tag:blogger.com,1999:blog-47630573651276824352024-03-13T08:22:25.568-07:00The Theater of SecurityBreaking security for security's sake.Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-4763057365127682435.post-16802494933332963952015-12-21T20:09:00.001-08:002015-12-21T20:31:34.451-08:00Last minute gifts for Information Security Professionals - 30 under $100 with Amazon Prime<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-ze5SajWdZfE/VnjLYJgbg6I/AAAAAAAAAFA/GdX_82CAT5w/s1600/christmas-security.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><br /></a></div>
Information Security Professionals, Hackers, and tinfoil hat wearing paranoids are a hard bunch to shop for. With just a few days before Christmas, what do you get for the person that rubs their face and sighs when they hear people talk about the cloud? <a href="http://2.bp.blogspot.com/-ze5SajWdZfE/VnjLYJgbg6I/AAAAAAAAAFA/GdX_82CAT5w/s1600/christmas-security.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="213" src="http://2.bp.blogspot.com/-ze5SajWdZfE/VnjLYJgbg6I/AAAAAAAAAFA/GdX_82CAT5w/s320/christmas-security.jpg" width="320" /></a>Are you looking for a unique gift that isn't a black t-shirt with a snarky comment in white? Well, look no further!<br />
<br />
The below list is 30 items under $100 available via Amazon Prime. If ordered no later than the 22nd using Amazon Prime or by spending $25 to qualify for Two Day Shipping your gift will arrive for Christmas.<br />
<br />
The prices and ability to ship via Prime were accurate at the publishing of this post. They may change at Amazon's discretion. <br />
<br />
Merry Christmas, Happy Holidays, and check out the list after the break!<br />
<br />
<br />
<a name='more'></a><br />
<a href="http://www.amazon.com/gp/product/1494295504/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=1494295504&linkCode=as2&tag=thetheaterofs-20&linkId=2EQPT2DJRBPRCZ6E" rel="nofollow">Rtfm: Red Team Field Manual</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=1494295504" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $9.00<br />
RTFM clearly stands for Red Team Field Manual. It's a compilation of tips and tricks for pen testers, security researchers, and security engineers that will keep them going all through a long CTF. <br />
<br />
<a href="http://www.amazon.com/gp/product/B014FNIFXQ/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B014FNIFXQ&linkCode=as2&tag=thetheaterofs-20&linkId=JZWGUNCNDD3VFXDM" rel="nofollow">Sim Card Adapters / Storage + Micro SD storage + Micro SD Card Reader + Sim Release Pin in Credit Card Size</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B014FNIFXQ" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $9.95<br />
We change phones. We change phones a lot. This kit gives you the most common tools to switch SIM cards and migrate data. Why do we switch phones so much? Don't ask. <br />
<br />
<a href="http://www.amazon.com/gp/product/B014DU3J82/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B014DU3J82&linkCode=as2&tag=thetheaterofs-20&linkId=PS37VM2B2PCBHEW2" rel="nofollow">RFID Blocking Sleeves - Black Pack of 10 Credit Card Holding Shields</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B014DU3J82" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $9.99<br />
These sleeves can shield access cards and other identification from snooping. You can never be too careful. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00L3YG93O/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00L3YG93O&linkCode=as2&tag=thetheaterofs-20&linkId=PZZDE3ZZ2WST57PY" rel="nofollow">RUBAN 6.2 Foot Universal Security Cable For Notebook Laptop PC</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00L3YG93O" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $10.90<br />
CTFs are long, travel is hard, and laptops are expensive. These locks help make sure our laptops are where we left them. <br />
<br />
<a href="http://www.amazon.com/gp/product/B007OXMHDE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B007OXMHDE&linkCode=as2&tag=thetheaterofs-20&linkId=S2KUZEQV4NHUYWF6" rel="nofollow">Olympus TP-8 Telephone Pick-up Microphone</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B007OXMHDE" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $11.70
<br />
Call recording is not legal in all states, but where it is and if you do need to passively record a conversation this device is great for it. It's a great tool to record that perfect social engineering call and play it back for training purposes. <br />
<br />
<a href="http://www.amazon.com/gp/product/B005AZCGOI/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B005AZCGOI&linkCode=as2&tag=thetheaterofs-20&linkId=KJYG4Y735GDBBT5E" rel="nofollow">Ninja Remote 2, Weaponized</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B005AZCGOI" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $11.99<br />
It's a weaponized remote that can jam other remotes and shutoff TVs all at once, what more needs to be said. Use responsibly. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00CE3IC74/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00CE3IC74&linkCode=as2&tag=thetheaterofs-20&linkId=IXWP37SZT7OEQHOK" rel="nofollow">NFC tags - NTAG213 Chip - 10 Pack</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00CE3IC74" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $11.99<br />
NFC tags can tell our phones to do things, like go into certain modes when our phones are at work or in the car. <br />
<br />
<a href="http://www.amazon.com/gp/product/B004U7V41I/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B004U7V41I&linkCode=as2&tag=thetheaterofs-20&linkId=OOKQY54BBSSBDZCG" rel="nofollow">100 Round Bright Silver Hologram Sequentially Numbered Tamper Evident Security Labels/stickers</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B004U7V41I" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $12.50<br />
Why do we need stickers that make fake things look authentic? The answer is in the question. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00D3D3L8Y/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00D3D3L8Y&linkCode=as2&tag=thetheaterofs-20&linkId=RIB5NDOMLG7UFHMP" rel="nofollow">1 X Newest USB MSR90 3 Tracks Hi-Co Magnetic Stripe Credit Card Swipe Reader</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00D3D3L8Y" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $12.98<br />
Magstripe research is dead with the adoption of EMV (Chip and Pin). If you believe that I have a supercomputer to sell you in Australia. This device can be used to read and test most common magnetic stripe based credit and access cards.
<br />
<br />
<a href="http://www.amazon.com/gp/product/B013UMICP4/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B013UMICP4&linkCode=as2&tag=thetheaterofs-20&linkId=P7UJFI2GK6GPMFG4" rel="nofollow">Looching®10pcs KLOM Padlock Shim Picks+Professional Cutaway Practice Padlock (White)</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B013UMICP4" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $12.99<br />
We like to pick locks. It's almost like meditating. This kit comes with a clear lock for practice and shims which are a common pick for pad locks. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00N0326RE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00N0326RE&linkCode=as2&tag=thetheaterofs-20&linkId=U3WSHLCXZUSB4HR2" rel="nofollow">Professional Heavy Duty Silver Hinged Police Style Handcuffs</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00N0326RE" height="1" style="border: none !important; margin: 0px !important;" width="1" />- $13.91<br />
No, they are not for the bedroom (unless you are into that kind of thing). They are for practicing escaping handcuffs using shims and other techniques. Security people are weird. I know.<br />
<br />
<a href="http://www.amazon.com/gp/product/B00KDGX4CM/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00KDGX4CM&linkCode=as2&tag=thetheaterofs-20&linkId=MJBL5BAXEMFWPEBV" rel="nofollow">BePuzzled Hanayama - Twist</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00KDGX4CM" height="1" style="border: none !important; margin: 0px !important;" width="1" />
$14.93<br />
We like puzzles. 'Nuff said.<br />
<br />
<a href="http://www.amazon.com/gp/product/0465048943/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0465048943&linkCode=as2&tag=thetheaterofs-20&linkId=QCGYB7HGXD24BQTM" rel="nofollow">Red Team: How to Succeed By Thinking Like the Enemy</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=0465048943" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $17.41<br />
Great book detailing different professional hacking, pen testing, and research teams. It discusses how the Red Team philosophy can be used everyday. <br />
<br />
<a href="http://www.amazon.com/gp/product/0970978863/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0970978863&linkCode=as2&tag=thetheaterofs-20&linkId=MRPXZS54WSCOEBSO" rel="nofollow">Visual Guide to Lock Picking (Third Edition)</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=0970978863" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $18.82<br />
Again, we like lock picking. Locks are little puzzle we can use to gain access to things we shouldn't have access to. What's not to like? <br />
<br />
<a href="http://www.amazon.com/gp/product/B00NESAU0U/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00NESAU0U&linkCode=as2&tag=thetheaterofs-20&linkId=3LLGG362G75RSM6C" rel="nofollow">Winbag 15730 Air Wedge Alignment Tool, Inflatable Shim</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00NESAU0U" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $19.95<br />
Specialty lock picking tool: This can be used to access cars via the window and all manner of bypass techniques that require "just a little shove".<br />
<br />
<a href="http://www.amazon.com/gp/product/B000I2JWJA/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B000I2JWJA&linkCode=as2&tag=thetheaterofs-20&linkId=TGXAEEFR43RZEKID" rel="nofollow">Lindy USB Port Blocker - Pack of 4, Blue (40452)</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B000I2JWJA" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $22.95
<br />
Unprotected USB ports are bad, mmkay. These little stoppers are a deterrent from just anyone shoving anything in our USB ports. We don't like that. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00CZE18A0/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00CZE18A0&linkCode=as2&tag=thetheaterofs-20&linkId=BWOCIOIBNCC7OCNX" rel="nofollow">ZeusGard: Secure Hardware Browser</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00CZE18A0" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $24.95
and<a href="http://www.amazon.com/gp/product/B00H21HDM8/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00H21HDM8&linkCode=as2&tag=thetheaterofs-20&linkId=TH73CVK4GFRTON64" rel="nofollow"> ZeusGard WiFi Adapter</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00H21HDM8" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $14.95<br />
This one is a two-fer: You really should buy both together. A hardware browser is a read-only environment that boots from a standard PC allowing access to the Internet. Viruses cannot write to it because it's read only and it saves no information when powered off. They great for accessing the Internet on untrusted computers. <br />
<br />
<a href="http://www.amazon.com/gp/product/B014AFS0MU/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B014AFS0MU&linkCode=as2&tag=thetheaterofs-20&linkId=3QMQBGCJPZYPU3Z6" rel="nofollow">Looching® Lock Opener Padlock Tools Locksmith Tools Lock Tool Sets</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B014AFS0MU" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $28.99<br />
A basic cheap lock picking starter kit. If the security nerd/hacker in your life doesn't pick locks yet this is a good cheap place to start. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00HQWLHIE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00HQWLHIE&linkCode=as2&tag=thetheaterofs-20&linkId=M6JAKFWXJGWFE7H5" rel="nofollow">Enfain 8GB (10 Pack) USB 2.0 Flash Drive Jump Drive Pen Drive Memory Stick, Black</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00HQWLHIE" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $29.99<br />
We need stacks of identical USB drives for reasons. Good reasons. Reasons that get left in parking lots and lobbies as part of authorized penetration test reasons. <br />
<br />
<a href="http://www.amazon.com/gp/product/B0090ZXW7E/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B0090ZXW7E&linkCode=as2&tag=thetheaterofs-20&linkId=55VHQC5GRCBYQTMW" rel="nofollow">3M Privacy Filter for Apple MacBook Pro 15-inch with Retina display (PFMR15)</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B0090ZXW7E" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - 32.58
<br />
Privacy filter that keeps prying eyes off our laptop screens. Check to make sure you have the correct size for the recipients laptop. <br />
<br />
<a href="http://www.amazon.com/gp/product/B0045BIUGG/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B0045BIUGG&linkCode=as2&tag=thetheaterofs-20&linkId=GJUUDQNUPN4B3BZE" rel="nofollow">Dekart SIM Card Reader for Windows PC</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B0045BIUGG" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $33<br />
Ever watch any procedural crime show where they call in the "Tech Team" to retrieve text messages from the perps phone? This is the tool that helps them with that process. It's also good for backing up data on a mobile phone SIM card <br />
<br />
<a href="http://www.amazon.com/gp/product/B00M3SC0VY/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00M3SC0VY&linkCode=as2&tag=thetheaterofs-20&linkId=UWMLFPFBLXWNZICI" rel="nofollow">RFID Blocking Leather Wallet</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00M3SC0VY" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $36.99<br />
A nice leather wallet that blocks RFID signals to protect snooping on RFID enabled cards and IDs. <br />
<br />
<a href="http://www.amazon.com/gp/product/B005KDBHWM/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B005KDBHWM&linkCode=as2&tag=thetheaterofs-20&linkId=LWERGEIZGMRYWPQU" rel="nofollow">Mil-Tec Military Army Patrol Molle Assault Pack Tactical Combat Rucksack Backpack Bag 36L Black</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B005KDBHWM" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $45.88<br />
It's the backpack from Mr. Robot. If you don't know what that is, the person you are giving it to likely does. If they don't, frankly, buy them Season 1 of Mr. Robot. This backpack can hold all your security gear. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00LX8KZZ8/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00LX8KZZ8&linkCode=as2&tag=thetheaterofs-20&linkId=GNUKDL7AO34BJXYR" rel="nofollow">YubiKey NEO</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00LX8KZZ8" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $50.00<br />
Sweet tasty two factor authentication that can be used on your NFC enable mobile phone or computer. Two factor authentication combines something you know (a password) and another factor like something you have. In this case the second factor is a secure USB device.<br />
<br />
<a href="http://www.amazon.com/gp/product/B014S24GUK/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B014S24GUK&linkCode=as2&tag=thetheaterofs-20&linkId=NTB2NKGIIL2XL7NH" rel="nofollow">Amazon.com Gift Card - $50 (Gift Box Reveal)</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B014S24GUK" height="1" style="border: none !important; margin: 0px !important;" width="1" />
- $50<br />
Why an Amazon gift card? Just put a note on the card that says, "Use this to buy a year of Private Internet Access via VPN". They will handle the rest.<br />
<br />
<a href="http://www.amazon.com/gp/product/B004ZGXU48/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B004ZGXU48&linkCode=as2&tag=thetheaterofs-20&linkId=JVRMS6QRHUUBXVME" rel="nofollow">Keyllama 4MB USB Value Keylogger</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B004ZGXU48" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $59.99<br />
Another great pen testing tool. A keylogger captures everything typed on a keyboard. Again, only to be used when authorized.<br />
<br />
<a href="http://www.amazon.com/gp/product/B008XVAVAW/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B008XVAVAW&linkCode=as2&tag=thetheaterofs-20&linkId=W677H5A7HADU4PX2" rel="nofollow">CanaKit Raspberry Pi 2 Complete Starter Kit with WiFi</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B008XVAVAW" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $69.99
<br />
A complete sub $100 Linux PC (Just add KVM) that can run everything from Kali Linux to RetroPi Arcades. Yes, please. <br />
<br />
<a href="http://www.amazon.com/gp/product/B007RB82D2/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B007RB82D2&linkCode=as2&tag=thetheaterofs-20&linkId=42HMTRODJXEUGOYM" rel="nofollow">Streamlight 88704 Super TAC IR Long Range Infrared Active Illuminator</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B007RB82D2" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $86.14<br />
I could give you a long winded answer for this, instead: It blinds most security cameras. There, I said it. <br />
<br />
<a href="http://www.amazon.com/gp/product/B00TFAVFKU/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00TFAVFKU&linkCode=as2&tag=thetheaterofs-20&linkId=JEP4AOWWYQKBPCAG" rel="nofollow">Motorola Moto E (2nd Generation) - Black - 8 GB - Global GSM Unlocked Phone</a><img alt="" border="0" src="http://ir-na.amazon-adsystem.com/e/ir?t=thetheaterofs-20&l=as2&o=1&a=B00TFAVFKU" height="1" style="border: none !important; margin: 0px !important;" width="1" /> - $89.99<br />
We love burner phones. We change phones a lot. Again, for reasons. This is a fully unlocked GSM phone. Just shove in SIM and go. <br />
<br />
Happy Holidays!<br />
<br />
<br />
<br />
<br />
<br />
<br />Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com25tag:blogger.com,1999:blog-4763057365127682435.post-31119033900248129512015-04-11T19:22:00.002-07:002015-04-11T19:23:01.383-07:00Hiding in Plain Sight - B-Sides Orlando 2015<span style="font-family: Arial,Helvetica,sans-serif;">The abstract, slides, documents, and files associated with my talk at B-Sides Orlando 2015 can be found below.<b> </b></span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><b>Hiding in Plain Sight</b></span><br />
<br />
<i><span style="font-family: Arial,Helvetica,sans-serif;">B-Sides Orlando 2015 - April 11th, 2015</span></i><br />
<i><span style="font-family: Arial,Helvetica,sans-serif;"> </span></i><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: x-small;">What
if penetration testing programs went a step further? Once legal and
ethical approvals are obtained, a device could be placed within the
organization to test more than network and application security. By
placing a “rogue device” within an organization the general user
knowledge of physical IT practices, IT security policies, and awareness
of devices in the environment can be evaluated.<br /><br />This talk will
cover creating a penetration platform that can be hidden in plain sight
for under $200. The device will be housed in a common item found within
many offices and places of business. The device will have a number of
camouflage techniques that allow it to blend into the environment to
avoid detection.<br /><br />The device will include remote connection
capabilities, wireless and wired attack/monitoring functions, and
monitoring methods to let the penetration tester know when the device
has been discovered.<br /><br />The talk will cover:<br />• Device functions and requirements<br />• Device materials and build<br />• Creating a device that “blends in” (Dents, organization standards, asset tags, dust)<br />• Getting alerts when the device is discovered<br />• Penetration testing capabilities<br />• Preventing devices like this in your environment.<br /><br />This
talk will demonstrate how to build a low, cost, flexible, remote
penetration testing platform for ethical and legal testing programs that
can be hidden in plain sight. The talk will also show the audience some
of the techniques an attacker may use to hide monitoring devices within
organizations. Knowledge of these techniques may help develop and
refine IT practices to discover these devices.</span></span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="https://drive.google.com/folderview?id=0BzY3yLosRyyxfkdISzJBNjhfdjF0Sk1Qb0I2WE1zSi1LTGdkNk43WERxY2dXZDBJd0ZCSm8&usp=sharing" target="_blank">Click here</a> for the Google Drive shared folder including:</span><br />
<br />
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Talk Slides and Notes</span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Build Guide </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">STL Files for 3D Printed Parts</span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Avery Template</span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">RedProx Graphics Files (XCF Format)</span></li>
</ul>
Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-14117291528615529992015-01-14T18:39:00.002-08:002015-01-14T18:39:20.328-08:00Weekly Deep Dive: Germany may Secure Communications with Typewriters <div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="font-family: Arial,Helvetica,sans-serif;">This story sat in my draft folder as my human offspring, wife's writing career, shellshock, and poodle consumed my life. I think this story is still an interesting blend of old and new security issues that is worth posting.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">This story originally broke in July of 2014.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-EvADKTaM1v0/U8XcR0Og1gI/AAAAAAAAAxY/l7QpuRNoMUU/s1600/typist.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://4.bp.blogspot.com/-EvADKTaM1v0/U8XcR0Og1gI/AAAAAAAAAxY/l7QpuRNoMUU/s1600/typist.jpg" height="320" width="241" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Miss Germany could not be reached <br />
for comment on this story.</td></tr>
</tbody></table>
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.independent.co.uk/life-style/gadgets-and-tech/germany-may-use-manual-typewriters-to-fight-cyber-espionage-9607697.html" target="_blank">Multiple stories</a> detailed a German parliamentary committee that examined ways to address NSA spying within Germany. One of the options discussed: switching to mechanical typewriters. You read that correctly, not just typewriters, but <i>mechanical</i> typewriters. The fear is <a href="http://www.qccglobal.com/news/first-keystroke-logger.php" rel="nofollow" target="_blank">electronic typewriters may prove to have some ability to be monitored.</a></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br /><span style="font-family: Arial,Helvetica,sans-serif;"></span>
<span style="font-family: Arial,Helvetica,sans-serif;">I adore this: low tech foiling of high tech espionage. Billions of dollars in state-of-the-art monitoring brought down by the humble mechanical typewriter.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br /><span style="font-family: Arial,Helvetica,sans-serif;"></span>
<span style="font-family: Arial,Helvetica,sans-serif;">The German committee already uses encrypted emails, secure electronic communications, and places their phones in a metal box when convened to prevent eavesdropping.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">Would creating documents on a mechanical typewriter really stop the interception of communications? What precautions should the German Parliament take if they use mechanical typewriters?</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">Are you a security professional working for a law firm or financial institution that still uses electric typewriters? If so, this discussion could applicable to you. Anything used to create and store information falls into the domain of the information security professional and must be protected.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">After the jump we will discuss how typewriters relate to the CIA triad along with ways mechanical typewriters could be monitored. We will also cover how you can create controls to protect typewriters and the documents made on them. </span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<a name='more'></a><span style="font-family: Arial,Helvetica,sans-serif;"></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><a href="https://www.blogger.com/null" name="more"></a>Using mechanical typewriters as a security solution is a very interesting proposition for high level communications between German officials. Germany is clearly no stranger to using mechanical devices for creating and encrypting communications. The <a href="http://en.wikipedia.org/wiki/Enigma_machine" target="_blank">Enigma machine</a> was a work of engineering and communication genius for its age. Though not completely mechanical (it was electro-mechanical) it was the key to keeping German secrets out of prying eyes for years before <a href="http://en.wikipedia.org/wiki/Alan_Turing" rel="nofollow" target="_blank">the encryption it used was broken</a>.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">A device like the Enigma machine would not be practical now. Modern computers could break almost any code created using a mechanical system. (Not talking about <a href="http://en.wikipedia.org/wiki/One-time_pad" rel="nofollow" target="_blank">PADs</a> here, you crazy crypto kids.)</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">The OSS (precursor to the CIA) had <a href="http://www.militaryhistoryonline.com/general/articles/officestrategicservices.aspx" target="_blank">protocols to protect information</a> created on manual typewriters. Germany better dust off their old school espionage manuals. Reviewing the old typewriter protection protocols may not be enough. New tools can use nearby <a href="https://nakedsecurity.sophos.com/2011/10/20/iphone-spyware-snoop-desktop-typing/" rel="nofollow" target="_blank">smartphones sensors to detect what people are typing via vibration and sound</a>.</span><br />
<div>
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></div>
<span style="font-family: Arial,Helvetica,sans-serif;">Based on this, do mechanical type writers make sense now to provide better information security?</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">The answer: it depends on what you want. If you want to make a political statement, bravo, job done. If you want to provide actual security there are benefits and detractors to mechanical typewriters. We will look at a few of the pro and cons of using typewriters as seen through the CIA triad (Confidentiality, Integrity, and Accessibility).</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<b><span style="font-family: Arial,Helvetica,sans-serif;">CIA PROS AND CONS</span></b><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></b>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="clear: right; float: right; margin-bottom: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><b><span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://3.bp.blogspot.com/-aB0TNj40kbg/VHJ9-QrRKCI/AAAAAAAAA4M/sRNkLXGdDPI/s1600/Im-a-sign-not-a-cop-200x300.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-aB0TNj40kbg/VHJ9-QrRKCI/AAAAAAAAA4M/sRNkLXGdDPI/s1600/Im-a-sign-not-a-cop-200x300.jpg" height="200" width="133" /></a></span></b></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><span style="font-family: Arial,Helvetica,sans-serif;">My basic feeling on </span></b><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;">the effectiveness of </span></b><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;">administrative controls.</span></b></td></tr>
</tbody></table>
<b><span style="font-family: Arial,Helvetica,sans-serif;">Confidentiality</span></b><br />
<ul style="text-align: left;">
<li><span style="font-family: Arial,Helvetica,sans-serif;">CON - Logging is nice. Technical controls that can tell who accessed and viewed a document are nicer. With paper you don't get that level of logging and protection. At best you may have someone in a records room that signs documents in and out. They may be a trusted individual. However, there is no technical control that creates a record of who viewed what document and when. You must rely on the <a href="http://qualitymanager123.com/secure-areas-security-audit-checklist/" rel="nofollow" target="_blank">physical controls</a> around your records room and the custodian of those documents following your <a href="http://en.wikipedia.org/wiki/Information_security#Administrative" rel="nofollow" target="_blank">administrative controls</a>. <a href="https://www.google.com/search?q=bank+robbery+inside+job&ie=utf-8&oe=utf-8#q=crime+news+inside+job" rel="nofollow" target="_blank">A Google search</a> for "crime story inside job" will give you no shortage of reasons why human controls cannot be trusted. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">CON - There are no real technical controls to keep unauthorized parties from viewing sensitive information. Administrative controls related to <a href="http://en.wikipedia.org/wiki/Classified_information" rel="nofollow" target="_blank">data classifications</a> must be respected by the people viewing them. The thing is, even if administrative controls are violated, who would know? This clip from the UK version of House of Cards <a href="https://www.youtube.com/watch?v=ojfoKlfQeZ8&list=PLDgDD31tgvr93UZdRWM0jMllGP3GIvIO5#t=1099" target="_blank">perfectly explains the problem</a>. (Jump to 18:15 ending at 21:00 if the link doesn't do it for you.) The answer is: you avert your eyes. Clearly, that is the solution. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">PRO - Destruction <i>can</i> be a pro for confidentiality. However, the process for legal discovery is really the pro here. An organization with loads of information on paper can show a process that destroys documents that are no longer legally required to be kept and have that process audited. If the requested documents fall within the process it can be assumed they are gone and cannot be produced. However, paper documents have a big con for destruction as well. More on that in a moment. </span></li>
</ul>
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;">Integrity</span></b><br />
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;">PRO - Integrity is actually less of an issue with typewritten documents than their electronic counterparts. Forging digital documents is easy. Forging mechanically created type-written documents (when coupled with a trusted courier) is no small feat. Simply lifting the ink does no good as the impact from the typewriter will leave an indelible mark. Forensic auditors have culminated literally millennia of experience <a href="http://www.crime-scene-investigator.net/SimplifiedGuideQuestionedDocuments.pdf" rel="nofollow" target="_blank">spotting physical forgeries</a>. Digital forgery is a new field relatively speaking. Modifying a letter is certainly not out of the question, but adds severe challenges. The difficulty is high as it requires possession of the letter for a long enough time to recreate it without alerting a courier that the letter was gone.</span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">CON -<a href="http://en.wikipedia.org/wiki/Non-repudiation" rel="nofollow" target="_blank"> Non-repudiation</a> will be an issue. A typewritten document does not
offer the mathematical assurances of a <a href="http://en.wikipedia.org/wiki/Public_key_infrastructure" rel="nofollow" target="_blank">Public Key Infrastructure</a>. The lack of built-in document authenticity is a serious detractor. </span></li>
</ul>
<b><span style="font-family: Arial,Helvetica,sans-serif;">Accessibility </span></b><br />
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;">CON - The documents will be very difficult to easily access by multiple officials without making multiple copies. This on its own decreases the overall security by increasing the possibility one copy could be seen by unauthorized viewers. Secure couriers and <a href="http://en.wikipedia.org/wiki/Chain_of_custody" rel="nofollow" target="_blank">c</a><a href="https://www.blogger.com/null" rel="nofollow" target="_blank">hain of custody</a> procedures can help ensure security. However, any one with physical access to the document could make an unauthorized copy.</span></li>
</ul>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://1.bp.blogspot.com/-5uZdjltPnyw/VLH15LjL4UI/AAAAAAAAABg/TjlccXiXXa0/s1600/its_the_only_way_to_be_sure.gif" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-5uZdjltPnyw/VLH15LjL4UI/AAAAAAAAABg/TjlccXiXXa0/s1600/its_the_only_way_to_be_sure.gif" height="171" width="320" /></a></span></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Arial,Helvetica,sans-serif;">Nuke the document from orbit...</span></td></tr>
</tbody></table>
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;">CON - Destruction is always an issue. How can you be sure all the copies were destroyed? You can't. You can <a href="http://www.nature.com/news/2007/070508/full/news070508-9.html" rel="nofollow" target="_blank">shred them</a>, <a href="http://forensic.sc.mahidol.ac.th/proceeding/51_nisapha.pdf" target="_blank">burn them</a>, or dip them in acid, but you can never be certain every physical copied was destroyed. Did the clerk make five copies or ten? Did someone take a photograph of the document? You will never know, because you can never be truly sure who had access to the document. <a href="http://en.wikipedia.org/wiki/Quantum_cryptography" rel="nofollow" target="_blank">Quantum Cryptography</a> attempts to address this by rendering information unreadable if an an authorized party intercepts a file. If you want to melt your brain a little read more about the quantum cryptography <a href="http://journals.aps.org/prl/abstract/10.1103/PhysRevLett.67.661" rel="nofollow" target="_blank">here</a>. If you would like an ELI5 version PBS NOVA has a short video <a href="http://www.thirteen.org/programs/nova/quantum-confidential/" rel="nofollow" target="_blank">here</a>. I think it's safe to say there won't be a quantum cryptography module for typewriters any time soon. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">PRO - Document requests and sunshine laws are a real pain for large institutions. The Freedom of Information Act (FOIA) allows citizens in the United States to request information from their government. The German government has something similar to FOIA. The Germans call it "<a class="extiw" href="http://de.wikipedia.org/wiki/Informationsfreiheitsgesetz" title="de:Informationsfreiheitsgesetz">Informationsfreiheitsgesetze</a>". The lovely thing </span><span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-family: Arial,Helvetica,sans-serif;">for governments</span> about complying with these types of laws is it's almost always better to over comply then under comply. If all your records are on paper there is no reasonable way to be certain you have fulfilled the request without sending EVERYTHING that may be related. You may receive boxes and boxes and truckloads and truckloads of documents that look like <a href="http://boingboing.net/2013/01/17/fbi-responds-to-aclu-foia-requ.html" rel="nofollow" target="_blank">this</a>. If you want to keep something secret often too much information is just as good as no information. Especially if the information is contained in piles of paper that can't be efficiently searched.</span></li>
</ul>
<span style="font-family: Arial,Helvetica,sans-serif;">After reading all of this what is the conclusion? Well, there isn't one. The German government will need to weigh the risks vs. the rewards of this method. The German Parliament can decide if mechanical typewriters really work for them or if they are just security theater with an opening act of political drama.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">If you as a security professional have typewriters in your environment you will need to come up with controls to protect documents created on these devices. These controls are the same type the German government should consider if they decide to move to typewriters from communications.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<b><span style="font-family: Arial,Helvetica,sans-serif;">Controls</span></b><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">What can German officials or an information security professional do to further protect hard copy documents created on a typewriter?</span><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;"><br /></span></b>
<b><span style="font-family: Arial,Helvetica,sans-serif;">Destroy the Ribbons</span></b><br />
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;">For both electric and mechanical typewriters the ribbons are a running character steam of everything written on the device. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">The ribbons can be destroyed easily through shredding, but as discussed earlier, shredding is not 100% fool proof. Especially when the information is of such a value that no expense would be spared to recover it. The good news here. It's unlikely someone copied a ribbon cable. It's also unlikely the same data is duplicated on two ribbon cables. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">There are companies that make <a href="http://www.gsnmagazine.com/article/17465/ice_investigators_plan_read_typewriter_ribbons" rel="nofollow" target="_blank">typewriter ribbon cable readers.</a> The data is not difficult to recover. Simply throwing them out and hoping for the best is likely not an option.</span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Destroy the ribbons completely using an <a href="https://www.youtube.com/watch?v=NEajghoymOQ" rel="nofollow" target="_blank">industrial shredder designed for the task</a>. </span></li>
</ul>
<b><span style="font-family: Arial,Helvetica,sans-serif;">Rotate then Destroy the Typewriters</span></b><br />
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://en.wikipedia.org/wiki/Typewriter#Forensic_examination" rel="nofollow" target="_blank">Typewrtters create a "fingerprint"</a> that can be used to identify documents. This fingerprint can be used to identify a specific typewriter. If many tantalizing documents come from one typewriter that device becomes a high value target (HVT). By rotating the typewriters through an office or agency it makes linking certain documents to a specific typewriter more difficult. Users are unlikely to consistently create the same type of documents across departments or office buildings.</span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Destroy the typewriters once their service is no longer required. This should be part of your <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf" rel="nofollow" target="_blank">asset disposal process.</a> Proper destruction removes any possibility of new or advanced forensic espionage. </span></li>
</ul>
<b><span style="font-family: Arial,Helvetica,sans-serif;">Secure Couriers and Diplomatic Pouches</span></b><br />
<ul><b>
</b>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Secure courier was the choice of Kings and Diplomats since the idea of sending a protected message was thought necessary. Choose a courier that is well known, trusted, and consistently audited. For nation states protecting a message via <a href="http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1218&context=ilj" rel="nofollow" target="_blank">diplomatic</a> <a href="http://en.wikipedia.org/wiki/Diplomatic_bag" rel="nofollow" target="_blank">pouch</a> <a href="http://www.state.gov/ofm/customs/c37011.htm" rel="nofollow" target="_blank">has</a> <a href="http://news.bbc.co.uk/2/hi/uk/672786.stm" rel="nofollow" target="_blank">many</a> <a href="http://www.csmonitor.com/2005/0914/p04s01-usfp.html" rel="nofollow" target="_blank">advantages</a>. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Couriers should also undergo <a href="http://en.wikipedia.org/wiki/Job_rotation" rel="nofollow" target="_blank">job rotation</a> to ensure they never have the opportunity to develop relationships that allow for collusion. </span></li>
</ul>
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;">High Security Envelopes and Paper</span></b><br />
<ul><b>
</b>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Use <a href="http://en.wikipedia.org/wiki/Security_paper" rel="nofollow" target="_blank">high security paper</a> for important documents. This paper can be used on a typewriter and is specifically designed to limit alteration or forgery. Access to this paper should be tightly controlled to prevent misuse. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;"><a href="http://www.staples.com/Staples-Tamper-Evident-Security-Tinted-QuickStrip-Catalog-Envelopes/product_SS1056438" rel="nofollow" target="_blank">Tamper evident</a><a href="http://www.staples.com/Staples-Tamper-Evident-Security-Tinted-QuickStrip-Catalog-Envelopes/product_SS1056438" rel="nofollow" target="_blank"> and high security envelopes</a> alert the recipient when contents may have been viewed. These envelopes also ensure the contents of the envelopes are difficult to view without affecting the tamper resistant seals.</span></li>
</ul>
<span style="font-family: Arial,Helvetica,sans-serif;"></span><br />
<b><span style="font-family: Arial,Helvetica,sans-serif;">Secure Rooms</span></b><br />
<ul>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Rooms that typewriters are used in should have adequate and auditable <a href="http://qualitymanager123.com/secure-areas-security-audit-checklist/" rel="nofollow" target="_blank">security controls for physical access.</a></span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Radio signal in and out should be completely blocked. If the typewriters are electric <a href="http://www.qccglobal.com/news/first-keystroke-logger.php" rel="nofollow" target="_blank">they could have key loggers</a> installed that broadcast information typed to interested parties. Blocking radio signal and disconnecting any devices in the room from network capabilities should be required. </span></li>
<li><span style="font-family: Arial,Helvetica,sans-serif;">Mobile phones should be banned. Sophisticated attacks allow the sensors on phones to be used to determine what is typed. By determining the model of the typewriter using <a href="http://en.wikipedia.org/wiki/Typewriter#Forensic_examination" rel="nofollow" target="_blank">fingerprinting</a> a mobile phone could be used to intercept information based on the sound and vibration of the typewriter. </span></li>
</ul>
<span style="font-family: Arial,Helvetica,sans-serif;">Should the German government go to this extreme to protect their data? Would it actually make a difference in their communication security? Using a typewriter for secure communications isn't necessarily more secure, it's just secure in different ways. Every method of communication has security strengths and weaknesses.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">The German government will need to examine their options and determine what's best for their needs. As a security professional you should take all the ideas and options written here and weigh them against your security posture. If you have typewriters in your environment are you doing everything you can to protect and handle sensitive data properly? Review the above and ask yourself if any of listed recommendations could make your sensitive paper based or typewritten documents safer. This critical thinking is often the difference between real security and security theater. </span></div>
Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-50969618052636581782015-01-12T20:50:00.001-08:002015-01-12T20:50:11.210-08:00#PWNED - United States Central Command Twitter Account Hacked<br />
<a href="http://4.bp.blogspot.com/-WScFBQG4R20/VLSPsYrpH7I/AAAAAAAAABw/LKPZZ8CgDIA/s1600/Seal_of_the_United_States_Central_Command.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://4.bp.blogspot.com/-WScFBQG4R20/VLSPsYrpH7I/AAAAAAAAABw/LKPZZ8CgDIA/s1600/Seal_of_the_United_States_Central_Command.png" height="200" width="200" /></a><span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.cnn.com/2015/01/12/politics/centcom-twitter-hacked-suspended/" rel="nofollow" target="_blank">A group claiming to be part of ISIS hacked the</a> <a href="http://www.twitter.com/centcom" rel="nofollow" target="_blank">US Central Command Twitter</a> profile today in an act </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">of "cyber terrorism". While the attackers were in control of this account they made threats and posted documents with "sensitive military information".</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">There are a few very important things to note:</span><br />
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The information posted, in many cases, was already released. <a href="http://www.newrepublic.com/article/120749/pro-isis-cybercaliphate-hacks-centcom-twitter" rel="nofollow" target="_blank">Often it was previously available to the public if you knew how to request it or where to look</a>.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Hacking a Twitter account is hardly a feat available to only the most "1337" of hackers. (He says while double checking his two-factor auth for his Twitter accounts.)</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Twitter is not a DoD network or system. It's Twitter, let's not make this out to be a break in at <a href="http://movies.disney.com/national-treasure" rel="nofollow" target="_blank">the National Archives</a>.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">United States Central Command <a href="https://www.google.com/maps/place/Central+Command+United+Stts/@27.862635,-82.491011,15z/data=!4m2!3m1!1s0x0:0xf35b4e355866bdd8c" rel="nofollow" target="_blank">is located in Tampa, FL</a>. Tampa was recently named <a href="http://www.abcactionnews.com/news/tampa-tops-list-as-nations-most-hacked-city" rel="nofollow" target="_blank">the most hacked city in the United States</a>. Coincidence? Probably, but these stories right next to each other provide some humor. </span></li>
</ul>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">There are however a few serious concerns and they aren't items I see making the rounds in news posts.</span></div>
<div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">I would hope that US Central Command would realize their Twitter account was at least as hackable as <a href="https://uk.news.yahoo.com/celebrity-twitters-hacked--five-other-hacked-accounts-justin-bieber-lady-gaga-britney-spears-160352069.html#4f2Zx6e" rel="nofollow" target="_blank">these celebrities.</a></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">I've heard no confirmation of <a href="http://en.wikipedia.org/wiki/Two_factor_authentication" rel="nofollow" target="_blank">two-factor authentication</a> being used which is available to anyone with a phone and a Twitter account for free. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Why do these accounts exist in the first place? Is there a public outcry for tweets from Central Command about their goings on? #InternationalMilitaryCollaboration #WhereMyAlliesAt</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How did they do it? We may never really know. Password resets are tied to email accounts with wildly varying reset processes and security questions. A breach of the email account used for password reset is as good as a breach of the targeted system. Let <a href="http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/" rel="nofollow" target="_blank">this story</a> of account access spiraling out of control serve as a cautionary tale. </span></li>
</ul>
</div>
<span style="font-family: Arial, Helvetica, sans-serif;">I often wonder if accounts like this are not a form of <a href="http://en.wikipedia.org/wiki/Honeypot_%28computing%29" rel="nofollow" target="_blank">honeypot</a>. A nice sticky gooey Twitter account just begging to be defaced by script kiddies the world over. It's off the DoD network and can be used to gather information about groups that would attack DoD systems were this low hanging fruit not there. A curious thought for sure.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">What I would bet on is this:</span><br />
<br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Somewhere the person in charge of this account is at a table having a <a href="http://en.wikipedia.org/wiki/Alexander_and_the_Terrible,_Horrible,_No_Good,_Very_Bad_Day" rel="nofollow" target="_blank">terrible, horrible, no good, very bad day</a>.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">The person on the other side of the table is ordering someone in DoD telecom to issue a Blackberry that stays locked in a safe at CentCom. This Blackberry will be used just for <a href="http://www.zdnet.com/article/tutorial-twitter-2-factor-authentication-step-by-step/" rel="nofollow" target="_blank">two-factor twitter authentication</a>.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">A team of very serious people are combing through a mountain of logs files to determine the source of the unauthorized account access. </span></li>
</ol>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">In the end... this is a prank. There is egg and that egg is located on someones face. There is no real danger beyond the shame of a major military organization having their Twitter "pwned". </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">What can you do to secure your Twitter feed?</span></div>
<div>
<ul>
<li><a href="https://lastpass.com/" rel="nofollow" target="_blank"><span style="font-family: Arial, Helvetica, sans-serif;">Set a secure password and store it somewhere safe.</span></a></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.zdnet.com/article/tutorial-twitter-2-factor-authentication-step-by-step/" rel="nofollow" target="_blank">Create two factor authentication</a> for Twitter.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Only login on trusted devices and networks. <a href="http://abcnews.go.com/Business/story?id=3454066" rel="nofollow" target="_blank">Avoid "Free WiFi"</a> when possible.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">NEVER login on computers in <a href="http://arstechnica.com/security/2014/07/beware-of-infected-hotel-pcs-stealing-guests-passwords-feds-warn/" rel="nofollow" target="_blank">hotel business centers or Internet kiosks</a> in public areas. These systems are prone to have malware designed to steal your passwords. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.businessinsider.com/biggest-password-mistake-2014-8" rel="nofollow" target="_blank">Never use the same password across different accounts.</a> Once one account is compromised, they all are. Your Twitter account may be two-factor, but are all the websites where you use that password enabled for two-factor authentication?</span></li>
</ul>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Remember, reputation is just as important as information. Protect your accounts even if the information stored on them is low value. Someone could use that access against you and harm your reputation. Just ask @centcom.</span></div>
</div>
<br />
<br />Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-91540019447328454162015-01-10T17:44:00.002-08:002015-01-10T17:44:56.812-08:00Security Theater: ATM Admin Panel Publicly Accessible <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-WvkkXs5Jgtk/VHKdj_nWNmI/AAAAAAAAA4w/iTHhKM99S9o/s1600/ATM2.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-WvkkXs5Jgtk/VHKdj_nWNmI/AAAAAAAAA4w/iTHhKM99S9o/s1600/ATM2.jpg" height="400" width="225" /></a></div>
<span style="font-family: Arial,Helvetica,sans-serif;">...<i>SecuritySensesTinglingDroolingIntensifies</i>...</span><br />
<br />
<span style="font-family: Arial,Helvetica,sans-serif;">During a stop at my local national chain gas station I found this inexplicable ATM configuration. I did my best to obfuscate a lot of the detail while preserving the details are "there". I also scratched out areas where the chain name is easily seen.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">I would've gotten closer, but I didn't want to look like I was casing the place. There is little difference between security research and premeditation. Not to mention, I was not authorized to try and untangle this security rats nest. Observation is all I could really do.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">What you see is the backside of the outside facing ATM. You can also see a touchscreen access panel that, at the time, was giving a number of interesting error codes. The top half seems to be a simple double wafer lock. Based on <a href="https://www.youtube.com/watch?v=w1KfSSDh3gU#t=892" target="_blank">this talk</a> the key could likely be <a href="http://www.americanbankequipment.com/atm-keys.php" target="_blank">purchased on the Internet for about $10</a>. There are notes on the ATM regarding how and when to put it in supervisor mode, its ID, who to call for support, etc. The supervisor mode is activated by the rear touch screen.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">Sure, there are cameras. Sure, there are people in the store. Sure, the cash is in the vault at the bottom and is better protected. However, I would bet if I walked in looking like an ATM repair guy and introduced myself they would be all too happy to let me go about my business. ATMs are not the bastion of security people think they are and they need to have better security than this. Recently <a href="http://www.torontosun.com/2014/06/08/two-14-year-old-code-crackers-hack-winnipeg-atm" rel="nofollow" target="_blank">two teenagers "hacked" ATMs</a> using the manufacturer default passwords. At Defcon 18 there was a <a href="https://www.youtube.com/watch?v=w1KfSSDh3gU" rel="nofollow" target="_blank">wonderful demo</a> on remotely "jackpotting" ATMs to get them to spit out all their cash. All you needed in the demo was access to that top box and a little know how. Recently these attacks have <a href="http://www.atmmarketplace.com/articles/jackpotting-makes-its-way-to-western-europes-atms/" rel="nofollow" target="_blank">shown up in Europe</a>.</span><br />
<span style="font-family: Arial,Helvetica,sans-serif;"><br /></span>
<span style="font-family: Arial,Helvetica,sans-serif;">This is security theater. It makes you feel safe using the device while completely lacking in common sense security. </span></div>
Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-60665910870341168092014-11-23T15:40:00.000-08:002014-12-29T19:51:48.584-08:00Hidden War Dialer Build: Rechristening 2.0<div dir="ltr" style="text-align: left;" trbidi="on"><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody><tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-KAcgHzUD2Vo/VHJV2T9lJaI/AAAAAAAAA38/TD85-vz3JFA/s1600/UPSET.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-KAcgHzUD2Vo/VHJV2T9lJaI/AAAAAAAAA38/TD85-vz3JFA/s1600/UPSET.jpg" height="212" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">WHAT YEAR IS IT!? Is this a Palm Pilot? <br />MY LIFE IS A LIE! Nevermind. Raspberry Pi you say?<br />Tell me more.</td></tr></tbody></table>Duties in life and work took me away from this project. The end of the year leaves me with some much needed time off. I choose to use some of that time to rededicate myself to this blog and some of its projects. My hope is to present some of these projects at Bsides conferences in 2015.<br /><br />First, we should talk about the elephant in the room: originally the build was a war dialer hidden inside an APC UPS using an old Sony Clié. That project hit some significant roadblocks.<br /><ul style="text-align: left;"><li>Testing the modem</li><ul><li>Finding an analog phone line bordered on hilariously difficult. In my circle of friends and places I work these things simply do no exist. You would have thought I was looking for a Pony Express stable that could get an urgent package to the "udder sidea <span style="background-color: white;">the</span> call-r-ada river." </li><li>I finally got access to an analog line, but it had its own complications. It was located at an office I did not have access to at the odd intervals I may have time to test. It also did not have a handset nearby to test if the line was actually working.</li></ul><li>Using the modem</li><ul><li>The war dialing software was almost a decade old on a platform that is no longer supported using a fork of the PalmOS software and a modem that was not specified in the manual for the war dialer. It was a problem, wrapped in a riddle, where the people that wrote the riddle have all moved on with their lives because the tools are ancient and the idea perfectly insane. Reaching a solution may require a Delorean inside a Tardis.</li></ul></ul><div>This is not to say I gave up. I have moved on for now. The project was rechristened: Hidden <strike>War Dialer</strike> Raspberry Pen Test Build.</div><div><br /></div><div>Effort will be focused on something a bit more worthwhile: hiding a Raspberry Pi Model B in an APC UPS with a cellular modem and an Ethernet passive tap. The work already started with a 3D print that should be here on the 26th of November. The test print is for the Raspberry Pi case mount that will hold the additional devices in the APC UPS.</div><div><br /></div><div>The end goal will be to present a device that can be built for around $100 for pen testing that blends seamlessly with a cube farm (Read: Office). </div><div><br /></div><div>I will write a follow-up post with what the system should deliver and the desired goals. </div><div><br /></div><div>Look for more soon.</div><div><br /></div><div><br /></div></div>Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-28409981608455627112014-07-13T19:19:00.000-07:002014-12-29T19:51:48.598-08:00Hidden War Dialer Build: Update<div dir="ltr" style="text-align: left;" trbidi="on"><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-KdBL-G0RUVc/U8MV3bmhtoI/AAAAAAAAAuw/nFjBWqmdaVQ/s1600/20140713_105017.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://4.bp.blogspot.com/-KdBL-G0RUVc/U8MV3bmhtoI/AAAAAAAAAuw/nFjBWqmdaVQ/s1600/20140713_105017.jpg" height="150" width="200" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Say hello to my bulky little friend.</td></tr></tbody></table>This weekend I visited one of my favorite places: <a href="http://www.skycraftsurplus.com/" target="_blank">SkyCraft</a> in Winter Park, FL. For those not familiar it's an electronics surplus store with all manner of gadgets, old electronics, parts, etc. To be certain it's a Maker heaven and what Tony Stark's trashcan must look like... parts and parts and parts. It has to be seen to truly be understood.<br /><br />As part of the Back to the Hack series and related to <a href="http://www.thetheaterofsecurity.com/2014/07/hidden-palm-pilot-wardialing-platform.html" target="_blank">my hidden war dialer project</a> I decided to see if there was a better option to hide my war dialer, Arduino, or Raspberry Pi. In my previous post I said I would use a gutted APC-350 UPS. A trip to SkyCraft and $15 dollars later I found myself with a APC-420. I love how it's well worn, scratched, and has little dents. The device will look like its been tucked away at a target facility for years. It will be a much roomier home for all my hack-a-tronics and will blend into any cube farm, IDF, or MDF perfectly.<br /><br />After the jump see the tear down and some of my first thoughts heading into the hidden war dialer build.<br /><br /><br /><a name='more'></a><b>Doctor, we are going to need to AMPutate. </b><br /><b><br /></b>The device I purchased was already sans battery which for my use was perfect. I just need a power strip with a place to hide things. There are boards, transformers, and all manner of other stuff that must be removed. Let's get to gut'in.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-e2aqqvWjlZs/U8MXj3tpZ3I/AAAAAAAAAvI/QNoZNLXKeis/s1600/20140713_105100.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-e2aqqvWjlZs/U8MXj3tpZ3I/AAAAAAAAAvI/QNoZNLXKeis/s1600/20140713_105100.jpg" height="150" width="200" /></a></div>It's a pretty decently sized beast. You can see it's size using the standard Internet measurement for scale, a banana.<br /><br /><br /><br /><br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-QSCjpqbMY4c/U8MXji2npEI/AAAAAAAAAvM/eh8X0fGHv-U/s1600/20140713_104943.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-QSCjpqbMY4c/U8MXji2npEI/AAAAAAAAAvM/eh8X0fGHv-U/s1600/20140713_104943.jpg" height="150" width="200" /></a></div>This is where the real goodness happens and why this device is perfect for the task. It will basically function like a power strip once gutted leaving most users unaware of its malicious (Read: Research Project) oriented nature. It will provide power for the electronics on the inside and a network pass-through (either RJ-11 or RJ-45, more on that later).<br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-ylSPtByGdcA/U8MXTUhr8GI/AAAAAAAAAvA/1lH_0Oq07oY/s1600/20140713_105320.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-ylSPtByGdcA/U8MXTUhr8GI/AAAAAAAAAvA/1lH_0Oq07oY/s1600/20140713_105320.jpg" height="150" width="200" /></a></div>The inside: Look at that transformer! Just compare it to the banana, it's huge! We are looking at a full partsectomy here.<br /><br /><br /><br /><br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-r5qZF5HSYNw/U8MZjR3FZZI/AAAAAAAAAvY/I8FVbqZ4Pjk/s1600/20140713_111418.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-r5qZF5HSYNw/U8MZjR3FZZI/AAAAAAAAAvY/I8FVbqZ4Pjk/s1600/20140713_111418.jpg" height="150" width="200" /></a></div>As if by magic all the parts have been removed. I must advise as not your lawyer or a trained electrician: do not do anything I just did. These devices deal with high voltage and capacitors that may store charge long after the device has been unplugged. Do not open, touch, remove, lick, feed after midnight, bathe, take to prom, share a lease, or perform any other activity not listed by the manufacturer as approved use. Any other use or action could result in a mild to severe case of death. You have been warned.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-wJl23bxCr_Q/U8MZ3k7Og8I/AAAAAAAAAv0/3yDPBSScY2w/s1600/20140713_111517.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-wJl23bxCr_Q/U8MZ3k7Og8I/AAAAAAAAAv0/3yDPBSScY2w/s1600/20140713_111517.jpg" height="150" width="200" /></a></div>This part will need to be salvaged. This is the network bypass. The board can be mounted to the case and will leave the outside with a clean professional look. This will also create a connection for the war dialer or can be used later to create a passive network tap.<br /><br /><br /><br /><br /><br /><a href="http://4.bp.blogspot.com/-tGTXJatQd88/U8MZ3QrDQuI/AAAAAAAAAvs/pBoifXqaQ20/s1600/20140713_111528.jpg" imageanchor="1" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://4.bp.blogspot.com/-tGTXJatQd88/U8MZ3QrDQuI/AAAAAAAAAvs/pBoifXqaQ20/s1600/20140713_111528.jpg" height="150" width="200" /></a>I may cut it up and then solder wires between the pins. I may get fancy and have a new board custom printed. I'm not sure yet.<br /><br /><br /><br /><br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-gDakI-vMm80/U8MZ3vgQOAI/AAAAAAAAAvw/GbGCzwCcQGM/s1600/20140713_111557.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-gDakI-vMm80/U8MZ3vgQOAI/AAAAAAAAAvw/GbGCzwCcQGM/s1600/20140713_111557.jpg" height="200" width="150" /></a></div>The front control panel ribbon connector was directly soldered to the main board. I cut the ribbon leaving the board in place. My intention is drill out or wire in a new LED that lights up when the device is powered. This should simulate what the device looks like when it's in normal operation.<br /><br /><br /><br /><br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-sZUeiLWl7bM/U8MaJCiB_3I/AAAAAAAAAwI/r2UoeNOUJM4/s1600/20140713_111701.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-sZUeiLWl7bM/U8MaJCiB_3I/AAAAAAAAAwI/r2UoeNOUJM4/s1600/20140713_111701.jpg" height="150" width="200" /></a></div>The inside is pretty straight forward as power goes. I should be able to connect these directly to the inbound power and add another outlet on the inside to power my devices.<br /><br /><br /><br /><br /><br /><br /><a href="http://3.bp.blogspot.com/-X7U2UV-YDds/U8Maf890imI/AAAAAAAAAws/2ezW4nqd73I/s1600/20140713_112120.jpg" imageanchor="1" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-X7U2UV-YDds/U8Maf890imI/AAAAAAAAAws/2ezW4nqd73I/s1600/20140713_112120.jpg" height="200" width="150" /></a>Here is one of the first problems: the removed main board has the serial port attached. To make this a clean build the serial port hole needs to be filled. Leaving the hole would definitely raise suspicions.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://3.bp.blogspot.com/-JEf9wCnE5A0/U8MaXlwQxqI/AAAAAAAAAwU/cAZLDAtImoA/s1600/20140713_111917.jpg" imageanchor="1" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-JEf9wCnE5A0/U8MaXlwQxqI/AAAAAAAAAwU/cAZLDAtImoA/s1600/20140713_111917.jpg" height="150" width="200" /></a>The front bezel leaves an excellent area to hide antennas for WiFi or cellular connections to be included in future builds. Placing any antennas outside the metal box, but covered by the plastic bezel, should work very well.<br /><br /><br /><br /><br /><br /><br /><a href="http://4.bp.blogspot.com/-yrTo-Zd_js4/U8MabI2kPGI/AAAAAAAAAwg/EASwgQL1JWw/s1600/20140713_112032.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-yrTo-Zd_js4/U8MabI2kPGI/AAAAAAAAAwg/EASwgQL1JWw/s1600/20140713_112032.jpg" height="150" width="200" /></a>Gutted and ready to start building! The main concern here will be weight. The device is now very light. Metal plates will need to be added. If someone were to pick up the device after deployment the lack of weight may cause question.<br /><br /><br /><br /><br /><br /><a href="http://4.bp.blogspot.com/-xMzNt3K6fU0/U8MabhiLaQI/AAAAAAAAAwk/uYv1IdwbTFk/s1600/20140713_112109.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-xMzNt3K6fU0/U8MabhiLaQI/AAAAAAAAAwk/uYv1IdwbTFk/s1600/20140713_112109.jpg" height="150" width="200" /></a>More than enough room for the war dialer or a Raspberry Pi or both!<br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://4.bp.blogspot.com/--83Jl6trhI0/U8ModOL9l4I/AAAAAAAAAxI/c_-iKGnGktw/s1600/so-much-room-for-activities-o.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/--83Jl6trhI0/U8ModOL9l4I/AAAAAAAAAxI/c_-iKGnGktw/s1600/so-much-room-for-activities-o.gif" height="179" width="320" /></a>THERE'S SO MUCH ROOM FOR ACTIVITIES!<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />Next steps:<br /><ol style="text-align: left;"><li>Wire a third internal power outlet.</li><li>Fabricate either 3D printed mounts for hardware or hand build them.</li><li>LED light to fake normal operation of the unit.</li><li>Modify RJ-11/RJ-45 bypass for war dialer or Raspberry Pi.</li><li>Adjust for the weight of the missing transformer and battery.</li><li>Fill in serial hole with a DB-9 serial port.</li></ol></div>Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-54016734009542254142014-07-10T20:51:00.000-07:002014-12-29T19:51:48.650-08:00Badges, we don't need no stinking badges<div dir="ltr" style="text-align: left;" trbidi="on"><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-U0n_yCkPqd8/U78Jc9EvNVI/AAAAAAAAAqE/9EkkSp92dzg/s1600/Ean4blured.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://2.bp.blogspot.com/-U0n_yCkPqd8/U78Jc9EvNVI/AAAAAAAAAqE/9EkkSp92dzg/s1600/Ean4blured.JPG" height="320" width="150" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Badge blurred for <br />obvious reasons. It lists my real title as<br />"Grand Security Bison of the<br />Loyal Order of the Water Buffalo"</td></tr></tbody></table>Recently someone pointed out the way I wear my work badge is "unusual". The picture to the left illustrates my particular "style" of wear: no lanyard, clipped to the collar of my shirt. Why do I do this?<br /><br /><div style="text-align: left;">This is one of the many ways that I take security seriously as a security professional. If you mind all the small things, like how you wear your badge, often the big things will follow suit. <br /><br />Just having a badge or access card is "Check box Compliance" as a past manager once told me. Company has photo badges: Check!, No one can see them on their belts: Check!, Lanyard rotates the photo around making the photo useless for identifying someone in a hall: Check!, No one cares if a person walking in the data center doesn't have an ID badge visible: Check! Check box compliance does nothing. Utilizing the tools required by compliance does everything.<br /><br />ID badges allow for quick identification of individuals and empower anyone in the organization to make a determination if that individual should be in a given area. I prefer wearing my badge this way because it avoids many of the common issues that take a very valuable security tool, like a identification badge, and turns it into one more thing those tinfoil hat wearers in security require that everyone will ignore.<br /><br />After the jump I will break down my reasons why the way most people wear their ID or access badge defeats the point of the ID in the first place. I will also discuss what you can do to make the ID and access badge process more valuable to securing your organization.<br /><br /><a name='more'></a><br />Let's start with this statement: Chances are the way you wear your badge is in direct violation of your corporate security policy. "You have never read my security policy you bald security freak," you may be thinking to yourself. True, but name calling is simply unnecessary. However, I would bet no small amount of money if you work at a company that has combination access card/ID badge system a line exists that reads something like this in your company's security policy:<br /><blockquote class="tr_bq">Identification badges shall be visible at all times to allow for easy identification of all <YourCompanyNameForRealz> employees. <YourCompanyNameForRealz> employees will wear their identification badges at or above above the waist at all times.</blockquote>This is pretty standard and almost completely ignored everywhere since the beginning of time. I won't lecture on policy violations right now. Instead, let's talk about why how you wear your badge is just as important as the fact that you have one.<br /><br />1. By clipping my badge to my collar people can feel comfortable looking quickly down from my face to my badge to read my name. This helps foster relationships and is good for security. The best security is accomplished by everyone working together. If you see someone that is out of place in a secure area being able to see their name, report them to security, or simply start a conversation easily to determine if they should be where they are increases the overall security of a location. Placing your badge on your belt means people have to awkwardly gawk at your crotch to try and read your badge. Most people will naturally avoid this. (Most, not all.) If everyone has a badge easily visible the person without one easily stands out and may indicate they are in an area they should not be. </div><div style="text-align: left;"><br /></div><div style="text-align: left;"><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-y27pwP7iEps/U79ZquLGDII/AAAAAAAAAqk/-r4BPY5Eo8E/s1600/suchbadge.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://4.bp.blogspot.com/-y27pwP7iEps/U79ZquLGDII/AAAAAAAAAqk/-r4BPY5Eo8E/s1600/suchbadge.jpg" height="200" width="156" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Such badge. Much ID. <br />Very Blank. Wow. </td></tr></tbody></table>2. Lanyards and retractable badge holders can block badges from view. How many times have you seen someone with a lanyard or belt clip and you can't read their name? The frequency of this occurrence is often proportional to the embarrassment you feel because you need to ask them a question and cannot remember their name. Badge holders that allow the ID to "hide" itself only destroys the value of having ID badges in the first place. Lanyards and retractable holders create an environment where not being able to see identification is acceptable. The clip style badge holder does not rotate and keeps the ID facing forward where it can be easily seen.<br /><br />3. Lanyards and retractable badge holders often break causing people to loose their badge. Retractable badge holders fall off belts easily. One may find they have been without their badge for hours when it popped off their belt during a walk to the break room. If their badge has access to secured areas someone could find and utilize their access badge before the owner is aware it's missing! Having my badge near my peripheral vision means as I turn my head I am consistently reminded that I have my ID/access badge on my person and in my control. </div><div style="text-align: left;"><br /></div><div style="text-align: left;">4. By wearing my badge near my head it would be very difficult for someone to attempt to grab my badge without me not knowing. A lanyard serves this similar purpose, but suffers from the above mentioned problems. A retractable badge holder on your waist can be easily grabbed or pulled out and the string cut in crowded area without the owner noticing. Wearing my ID badge near my collar means an attacker will need to get very close to attempt to steal my ID/access badge.<br /><br />Is the way I wear my ID/Access Badge the best way? I think so, but it is not the only way. Consider your organizational needs, how often employees use their badge, and what you really want to get out of a physical access control and ID system. Make sure the corporate policy regarding the display of identification reflects these requirements and then enforce the policy!<br /><br />The only way to bring value to ID badges and access control is by enforcing policy. Everyone from interns to the CEO must follow policies related to ID badges when inside a company facility. No exceptions. Just like herd immunity policies work best when everyone takes part. If everyone wears their badge and everyone holds others accountable for being able to see proper identification in secured areas spotting an interloper becomes much easier.<br /><br />Wear your badge where others can easily see it. This one little thing can create a domino effect that makes your entire organization more secure.<br /><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;"><br /><br /></div></div>Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-58907034148127155412014-07-08T18:01:00.000-07:002014-12-29T19:51:48.662-08:00Fossetcon 2014 - September 11-13th Orlando, FL<div dir="ltr" style="text-align: left;" trbidi="on"><br /><br /><a href="http://fossetcon.org/" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;" target="_blank"><img alt=" Fossetcon 2014" border="0" src="http://1.bp.blogspot.com/-GZcn6K7Gtjw/U7yQ8PxrXgI/AAAAAAAAAps/BGUoJ4yaBCE/s1600/fossetcon.png" /></a>I just bought a ticket to Fossetcon happening September 11-13th, 2014 in Orlando, FL. Fossetcon is the Free and Open Source Expo and Technology Conference.<br /><br />The three day event includes one full day of training classes, plus lunch during the training day, for $20! I am very excited to see how this goes as it seems like an incredible deal. If you are in Central Florida and like free and open source software check it out. For $20 you can hardly go wrong.<a href="http://fossetcon.org/" target="_blank"> http://fossetcon.org/</a><br /><br /></div>Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-15493920416363445772014-07-06T19:13:00.000-07:002014-12-29T19:51:48.719-08:00Hidden Palm Pilot Wardialing Platform: Part One<div dir="ltr" style="text-align: left;" trbidi="on"><a href="http://1.bp.blogspot.com/-r6DCO6vuJ8I/U7m4A78LzlI/AAAAAAAAAoU/jpg2d0A7LuM/s1600/20140706_154417.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-r6DCO6vuJ8I/U7m4A78LzlI/AAAAAAAAAoU/jpg2d0A7LuM/s1600/20140706_154417.jpg" height="320" width="240" /></a>While combing through "ye olde box of ancient tech artifacts" I found a Sony Clié Palm Pilot (PEG-N610C circa 2001/2002?). I powered it up to find it still worked like a charm. What to do with this wonderful little piece of tech?<br /><br />How about a <a href="http://en.wikipedia.org/wiki/War_dialing" target="_blank">war dialing</a> platform stuffed into a gutted APC battery backup that can be hidden in just about any office anywhere for around $20 USD? Sure. OK!<br /><br />In part one of this Back to the Hack we will discuss the basic idea for this cheap hidden war dialing platform, its uses, and the goals for the build. In part two we will look at the deployment of this wonderfully ancient little device and what it can be used to discover.<br /><br />Read more after the jump<br /><br /><br /><a name='more'></a><b>Why a wardialer?</b><br />Who uses dial-up anymore? Why do we even need a war dialer? Good question, glad you asked. The rumors of telephonic modem connections being dead are greatly exaggerated. Many credit card processing systems still use POTS lines for communication. Alarm systems, multi-function printers (fax, scan, and on-board storage for scanning), Out-of-Band Access to devices, DVRs, and a whole host of other platforms have telephone modem connections. These telephone connections may be used to pivot onto a network via other attached network connections once "dialed in". Often these connections are completely forgotten about. They exist because they always have. Sometimes they were turned on and connected by default when a vendor came onsite to do the original equipment install.<br /><br />What's the best part about these systems for attackers? They are rarely if ever patched. You show me a small or medium sized business that patched their leased multi-function printer within six months of a patch release (if ever) and I will show you a saber tooth tiger in a kilt making mango smoothies. It just doesn't happen unless something is broken.<br /><br /><b>Why a Palm Pilot?</b><br /><br />Let's look at some of the pros and cons:<br /><br /><b>Pros</b><br /><ol style="text-align: left;"><li>Cheap - You can pick up a Palm III or V for next to nothing. $10 USD or less on eBay</li><li>Disposable - See 1.</li><li>Self-Contained - Processing, battery, interface all ready to go. </li><li>Available modems for next to nothing that are also battery powered. Again, see eBay.</li></ol><div>Could you do this with a Raspberry Pi? Absolutely. However, the Pi modem module, Pi, SD Card, etc, etc. will cost way more than the Palm Pilot. If you are just looking to war dial a old Palm Pilot may be the perfect solution.</div><div><br /></div><div><b>Cons</b></div><div><ol style="text-align: left;"><li>Old software - Availability of software will be somewhat difficult.</li><li>Power - Many have a low power capacity meaning long term use will need an available power source.</li></ol><div><b>The Build</b></div></div><div><b><br /></b></div><div><b>The Palm</b></div><div>As previously stated I found a perfectly good Sony Clié Palm Pilot - PEG-N610C in a old box. The Palm was running Palm OS v4. Adding software is very easy on this model as a key differentiator for Sony branded Palm Pilots was a memory stick slot. I didn't even need to load software onto my PC to get new software onto the device. Load software to memory stick, shove in Palm Pilot, done loading software. More on the software later. </div><div><br /></div><div><b>The Modem</b></div><div><a href="http://4.bp.blogspot.com/-a-u9-iuF32M/U7nl1Y4GoiI/AAAAAAAAAok/6_ATZgj2FW0/s1600/20140706_154143.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-a-u9-iuF32M/U7nl1Y4GoiI/AAAAAAAAAok/6_ATZgj2FW0/s1600/20140706_154143.jpg" height="320" width="240" /></a>What about adding a modem? By a shear stroke of luck I checked eBay and someone had a brand new, never been opened modem for my Clié. My cost was $15 USD. When I received the modem in the mail it felt like opening a time capsule preserved in shrink wrap taking me twelve years into the past. <ConanOBrienVerbratoVoice>IN THE YEAAAAAR TWO-THOUSAND. IN THE YEAR TWO-THOUSSSSSSSAND!</ConanOBrienVerbratoVoice></div><div><br /></div><div>I connected the modem to the Clié and it recognized without an issue. </div><div><br /></div><div>If you are using a Palm III or V modems can be found on eBay for just a few dollars.</div><div><br /></div><div>Now we need to look at software.</div><div><br /></div><div><br /></div><div><b>War Dialing</b></div><div>Joe "Kingpin" Grand still <a href="http://www.grandideastudio.com/portfolio/palm-os-wardialer/" target="_blank">has a link</a> to the old l0pht Heavy Industries war dialing software for Palm online at Grand Idea Studio. The software, TBA, was developed for just this purpose and has all the basic features you would expect from a war dialer: Dialer configuration, scheduled start, dial masking, and output files. If you were looking closely you may have noticed the software was already loaded in the first picture of this post. I downloaded the software to a memory stick and loaded it to my Palm Pilot without issue. Using another Palm device you may need to use the HotSync functions.<br /><br /><b>Hiding in Plain Sight</b></div><div><a href="http://2.bp.blogspot.com/-4XeCJ4fQj8I/U7nxwMs9IiI/AAAAAAAAAo0/QmwuAJ6Tayo/s1600/APC.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-4XeCJ4fQj8I/U7nxwMs9IiI/AAAAAAAAAo0/QmwuAJ6Tayo/s1600/APC.jpg" height="320" width="320" /></a>I have a <a href="http://www.amazon.com/APC-BE350R-350VA-Discontinued-Manufacturer/dp/B000BFYPM8/ref=sr_1_3?s=electronics&ie=UTF8&qid=1404694341&sr=1-3&keywords=APC+350+modem" target="_blank">APC BE350R</a> battery backup with a battery that is ready to die. This battery backup will be perfect for hiding the Palm Pilot. There are three things that make this device perfect for the task at hand: </div><div><br /></div><div>1. After the battery and board are removed the inside can be stuffed with malicious (Read: Legitimate Penetration Testing) tools. </div><div>2. They are ubiquitous in offices. Placed under a desk or behind a cabinet people would never notice the device. Especially when gutted and turned into a power strip with all the close by computer gear plugged into it.</div><div>3. It has a telephone pass-through to protect DSL modems. Wiring our war dialer inline with the existing phone system will be all too easy.</div><div><br /></div><div>When the batteries on these die they are often trashed/recycled/etc. Getting a "dead" one should be a trivial task. Search eBay for "APC 350 no battery". Listings for under $5.00 USD are common.</div><div><br /></div><div><b>The Goals</b></div><div>This project has a clear set of goals:</div><div><ol style="text-align: left;"><li>Palm Pilot will be wired into the APC device to continually draw power.</li><li>Modem will be wired into the DSL protection ports to create a seamless pass through.</li><li>Modem will be protected from DSL and other digital lines via filter.</li><li>War dialing routine will be on a schedule (after business hours).</li><li>Results will be captured to a text file on the Palm Pilot.</li><li>Palm will be configured to email the war dialing results out via a free dial-up service. </li><li>Battery backup should be made to look familiar (Worn, fake asset tags, possibly dusty)</li><li>Tamper resistant screw - Placing a tamper resistant screw in the battery bay will discourage curious people.</li><li>Device should be cheap - Something that makes this platform appealing is the ability to write it off if "discovered". </li><li>BONUS - Automatic Download of a new dialer configuration based on the previously uploaded results. </li></ol><div>Part Two will focus on the build, prep, deployment, and testing findings of the hidden in plain sight war dialing platform.</div></div></div>Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-92069879477138780542014-07-06T11:25:00.000-07:002014-12-29T19:51:48.731-08:00Back to The Hack!<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-M4xFyiL6vgU/U7mRXNOGNLI/AAAAAAAAAoA/AAYoyKvW6R0/s1600/BackToTheHack.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Back To The Hack!" border="0" src="http://1.bp.blogspot.com/-M4xFyiL6vgU/U7mRXNOGNLI/AAAAAAAAAoA/AAYoyKvW6R0/s1600/BackToTheHack.JPG" height="149" title="Back To The Hack!" width="320" /></a></div>One of the areas of security I find interesting is when old hardware/software becomes relevant again. When dusty old devices find new life as security tools after being relegated to the numerous scrap piles of technological progress and dead links of tech reviews years past. Blog posts tagged as Back to the Hack will explore using this old "useless" tech to exploit the modern security controls we rely on today. <br /><br />Radio Shack DTMF dialer to open door relays? Maybe? What can be done with this old Palm Pilot and modem bought off eBay for a few dollars? Wardialer hidden in a APC batter backup case? Sure! Check out Back to the Hack to see how old tech is breaking new tech, today!</div>Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com0tag:blogger.com,1999:blog-4763057365127682435.post-74362489588904248322014-07-06T10:59:00.000-07:002014-12-29T19:51:48.778-08:00Exploiting Security Cameras with Infrared LEDs - Part One<div dir="ltr" style="text-align: left;" trbidi="on">A few years ago I read a <a href="http://boingboing.net/2008/02/20/infrared-leds-make-y.html" target="_blank">Boing Boing article</a> covering how infrared LEDs could be used to hide the identity of individuals from security cameras. The described method allows one to render their face unrecognizable to many cameras.<br /><br />This article was written six years ago and as a security professional I couldn't help but wonder, "Have camera manufacturers compensated for this issue since then? Can the cameras that protect the areas and Information Security assets I am charged with guarding be exploited by this type of vulnerability?"<br /><br />Only one way to find out! Build a test rig, protocol for testing, and test camera that will allow me to evaluate cameras that may be vulnerable to the described exploit. Part One will focus on the build of the testing unit and Part Two will focus on testing and findings. (Including easier ways to perform these tests if you don't want to or can't build a test device yourself. I wanted a permanent tool for testing.)<br /><br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="clear: left; float: left; margin-bottom: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-x5WUsq2RkVs/U8KK_ytd-UI/AAAAAAAAAq4/5wRFWDF2Ekg/s1600/IMG_0055.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://2.bp.blogspot.com/-x5WUsq2RkVs/U8KK_ytd-UI/AAAAAAAAAq4/5wRFWDF2Ekg/s1600/IMG_0055.JPG" height="150" width="200" /></a> </td></tr><tr><td class="tr-caption" style="text-align: center;">IR based security camera obfusctaor</td></tr></tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em;"><tbody><tr><td style="text-align: center;"><a href="http://4.bp.blogspot.com/-1SBp2BG4niU/U8KLgxillzI/AAAAAAAAArI/o5tCEJ1JOP4/s1600/LastTestLED.JPG" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="http://4.bp.blogspot.com/-1SBp2BG4niU/U8KLgxillzI/AAAAAAAAArI/o5tCEJ1JOP4/s1600/LastTestLED.JPG" height="141" width="200" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">"Officer, he looked like a <br />radiant ball of glowing light."</td></tr></tbody></table><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />See the build after the break<br /><br /><a name='more'></a><br /><b>How does this work? </b><br />Many modern security cameras have cheap infrared light filters or are specifically designed to pick up infrared light. Modern low cost "night vision" security cameras use a technique that floods an area with infrared light and then picks up that light to achieve "night vision". A security camera that has a ring of LEDs around it likely has "night vision". This feature opens these cameras up to being blinded by a strong infrared light pointed back at them. The cameras have no way to differentiate between their "night vision" and infrared light attempting to hide the identity of a individual.<br /><b><br /></b><b>The Build</b><br /><b><br /></b><a href="http://3.bp.blogspot.com/-2XJ5jrM3JSc/U7l0D8LcV6I/AAAAAAAAAmg/l31B0LXdvwU/s1600/IMG_0048.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: left;"><img border="0" src="http://3.bp.blogspot.com/-2XJ5jrM3JSc/U7l0D8LcV6I/AAAAAAAAAmg/l31B0LXdvwU/s1600/IMG_0048.JPG" height="240" width="320" /></a>For this build I purchased a <a href="http://www.harborfreight.com/5-led-cap-light-65288.html" target="_blank">5 LED Cap Light</a> from Harbor Freight for $6.00 USD. This model already has a form factor that attaches to a baseball cap. There are cheaper options on Amazon or other online re-sellers.<br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://4.bp.blogspot.com/-WVytSoMd3pU/U7l0E5TXnKI/AAAAAAAAAms/BmKjyqbiJ5Q/s1600/IMG_0049.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-WVytSoMd3pU/U7l0E5TXnKI/AAAAAAAAAms/BmKjyqbiJ5Q/s1600/IMG_0049.JPG" height="240" width="320" /></a>LEDs - The most important part of the build. These are <a href="https://www.sparkfun.com/products/9469" target="_blank">850nm IR LEDs</a> from Sparkfun.com. There are other wavelengths available (specifically 950nm). The 850nm are recommended for this project versus the 950nm as they have a better potential for overwhelming the CCD. The ten pack cost about $12.00 USD with shipping to the United States.<br /><br /><br /><br /><br /><br /><br /><a href="https://4.bp.blogspot.com/-EyXZ5deWLew/U7l0EN0pZRI/AAAAAAAAAmo/6p2EXEyW45Q/s1600/Camera.JPG" imageanchor="1" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://4.bp.blogspot.com/-EyXZ5deWLew/U7l0EN0pZRI/AAAAAAAAAmo/6p2EXEyW45Q/s1600/Camera.JPG" height="240" width="320" /></a>The problem with testing IR LEDs is our stupid human eyes can't see infrared. This is easily overcome with a cheap webcam. The one pictured is a $15.00 USD model. It was buried in the "random electronics I can't throw away because I may be able to hack them up later" box. Turning a old webcam into a IR enabled webcam is pretty straight forward. Open the camera and remove the lens from in front of the CCD. On the back of the lens you are looking for a small square piece of glass. This is the infrared filter. Remove it. You may have to pry it off, it my crack a little, that is OK. (You are wearing eye protection, right? Very good.) You can see the square piece of glass I removed on the silver ring of the outside camera housing in this photo. Your webcam disassembly may very. A better tutorial can be found <a href="http://www.instructables.com/id/turn-webcam-to-IR-sensitive-camera/" target="_blank">here.</a><br /><br /><a href="http://1.bp.blogspot.com/-6_97fOvN6RM/U7l0lD9gH-I/AAAAAAAAAno/ewIhvna2p44/s1600/RawTest.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-6_97fOvN6RM/U7l0lD9gH-I/AAAAAAAAAno/ewIhvna2p44/s1600/RawTest.JPG" height="199" width="320" /></a>Now to make sure the camera works. Here you can see me holding an IR LED between my fingers and a CR 2032 coin cell battery. Success! The camera can now see the infrared light.<br /><br />Now is as good a time as any to talk about resistors. This build has a noticeable lack of resistors. The build uses five LEDs and two CR 2032 coin cell batteries. As such no resistors are needed as it has little chance of burning out the LEDs. If we want more power, we will need resistors. A good resistor tutorial can be found <a href="http://www.evilmadscientist.com/2012/resistors-for-leds/" target="_blank">here.</a><br /><br /><a href="http://3.bp.blogspot.com/-Mi6lECXS6rc/U7l0TrZQk8I/AAAAAAAAAnA/zt1egi63pks/s1600/IMG_0050.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-Mi6lECXS6rc/U7l0TrZQk8I/AAAAAAAAAnA/zt1egi63pks/s1600/IMG_0050.JPG" height="240" width="320" /></a>Breaking apart the LED flashlight: There is not much to explain or see here. Gently pry open the case for the flashlight. I used nylon tools for opening an iPod. A butter knife may have the same result with more marring of the plastic.<br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://1.bp.blogspot.com/-ueD4npFYbVs/U7l0TEJ_a5I/AAAAAAAAAm4/vGEGIdouCOI/s1600/IMG_0051.JPG" imageanchor="1" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://1.bp.blogspot.com/-ueD4npFYbVs/U7l0TEJ_a5I/AAAAAAAAAm4/vGEGIdouCOI/s1600/IMG_0051.JPG" height="240" width="320" /></a>A close up of the work area. I need to remove the regular boring LEDs and replace them with the new, sexy, IR LEDs.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-5BV1CLg0Gbk/U7l0Tz3Vi3I/AAAAAAAAAnE/ROabZy2D4Os/s1600/IMG_0052.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-5BV1CLg0Gbk/U7l0Tz3Vi3I/AAAAAAAAAnE/ROabZy2D4Os/s1600/IMG_0052.JPG" height="240" width="320" /></a></div>IR LEDs coming out. Helping hands do your thing. Desoldering components is not incredibly easy, nor is it impossible. Solderwick can be used for the task or a desoldering pump. <a href="https://www.youtube.com/watch?v=WeLgZjtK9vk" target="_blank">This two minute tutorial</a> will give you some of the basics.<br /><br /><br /><br /><br /><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-LlCYTJUHR8c/U7l0iIzwX6I/AAAAAAAAAnM/6pwQd_pr6Bg/s1600/IMG_0053.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-LlCYTJUHR8c/U7l0iIzwX6I/AAAAAAAAAnM/6pwQd_pr6Bg/s1600/IMG_0053.JPG" height="240" width="320" /></a></div>New LEDs going in. A solder wizard I am not, but I get the job done. These are some fairly small pads to solder. In the end, I am pleased with the result. If you have never soldered before check out <a href="https://learn.sparkfun.com/tutorials/how-to-solder---through-hole-soldering" target="_blank">Sparkfun's basic guide to through hole soldering</a>.<br /><div class="separator" style="clear: both; text-align: center;"></div><a href="http://3.bp.blogspot.com/-QDvOEZs2teQ/U7l0kuwRd4I/AAAAAAAAAnw/w93xJVGggbc/s1600/IMG_0054.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-QDvOEZs2teQ/U7l0kuwRd4I/AAAAAAAAAnw/w93xJVGggbc/s1600/IMG_0054.JPG" height="240" width="320" /></a><br /><br />New IR LEDs in and ready for assembly.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://2.bp.blogspot.com/-mjagQ2Q2GI8/U7lwuFtTArI/AAAAAAAAAmQ/XY22u_rNDms/s1600/IMG_0055.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://2.bp.blogspot.com/-mjagQ2Q2GI8/U7lwuFtTArI/AAAAAAAAAmQ/XY22u_rNDms/s1600/IMG_0055.JPG" height="240" width="320" /></a><br /><br /><br />All put back together and ready for testing.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://3.bp.blogspot.com/-XusqfnEeKro/U7l0kj87lvI/AAAAAAAAAnk/5G13qR-6g_U/s1600/LastTestFace.JPG" imageanchor="1" style="clear: left; display: inline !important; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-XusqfnEeKro/U7l0kj87lvI/AAAAAAAAAnk/5G13qR-6g_U/s1600/LastTestFace.JPG" height="217" width="320" /></a><br /><br />Face without IR Camera Obfuscator.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a href="http://1.bp.blogspot.com/-JvPuTiv8KAU/U7l0jWcK-gI/AAAAAAAAAnU/eF1ozdOIRv0/s1600/LEDFaceTest.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-JvPuTiv8KAU/U7l0jWcK-gI/AAAAAAAAAnU/eF1ozdOIRv0/s1600/LEDFaceTest.JPG" height="195" width="320" /></a><br />Face with IR Camera Obfuscator.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />Ready for real world testing.<br /><br /><b>Part two will evaluate:</b><br /><ul style="text-align: left;"><li>How well the devices works against specific camera models.</li><li>Alternate testing methods.</li><li>Improvements to the test model.</li></ul></div><br /><!-- Blogger automated replacement: "https://images-blogger-opensocial.googleusercontent.com/gadgets/proxy?url=http%3A%2F%2F4.bp.blogspot.com%2F-EyXZ5deWLew%2FU7l0EN0pZRI%2FAAAAAAAAAmo%2F6p2EXEyW45Q%2Fs1600%2FCamera.JPG&container=blogger&gadget=a&rewriteMime=image%2F*" with "https://4.bp.blogspot.com/-EyXZ5deWLew/U7l0EN0pZRI/AAAAAAAAAmo/6p2EXEyW45Q/s1600/Camera.JPG" -->Eanhttp://www.blogger.com/profile/14108034837901189841noreply@blogger.com9