Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Peter Capaldi Unveiled As the New Star of Doctor Who

wertarbyte Re:Coincidence? (242 comments)

Well, did you notice where the WHO research facility is located? It's - of course - based in Cardiff, Wales! The zombie plague probably just swept in through the rift.

1 year,24 days
top

PIN-Cracking Robot To Be Showed Off At Defcon

wertarbyte Far easier method (114 comments)

Many Android devices support USB input devices - both my Galaxy S3 as well as my Nexus 7 happily accept USB keyboards even when requesting the encryption PIN during bootup. I programmed an ATMEL ATMega32U4 (microcontroller with USB interface) with a simple program that iterates through every possible PIN, waiting for 30 seconds after 5 or 10 tries. If the system continues booting, the controller recognizes this by "pinging" the CAPSLOCK LED: if "hitting" CAPSLOCK does not change the LED state, the system has started to decrypt the device because of a correct PIN, which is then stored in the devices EEPROM. I created the device using an teensy development board and the LUFA framework. Not as spectacular as a robot, but effective as well.

about a year ago
top

Defense Distributed Has 3D-Printed an Entire Gun

wertarbyte Re:The answer to the question (712 comments)

Are you aware that in Switzerland they GIVE EVERYONE automatic weapons and a bag of bullets?

This is not completely correct. After (compulsory) basic training in the in the swiss armed forces, you stay part of the service; you are placed on "stand by" and are required to keep your personal firearm at home, so you can defend yourself in case of a sudden invasion until reaching your mobilization area (switzerland has very interesting topology that might make this complicated). Up until recently (a few years ago), each service men also received a *sealed* package of ammo, which had to be presented intact on a regular basis.

about a year ago
top

Online Services: The Internet Before the Internet

wertarbyte History repeating (387 comments)

Back in the days, you had online services offering messaging , games and information services - but only for those using the same company. Then you had the opportunity to use a gateway to this internet thingy.... Now we are getting back there, only the other way around: Facebook & Co are offering messaging, games and information services: But only to those signed up there. Facebook and the other social networking sites are the new online services, island that are completely isolated from each other.

more than 2 years ago
top

Getting the Most Out of SSH

wertarbyte Re:SSh tunnel (284 comments)

plus the problems of layering multiple TCP layers above each other. Also, PPP is not needed anymore: ssh can establish VPN connections using tun devices quite fine ("-w")

more than 2 years ago
top

New WiFi Setup Flaw Allows Easy Router PIN Guessing

wertarbyte Re:Does it matter? (86 comments)

Of course you can use arp poisoning on a WPA2 connection, as long as you have access to the broadcast domain. This means either a valid WPA2 passphrase to connect to the network via air or access to the wired part of the network (which is usually bridged). Remember: WPA2 encryption is only a way of preventing anyone from connecting to your network, it is not a sufficient way to protect your data: What use is an encrypted wifi link if the data is travelling the next 1000 miles beyond that purely unencrypted? Use HTTPS/TLS/SSL/SSH/... whereever you can!

more than 2 years ago
top

Rethinking the Nature of Files

wertarbyte Re:I like fuzzy folder structures... (369 comments)

There is no need to update the SHA1-Hash. It's only needed to create a unique storage id, and it should probably just be chosen random instead of generated from the file content to avoind collisions if files start from the same template.

more than 2 years ago
top

Rethinking the Nature of Files

wertarbyte Re:I like fuzzy folder structures... (369 comments)

DOCUMENT=~/myschematics.pdf
SHAID=$(sha512sum "$DOCUMENT" | cut -f1 -d' ')
mkdir heap
mv "$DOCUMENT" "heap/$SHAID"
mkdir tags
mkdir tags/Schematics
mkdir tags/Pentagon
mkdir tags/Operation_Zesty_Lemon

ln "heap/$SHAID" tags/Pentagon/
ln "heap/$SHAID" tags/Schematics/
ln "heap/$SHAID" tags/Operation_Zesty_Lemon/

more than 2 years ago
top

Is That an Android On Your Wrist?

wertarbyte Re:Im Watch (119 comments)

No, you have it wrong, the right time is always 5:02 PM, 22 April 2011. That's the time and date, it's always been like this.

about 2 years ago
top

Why Does the US Cling To Imperial Measurements?

wertarbyte Re:Imperial powers of 10 (2288 comments)

Because you can only be equivalent to one type of unit - if you make 1 metre equal to 100 inch, then what happens to the other units for volume, weight etc.? All those units are connected without any stupid conversion constants in SI.

more than 3 years ago
top

FPS Gaming and the 'Just-World Hypothesis'

wertarbyte Re:Alternatives to the mass-murdering hero (366 comments)

I've never actually talked to anyone playing the "evil" way in Fallout 3 - it seems that even though everything is purely fictional, some rules of society still apply. Perhaps its also just an experience from past games that "noble" conduct usually was rewarded later on. But I even sometimes felt bad when the game did not offer a "common sense" solution and I had to resort to deadly force (Why do I have to kill the Overseer?).

more than 3 years ago
top

Ask Slashdot: Worst Computer Scene In TV or Movies?

wertarbyte Re:Colossus: The Forbin Project (1200 comments)

Colossus did not want to destroy the world, it just tried to protect humanity from itself by holding the world hostage.

more than 3 years ago
top

Tech-Unfriendly Cafes Say No Kindles Allowed

wertarbyte Re:I wish there was a cafe... (375 comments)

There is a location here in the city of Essen, germany that resembles your idea: http://www.unperfekthaus.de/e/ It's a building housing an interesting combination of a restauraunt, art studio, electronic laboratory, stage etc. You can use most of the equipment for free, provided that you do it openly and thus allow spectators, each paying an entry fee of 5,5 EUR which includes an unlimited supply of coffee and soft drinks. Quite nice for hanging out, learning for an exam or soldering together some new devices. Of course, WLAN connectivity is available as well :-)

more than 3 years ago
top

Italian Scientists Demonstrate Cold Fusion?

wertarbyte Re:Riiight (815 comments)

Sure, and a miniature version of the reactor is protecting the CEOs heart from shrapnel.

more than 3 years ago
top

Italian Scientists Demonstrate Cold Fusion?

wertarbyte Re:Riiight (815 comments)

Sure, but they forgot to mention that a miniature version of the reactor also keeps the CEOs heart safe from shrapnel.

more than 3 years ago
top

Alternative To the 200-Line Linux Kernel Patch

wertarbyte Re:Poettering is pimping systemd (402 comments)

I have a multi user OS, and i like using it that way.

Amen, brother. But we are hitting hard times; network-manager, those power-manager widgets in Gnome/KDE, Bluez, etc. all have one thing in common: for some reason, they assume that on one computer, there is a single user logged in, running a single desktop environment and probably can get root privileges. Come on, no network until X is up and somebody is logged in? No pairing with another Bluetooth device (other than through strange hacking) if you only have text console? Power-Management (which should be a system service) managed by a GUI app? I have nothing against graphical shells for those purposes, but the real work should be done by some kind of daemon, enforcing a system wide policy and accepting "suggestions" from user applications, with D-Bus there even is a thing that could accomplish that. But those freedesktop.org stuff is always extremely, well, desktop centric, enforcing a single user policy wherever I meet it. Scary.

more than 3 years ago
top

Mobile 'Remote Wipe' Thwarts Secret Service

wertarbyte Re:Aww.. (383 comments)

Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place. I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

It took some time for me until I recognized what kind of organization you are referring to with the abbreviation SS.

more than 4 years ago

Submissions

top

wertarbyte wertarbyte writes  |  more than 7 years ago

wertarbyte writes "FON distributed a new firmware revision (0.7.1r3) to all La Fonera devices. According to the changelog, several bugs in the web interface have been fixed, as well as issues regarding the limitation of the shared bandwith. This version however still allows arbitrary commands to be injected through a spoofing attack as utilized by the kolofonium hack, which enables SSH access to the otherwise locked down box.

The hack relies on a manipulated DNS entry leading the Fonera device to a special RADIUS server from which the router retrieves its hotspot configuration. Through this server, arbitrary commands can be inserted in the chillispot (the open source hotspot software employed by FON) configuration. Online demonstration systems are setup, so hacking La Fonera essentially boils down to changing the DNS server to a special ip address.

"La Fonera" is a subsidized WLAN router given away by FON, which creates two seperate wireless 802.11g networks. One of these networks is used to offer internet access to other registred users of FON, while the owner of the router in exchange is allowed to use other FON hotspots for free. Altough the device firmware is based on the open source software OpenWRT, modification are prohibited by a cryptographic signature."
top

wertarbyte wertarbyte writes  |  more than 7 years ago

wertarbyte writes "Although FON tried hard to prevent further software hacking attempts on their (nearly) free wireless routers, the same two students that discovered the first flaw in the web interface in november 2006 discovered a new flaw that allows code injection through a spoofed RADIUS server. This hack is even more severe than the first one, since it does not require the owner's password to execute code. It however enables user to start an SSH daemon on all firmware versions, even the most recent 0.7.1-2, which closed all known web interface vulnerabilities. For those willing to gain SSH access to their own routers, a test system has been set up that enabled the dropbear SSH daemon once a specific DNS server is specified on the router."
top

wertarbyte wertarbyte writes  |  more than 6 years ago

wertarbyte writes "The OpenWRT project added support for atheros based devices in its experimental branch called "Kamikaze". Devices employing it include the Meraki Mini and the La Fonera wireless routers. Meanwhile, new hacks for La Fonera appeared that enable SSH access despite FON having closed the bug in their web interface. Package repositories for the FON router are appearing on the net, and a fix for the buggy (and quite destructive) ipkg command included in the default firmware has been found as well."
top

wertarbyte wertarbyte writes  |  more than 7 years ago

wertarbyte writes "FON is still giving away their wireless routers for free in Germany and Austria until Wednesday — under the premise that the devices will be connected and used as FON access points. The router, called "La Fonera", is a variant of OpenWRT, but locked down to prevent modification, including a signed firmware image to prevent the upload of new software. It is however possible to get shell access by connecting a serial port present on the circuit board, but now two students from Germany discovered vulnerabilities in the CGI scripts used to configure the device, and successfully activated an SSH daemon on the device by exploiting them, giving owners a root shell on their device. They also provide a detailed description of the procedure and "ready-to-use" perl scripts to open up your router."

Journals

wertarbyte has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>