Thursday, September 27, 2007

AWID and LSU, parking hacking

Recently Louisiana State University started up a program called "Easy Streets" which cuts off students or general traffic from using any streets that pass through the university campus. They are using lifting barriers and RFID detectors made by AWID (Applied Wireless IDentification). I haven't quite figured out a way to bypass the RFID system yet so I am looking for your help. Here's what I've learned so far:

1) The readers are model LR-911 units. This design has been in production for a number of years and probably has backend software from iAnywhere. The benefit of this is that iAnywhere supports a billion protocols and basically no encryption. The drawback is finding out how to access this functionality.
"RFID Anywhere Appliance Edition"
supports TCP/IP, HTTP and the EPC reader protocol. It also adds security functions, software for configuring the readers remotely from a Web browser and an application programming interface for executing business logic on the reader itself."

2) The wand is given to each member of the faculty or staff who has access to park on our precious streets and mow down pedestrians (aka, the people who pay them). The model of the wand is the "MT tag", and it the system operates on the 900-928 Mhz unlicensed band, from a distance of ~5 meters.

3) Here are the instuctions on cloning a verichip, with code and blueprints ready to go. While Bruce Schneier discusses cloning a US Passport and how it's done. This is the home-made kit to clone a verichip, all that should be required is a different number of wraps for the antenna.

4) has tons of info on projects to play with RFID, and there are kits with readers and tags available but they all seem to focus on the 14khz spectrum (only good for inches away), and not the relatively uncommon 900Mhz band.

This RFID system is basically unencrypted and requires no handshake or verification. It is also quite likely that part of the tag is writable and that a blank tag ($15) could be cloned. The technology is virtually identical to Verichip except for using the 900Mhz range instead of 14khz. Tools written for cloning Verichips and US Passports *should* be able to clone these chips also, except that building such tools is too time-consuming and difficult for me, and I cannot find a cheap source for a chip reader/writer.

My next idea involves bypassing verification altogether and perhaps activating the induction loop for the exit side, however that could get me in trouble if i'm spotted going in the "out" door and would only be good for parking lot access, not general travel. Please send ideas in the comments. I'll add more as I get time to do more research.

Cryptome, or how to piss off the CIA

This guy is crazy. John Young runs which is a fantastic repository of questionable documents. It's where you go to find the CIA's manual for staying in deep cover or the names of spies, or obscure government documents that many people would rather we not access.

All paranoid people should keep an eye on this site.

Sunday, September 23, 2007

NSA's Guide to Securing Mac OS X 10.4 Tiger

Just a quick update. Here is Apple's own guide for securing a machine running Tiger. Endorsed by the NSA, if it's good enough for them, it's good enough for you!
Good bedtime reading for comprehensive security practices

Saturday, September 22, 2007

Mac laptop stolen at the coffee shop

No, my laptop wasn't stolen, but here's an interesting tale of recovery of one that was. Now this is an unabashedly mac-centric site so the following guide is focused on some OS X based tools, but there are linux versions and windows versions of several of these techniques.

Being a mobile laptop user is wonderful, but having your laptop walk off is a heart dropping experience, not so much for the lost hardware but for the data you've got on it. And not so much for losing the data (you are making daily backups right?) but for the thieve's access to it. If you're super-paranoid, you might even worry if it wasn't a gov't black bag job.
Coffee shops and college campuses are great places to steal things. People are complacent because they consider it "their space" and forget the scale of openness. These places have an extremely high turnover of people all of whom "look like they belong". How do you make sure they can't see those special pictures you have stored on your machine? Encryption and lots of it!

1) First of all, turn on your screen saver password.
2) Turn on "Require password to wake this computer from sleep or screen saver" in your Preferences -> Security window.

Your mega-super-encryption will not save you if I close your laptop, walk off with it, and plug it into a usb drive at my leisure. I have complete access.

What happens here is, they close your laptop, walk off with it, and are confronted with a password when they open it up to look at your stuff. Their only option is to then reboot the machine, but aha! You've also enabled "Disable automatic login" so that they must still enter a password if it is rebooted.

I leave the IR function disabled because I don't want someone to figure out a way to use FrontRow or the relatively obsure IR protocols to bypass my screensaver password. As for secure virtual memory, i'm just not that paranoid yet. All RAM gets wiped after each reboot so they would have to know in advance that I had done all this and not to restart the machine, *then* still have to figure out a way to dump the contents of RAM somewhere readable. That is an unlikely scenario.

For the same reason, I don't click "Require Password for each secure system preference" since I am the only user on this machine and if they get that far, I'm already toast.

3) Turn on File Vault. Yes, it's scary. However it is very careful to verify everything and there seems to be no speed loss. What this does is prevent the attacker from just pulling your harddrive and putting it into another machine or usb enclosure and just reading all your data. For this reason, Open Firmware Passwords are basically useless. The computer is a husk that accesses a hard drive. Why bother with trying to crack a bios password when you can just rip the drive out of it? Does this happen? You betcha! Here's tons of stories about data recovered off of drives sold on ebay.

Now your data is much safer. If someone steals your laptop, at best they'll have to reformat the drive, and at worst, they'll end up with a brick of harddrive that contains a sparseimage of encrypted garbage.

The government could spend *years* and never recover your data. This gives you plausible deniability, which we will discuss in a future post.

Migrating to secure anonymity

It's too late! You've posted on the internet with your real name. You've posted your LiveSpaceJournalBook page with all your own details that future bosses can read. You're trapped! Now you're sitting around and you want to go to a forum and discuss unpopular ideas, but you don't want the NSA, FBI, bogeyman to find you or know it's you, or connect it to you at all. How do you do this?

Establish a separate identity that exists only online. The fact that you have an existing presence is a good thing. Remember that it would be mighty suspicious if you didn't have existing persona online. Give "The Man" something to follow, give him a past, a present, a you. Don't drop off the internet suddenly, continue posting your normal every day stuff, your fluffy dog page, your youtube videos, just don't let any of that be associated with your new anonymous identity.

I will be starting a series of posts of specific step-by-step instructions on how to give yourself an untraceable, secure connection and communications network to have at your disposal. This is a guide.

Anonymous web browsing with Tor

Today we will discuss Tor onion routing. You are visiting a website but you need anonymity. Perhaps you are looking up porn or whatever and you don't want your traffic being traced back to you. Time for "Tor Onion Routing" found here

The important thing to remember is that Anonymity is NOT EQUAL to encryption. In other words, use Tor to hid your route, but remember, it encrypts nothing. The remote sysadmin and the local sysadmin can still sniff and read all your traffic. They just don't know where it is going to or coming from... unless you tell them in your messages.

For Mozilla Firefox use this plugin to add a button to your menu bar to enable Tor Onion Routing.
Since you are using Mac OS X, use Vidalia which is a graphical interface (GUI) to the Tor program.

Now, start up Firefox and hit the torbutton and start surfing anonymously.
You must read Bruce Schneier's post regarding the difference between anonymity and privacy.

Let's break security!