Book review: The Boy Who Harnessed the Wind

At near random I picked this book from the shelf, and I'm glad I did so. I had been quickly browsing the Technology section at the library, the 600 category in Dewey Decimal, and spied a yellowish orange book in the middle of the white and blue covers on most of the nearby books. It was probably the same kind of hurried situation that William Kamkwamba was in when he found the book Using Energy. A quick look through it told me about William, who had built his own windmill from scrap to provide power for electricity and water pumps for his home and village. The biographical lead up to the construction takes more than the first half of the book but it sets the scene for the achievement well. Anyone who tinkers or spent their childhood taking apart things will deeply appreciate how William brought himself out of the scared and superstitious world that his community lived in and through trials and experiments learned the basics of science and innovation, proving his "madness" was nothing of the sort. He's so "crazy" he's been asked to speak at TEDGlobal twice and many other international conferences and forums. This biography is well worth the time to read to get a real African's perspective on how simple technology can change lifestyles and conditions and how ignorant superstitions impede the flow of knowledge.

Really, Verisign?

Verisign's latest snail mail spam included a Verisign-branded USB drive with information on their new SSL Certificate features. The package was heavily loaded with all kinds of "Trust" rhetoric. At the request of the guy who officially got it, I threw it into my Macbook to take a look at it. It wasn't on any network and it's not prone to any known vulnerabilities that might allow something to run directly from the USB without any interaction (unlike Windows)

Autorun, Verisign? Really? AND Lame Adobe Flash? You honestly expect us to TRUST this kind of crap? To add insult to injury, the USB drive itself is only 64MB. You can't even install BackTrack on it or otherwise put it to any productive use.

(Def) #ConSurvival

There's a pretty good discussion going on Twitter about "surviving" DefCon and Black Hat, which are both coming up very quickly. Sadly, I won't make it out there this year. Asmodian X gets in Wednesday night, though. You should try to catch up with him.

It seems that every year, people say "don't bring your laptop / cell phone / PDA / etc..." but that's not really a big deal. In 2008, I posted about this same phenomenon on the ramp-up to DefCon 16. The same advice holds. You should be doing this stuff every single day, not just before you enter the hornet's nest that is DefCon.

1. Back up your data
2. Don't store sensitive stuff unencrypted
3. Keep your software up to date
4. Use good passwords

Last year, my Evil Wifi rig caught more than 100 unsuspecting attendees on the first day and gathered about 1,000 valid session cookies from sites like Facebook, Twitter, Google, Yahoo, Amazon, MSN and LinkedIn. It's a good idea to tunnel everything while you're at DefCon.

To do this, I set up both ingress and egress filtering in my firewall policy. Nothing gets in, and only tunneled traffic gets out. I also take this a step further by disabling my wireless and sticking to my tethered Internet connection. You may wish to use a broadband wireless adapter. I probably wouldn't trust a MiFi-type device unless it can connect over USB with the 802.11 disabled. It's not perfect, but you'll be better protected than most people there.

Other, less-technical pieces of sound advice being echoed:

• If you have the opportunity to go have coffee, breakfast, lunch, dinner, drinks with someone: take it. It doesn't matter how cool the talk is that you were looking forward to seeing, all the content will be on the web soon. Don't pass up the good networking opportunities.
• Take care of yourself. Try to eat healthy, take a shower, wear deodorant, brush your teeth and get at least a few hours of sleep each day. And wear sunscreen if you're outside. You don't want to come home a sunburnt, smelly, grimy tired zombie.
• Make it to B-Sides for at least a bit.
• Make sure you keep some room in your luggage for schwag, t-shirts and contest prizes.
• Go to a bank lobby if you need to use an ATM.
• Check out the rest...

"Viral" Like-Jacking on Facebook

It's out of control. Perhaps you've started to see a lot of stuff like this lately:


The title is provocative, mysterious or racy. Maybe it's scantily-clad ladies, the promise of a hilarious video, or in this example: from the title, it's implied that we're about to see something bad that our own President did.

The formula is always the same, though. You're taken to a page where you need to click something to continue...


Those who are paying attention will notice that on these pages, pretty much the entire page seems clickable according to the mouse cursor. That's because there is an invisible "Like!" button floating under your mouse the whole time. Unless, of course, you're running NoScript (which I've mentioned before). NoScript won't even load the page properly. Even if you disable JavaScript protection, ClearClick will alert you to what's about to unfold. Note the "thumbs up" icon.


What's happening is that there's a little 10x12 pixel iFrame named "fbframe" being rendered on the page, and it's being set to invisible using the style tag. You can see that the iframe is loading a URL on Facebook that will add this page to your "likes." This would be in the top left corner of the page, by default.


This snippet is where the damage is done. It's at the bottom of the page, and loads a bit of code that keeps this invisible iframe positioned under your mouse wherever you hover it over the page.


The iframe will intercept your click, even if you click on something that appears to be a valid link. You end up unwittingly "liking" it, and displaying the rogue links to everyone on Facebook. Curious, some of them will click to see what it is, and be taken to the same page. I'd imagine most of these people will also unwittingly fall for it as well.

Clickjacking is nothing new. I believe RSnake named it in 2008 if not discovering it. Facebook's platform, however, is making it very easy for people to create pages that dupe unsuspecting folks into spreading links around virally. Many of these pages could be loading malware to your computer via browser bugs or exploit packs while some others are probably just trying to drive traffic to their site for ad revenue.

At any rate, use NoScript. Seriously.

Slowly growing my soul back...

I'm finally getting back to where I have some time (and the drive) to tinker some more.

I'm going to try to bring back the regular (several per week if not daily) RSS splice-feed of interesting links. I've been slacking on that since April. I wish I had a decent way to make those post here as well, but they only show up in the HiR RSS Feed and in a little box on the right side of the page. I suggest adding us to Google Reader if you don't currently use something else for RSS.

Reprogramming Respironics CPAP and Bi-Level BiPAP Machines

-- OR --

All Your Sleep Apnea Are Belong To Us

Disclaimer: Messing with CPAP settings can cause your machine to no longer function as required by your doctor, and may lead to bad things happening to the operator. Use only the settings that your doctor or sleep technician has prescribed.

I have some oddball CPAP and BiPap machines laying around and I had to reprogram one of them for a good friend of mine. While I was at it, I decided I'd like to figure out what lies in the "forbidden" area that only sleep technicians know how to get to. I'd heard from a friend who uses a CPAP that programming them usually involves unplugging it and pressing some buttons. So I started putzing around with this older model, the Respironics SleepEasy.

It's set to apply constant pressure of 6cm/H2O. Boring. There's not much that one can do with the buttons available to be pressed. They're for things like adjusting the heater attached to the humidifier reservoir, and enabling "Ramp Mode" which, from what I can tell, starts you off at a lower pressure as you try to get to sleep.

After a few minutes, I found that pressing the + and - buttons while plugging in the power did something interesting.

It's an unlock icon on the screen. Pressing + and - now adjusts the CPAP pressure in .5cm increments.

Pressing the humidifier button in this mode allows you to cycle through a few interesting diagnostics and settings. Shown below is the menu that allows the technician to completely disable the humidifier heater. Why? No idea.

This is the screen for adjusting Ramp Mode's initial pressure.

I also got my hands on a more expensive and elaborate bi-level CPAP machine, the Respironics BiPap Plus M Series. These machines usually apply a higher pressure when they sense that you're inhaling, and then drop to a lower pressure while exhaling. There are more buttons and a higher-quality display on this model.

Usually, this is the screen you get in standby mode. Hitting + for "Setup" in the default user mode gives the operator very few useful options.

Holding + and - while plugging it in didn't work on this model. Next, I tried plugging it in while holding the arrow keys, and that did the trick.

Note the unlock symbol as well as a new menu option for "Data" which has a very rich array of statistics buried beneath it.

This machine hasn't been used.

Once unlocked, hitting the Setup menu button provides a lot of features, including the inhalation pressure...

And exhalation pressure.

There you have it. It seems like most Respironics machines are programmed by holding down +/- and arrow keys. These machines seem to be pretty popular. Maybe this quick walk-through will help someone who has to buy (or sell) a used machine.

Sorry I've been silent for so long. I'm still getting settled in at the new job. It's going great, and I have a great team, but there is a lot to do. Also, frankly, my brain is usually mush by the time I get home. Hopefully, I start playing with some cool and new shiny things outside of work again soon.

OUI (MAC Address Vendor) Lookup with PHP

I often find myself writing reporting tools in PHP. For work, I wrote a tool to parse Kismet XML files and generate a nice report out of the data. I may talk more about that later on.

One of the things I wanted to do was to reference an OUI table so that I can include the manufacturer of each discovered access point in the report. I figure this may help some people, as this function seems useful anywhere that MAC addresses show up.

I started with the nmap-mac-prefixes file from the nmap subversion tree (and source distribution), but I had to clean it up a bit and turn it into something halfway friendly to cram into an array in PHP, although I suppose I could have done an external grep or loaded the entire file dirty with file_get_contents(). I opted to load the array using the OUI as the key, though. To do that, I did this ugly bit of shell-fu:

grep -v ^# nmap-mac-prefixes | sed s/[\"\',]/" "/g |\
sed s/" "/"\"=>\""/ | sed 's/.*/\ "&\",/' > ouilookup.php

Which resulted in thousands of lines like this:
"000000"=>"Xerox",
"000001"=>"Xerox",
"000002"=>"Xerox",

Next, I had to make it into a function and add the Array() syntax around it:

<?php
function ouilookup($mac)
{
$ouilist=Array("000000"=>"Xerox",
"000001"=>"Xerox",
"000002"=>"Xerox",
"000003"=>"Xerox",
"000004"=>"Xerox",

[... Thousands of lines ... ]

"FCFBFB"=>"Cisco Systems",
"525400"=>"QEMU Virtual NIC",
"B0C420"=>"Bochs Virtual NIC",
"DEADCA"=>"PearPC Virtual NIC",
"00FFD1"=>"Cooperative Linux virtual NIC");
$oui=strtoupper(substr(preg_replace('`[^a-z0-9]`i','',$mac),0,6));
$vendor=$ouilist[$oui];
return($vendor);
}
?>

The whole thing can be downloaded here: ouilookup.txt (rename to .php)

To use it, simply include the file, and call ouilookup() with the MAC address in pretty much any hex format you want (xx:xx:xx:xx:xx:xx, xx-xx-xx-xx-xx-xx or xxxxxxxxxxxx are common)

A quick and dirty example using PHP from the command-line:

<?php
//oui.php - ouilookup() test
include('ouilookup.php');
$vendor=ouilookup($argv[1]);
echo $vendor . "\n";
?>

$ php oui.php 00:11:22:33:44:55
Cimsys