Category Archives: Uncategorized

Getting the Raspberry Pis ready

As I mentioned before here and here I’ll be at Circle City Con, talking about the Raspberry Pi WIDS project I did last year at Eastern.

I’ve updated all my Raspberry Pis, including the firmware. I’ve setup a Raspberry Pi B+ and the Raspberry Pi 2 with the respective Kali images. But they still need to be set up as kismet drones, and tested.

I also need to set up the hard drive for the con, and update my slide deck.

1 week to do it in. Plenty of time.  (Famous last words).

Home Lab – Lines to the basement

I currently have 2 lines ran to the basement. One black 15 foot, 1 red 25 foot. I ran the black line last year before the basement flooded in August, but I couldn’t tel you why I did it now. I really don’t remember. I think it was for my old tower. The red line is for the span port. I chose to color code them to make it easier to know what does what.

I used the pre-drilled holes in the floor for some reason the cable provider for who lived here before me drilled 2 holes next to each other. The old cable is still there, the other was empty, and what my provide used. Dropping the black line was quick and easy. The red cable though, was a pain in the butt. I could get it in the hole, but it would get stuck at the bottom edge of the wood. I ended up pulling up a length of coax, and then taping the span cable to it. I then fed it through the hole. That got it down there, then I fed from above instead of pulled because it was a tight fit, and figured pushing would do less damage to the cat5e twisted pairs.

I was thinking it would have been great to have flight line, fish tape, or a pole, but after looking at the head on a fish tape last night, I don’t think that would have worked either.

color code:
Black – switch to switch
white – entertainment
red – span
blue – Firewall to Switch, Switch to Router
green – ISP

I don’t know what color I’m going to use for the PI farm. I was thinking maybe purple.

Grad School

Got my acceptance letter to University of Maryland University College this week. I start my Masters of Science degree in CyberSecurity this fall.

I was on the fence of CyberSecurity or Digital Forensics and Cyber Investigations master, but think CyberSecurity gives me more opportunity after graduation. The cool thing is, I can take 2 more classes on top of my degree and get the Digital Forensics and Cyber Investigation Master Certificate.

After I get those taken care of, I’ll go back one last time to get a MBA, which will be 3 more classes if I get accepted to the business school.

Raspberry PI WIDS (Teaser)

So I’ve been dropping hints about this since July or so. The biggest hint was on my “Raspberry Pi Projects” entry from September. Since then I have been told by the editor of The Linux Journal that the article is going to be published. It will be in either the December, or January issue. I hoping January, because that’s the annual security issue.

Short version, 6 Raspberry Pis, 6 wireless cards, a laptop, 1 switch. About 4% the cost of a large network vendor’s commercial version.

I’ll be submitting this talk for the 2015 Conferences I go to. (Planning on Circle City Con, DerbyCon, and GrrCon).

(oh, and this is the second publication I’ve done. The first one was a book review for “The Ethical Hacker Network” back in 2010.

it’s all culturally relevant

This year a 17 year old woman, Malala Yousafzai, won the Nobel Peace Prize. Actually she had to share it with someone else, but that’s besides the point. She got it for her fight to get women in Pakistan education.

But around that same time, there was an article on NPR called “The Crime That Has Shocked Pakistan“.  The story was about a philanthropist in Karachi, Abdul Sattar Edhi, being robbed. He created a private ambulance service, and some of the residents in Karachi trust his foundation with their money instead of the banks.

But the thing that stuck me, was his being robbed was a large enough story in Pakistan, that NPR covered it. From the sound of the article he sounded like he was bigger news than Malala Yousafzai winning half the peace prize. But the NPR article did touch on her briefly. “Pakistanis tend to portray the teenager as a puppet of the West“. (emphasis mine).

That kind of shocked, as at the time, even on NPR made it a big deal. Then I remembered from my time as an Anthropology student. It is all culturally relevant. To us, it’s a big deal, because she’s bringing our (the west’s) form of equality. To her media, she’s pushing the West’s agenda for the future, while he brings them medical services now.

Derbycon 2014 thoughts

Selil, and I were talking about education before his panel talk. The thing that stuck me was his analogy of how education works. High school is about making people consumers. The Bachelor degree is about making sure people have knowledge and skill to make things. The grad schools after that are about focusing and specializing. Masters degrees are more skilled and focused than the Bachelor. The Doctorate degree is the pinnacle of focus. Thinking over some of the conversations I had at Derbycon, that makes a great analogy for our industry too.

Here is how I saw the the pyramid structure above fit to our industry’s conferences.

The Attendee badge holders really are the equivalent of the high school graduate. Some of them are just getting in to the industry, while others are just the consumers of  what we have to say.

The Bachelor grads are mostly the vendors. They have things they make to be consumed in mass. This isn’t a bad thing. And some of them are groups, made up of people of different levels.

The Master and Doctorate students and grads would be the speakers. The specialized knowledge and content that the consumers are there to learn. Some of us are better than others, but we’re all the ones digging deep and submitting the talks. Yeah sometimes people at this level are at the con and not speaking for various reasons.

While I love Derbycon, and the people I meet, I think I’d like to see less of the consumers. I’m not saying become elitist and not invite them, I’m saying I want to see those of that have specialized in things enough to give talks to encourage others to get up and talk too. I know you can’t have a con with 2000 speakers, but I think we need to get people out of the consumer side and in to the skill and knowledge side.

On what planet is General Alexander worth $1,000,000.00 a month?

The news wires reported General Keith Alexander moved in to the private sector, and offering his services to finance companies for a million dollars a month. This is the person that took control as the director of the National Security Agency on August 1, 2005 and left in October 2013 (Wikipedia). Remember, that was after the Edward Snowden leaks came out.

Which really leads one to wonder were those really leaks, or was that a case of we know this is compromised lets make it public knowledge so we can hide the real data. Here is an interesting thought, is Snowden really still working for the U.S. Government?

If you’ve read the Cryptonomicon or seen the Sherlock episode “A Scandal in Belgravia“, you probably know what I mean. For those that need a quick refresher – let assets of lower value go, to hide the assets of higher value. Blow up planes with dead people on them, instead of letting real passenger jets get blown up. Let a German U-Boat sink a freighter or get past the blockade to keep them from realizing that the codes are broken.

The C-Levels at banks should be asking some hard questions if Gen. Alexander is showing up offering them service. Like what really happened on the Snowden watch. How does that failure make his people qualified for the private sector’s needs? Yes while Gen. Alexander may have some Government related attack sources, we already have that in the private sector with Infragard, and the different breach reports.