USB Data-Blocker aka USB Condom

I was recently reading Kevin Mitnick’s “The Art of Invisibility” and found that he’d also recommended these devices. I’ve been using them for several years as it was always unnerving to plug in a mobile device into a work computer to recharge only to see that there was a request to mount them. Additionally, my laptop would occasionally want to tether data via my cell phone. In an effort to block data transfer and leakage, something was required. These simple and cheap devices allow for power but no data to be transferred via the USB port.

WARNING: there’s always the possibility that any USB device could be compromised, including these… keep them in sight and under your control at all times.

REFERENCES:

Bitcoin and Cryptocurrency Mining

Unless you’ve been completely removed from society over the past 10 years or so, you’ve likely heard about Bitcoin and other crypto currencies. While the technology behind them may beyond most peoples understanding and buying a single Bitcoin is likely too expensive for many people (as of today its over $56,000 USD = 1 BTC), you can still get in on the craze by mining. At the core of crypto currency is some really complicated math, mining is the process of having a computer perform some of those calculations. Usually this is done with entire farms of computers with high-end CPUs or GPUs. Regardless of your hardware you can still get in on the action by joining services that combine the actions of many users into smaller units of work.

While there are many providers out there, I’ve found that the client offered by CudoMiner is one of the easiest for most users to install and run on modest hardware running Windows, Linux or OS/X. After setup, you just have to leave your device powered and connected to the web to use the idle time to earn some money.

With the increase in remote workers and students over the past year, I’d expect that at least a few of those organizations have figured out that they can use the idle time on those devices for mining to increase their revenue stream.

Geekcode

A very long time ago there was an online means to identify yourself online with a short abstracted code that resembled a PGP email signature, at that time I identified as:


-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
Created: 1999/02/02
GCS/IT d-(++@) s+:+ a- c++ UL++(++++$) P+++$ L+ E W+++$
N++ o++++ K w+++ O M V PS+ PE++ Y++ PGP+++ t+ 5 X++ R(-)
tv+ b+ DI+++ D+ G++ e++ h(-) r>++ y++*
-----END GEEK CODE BLOCK-----

REFERENCES:

Cloudflare vs. OpenDNS vs. Google Public DNS

A few months ago, Cloudflare revealed their public DNS server, and I’ve been pleased so far. In addition to performance, Cloudflare claims to be investing heavily in security of DNS. The top competitors in this field already being Cisco’s OpenDNS and Google. As these are all global players, they will (in most cases) have better speed and reliability than those of your local ISP.

Changing these for your entire network generally involves the administrative features/config of your gateway, modem or router. If you are familiar with this, the change should take just a minute or two.

If you are looking for some content filtering at the DNS level, OpenDNS still presents the easiest option for home users and also provides logs.

Cloudflare DNS:
IPv4: 1.1.1.1
IPv4: 1.0.0.1
IPv6: 2606:4700:4700::1111
IPv6: 2606:4700:4700::1001

(Cisco) OpenDNS:
IPv4: 208.67.222.222
IPv4: 208.67.220.220
IPv6: 0000:0000:0000:0000:0000:ffff:d043:dede
IPv6: 0000:0000:0000:0000:0000:ffff:d043:dcdc

Google Public DNS:
IPv4: 8.8.8.8
IPv4: 4.4.4.4
IPv6: 2001:4860:4860::8888
IPv6: 2001:4860:4860::8844

REFERENCES:

Content-Security-Policy: block-all-mixed-content

If you are running a secure website, it’s a good idea to prevent non-secure assets from being included on your page. This can often happen through the use of content management system, or even through website vulnerabilities. A simple change in HTTP headers will help browsers to defend against them.


Content-Security-Policy: block-all-mixed-content

Most modern browsers, except MSIE, currently support this approach.
– Firefox 48+

REFERENCES

Ashley Madison data dump

This topic has been in the media ALOT lately, for the less technical individuals here’s a simple way to get at the information.

For (mostly) anonymous access to the ‘dark internet’…. it’s not as ominous and illegal as you might think, you can download a browser here:

https://www.torproject.org/download/download

If you don’t mind being (possibly) tracked by your IP Address, you can just download a Torrent client such as Transmission or µTorrent.

The torrent file can then be accessed here:
https://thepiratebay.mn/torrent/12237184/The_Complete_Ashley_Madison_Dump_from_the_Impact_Team

REFERENCES:

TV MAXE installation for Ubuntu

TV-MAXE is an application which provides the ability to watch TV stations and listen radio via different streams, like SopCast. Your ability to view certain streams may be limited by your current country, then again, you can always proxy through a country that will permit it.


sudo add-apt-repository ppa:venerix/pkg
sudo apt-get update
sudo apt-get install tv-maxe

REFERENCES:

Install Netflix on Ubuntu via Wine

UPDATE: (Sept. 2014) – Netflix will soon natively support Ubuntu, there are only a few small hurdles remaining, likely to be resolved by the NSS update expected in Ubuntu 14.10 (Utopic). A workaround is available for the impatient… http://www.omgubuntu.co.uk/2014/08/netflix-linux-html5-support-plugins.

For various reasons primarily related to DRM, there is not a native Ubuntu/Linux viewer for Netflix… this is one of the cases where WINE can help you out by providing (not emulating) a Windows environment.

These commands are for the Ubuntu setup, similar steps for other Linux distributions are available in the references.

I’ve found that it is better to pre-install the Wine Gecko and Wine Mono packages on Ubuntu.


sudo apt-get install wine-gecko
sudo apt-get install wine-mono

Then…

sudo apt-add-repository ppa:ehoover/compholio
sudo apt-get update
sudo apt-get install netflix-desktop

If you’ve never used WINE before within your Ubuntu/Linux environment, you’ll likely need to let it download the extensions for Windows, I believe that it will request to download and install the Gecko and Mono packages described above, click "Yes" if asked and all should go well!

REFERENCES:

Comcast Business Class gateway forwarding port 22 for SSH

For as long as I’ve had Comcast, and other providers for that matter, I’ve been able to configure my internet gateway/router to allow port 22 (SSH) access to an internal machine. It came as a surprise to me earlier this week that I was blocked when I tried to use their web admin console to change the internal forwarding to a newer machine. As usual, Technical Support was less that helpful and said that it was not possible to do so, and never should have been as Comcast uses that port to administer the gateway. To make matters more disturbing, I was told that I could not have similar SSH access to the gateway, and that replacing their hardware, while permitted, would prevent my use of a static IP.

Back to the solution, as I know that I had only setup this forwarding about a year ago, and it was working only minutes before I tried to change it, I knew that the configuration was possible if I could figure out how it was being blocked. The message in the web console was a javascript alert(); and gave me a starting point. I opened up Firefox and used Firebug to look for the message. Here are a few interesting findings from:

http://HOSTNAME/user/feat-firewall-port-forward-edit.asp

var RemoteManagementPortsCgiBase = “8080,8080,1\|8181,8181,1\|2323,2323,1\|22,22,1\|”;

msg += “Public Port Range conflict with Remote Management Ports.\n”;

if (msg.length > 1)
{
alert(msg);
return false;
}
return true;
}

If you even a little bit of javascript (or simple computer programming for that matter), the solution is clear…. if the ‘msg’ value is empty you will not see the alert or be prevented from making the change you desire.

Lesson to be learned by the Comcast developers (or most likely = subcontractors), always validate submitted form data in your application code, NEVER rely upon javascript alone to verify user entered data!

I also find it interesting that they are also preventing 8080, 8081 and 2323… perhaps that’s their other back doors in these gateways for their access. The same approach should work for those ports if you need it!

Ubuntu fixing screen backlight brightness toggle

For quite some time, my primary Ubuntu laptop has had a problem with the keyboard keys used to adjust the screen brightness. This had been an annoyance on some of my travels where I’d wanted to extend battery life, as well as when I prefer to work in a darker space. I knew that it had to be a software driver issue of some sort, as it worked in my sometimes used dual boot Windows environment, but I’d never been bothered enough to look for a solution.

Truth is, it only took a minute or two to fix this!

  1. Modify the grub boot loader.
    sudo vi /etc/default/grub
  2. Change the line from:
    GRUB_CMDLINE_LINUX=""
    to
    GRUB_CMDLINE_LINUX="quiet splash acpi_osi=Linux acpi_backlight=vendor"
  3. Update the loader:
    sudo update-grub
  4. Reboot and you should be good to go!

REFERENCES: