Techbadger Claw Marks

A view from the technical underground
RSS icon Home icon
  • UPnP is dangerous

    Posted on February 9th, 2013 admin No comments

    UPnP (Universal Plug and Play). Looks great on paper; bring home a new device (let’s say a wireless printer). Turn it on and it will automatically configure your router and network to be able to use it. again, looks good on paper except it is very insecure. You have no idea what accidental or worse intentional holes it will make in your network security. What is worse, most brands of routers implement it badly so that anything on UDP port 1900 and TCP port 2869 inside or OUTSIDE your network can reconfigure your router to do whatever they ask including shutting down your firewall that is protecting your home (or small business) data.

    HD More (Of metasploit and Rapid7 fame) did a scan of the internet and found over 81 million devices on the internet with their UPnP service active. Any UDP port 1900 and TCP port 2869 request was acknowledged and the network was wide open.

    First, scan for UPnP running on your network, a good way is go to and use their scan tool.

    Never use UPnP, go into your router’s admin page and turn it off!. Next block UDP port 1900 and TCP port 2869 overtivally. It just isn’t worth the hole in security.

    By the way, this isn’t the Microsoft OS Plug and Play (boy this concept is a disaster no matter how it is being used) exploit!

    Articles on the subject:

  • UPEK is better but far from ok.

    Posted on October 28th, 2012 admin No comments

    UPEK is the maker of fingerprint scanners on most of the current laptops. The company was bought last year by a subdivision of Apple called Authentec.

    Turns out that if you use your laptop’s fingerprint reader for windows logon, the password is stored in the registry with a very weak key, which means if someone get a outside logon (3rd party bootdisk) they can look up your login/password up.

    This only works current with windows logon.

    UPEK put out a fix in their forum that addresses the compromise but still uses a weak (56bit) encryption key so it can be easily broken again. They need to encrypt up to AES128 or even better 256 to be considered safe again.

    Confirm locking of your system and don’t allow boot from your USB or CDROM if you use a finger scanner for logon. You should be able to lock from BIOS.

    Distrption of exploit:

    Fix for the September exploit:

    Still needs to be fixed to be really trusted.

  • The Evernote Moleskin!

    Posted on August 25th, 2012 admin No comments

    This is best team-up since sweet got together with sour in Chinese food!

    You all know that I love Evernote, the system agnostic note taking and sharing system.

    …and you know how I love Moleskin notebooks, one of my favorite gifts!

    Well they are getting together:

    Special Moleskins for captured note taking!

    They are $25 for the smaller ones and $30 for the larger notebooks (pre-order here).

  • Android thoughts

    Posted on July 15th, 2012 admin No comments

    I was out with fellow engineers and the meeting fast became a “My android phone is slow and it won’t do what I need/want it to”. I showed how to put on environments, see what battery charge rates are and where to find new ROMs.

    One of of the guys in the discussion said “I need to read your blog”, I was flattered and then thought, “You know, I have none of this stuff on my blog”.

    I figured most of this stuff is available pretty readily on the internet but then the idea of this blog is to make re-inventing the wheel simple so if I can put up sign posts to make things easier for someone else.

    Ok, let’s get started:

    If you just want a great program to just IMs from your computer, do a backup/restore of contacts and keep your call log just download My Phone Explorer(Free), it’s kind of a iTunes for Android without taking over your computer.

    A great site for getting information, tools and ROMs is XDA-Forums. You can post questions, make suggestions and get technical help. Just go to the section for your phone model and just join in the fun.

    First, what is known as “jail-breaking” on the iPhone is “Rooting” on the Android platform. It is same as having Administrator rights in windows.

    2nd, there are alternate “ROM”s these are OS replacements for your phone. They offer less programs than the providers (AT&T, Verison, T-Mobile) do to clog up your phone’s memory. They have options of what set of programs they come with (K9 mail, Firefox browser…etc). XDA has dozens of ROMs with difference setups and options.

    It used to be simple to get Root; there was a program called Z4Root; which was easy to use. Load on your phone, click a button, you had root, click another button and you were unrooted. Simple but the project stopped.

    Now it isn’t as simple. There is a system called Odin for rooting.

    There is a one click version of Oden, it will root your phone and even wipe the phone (you will have to rebuild completely, but it will be more stable).

    There is a Odin full installation: It isn’t as easy but is compatible with more phone models.

    Once you have root, buy a copy of Titanium backup. The best backup and restorer for Android. It will save a lot of re-installing after flashing ROM and wiping out your phone.

    If you like your standard phone firmware from your provider but still want to play with the look and feel, check out alternative launchers at the Android Play store. Most are free and I am currently enjoying the “Go Launcher. Go has a log of free widgets and utilities (Power master, task manager, Twitter widget, IM pro and contact widgets), it just does EVERYTHING for free!

    If you are wondering how well your charger is working or why your phone is taking so long to charge, check out CurrentWidget at the Play store. It shows charge rate and discharge (then on battery) rates.

    Speaking of USB phone chargers, HP has an amazing one. Rubberized coating, 2A, replaceable folding prongs(so it doesn’t poke holes in your luggage and a terrific 5′ cable for $4.99! They were offering free shipping and I will post when it is available again!

    Hopefully this give you a start on checking how to start changing things to your satisfaction.

  • VPN on Android, OpenVPN seems the only choice.

    Posted on April 30th, 2012 admin No comments

    So you want to have secure email and files while on a suspect network and they are all suspect unless you built, secured and have complete control of them (paranoid I know, but as a CEO of a company I used to work for said “Only the paranoid survive”).

    Well when it comes to Android (and iPhone/iPad for that matter) the choices are PPTP, L2TP (with no IPSec and PSK or CRT). There are also OpenVPN clients.

    In this comparison of PPTP, L2TP and OpenVPN (a bit outdated that I will explain in a moment), PPTP (the native VPN for iPads and iPhones), though can tunnel, it offers no real security and can easily be compromised by a “Man in the middle attack”.

    L2TP is slow, can be hard to set up and doesn’t handle multi-hop networks well. You can combine it with IPSec (though most routers and BSD firewall don’t support L2TP/IPSec combinations) but again that adds even more slowness and complexity.

    OpenVPN is wonderfully fast, very secure and can be hardened to the point of NSA approval. It is also open-source so everyone can look at the works and help with issues fixes. Multihop is supported and the clients have made setup a breeze.

    Contrary to the chart there are clients for Android: OpenVPN is available but you have to have your device rooted and have Busybox installed.

    FeatVPN doesn’t require root as all nor Busybox! There is a free “lite” version that gives you a 1 hour session before disconnecting or the full version for $4.95, but with it’s easy of installation and flawless execution it is well worth the price!

    if you are using the “Free WiFi” at your local coffee house or hotel network, having a Roadwarrior OpenVPN setup is a must for those without corporate VPNs to keep them safe.

  • How to secure your cloud storage

    Posted on April 28th, 2012 admin No comments

    Okay now you have your Skydrive, Google-drive and/or Dropbox, but all of them can access, read and copy your data and some of that data might be private (to you at least).

    Enter Cloudfogger; automatic AES encryption for cloud storage with clients for Windowsand Android. iPhone is coming “Soon” according it the site, no word on OSX.

    Looks really nice, fast, easy and secure. Only complaint: it isn’t open source.

  • How to upgrade your MS Skydrive from 7 to 25gbs free!

    Posted on April 26th, 2012 admin No comments

    Unlike Google, MS at least says your data on their skydrive is yours…

    Here’s how to get the max amount on Skydrive for Free:
    Go to, click on Manage storage on the left, then click on “Free Update” select button and you now have 25gbs for free!

  • Blowing out the dust

    Posted on April 25th, 2012 admin No comments

    It’s spring cleaning time! Especially here in the desert where 80F summertime room temperatures can kill a computer with dust bunny clogged fans.

    I usually got though at least 4 to 6 cans of compressed gas (rotating as one freezes into non-use), blowing out computers, servers, UPSes and anything else with vents and usually do that twice a year (about the equinoxes).

    3.5oz pairs cans of compressed gas go for about $10s, I go through at least 3 packs and usually more if I am helping our friends, family, friends of family, family of friends, well you get the idea…

    That and I am always having to buy a can either because my last one quit just before I have the job done or it went flat waiting for the next blow out.

    That’s why the Metro DataVac electric Duster is SO COOL!

    It is about the cost of 5 packs but will pay for itself in under a year with me, is always at the ready is more powerful than a can of compressed gas and never freezes up! It is also a lot more green (no can, no gases to hurt the environment and mo car needed to pick on a new one!

    I am still going to keep one can of compressed gas around for photo uses when dust is a worry but this is perfect for the computer spring cleaning of most of the time when a can of gas would have been needed.

  • The Samsung Galaxy Note, the biggest thing in Android

    Posted on April 6th, 2012 admin 1 comment

    I have been having a blast using a Samsung Galaxy Note. First, Yes It’s big, I’ve gotten that comment from every apple cultist I know. Even the Waitress at my local Red Robin had to make a comment while the local Apple-ite sitting across the tablet from me was insulting my new toy.
    Well it isn’t an iPhone, as a matter of fact it is about a 180 from the iPhone philosophy!
    It has a stylus (ya, I can hear the Apple ewwweee again), it is big and it isn’t a phone. it’s a phabulet(fabulous phone tablet)!
    I have always wanted a replacement for my old beloved Franklin Planner, The Microsoft Courier looked like the right candidate before MS lost its nerve and cancelled the project (Balmer has to be the worst thing that ever happened to MS, no courage at all!),

    MS has been a technological coward since 2007: Zune, better than an iPod (better OPLs, better sound) never advertized, killed.

    The tablet-PC, I love my Toshiba Portege MS convertible PC laptop/tablet, signing PDFs and Word docs and faxing without having to print and scan? Excellent! MS killed it!

    And then there was the Courier, the dual screened tablet concept that closed like a book (beloved Franklin Planner anyone?) with camera, stylus and clamshell design to protect the screens. MS claimed that they couldn’t get the battery life to work but with 2 screens and only one processor and the tegra-2’s sipping of battery, I doubt it. MS just has developed into a pathetic “Me-too” philosophy, they can only make the same product that someone else is.

    News to Microsoft: there’s already a great iPad available if someone wants an iPad, it’s called the IPAD! If someone wants something like an iPod, they will probably buy an umm…ya, an iPod. Make something else!

    Well, I digress…the Note isn’t like a Franklin Planner, it is more like the Moleskin I always carry around in case I am caught in the hallway with a “hey can you do this?” request that I know will evaporate from my brain before I get to my desk. It uses a stylus (just like real note books), you know that stick like things we liked with our Palm Pilots, iPaqs (still have a hx4700 kicking around) and my PC tablet and it’s a real stylus by Wacom, just like by Cintiq and Inuits on my desktop with pressure sensitivity so it works like a pen or brush. The screen is magnificent at 5.3″, nice for looking things up when caught in a server room, reading Kindle or e-books and for Google Maps….OMG amazing! Nice 8m camera, Oled display that even looks good outside in sunlight!
    Minor issues, the screen lock prevents bluetooth headset linking, should be fixed with Ice Cream Sandwich (the new OS coming in a month or so). The stylus (ok s-pen but it is still a stylus) does scrape up my Ghost Armor (which they kindly replace for free every time I am in my local mall but it is an issue). Still recommend the Ghost Armor too, really nice!

    Update: One thing I haven’t seen in any reviews: While all current cell phones are WiFi capable, all do 802.11b, some do 802.11n but the note does 802.11n in 5.2ghz, most wifi-n devices only work in the “n” 2.6ghz range! The only other device I have that does 5.2ghz is the laptop I upgraded myself with an Intel AGN card! Nice Samsung! It’s nice to have n in a high frequency so it doesn’t compete with my BG channels and also doesn’t get interference from my microwave and other electronics. the 2.6 is a “dump” frequency for most home appliances and cordless phones.

  • VMWare 5: New NIC drivers without recompiling!

    Posted on November 29th, 2011 admin No comments

    Ya, ESXi doesn’t allow driver disks during the install. Old ESX did but not i! Instead you have to have an extra linux box lying around and do a recompile to get it to work with the newest Intel and other NICs or it just fails on you!

    Well if you use ESXi customizer not only can you add new drivers to your custom build but if you are running ESXi 5 it will even spit out an ISO of the 5 build ready to be burned for your install. Best of all it even runs under Windows! Now you can get that virtual Linux without needing a real Linux box to begin with.

    BTW, if you are looking for an ESXi Intel NIC driver (82579 or the like) here it is!