Author Archives: Chris J

About Chris J

Chris J studies physical and information security. He started the Ann Arbor Chapter of TOOOL, attended Eastern Michigan University got a degree in Applied Information Assurance. Work involves Threat Intelligence.

Raspberry PI WIDS (Teaser)

So I’ve been dropping hints about this since July or so. The biggest hint was on my “Raspberry Pi Projects” entry from September. Since then I have been told by the editor of The Linux Journal that the article is going to be published. It will be in either the December, or January issue. I hoping January, because that’s the annual security issue.

Short version, 6 Raspberry Pis, 6 wireless cards, a laptop, 1 switch. About 4% the cost of a large network vendor’s commercial version.

I’ll be submitting this talk for the 2015 Conferences I go to. (Planning on Circle City Con, DerbyCon, and GrrCon).

(oh, and this is the second publication I’ve done. The first one was a book review for “The Ethical Hacker Network” back in 2010.

it’s all culturally relevant

This year a 17 year old woman, Malala Yousafzai, won the Nobel Peace Prize. Actually she had to share it with someone else, but that’s besides the point. She got it for her fight to get women in Pakistan education.

But around that same time, there was an article on NPR called “The Crime That Has Shocked Pakistan“.  The story was about a philanthropist in Karachi, Abdul Sattar Edhi, being robbed. He created a private ambulance service, and some of the residents in Karachi trust his foundation with their money instead of the banks.

But the thing that stuck me, was his being robbed was a large enough story in Pakistan, that NPR covered it. From the sound of the article he sounded like he was bigger news than Malala Yousafzai winning half the peace prize. But the NPR article did touch on her briefly. “Pakistanis tend to portray the teenager as a puppet of the West“. (emphasis mine).

That kind of shocked, as at the time, even on NPR made it a big deal. Then I remembered from my time as an Anthropology student. It is all culturally relevant. To us, it’s a big deal, because she’s bringing our (the west’s) form of equality. To her media, she’s pushing the West’s agenda for the future, while he brings them medical services now.

Derbycon 2014 thoughts

Selil, and I were talking about education before his panel talk. The thing that stuck me was his analogy of how education works. High school is about making people consumers. The Bachelor degree is about making sure people have knowledge and skill to make things. The grad schools after that are about focusing and specializing. Masters degrees are more skilled and focused than the Bachelor. The Doctorate degree is the pinnacle of focus. Thinking over some of the conversations I had at Derbycon, that makes a great analogy for our industry too.

Here is how I saw the the pyramid structure above fit to our industry’s conferences.

The Attendee badge holders really are the equivalent of the high school graduate. Some of them are just getting in to the industry, while others are just the consumers of  what we have to say.

The Bachelor grads are mostly the vendors. They have things they make to be consumed in mass. This isn’t a bad thing. And some of them are groups, made up of people of different levels.

The Master and Doctorate students and grads would be the speakers. The specialized knowledge and content that the consumers are there to learn. Some of us are better than others, but we’re all the ones digging deep and submitting the talks. Yeah sometimes people at this level are at the con and not speaking for various reasons.

While I love Derbycon, and the people I meet, I think I’d like to see less of the consumers. I’m not saying become elitist and not invite them, I’m saying I want to see those of that have specialized in things enough to give talks to encourage others to get up and talk too. I know you can’t have a con with 2000 speakers, but I think we need to get people out of the consumer side and in to the skill and knowledge side.

Something different in classes

This semester, the first quiz in each of my Information Assurance classes was to gauge the skill of levels of the class. I liked that, I think it would have been good last Winter if the Digital Forensics 2 class would have done that.

It gives the professor a better way to know what people’s skills are, which should improve the class. It gives the professors a way to help students that are a little behind. it’ll also hopefully allow the professor to make the class harder for some of us.

Raspberry Pi projects

Back in May and June, I did a project for school with 6 Raspberry Pis to build a WIDs. It went good. I wrote an article, I’m waiting to hear back if it’ll get published.

After the project, I had 6 Raspberry Pis kicking around. I have a project I want to work on, that could lead to another article. I just need to build my skills up to that first.

To get there, I wanted to build an Onion Pi. This will tie in to another project I’m working on. As some of you know I’m a fan of The Onion Router (TOR), especially when I’m doing Intelligence related research. The Onion Pi would be a good thing to have in the bag of tricks.

To get the Onion Pi working, I needed to go through the Adafruit Wifi Access Point. This is the second time I build an AP. This one is just a little different than last time. This time instead of an Edimax wireless card, I went with one of my TP Link TL-WN722Ns. I wanted the external antenna. I was using the 2014-09-09_wheezy_raspbian image.

Hostapd didn’t work right. It kept throwing errors on start about nl80211 not being a known driver. I had to build hostapd from source, which needed to have libssl-dev and libnl-1.1 installed, to get hostpad to build right. Then I needed to copy my built version into the right place.

I also had problems with isc-dhcp-server and tor starting. It looks like wlan0 isn’t starting properly. I’ll have to troubleshoot it more later. Adafruit has a comment about disabling wpa_supplicant. I don’t know if that will fix the problem though. I’ll follow up after.

New Semester

Haven’t written in a while. I’m still waiting to hear back on a project, before I can write about it here.

This term I’m taking Ethical Hacking, Network Forensics, and Elementary Statistics.

Each of those deserve a post on their own. Because of Ethical Hacking, I got the latest version of “The Basics of Penetration Testing and Hacking”:. Turns out I had half the books for Network Forensics already (the other one was on my wishlist), so that’s a bonus too.

We won’t talk about Stats, I have nothing nice to say about it.

If all goes right, I should be done with undergrad in December.