing that often messes up rendering in the browser.

What I wanted was a mid-size machine that I could use as a dedicated LINUX box, with a reasonably sized display, to do various things on:

  • sharpen my LINUX skills
  • penetration testing
  • Wi-fi hacking
  • learning Python
  • brushing up on my Perl, which has become rusty.

What I really wanted was one of the ASUS Eee PC 901 machines; the solid-state drive, form factor, and pre-installed LINUX were pretty attractive. But by the time I got ready to act, these machines had more or less vanished.

“Life is compromise”, said the Buddha. Or, if he didn’t, he should have. After the jump…

(more…)

Posted in asus_eee, Bluetooth, CompScI, Geek, linux, netbook, Nokia, project_e, Radio | 2 Comments »

DEFCON notes: Day 2

Monday, August 3rd, 2009

Saturday was a little calmer than Friday from my perspective. Part of the reason for that may have been Adam Savage‘s talk (and the meet and greet afterwards) took a lot of folks out of circulation for two or three hours. (I didn’t go.)

More quick takes:

“Hacker vs. Disasters Large & Small”: Michael Schearer, who did the first part of the presentation, also did the Hacker In Iraq presentation. As a Naval officer, he went through SERE school, so he’s got some hands-on survival experience which makes him worth paying attention to. Schearer’s part of the presentation basically covered short-term wilderness survival (as in, “I’m cold and there are wolves after me.“) and was more practical. Renderman’s half of the presentation was a more long-term, “How do we survive and rebuild society after the Big One?”, philosophical presentation. (Edited to add: links to the final versions of the slides; Part 1, Part 2.)
Key takeaways:

  • “Hacker skills are largely compatible with the skills necessary to survive in the wilderness or during a natural disaster.”
  • “Don’t be squeamish about breaking or destroying something to help you stay alive.”
  • “You are not Jack Bauer, MacGuyver, or Survivorman; you need practice to survive.”

“Personal Survival Preparedness”: Nice guy, okay talk, mostly dealing with survival in an urban environment after some devastating event (Katrina or worse).

“Picking Electronic Locks Using TCP Sequence Prediction”: Excellent presentation, short, and scary. Brief summary: many electronic lock systems are IP based and the traffic on the network is not encrypted. This makes the locks vulnerable to a man-in-the-middle attack (to capture an unlock command) and a replay attack with a spoofed TCP sequence number (to replay the command). These attacks bypass the existing control software, so the spoofed unlock command leaves no audit trail. The author is a network admin at Texas State University; woo hoo! Greater Austin/San Marcos Metropolitan Area represent!

Sniff Keystrokes With Lasers/Voltmeters”: Two pretty amusing guys with another excellent presentation. In the first half, they presented an attack on PS/2 keyboards with very simple hardware; all you need is a slightly hacked power cord connected to a common circuit with the computer in question on one end, and an ADC plus a micro-controller (for data acquisition, filtering, and storage) on the other and viola! In the second half, they outlined a acoustic-based attack that builds on previous research, combined with microphone hardware using freaking laser beams. As the authors said, “How cool is that?”
Key takeaway: “girls will melt when you show this…”

“Bluetooth, Smells Like Chicken”: Pretty much what I expected from the summary. Using software-defined radio gear (about $1000) you can monitor the Bluetooth frequencies. Bluetooth does frequency hopping over about 79 MHz, and the software-defined radio gear can only monitor about 25 MHz (max) at one time. But you can monitor one channel and use information from that packet to actually predict the frequency hopping cycle. The authors also presented a technique that allows aliasing of the entire Bluetooth spectrum to the 25 MHz available in the radio gear they were using without compromising the ability to extract packets. Finally, they discussed Bluetooth attacks using off-the-shelf sub-$10 hardware to sample and inject data.

Key takeaway: there is no longer any such thing as a non-discoverable Bluetooth device.

Posted in Bluetooth, CompScI, DEFCON 17, Geek, Radio, SDR | Comments Closed

0-Day DEFCON Notes

Thursday, July 30th, 2009

I like DEFCON. I like Dark Tangent personally. I like Joe Grand, the guy who has designed the DEFCON badges for the past few years.

But, guys, it looks really bad when, for the second year in a row, you run out of badges early on Thursday and have to issue temporary badges until more real ones get to the con Friday morning. You don’t even have the Olympics to blame this year. This is especially frustrating now that badge hacking is an official event/contest.

DEFCON talks I will not be attending:

“Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything.”

“Two years ago at Def Con 15, Richard [Thieme] presented Hacking UFOlogy. He supported his contention that (1) UFOs are real and (2) the data to support that statement is voluminous with numerous references and links…”

Hippie, please.

DEFCON talks I plan to attend:

“Is your iPhone Pwned”, Mahaffrey, Hering, and Lineberry. (This may be tough to get into, but it is scheduled against Dark Tangent’s intro and Joe Grand’s discussion of the badge, so we’ll see.)
“Hacking with the iPod Touch”, Willhelm
“That Awesome Time I Was Sued For Two Billion Dollars”, Scott
“Three Point Oh”, Long. (For the speaker’s reputation; I’ve heard Johnny Long speak before, and he’s someone I’d like to know better.)
“Something About Network Security”, Kaminsky. (Again, for the speaker’s reputation; Kaminsky is to TCP/IP what Musashi was to the sword.)
“Hacker vs. Disasters Large & Small”, RenderMan and Schearer
“Personal Survival Preparedness”, Dunker and Dunker
“Picking Electronic Locks Using TCP Sequence Prediction”, Lawshae
“Sniff Keystrokes With Lasers/Voltmeters”, Barisani and Bianco
“Bluetooth, Smells Like Chicken”, Spill, Ossmann, and Steward. (It looks like they’re going to talk about using software-defined radio to sniff Bluetooth, techniques for breaking the pseudo-random hopping sequence, and apparently some stuff that can be done with sub-$10 off-the-shelf hardware.)
“RAID Recovery: Recover Your PORN By Sight and Sound”, Moulton
“USB Attacks”, Vega
“Cracking 400,000 Passwords, Or How To Explain to Your Roomate why the Power Bill Is a Little High”, Weir and Aggarwal

I missed the panels on “Hacking With GNURadio” and “Hacking the Apple TV and Where your Forensic Data Lives”. Perhaps next year I need to arrive on Wednesday. If there is a next year.

Posted in Apple, Bluetooth, CompScI, DEFCON 17, Geek, Radio, SDR | Comments Closed

Newer Entries »