It is Friday the 13th, wooooo spooky!!!!

Rudy_Giuliani was nominated Cyber Tzar or something yesterday, the hacker community suddenly became very interested in this credentials. This morning twitter was filled with the results of int gathering exercises.

Found on /r/sysadmin, presented without comment. pic.twitter.com/UmWe7tHURv

— Ryan Castellucci (@ryancdotorg) January 12, 2017

Giuliani uses bad SSH key.

h/t @n0x00 pic.twitter.com/GI2l90wuty

— Rob Graham (@ErrataRob) January 13, 2017

The domain now points to localhost, someone clearly got a late night phone call. It is strange that only now is noise being made about this, Ruddy isn't exactly a popular figure in America. He made a lot of mistakes in high profile positions. The big scary guys in the Int agencies will have pursued all these leads a long time ago.

Of course, that is assuming the site wasn't a honeypot.

Reading: Babylon's Ashes

I use Wireshark quite all the time. I was lucky to get a copy of Hacking: The Art of Exploitation when I was a teenager, the book gave me an excellent introduction to using tcpdump to perform network analysis. tcpdump is the first tool I reach for when I wonder where the packets are going, but for anything higher level (breaking down http, checking wlan flags) I use wireshark , I am always impressed.

At 33c3 there was a wireshark introductory self organised session run by kirils . I did not go to this session, but the slides I found look to be an excellent introduction to using wireshark .

Reading: Babylon's Ashes

My head is pretty full writing slides for FOSDEM. Here is an interview with William Binney , if you don't know of Binney this interview is a great introduction. Binney is credited by Snowden as one of the motivators behind his set of leaks.

Binney also gave the keynote at Hope 9, which is a great watch.

Reading: Babylon's Ashes

I reinstalled or upgraded my c720 or something and things are a bit all over the place. Tonight I started firefox in the hackerspace and noticed my trackpad wasn't working, it needs to be explicitly setup. This is mentioned on the comprehensive FreeBSD c720 guide , but there have been some updates to the driver that aren't reflected on the page. You now need to load the chromebook_platform driver manually.

# kldload chromebook_platform
# kldload ig4
# kldload cyapa

The cyapa driver offers all the features you would want from a trackpad, two finger dragging, thresholds for taps and an three button mouse emulation mode.

# sysctl debug.cyapa_enable_tapclick=3

Which gives me the following awesome mouse button layout on the trackpad.

        Trackpad layout

         2/3               1/3
+--------------------+------------+
|                    |   Middle   |
|                    |   Button   |
|       Left         |            |
|      Button        +------------+
|                    |   Right    |
|                    |   Button   |
+--------------------+............|
|     Thumb/Button Area           | 15%
+---------------------------------+

Also disable super danger mode:

# echo "hw.acpi.power_button_state=NONE" >> /etc/sysctl.conf

Physical access is pretty much always game over, apart from the iPhone there are not many devices that can stand up to attack. Intel seem to want to make physical access even easier and are now offering JTAG access on USB.

JTAG is a hardware debugging protocol normally seen on embedded systems or accessed through a special adapter on the motherboard. You can use JTAG to pause a processor, step through the instructions being executed and read into memory. With JTAG access you have full access to the machine.

Reading: Babylon's Ashes