Cisco Packet Tracer

I downloaded this software for free from Cisco. From the name "Packet Tracer", you would think this is some type of packet capture/analysis tool similar to Wireshark. Nope. This is actually a network simulator and trainer. Of course all the components will be Cisco devices. But hey. It is free.

I went through an exercise in this tracer. My head is still reeling from all the terms. Basically I was setting up a virtual security appliance called the Cisco ASA 5505. Sure I could buy a physical box for $250 used. But this simulation made learning a lot easier. Plus the module gave me hints all throughout.

So far I configured some network interfaces, address translation, a DHCP server, authentication, a DMZ, static NAT to my server, and some ACLs. And that was just in the first hour. My head is definitely still spinning. This tool can definitely help you learn the Cisco operating system command line, as well as network security topics in general.

Gooligan Infects Older Versions of Android

Read an update from CheckPoint Software on Gooligan. This is some malware that compromises Google data access. You get infected by downloading fake apps onto your Android device. This affects versions 4 (Ice Cream Sandwich, Jellybean, Kit Kat) and 5 (Lollipop) of Android .

The kicker is that the fake apps come from third party app stores. You would not find these in the Google Play store. I see that there are a couple of themes in the fake apps that infect you:
  • Sex stuff (sex photo app, sex cademy app, and sexy hot wallpaper)
  • Games (HTML5 games, snake, slots mania)
  • Tools (wifi enhancer, GPS, youtubeplayer, calculator)
The apps download a rootkit. Then they do nasty things such as download other apps and even rating them on Google Play. The fix is to get some antivirus software pronto. And prevent it in the first  place by steering clear of third party app store. You never know what you are getting.

Crooks Getting Smarter

I logged into an old email account of mine recently. Saw a spam message from a few years ago. The thing was really good. Official looking return address at the top. No grammatical errors. Lots of specific numbers cited. Bitmap signature. Link to an official web site. Damn.

The real question is why are they sending me this spam? Are they trying to get some personal details out of me for a further hustle? Seems like a lot of hard work went into crafting this email. The only things that were sketchy were that the contains were all contained in a jpeg image, and they were telling me I won a lottery that I did not enter.

Crooks are getting better at running their scams. Watch out and warn your peoples.

The Cisco Command Line Interface

I have been digging in deep lately, trying to learn networking basics. Down at OSI layer 2. Studying how switches work in minute detail. Moving up to understand how routing works at OSI layer 3 as well. There is a lot going on.

Got access to a simulator. I can pretend to log into Cisco switches and routers. Access them through a command line interface (CLI). The problem is that there is a whole language I got to learn. It also feels like a wonky version of MS-DOS.

Just when I thought all was lost, I got ahold of a "cheat sheet" full of Cisco commands. I was off to the races ... until I discovered the cheat sheet was locked. It was distributed in the form of a PDF. But the file had security turned on, and I could not even print out the damn thing.

Well PDFUnlock came to the rescue. My file was a small one. PDFUnlock let's you break the password for free online. That's a good URL to have if you get into a bind like I Was. All right. Watch out world. I am gaining networking power as we speak.

First Hackathon

I attended my first hackathon tonight. One of my instructors told me about it. The goal was to solve problems using Python. You were actually allowed to use any programming language. But they encouraged you to try out Python. I started learning it earlier this year until I found out I needed to look for a new job. Only wrote one program at work in Python that ended up only serving as a prototype. Luckily I did work through some problems on my own. Was just a little rusty.

My instructor and I were unsure what to expect from the night. Normally you would think some company would try to get you to develop products for them for free. Yes there was a corporate sponsor. Yes they provided pizza and soda. No we did not have to develop products for free. We had a bunch of problems to solve. The problems were from a web site.

The problems were grouped by difficulty. I could not finished all the easy ones. Never even got to the hard ones. You would receive more points the harder the problem was. There were a bunch I attempted but failed at. There was no penalty for guessing the answers. However if you guessed too much, they would limit the time you had to wait to enter another answer.

I had some initial trouble because I could not get my laptop to connect to their free WiFi. They started the contest when I could not even log in online. I ended up using one of the desktop computers they had. Luckily it had Python 2.7 installed on it. Had to download Notepad++ to inspect some data files they provided.

My score got me into the top ten for a good portion of the night. But the new kids on the block stepped up their game during the last few minutes. I bombed my last question and got power passed, leaving me out of the top 10. So I did not qualify for any prizes. My instructor thought the best strategy was to attempt the difficult problems and claim the big points. The only problem was that he got stuck on the first hard problem he tried. His score suffered.

The prizes were things like tee shirts and Python programming books. Top prizes included Rasberry Pi kits. Not too shabby. The handle of the dude who won first place was GOD. He looked like he belonged at the top of the hackathon. I might do one of these again in the future. Got to mix up my own strategy for maximizing points achieved.

Hackers Take Over Car Remotely

Just read an interesting Wired article on some hackers that know how to take over a Jeep Cherokee. They found some vulnerability in the Jeep's Internet access that let's them control the car and do bad things. See how Andy Greenberg got into a panic when he lost control of his Jeep.

And its not just the Jeep Cherokee. Some Cadillac and Infinity vehicles are at risk as well. The guys that found the loophole shared the info with the manufacturers. But they are also going to present their findings to the public (without the low level code to hack the car chipsets).

The uproar in the comments of the article is that they hacked a Jeep that was cruising down the highway. Can you say dangerous? The real danger is that your own car might get taken over in the future. I think I will keep my old Chevy 1991 pickup truck. No computers in there to take over.

Learning from Copy Protection

Just read a sweet article on how someone got past Math Blaster disk copy protection. Math Blaster apparently was some game or educational software for Apple computers back in the 1980s. Their disk would not copy using any of the standard techniques.

I got to give it to the author. They kept at the investigation for months it seems. Wow. I say you could learn a thing or two from the techniques Math Blaster employed. There were multiple levels of protection going on. Levels within levels to be exact. The encryption also seemed to take advantage of some bugs in the tools that crackers used to get past the copy protection.

Turns out the company made a decent bit of coin from selling Math Blaster. Maybe some of that was due to the copy protection preventing the program from getting out there too quickly. One weird thing I read about in the article was Advanced Demuffin. Who names these things?