Monday, February 23, 2009

Fun with Web Developer Toolbar

This isn't anything special, just something I found amusing. So anyhow, I needed to refill some meds today, and I was feeling quite lazy, so I used the web portal to place a refill.

Now, if I place the order with a person over phone, they tell me it'll be ready in half an hour. The thing that is annoying is that when I place the order through the automated phone system or through their website, it requires between an hour and a half or two hours to process the refill order.

My problem was this: I wanted the order to be ready by 5:30, but the earliest the website would let me choose was 6:00. Well, 6:00 wouldn't work for me, because I need to be out of the office at 5:30 and at home by 6:00. So, with a quick click of the Web Developer option "Convert Select Elements to Text Inputs", I was able to enter my own time, bypassing their silly check that would never have effected me if I had called them and talked to an actual person.

Thanks, Web Developer toolbar, you totally made my entirely crappy day end on a pretty decent note!

Saturday, February 21, 2009

Adobe Reader/Acrobat Vuln

Adobe just released a security bulletin (Adobe APSA09-01, US-CERT TA09-051A) regarding Adobe Reader and Adobe Acrobat versions 9.0 and earlier.  The vulnerability involves malicious JavaScript which can be embedded in a PDF document which has the ability to execute arbitrary code on your system.

In order to prevent people from getting attacked by this, current suggestions are that you disable the displaying of JavaScript in PDFs as well as disable the automatic rendering of PDFs in your browser.  If your browser is set up to display PDFs automatically, visiting a malicious website may be all that an attacker needs to install malicious software on your computer.

My recommendation is that you trash Adobe Reader altogether if you use it and get Foxit Reader.  If you use Adobe Acrobat, I believe Foxit has a version which can be used to edit PDFs as well.

I have used Foxit Reader for several years now and find it a much better replacement for your everyday PDF reading needs.  It is extremely light weight, no crappy auto-updater, has browser integration, and can be downloaded as a single executable (at least it used to be, I think it's still available this way).

Either way, be very careful when it comes to opening PDFs in coming weeks.  Adobe's current plan is to have the 9.0 versions fixed by March 11 and 8.0 fixed some time later.

Friday, February 20, 2009

I Hate Data Retention

So I'm already biased against Data Retention in general, as well as pathetic excuses for parents' lack of understanding when it comes to raising children, but this new bill being proposed is nothing short of ridiculous on both fronts.

The bill that is being proposed will require that anyone who provides access to the Internet through temporary addresses (i.e. DHCP) must log the information of anyone who connected through them for two years. This includes ISPs, businesses, hotels, coffee shops, and even your girlfriend (remember that time you set up a WRT54G with a hacked firmware on it so she could piggyback off someone else's wifi?). Okay, your girlfriend only counts if she's running her own DHCP server, but you get the point.

The bill is titled the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act. Now I'm all for protecting kids from being exploited online, but is this really necessary?!? In my opinion, this is completely pointless. What are people with home Wi-Fi going to do? Do we set up a server to log all their traffic? Maybe log the MAC and IP of everyone who hopped on their network? What if their MAC was spoofed? If we don't log their traffic, what can a spoofed MAC tell us about that person?

What does this really accomplish? I suppose it makes people feel better, knowing that the gov't has a fool proof way of catching that guy who's luring your daughter away from the safety of a cofee shop using an untraceable MAC as well as anonymizing tools such as SSH + SOCKS or Tor + Privoxy. Oh wait, that doesn't really help, does it?

Bottom line, for you folks worried about protecting your kids: Use some f***ing parenting! Teach your kids the difference between real-life friends and people they meet in a random chat room. Remember how you told your kids "don't take condy from a stranger"? It's the same f***ing thing! Tell them it's not safe to go meet random strangers on the Internet. Make sure they understand there's no way of knowing the person is safe, just like there isn't any way of knowing that the overweight, balding, coke-bottle-bespectacled, sweatsuit wearing guy isn't really her friend.

And you know what? If your kids can't use the Internet safely for themselves, then it's YOUR responsibility to take that privelege away and only let them use it again when they FEAR AND RESPECT THAT ESCALATOR THE INTERNET! I'm sick and tired of people blaming technology for their own parenting flaws.


Thursday, February 19, 2009

More Vimp

Alright, this is probably the last post about Vimperator, then I'll go back to talking about other useless crud.

I did find some good plugins in the code repository. I'll just list those here and people can check them out too:
  • hash.js - a plugin for calculating various hashes of files on disk. Handy for verifying hashes of all your downloads for those of you who may be paranoid like myself.
  • inspector.js - gives you an easy way to insepct the DOM objects in your browser and web pages. Requires the DOM Inspector Firefox plugin.
  • reading.js - A handy way to tweet about the page which you're currently reading. Currently has no restricion on number of characters. Also doesn't do URL shrinking which I might look into adding at some point.
  • splitBrowser.js - Makes Vimperator really like Vim! :split / :vsplit in your Firefox, how freakin' cool is that?!? This does require the Split Browser plugin be added to firefox.
  • tinyurl.js - makes the current URL into a TinyURL ando yanks it to your clipboard for you
  • twitter.js - allows you to tweet from your browser.
That's it for now! Cheers!

Friday, February 13, 2009

Vimp Update

I've been playing around with Vimperator for a few days now. It still rocks, and that's for sure. Here's a list of the plugins I find useful:
  • NoScript integration
  • Firebug integration
  • MsWin is handy if you use Vimperator on a Windows box as it binds copy/cut/paste back to ctrl-c/ctrl-x/ctrl-v
  • Link-Target is kind of cool, but needs work with icon placement if possible
I also have found this script handy for my vimperatorrc file:
" This puts an RSS icon on the bottom status bar
javascript <<EOF
var feedPanel = document.createElement("statusbarpanel");
feedPanel.setAttribute("id", "feed-panel-clone");
feedPanel.firstChild.setAttribute("style", "padding: 0; max-height: 16px;");
.insertBefore(feedPanel, document.getElementById("security-button"));
That script is courtesy of teramako on the Vimperator Tips & Tricks page, so thanks, teramako for this excellent script.

Also, I highly suggest that the Vimperator.vim files be grabbed for file detection, and syntax highlighting.

So far, I've looked at all the plugins and tricks which are on their main wiki pages.

Right now, I'm going through the plugins here as well and I've found a few more plugins which are nice. After I play around with them for a while, I'll put more info up here again.


Tuesday, February 10, 2009

Vimperator rocks!

I just started using the Vimperator add-on for Firefox, and I must say that it is very cool!

For anyone who loves Vim, it makes Firefox much easier to use. It clears up lots of screen clutter and replaces it with Vim commands (e.g. :open, :addons, :preferences, etc.). It also has tab completion for bookmarks and supports bookmark keywords. For example, if you have a keyword bookmark for a Google Maps search, and you wanted to look up food around Madison, WI (where I live) you could just

:open maps food Madison, WI

You can do pretty much everything from the command line, which is awesome. I definitely have to play around with it some more. I'll post an update here if I find more cool stuff.

Also, my gratitude goes out to Andrew of Redspire for this as he brought it to my attention on Twitter.

Friday, February 6, 2009

Foxmarks is now working with Safari!

Foxmarks has finally made it to Safari. I've been waiting for this day so I can finally start using it.

My two main computers are a MacBook and an IBM ThinkPad, and I use Safari on the Mac and Firefox on the ThinkPad. I never liked using Firefox on my Mac because early versions liked to crash a bunch. With the release of Firefox 3, it worked much much better on my Mac, but I was still so used to using Safari. Because I never used Firefox on my Mac, it didn't make sense to use Foxmarks, but now I can!

I have to say, it works pretty well. It doesn't have the level of integration with Safari that it does with Firefox, but I still find it useful. It doesn't have password syncing, but that's not a problem for me because I use KeePass along with DropBox which suits me juts fine.

All in all, I'm a pretty happy camper. I would like to see it move to a Safari plugin instead of a MenuBar applet, but I'll take what I can get.

Thursday, February 5, 2009


So I just read the story of Steven K Roberts, a technogeek and a nomad. It's hard to explain his philosophy, exactly, but I must say that it is very enticing.

He has essentially combined technology with the ability to live a nomadic lifestyle. The original form of this was a bike with a solar charger and a laptop, the Winnebiko. Eventually it evolved into something much larger and more sophisticated, but inevitably, it become too large and unwieldy, making the nomadic lifestyle much more complicated.

Its something I've thought about before, but I have to admit that it would be hard for me to commit to such a thing. My ultimate goal would be to travel the world with a suitcase and a laptop. I'd just be doing whatever business I feel is appropriate, from wherever I feel comfortable.

This is something which I don't know that I'll ever do, but seeing this makes me think that it might not be that hard.

Check it out:

Sunday, February 1, 2009

BackTrack 4 - Sweet!

I just saw HDM tweet about BackTrack4. He mentioned that it was coming out soon and that it had some sweet features, so I thought I'd check it out for myself.

As a matter of fact, it does look very cool.  Some of the features I'm excited about

Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines. -- Although I don't have one of these, I hope to soon. It's good to know I won't have to struggle much to get it working

The latest mac80211 wireless injection pacthes are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional. -- I'm particularly excited about the rtl8187 enhancements because this is one of my main injection cards.

RFID support -- This will be cool for next year's Defcon and the increased focus on RFID. RFID wall of sheep, anyone?

CUDA support -- This is going to be AWESOME because BT4 already supports calculating WPA tables using CUDA out of the box. This will be a step forward from having just your CPU churn away, although it does cause issues with X right now...

For those unfamiliar with CUDA:
Link to BackTrack 4 Blog:

Kismac vs Aircrack

I've been fooling around with wireless hacking for a few years and have always found aircrack to be an awesome tool. In the past, i've used a Linux laptop with either Gentoo, Ubuntu, or Backtrack. This has always worked well for me because I only had a couple Cardbus wifi adapters, and up until now, I never had a laptop which did not have PCMCIA slots. A couple years ago, I got my Macbook and decided to see what it's capabilities were from a wifi hacking perspective. What I found, however, was not so exciting.

From what I could tell, there was no way to do packet injection with the built-in wifi. Kismac could put the card into monitor mode, though with 10.4, but once os 10.5 came out, that stopped as well. You combine those with the fact that the original developer of Kismac had to abandon the project due to new laws being passed in Germany, and that left Kismac in a somewhat sorry state.

Recently, though, I finally got around to buying a USB wifi adapter. This meant that I could finally try out Kismac since it can actually do packet injection with a variety of USB adapters. So, for the first time in two years, I grab the latest version of Kismac, fire it up, pick a network (one I'm allowed to crack, of course), and attempt to do some packet injection. This network had a small amount of client data, so I figured I'd catch an ARP packet and be able to replay it back into the network. Shortly after starting packet injection, Kismac completely crashed. I tried another two or three times on the same network with same results. Looking at the console log, I saw that it failed an assertion in the inject function of the WLAN driver: [net mode] == managed. I noticed that for some reason, the network was flopping back and forth between "tunnel" and "managed". I guess that explains the crash...

Alright, I'll pick a different network. Next best one from a power perspective doesn't have much client data on it, but what they hey, well try it anyhow. I figure if I start some injection, then perform a deauth attack, we may be able to get something. I try it out, but then... hey, I can't do the deauth while injecting, what's the deal? I can do the deauth then inject, but I can't get it to go quick enough to capture the handshake and any ARP requests by the time I click inject. Hmm... I give up, I can't work with it. I mean, the UI is great and all, it's great that you can monitor clients and have it make noises when they're active, but it just doesn't work the way I want it to.

As a comparison, I could have fired up Backtrack in VMWare Fusion, hook the USB wifi adapter up to the VM, and tried using aircrack. I know without a doubt that I could have cracked that same network, with little to no data without any problems. Simply start up airmon, try a chop chop or fragment attack until you get enough keystream, forge an ARP packet with packetforge, then begin replaying that arp packet into the network. The greatest part is, you can monitor, replay arp packets, perform deauth and fakeauth attacks ALL AT THE SAME TIME! I've done this before to get a 64-bit key in a matter of 2 or 3 minutes, and a 128-bit would only take 5-10 in these situations.

Bottom line is that Kismac looks nice, and probably works well in simple circumstances. My guess is that it might be the perfect set of training wheels for the beginning wifi hacker, but isn't practical if you want to be serious about it.

Oh well, at least I tried it :)