CVE-2019-8575: Apple AirPort Firmware Data Deletion Vulnerability

posted on may 30th, 2019 with tags apple, networking, and security

On July 4th, 2018, I reported a security/privacy problem to Apple regarding the firmware on its now-discontinued AirPort wireless access points.

Per Apple’s website, a “factory-default reset” of an AirPort should “remove any saved configurations and profiles” and should be sufficient for “selling or giving away your base station”.

On at least AirPort Extreme AP firmware 7.7.9 and AirPort Express firmware 7.6.9 (the newest available for each device at the time of reporting), a “factory-default” reset just moves the configuration file to a new location on the device, and the old file and up to two additional previous configurations remain accessible on the device.

Continue reading 1,284 words...

Switching from 1Password to Bitwarden

posted on nov 17th, 2017 with tags firefox, openbsd, ruby, and security

I’ve been using an OpenBSD laptop as my workstation a lot more lately, probably because most of my hardware just works now and I don’t have to think too much about it. The touchpad works when I touch it, I can be confident that when I close the lid, the laptop will fully suspend and then fully resume again when I open it, WiFi works all throughout my house (although it’s not terribly fast), and my web browser is fast and stable. What amazing times we live in.

In the past, one thing that frequently kept me going back to my Mac, aside from iOS and Android development, was 1Password. I have a ton of logins for websites and servers, and because my browsers are all configured to clear cookies for most websites after I close their tabs, I need frequent access to passwords synced across my laptops and phones, and 1Password has great apps for all of those except OpenBSD.

Continue reading 1,533 words...

On Tinfoil Hats

posted on mar 23rd, 2011 with tags security

Some time in 2010, Google, Adobe, and “dozens of other high-profile companies” were hacked by the Chinese government. The attack was done through a previously unknown vulnerability in Internet Explorer and considered to be highly sophisticated. The attackers copied intellectual property of these companies and accessed Gmail accounts of human rights activists.

Rather than directly hack into the accounts of those activists, the entire e-mail provider was compromised.

Continue reading 1,427 words...

Properly stopping a SIP flood

posted on apr 11th, 2010 with tags asterisk, networking, openbsd, ruby, security, and voip

At about 9am yesterday morning, I noticed on my server monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into /etc/idiots to block it and went back to my work.

A while later, I noticed the traffic still hadn’t died down, so I reported the incident to Amazon and my server’s network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance’s owner (yeah, seriously) and the network provider said they wouldn’t bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server’s monthly bandwidth cap.

Continue reading 832 words...