September 16, 2007

TMUP Live 47: Hack your Linksys WRT54G, and be happy

Filed under: Podcasts — Victor Cajiao @ 6:53 pm

[audio:http://recordings.talkshoe.com/TC-3097/TS-44363.mp3]

Tonight Larry Pesce from Linksys WRT54G ultimate Hacking and Pauldotcom.com joined us to talk about WRT hacking. Also George Starcher from In The Trenches Podcast joined us to talk about networking and other Mac security concerns.

Thanks to listener Steve from Ontario Canada, for the improved show notes that will be out one day after the show airs. He is doing an awesome job and I thank him . You do “Rock!”
Call the Listener Hotline 951-281-6332

Sponsor: Audible.com go get your Free download today

Friends In Tech

Links from tonight’s show

Linksys WRT54G Ultimte Hacking Amazon link

IMB PC Intel 8088

MS-DOS

Commodore 64

Assembly Language

Linksys WRT54G

Firmware

Linux

Wikipedia on WRT54G

DDWRT

Open WrT

Open WrT Homepage

DDWRT HomePage

Cisco 871W

WPA

VOIP

Asterisk

NAS Share

WRTSL54GS

Apple AirPort Extreme

Mac Mini

DNS

APACHE

AppleTV

iMac

MacBook Pro

VPN

802.11

FCC

Linksys WRT54G Ultimate Hacking

SSH “>

MacSSH FAQ (how to create those SSH Keypairs) This is only one reference of many if you Google it.

TCP and UDP Ports

Unix

Public Key Cryptography

Perfect Passwords

I chipped a tooth tonight 10 minute before the show started. So I am posting the audio but the rest of the show notes will have to wait until my head does not feel like it’s going to implode. I’m sure you’ll all understand.

Be Sociable, Share!
  • Sal

    Name ONE Mac OSX virus!

  • http://www.typicalmacuser.com Administrator

    Respectfully, I think the point was from a security professionals point of view and the concept of “depth in defense”.
    Both Larry and George and I know there are none right now, but complacency can be dangerous eventually.

    Sure it comes off as FUD now, but I don’t think it will always be. You know I’ve always been an advocate of the mac, and continue to be. I also believe on podcasting all sides.
    As always your opinion are welcomed.

  • http://www.georgestarcher.com George Starcher

    Sal, it is not only viruses that someone has to consider. ANY and I repeat ANY software or computer system has flaws in its code. It is best practice whether you use Windows, an AS400, a Sun Solaris system or a Mac to patch your systems. Run only the services you need and use things like firewalls to protect those services. If you have file sharing on, use a simple dictionary password then go to a wireless hotspot someone could enumerate your computer not caring if it was a Mac or windows. toss a dictionary attack at the share then get into your files. It is not FUD to take reasonable in-depth precautions such as staying up to date on patches and using protection tools.

    To show what I am referring to. here is a metasploit exploit for a samba flaw on OSX. If you are patched and up to date you are fine. if you don’t enable samba sharing or turn it off when on public networks then you are managing your risk. If you do not practice that good habit you are at risk.
    http://framework.metasploit.com/exploits/view/?refname=osx:samba:trans2open

    And to answer your question. a low risk malware item to be sure, but anything is possible. It is just a case of how likely is it compared to your usage and practices. http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99

  • http://pauldotcom.com Larry

    Ok, you want one, you got one:

    http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99

    Again to reiterate Victor’s comments, complacency can be dangerous. I’m not bashing the Mac at all – I use one every day, all day. I like it better than the PC! the problem is that I practice Defense in Depth so that when something does happen, I’m not one of those saying “I’m have a Mac, I’m invincible!”. I don’t want to be, nor can I afford to be in a situation where it comes back to bite me.

    Sometimes a little proactivity goes along way. Ultimately, you are going to do what you want, because you’ll accept a certain level of risk. This may be one of those situations where you deem this risk acceptable. It is “my job” to be sure that you can make informed decisions. I know that this risk is not acceptable to me.

  • http://www.georgestarcher.com George Starcher

    LOL Funny that we posted the same link. But regardless. yes virus wise there are few Mac viruses. As an Apple fan and user I hope it stays that way. But both of our points are to make informed decisions about your risk and that traditional viruses are not all you have to be aware of. These days malware and malicious hackers are more about commercial gain than just wiping out systems to get on the news. They don’t want to advertise they have taken you over or taken your data. That reduces the value.

  • Sal

    I don’t feel that Macs are invulnerable and I keep up to date with all my patches and updates as well. I just find that there is way too much FUD out stating that there are viruses with out support, or they go along with the old “security through obscurity” line. Come on guys, look at the source of your posts. Don’t you think there’s a little motivation behind that? That’s not a virus, it’s a worm, and it’s really social engineering. The only way you get infected is through your behavior. Just hit decline. I understand that there is always a potential out there for a virus to be developed some day, but my contention is that on the podcast, Larry stated that there are a few viruses out there on OSX. That’s just plane wrong.

  • Sal

    Sorry, that should have been “plain wrong”. :D

  • http://ww.georgestarcher.com George Starcher

    Note my post called it malware not either a virus or worm. I am well aware of the debate. But that does not make it less malicious. Sooner or later someone is going to combine exploits against vulnerable systems either in the OS or applications. More likely both. All it will take is one that requires no user intervention, the exploit will run in the user context and move on from there.

    The point being. Practice defense in depth and you will be better off for it. Do things like run as a normal user not admin and so on. The risk management decision is yours to make. We are just trying to help people make the best one they can.

    Thanks for the feedback.

  • http://www.typicalmacuser.com Administrator

    So…. I for one appreciate that we are having a healthy discussion about this on here among Apple and Mac fans. Sal as George said, we really are trying to promote awareness and appropriate risk management. Regardless of the semantics of the conversation, it’s important to be aware of these issues and the point (or at least my point in fostering these discussions on the podcast and blog) are not to create FUD (Fear, Uncertainty, and Doubt ) but to have a healthy discussion that is not blind to the realities of security in general. Sure we are lucky to be running on an operating system that has minimal risks (right now) but we should never bury our heads in the sand either. Again, I appreciate that this discussion is going on and that it continues to be civil.

  • Irelandshope

    Hi Victor & George.
    Avid listener, great show.
    George mentioned something that I would love for you guy’s to expand on. Using SSH on a desktop mac to secure the session of a laptop using an open hotspot. I thought you needed to use something like openVPN to do this. I would be very interested on hearing how all the laptops connections to be routed (browser, mail etc) through the SSH connection.
    Please Please Please Please Please Please Please Please.
    I’m sure I’m not the only one.

  • http://www.typicalmacuser.com Administrator

    Irelandhpope. George Starcher and I looked at your comment and as a part of Friends in Tech http://www.friendsintech.com and TMUP and In The Trenches, we are going to work on a 4 part video series on how to do what you asked for step by step. It’s pretty deep and pretty geeky so we are going to put out an intro video first on the feed then all the rest of the videos will be available through the FIT site. Likely this will take until the end of October but stay tunned for more information. Thanks

  • http://mirandafam.ath.cx Claudio

    Man, how I wish I had been able to participate in the live podcast on Sunday. Both George and Larry are exceptional when it comes to computer security on any platform. The same goes for Paul and I hope that Victor can have him as well as Larry and George back on really soon.

    I’ve been a Mac user for many years, and in all that time I have rarely encountered any type of malware on the Mac (I can count maybe 2 or 3 instances, and that was in the old Classic Mac OS). Note that I didn’t say NEVER. Apple marketing has exploited the robust UNIX nature of OS X by saying that it is not affected by malware at all compared to Windows. As has been shown in the past many times, OS X (while more robust) is not impervious to exploits especially if the system is not patched (as is evident in the proof provided above). Sometimes for those of us who DO patch our Macs on a regular basis, the fact that Apple is slow to release many of the patches for known exploits (sometimes for months at a time) is cause for concern since it leaves the responsible users vulnerable to these exploits as well. So it’s important to heed the advice of Defense in Depth…it’s your only cover when you have no other. :D

    Here’s another example. The GNU/Linux community is proud to say that GNU/Linux is quite secure, but they are also careful not to say that it’s not affected by malware/exploits. IMO, there are more exploits and malware in GNU/Linux compared to OS X. The difference is that those vulnerabilities are patched within hours at best, barely giving the bad guys an opportunity to even take advantage of the vulnerability, save for those systems that aren’t properly patched regularly. I even remember a privilege escalation exploit that “Twitchy” mentioned in the PaulDotCom Security Weekly podcast which didn’t even require knowledge of the root password! All you had to do was run the exploit as a regular user and voila, you were instantly “root”! This exploit has been LONG patched but I personally know of instances where systems running affected Linux kernels weren’t patched by the vendor because it would break their proprietary proxy solution.

    If a community as large as the GNU/Linux community can accept that they are not invulnerable and can act responsibly, what makes the Mac OS X community different? As George and Larry said, operating systems are software created by humans, and humans make mistakes. Yes, Mac OS X is more secure by nature than a stock Windows PC, but it’s up to the user to be responsible and use preventative measures to avoid possible disaster in the future.

  • http://mirandafam.ath.cx Claudio

    I forgot to respond regarding the SSH. I assume we’re talking about SSH tunneling. If so, I already do this at work by creating a tunnel from my Windows PC (using PuTTY) or Ubuntu laptop (using the OpenSSH client) at work to my Slackware Linux box at home (I’ve also created the SSH tunnel to my iMac G5 when the GNU/Linux box was down). On both the Slackware PC and the iMac, I changed the default ports to something else but I have yet to set up the public/private keys to disable the passwords (yeah, I know I’m being lazy :P ). I’m looking forward to seeing how the key generation is done so that I can actually get this going (not much time to spare with three little boys running around in the house :D ).

    Doing this SSH tunneling (which is sometimes referred to as the “poor man’s VPN” :P ) has allowed me to check my personal e-mails and keep in IM contact with my wife in places where it might be blocked, and it’s also helped to secure my transmitted data. Maybe the TMUP might also do a screencast of how to encrypt VNC traffic using SSH as that’s something I’ve also been meaning to do.

    Thanks again!

 

September 2007
S M T W T F S
« Aug   Oct »
 1
2345678
9101112131415
16171819202122
23242526272829
30