Bored on a plane: Gogo wireless on Virgin America

June 5, 2009 – 1:16 pm

I was looking forward to trying out some in-flight wifi on my flight to E3 today. Sadly, I have personal reservations about paying $10 for an hour worth of internet.

FirefoxScreenSnapz033.jpg

Why pay for internet when you can poke at their infrastructure for free?

See. I knew you would see it my way.

KisMACScreenSnapz001.jpg

I wasn’t really interested in doing anything more than a passive wireless assessment here, so I didn’t uncover the hidden SSIDs.

It appears that DNS, like many captive portal sites, passes through without authentication. If you’re one of those people who has their DNS <-> IP gateways, you can likely send your elite twitter updates for free.

iTermScreenSnapz002.jpg

Speaking of that gateway, let’s see what’s up with it in a somewhat less passive way:

bash-3.2# nmap -A 172.19.131.0/24
Starting Nmap 4.76 ( http://nmap.org ) at 2009-06-02 06:33 PDT
Stats: 0:00:22 elapsed; 171 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0.00% done Stats: 0:01:15 elapsed; 171 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0.00% done Interesting ports on 172.19.131.2:
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
|_ HTML title: Site doesn’t have a title.
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
MAC Address: 00:E0:4B:22:96:D9 (Jump Industrielle Computertechnik Gmbh)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|WAP
Running (JUST GUESSING) : Linux 2.6.X (98%), Infoblox NIOS 4.X (91%), Siemens embedded (89%) Aggressive OS guesses: Linux 2.6.18 - 2.6.24 (98%), Linux 2.6.13 - 2.6.24 (94%), Linux 2.6.17 - 2.6.25 (94%), Linux 2.6.9 - 2.6.15 (93%), Linux 2.6.22 (93%), Linux 2.6.22 - 2.6.23 (93%), Linux 2.6.24 (Ubuntu 8.04) (93%), Linux 2.6.15 - 2.6.25 (92%), Linux 2.6.15 - 2.6.20 (92%), Linux 2.6.18 - 2.6.22 (92%)
No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop

Okay. Cool enough. It’s some neat german embedded stuff. Possibly Siemens related. Sound about right for an airplane.

Just for good measure, lets take a quick look at the authorizing server that users get redirected directed.

bash-3.2# nmap -A airborne.gogoinflight.com
Interesting ports on 10.241.41.4:
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
|_ HTML title: Site doesn’t have a title.
443/tcp open ssl/http Apache Tomcat/Coyote JSP engine 1.1
|_ HTML title: Site doesn’t have a title.
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.18 - 2.6.24

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 1.37 10.241.41.4

Looks like some pretty good stuff, but to capture that last 0.01% of the market that runs OpenVPN on port 53 (assuming they don’t perform protocol inspection) or has a NSTX gateway, they’ll need to be a little trickier.

By Ian Gorrie | Posted in Information Security, Technology, Travel | Comments (0)

Big Tech Wins: Calendars

April 22, 2009 – 4:14 pm

calendar.jpg

So that covers how I have made my contacts sane and available. What about calendars?

I have a bit of a complicated life, so I have a few different types of calendars:

  • Home, social, and personal stuff
  • My day job
  • Assorted other professional and industry engagements

The best way to get things all extra organized and available so that you can access your changing life on the go is to get it synced across your devices and available online.

It would also nice to be able to subscribe to associates, socialites, and arch enemies calendars. All of this can be done with Google Calendar and, to my knowledge, no one else easily. I’m going to focus on easy here as publishing a public ical via WebDAV or other calendaring application is more trouble than it is worth when Google will do it for you.

Since I have this complicated life, I’m going to have to make another flowchart to so my daring love triangle of directional sync with OSX, Windows, Google, ipods, and Symbian. I make it sound complicated, but the use of it all is quite simple because the changes flow into each other so that everything magically stays in sync. If you make too many changes too quickly in too many places, you could wind up with sync issues which are never fun to resolve. So please. Figure out where you work effectively and keep it as simple as possible. Hopefully you’ll never know what people are talking about when they complain about their sync issues.

Google bidirectional sync for iCal and Mozilla products can be found here. icalgoogle.jpg

Note how having your act together with your address book at this point helps out your use of calendaring? You might want to do that first if you haven’t already.

The Calaboration app (gotta love bad puns) is pure simplicity to use to configure ical to have read/write access to your online calendar with in your Google account.

Calaboration.jpg

Click OK and it will be done. Optionally when your initial sync is complete, open up your ical preferences and into account settings to set how often you want it to sync; manually, or every 1, 5, 15, or 30 minutes.

The Google Calendar bidirectional connecter for Outlook is called Google Calendar Sync (how about that) and can be found here and looks like this:

outlooksync.JPG

In the end, it looks like this.

calendar sync.jpg

Each location will be able to make changes to the calendar and have them be propagated to the others at the interval that they are configured to sync. Additionally, any web browser can be used to log into Google Calendar and make or delete entries if using these are inconvenient for some reason.

I use a few other tricks for private entries, birthdays, and the like to keep myself organized, but I thought that the low-hanging fruit example would be valuable.

Please let me know if this makes your life a bit easier.

By Ian Gorrie | Posted in Management | Comments (1)

Nero support calls their competition “a rootkit”

April 22, 2009 – 10:32 am

Someone came to me recently because Nero, a company that makes DVD burning and imaging software, said that the reason their software was not functioning well was because a rootkit was breaking it.

A long time ago, Nero made some of the best CD burning software around. Those days have been over for quite some time, but the practice of calling competing software, in this case Daemon Tools, a rootkit was a new one for me. I took over the email chain and asked them to clarify themselves. Part of their response is as follows:

The newly reported problem is caused by a rootkit which is installed on the system.

The driver installed and still available on your system is ’sptd.sys’. Please use a

rootkit analyzer in order to find and remove this file from your system.

This file (sptd.sys) is installed with Deamon Tools. In general I would recommend to

contact Daemon Tools for further information. Unfortunately we’re not in contact with

Daemon Tools as to why I can’t tell you how their reaction will be.

Therefore I would recommend to use a rootkit analyzing tool. I’m sure that the mentioned

file will be detected. E.g. use ‘RootKit Hook Analyzer’

http://www.resplendence.com/hookanalyzer

Legal disclaimer:

“Nero AG is not liable for programs that are not offered by Nero AG. The usage of those

programs is performed at one’s own risk. Nero AG will not be liable for the legality of

the programs.”

I did a quick search with Google and found some interesting pages. Just search for Daemon

Tools and rootkit. Please take a minute and have a look at the following sites:

http://www.greatis.com/security/What%20is%20SPTD%23%23%23%23.sys.htm

http://www.neuber.com/taskmanager/process/sptd.sys.html

I hope this is the answer you expected. If you need further information feel free

to contact me again.

Interesting response, but sadly about what I expected.

All the more interesting is that Nero and Daemon Tools have some similar functionality. When I have used both in the past on the same system, I didn’t have any of these problems. In looking at the URLs provided, I think I liked the last most.
DaemonMalware.jpg

The link mentioned is for Duplexsecure, which seems to make the SCSI Pass Through Direct [SPTD] driver.

I didn’t want to think that we were now in the days of competitors who called other superior products rootkits instead of fixing their software correctly, but I guess we’re there now.

Update:
I went ahead and let the people at Daemon Tools know about these shenanigans. They had the following clueful response:

There is only the one known issue which appears for any burning software and related to DAEMON Tools software if you had enabled “Hide CD-R” option in DT (this option was removed from the last DT versions).
Also, some notes about rootkits. You see, not every applications/drivers which makes hooks in system’s kernel space or user space are rootkits. Many security software like HIPS, advanced featured firewalls and even antiviruses can use hooks to protect your system. Hook it’s just a method, but it’s not a criterion which strongly points that software is a rootkit.

By Ian Gorrie | Posted in Troubleshooting | Comments (0)

Snort resources

April 2, 2009 – 1:18 pm

Sourcefire has some great free webcasts available for people to become familiar or freshen up on their knowledge of Snort.

This is particularly valuable for a few reasons.

First is that Snort really is, as they at Snort say, the gold standard for IDS. Becoming familiar with Snort will make one familiar with a variety of other valuable fundamentals.

Second, deployments of Snort are never a wasted exercise. Most, if not all, of the leading SIM, threat modeling tools, or centralized logging resources will incorporate data from Snort into their reporting. This can really stretch a budget to cover a wider landscape than what might otherwise be achievable based on financial constraints.

Third, it sets a tone when dealing with vendors in an RFP process, formal or otherwise. If you ask about integration or similarity to Snort, they will take notice and know that you have some game. They will be more likely to give you real answers and not marketing fluff.

By Ian Gorrie | Posted in Information Security, Technology | Comments (0)

Big Tech Wins: Addressbooks

February 6, 2009 – 5:05 pm

rolidex.gif

I find that the best and most immediate use of personal technology for most people is in personal communications.

For example, I did not have an organized and comprehensive set of contacts until this last year. I had one previously in the glory days of the Palm Desktop and Handspring, back in 2000, until I ran out of batteries and the excellent Palm PC software corrupted my contact database. That was not a good day. I worked around my data loss by using email, directory information, and piecemeal solutions for years. I wasn’t willing to make the time commitment again.

Last year, I decided that I had had enough and needed to get everything organized. The time savings, improved availability, and of regularizing your contact data is worth the effort.

First, I identified the data sources that would be of use.

Second, I would need to clean and consolidate my data to remove duplicates, expired or erroneous information. This step takes the longest of the three.

Third, consider pushing your consolidated data to mobile devices, web services, and social networks.

In a nutshell, this is how I’ve become organized:

Sync.jpg

Initially I gathered contact information from LinkedIn, various e-mail client contact exports, Facebook using FacebookSync, and the imported phonebooks from cell phones.

Next, this information was consolidated into a single address book. In my case, I used the OSX Address Book and painstakingly combined contact information under single names. The look for duplicates feature was particularly useful here.

Following this, making your contacts work effectively for you is particularly handy.

  • iTunes and iSync may sync your contacts to:
    • iPods
    • Configured cell phones
    • Yahoo and Google contacts
  • LinkedIn can accept an export from Address Book or can use the previously synced Google or Yahoo contacts, if you are willing to give them your password. The same goes for Twitter and Facebook. LinkedIn can also slurp up all of your Outlook contacts if you are using IE due to the questionably prudent MS Office integration functionality.

Once again, I use all common computing platforms, but accomplished this under OSX. This can be easily performed with Outlook, various Linux offerings, and others as well using most of the same data flows.

After you have accomplished an end result, it will be quite difficult to lose your organized contacts due to a hard drive failure, the loss of a mobile device, access problem, or other common event. Imagine the time savings of never having to hunt for contact information, never wondering if it is consistent, or if it will be lost if you make a change or update. It’s pretty nice!

FirefoxScreenSnapz015.jpg

Keeping these address book updated can also be a bit of a task, but is a surmountable one. Some people are fans of the highly annoying Plaxo and Cardscan services that sends nagging emails asking your contacts to update their information constantly.

I am not a fan of needlessly annoying people when there are so many ways to get in contact. With Facebook and LinkedIn being periodically imported, chances are that I will have at least a couple of updated methods of contact no matter the circumstance.

Almost immediately after the launch of Plaxo as a new service, critics were there to do what they do best. Their words are still worth consideration today.

Whenever possible, technology should make life more simple and not more complicated. You know that you’re doing things right when this happens.

By Ian Gorrie | Posted in Business, Internet, Phones, Technology | Comments (1)

PS3 vs Xbox 360

December 25, 2008 – 5:38 pm

215px-Playstation3vector.svg.png VS 250px-Xbox360.png

It’s interesting to have moved to a town like Seattle where people are very sensitive about speaking in anything other than the most glowing terms relating to Microsoft products. I’m not used to sugar coating opinions based on facts, so this has lead to some awkward situations where they have felt that I called their babies ugly.

It’s not the case. I was just sharing factual market conditions.

What is surely the case is that a lot more Xbox 360s have been sold than Playstation 3s. Xbox has a lot more titles, many of which I don’t particularly enjoy like console-based first person shooters. I tend to enjoy more Japanese-centric games as they tend to be more difficult and challenging and have a greater depth. In many cases, the Japanese game makers actually dumb down their games so that Western audiences will enjoy them.

Besides my long time gamer proclivity to continue to enjoy the Playstation controller I know so well and not really enjoying the aesthetic of the huge xbox controller, I have a list of other less obvious platform considerations that I’ve brought up many times in conversation.

First, my list of things I don’t like about 360s:

  • No built-in wireless networking
  • Predominately populated with a borderline retarded annoying teen gamer demographic
  • Controller design is only ok
  • You have to pay a membership fee to play online. Ridiculous!
  • Seems to be poor quality hardware and warranty support

One thing I do like is that they have the whole achievement application support thing down. I’m seeing some of my gamer friends Facebook profiles update when they unlock achievements on their games. That’s pretty neat and is something that the Playstation people should get around to doing soon. As seen in this thread, Sony isn’t being very smart about cultivating community interest:

The only thing you can do right now is pay for the Playstation 3’s SDK. $250,000!

Or, pick up the PSN SDK for around $50,000.

The price on the SDKs might be cheaper now. I haven’t checked in the last 6 months or so.

That’s a pretty serious commitment to make cute community application toys. It is no wonder that no one has made anything equivalent to the xbox application. Does Sony actually expect someone to pony up that amount of cash up front to make a social networking application supported by ads? They should be able to do better.

Some non-obvious things I like about the Playstation 3 include:

  • An older demographic. Something that is particularly hilarious is playing MotorStorm with a bunch of backwoods hillbillies on bluetooth headsets with nearly incomprehensible accents. It’s bizarre and awesome.
  • More ridiculously hardcore japanese gamers. The level of skill in the average Japanese fanboy seems to be several times that of the average western fanboy.
  • Wipeout HD

It seems we have entered the age of nickel dime annoyance for every little chunk of downloadable content, but it’s understandable given the amount of money spent on support and generation of these HD games.

Xbox has been spending a lot of money to get exclusives on downloadable content. That’s a pretty nice selling point, but as a consumer, you are paying for it with your never ending membership fees. Given the same problem, I’m content to wait a little longer and play on a PC system.

There are a lot of really bad games being released now. More money is being spent to develop them than at any other time in history. For this reason, in addition to the fact that I’ll likely be playing them anyway, I’m going to begin writing game reviews for Diehard Gamefan next year. It’s a fairly small group of guys, but they are very cool and I fit a somewhat uncommon niche so I feel that I can make a contribution.

By Ian Gorrie | Posted in Gaming | Comments (0)

Things I thought that I knew about: coffee

December 22, 2008 – 2:44 pm

800px-A_small_cup_of_coffee.JPG Previous to moving to Seattle, I thought that I knew something about coffee.

My grandparents had seriously oldschool coffee every morning. They would load up a percolator full of folgers and let it boil until some amount of time had passed. They would then swill the sludge.

Alternatively, there was coffee at a place like Perkins Family Restaurants. I’m not sure what they used, but it was what you might expect from any generic food service coffee. Dump packet A into filter B. Apply water. Serve.

This was my universe of coffee until my teen years. Eventually I discovered that coffee could be good when I encountered Dunn Brothers Coffee and, perhaps, Caribou. Starbucks never had any kind of draw for me, and even living in Seattle, it still doesn’t. It’s burned and odd tasting. I know some people like this based on the percolator.

After arriving in Seattle, I had injested coffee all over the country and in a variety of places elsewhere in the world. I thought that I knew something about the most popular American source of antioxidants.

I was wrong.

Over the course of months, I was clued in here and there. Little things like burr grinders being better than bladed ones. In fact, at this point I should likely just point at the list that Vivace maintains. After all. They did write the book on the subject. I remembered wondering what the appeal was with Vivace was initially and was branded an uncouth coffee savage after all of my years in the barbarian wilds drinking burned and abused coffee.

I am now starting to get it.

By Ian Gorrie | Posted in Biographical | Comments (0)

My favorite podcast

November 15, 2008 – 1:21 pm

The only podcast I look forward to has to be the 1up show.

For example, a couple weeks ago they made fun of the silly poses to gain renown in the Fable games. It was completely hilarious gamer humor.

For the most part, they have really great insights into gaming. It’s largely the same kind of things that old school gamers like I and some of my friends would talk about. This is unlike 95% of the lame reviews that most of the internet throws around. Very rarely do they have lame fanboy moments like their Motorstorm review when a bunch of kids who only play burnout

I do still check out the g4 reviews, but they’re largely boring and uninteresting media professionals. They’re not my people. They’re just posers.

By Ian Gorrie | Posted in Gaming | Comments (0)

Spore

September 9, 2008 – 7:34 pm

It turns out that one of my favorite authors, Walter Jon Williams, wrote the space portion of the game Spore:


“Spore” (Electronic Arts)

At the time of my writing this, the Amazon reviews are still abysmal because of the retarded DRM they’ve put in place.

I’m sure they’ll loosen up sometime soon.

In the meantime the reviews are pretty hilarious.

FirefoxScreenSnapz001.jpg

I should get around to playing it sometime soon.

By Ian Gorrie | Posted in Gaming | Comments (0)

Wii firmware upgrade and Apple Airport Extreme - unhappy together

September 9, 2008 – 12:53 am

So I hadn’t given my Wii much love lately, so I turned it on last night to try out the recent Prince of Persia port for a bit. I played for a bit and I turned it off.

Interestingly enough, the normal “off” with the Wii, is actually more like “standby” and is live on the network, checking for messages, and doing whatever Wiis do. This will be interesting a little later on.

While dorking around with my laptop in the living room doing some of my typical nerd things, I notice that I keep disassociating with my wifi network. There’s a bunch of competing wifi networks here, so I’ve become accustomed to a fair amount of fail related to it. Wifi is a convenience, but it was happening so much I thought that someone was using a deauthentication attack on my client.

I pulled the logs on my AP and saw this:

AirPort UtilityScreenSnapz001.jpg

Well that looked a little slow for a typical attack. What else was happening?

AirPort UtilityScreenSnapz002.jpg

The key was getting rotated every couple minutes and all the active clients were resetting their connections. What gives? What’s going on here?

AirPort UtilityScreenSnapz003.jpg

Ok. So I threw laptop in passive mode and snooped on network traffic. So who’s this guy that’s flapping it’s connection every 10 seconds?

X11ScreenSnapz001.jpg

A Nintendo manufacturer MAC prefix? My Wii in suspended mode is breaking my WPA2 network? What the hell?

So apparently the Wii uPnP requests two TCP and one UDP ports on the router repeatedly, while in suspend mode, and the Apple Airport Extreme (that’s an 802.11n AP in mixed g/n mode) freaks out. This is clearly a new feature as I only updated my Wii’s firmware last week and would have been too annoying for me to miss previously.

In case you were wondering why your Wii was freaking out on your Airport or Airport Extreme network, hopefully you’ll have been able to find this and can troubleshoot further.

It might be the uPnP support for NAT port mapping, but my fix is to turn off the Wii fully when not in use. Hold down the power button until the LED is red instead of orange. I’m sure more people will complain and one or the other will update their firmware to compensate soon enough.

By Ian Gorrie | Posted in Troubleshooting | Comments (3)