projects | github | twitter | rss | contact
May 2019

CVE-2019-8575: Apple AirPort Firmware Data Deletion Vulnerability

posted to writings on may 30th, 2019 with tags apple and security

On July 4th, 2018, I reported a security/privacy problem to Apple regarding the firmware on its now-discontinued AirPort wireless access points.

Per Apple's website, a "factory-default reset" of an AirPort should "remove any saved configurations and profiles" and should be sufficient for "selling or giving away your base station".

On at least AirPort Extreme AP firmware 7.7.9 and AirPort Express firmware 7.6.9 (the newest available for each device at the time of reporting), a "factory-default" reset just moves the configuration file to a new location on the device, and the old file and up to two additional previous configurations remain accessible on the device.

Continue reading 1,272 words...

November 2017

Switching from 1Password to Bitwarden

posted to writings on nov 17th, 2017 with tags firefox, nerd, openbsd, ruby, and security and commented on 20 times

I've been using an OpenBSD laptop as my workstation a lot more lately, probably because most of my hardware just works now and I don't have to think too much about it. The touchpad works when I touch it, I can be confident that when I close the lid, the laptop will fully suspend and then fully resume again when I open it, WiFi works all throughout my house (although it's not terribly fast), and my web browser is fast and stable. What amazing times we live in.

In the past, one thing that frequently kept me going back to my Mac, aside from iOS and Android development, was 1Password. I have a ton of logins for websites and servers, and because my browsers are all configured to clear cookies for most websites after I close their tabs, I need frequent access to passwords synced across my laptops and phones, and 1Password has great apps for all of those except OpenBSD.

Continue reading 1,534 words...

August 2011

A Man-in-the-Middle Attack in the Wild

posted to writings on aug 17th, 2011 with tags nerd, openbsd, and security

Last night I tried to visit one of the websites that I host on one of my dedicated servers, and to my surprise, I saw this instead of the usual content:

Continue reading 1,090 words...

April 2011

Making OpenSSH on Mac OS X More Secure

posted to writings on apr 19th, 2011 with tags mac, nerd, security, and ssh

Since 10.5, Mac OS X has had integrated keychain support in OpenSSH that lets one store one's SSH private key passphrase in the keychain. This makes it easy to securely store the passphrase permanently, instead of just per-session or per-boot as ssh-agent(1) does (unless the "Remember password in my keychain" option is not selected, in which case the passphrase is only stored in the memory of the running ssh-agent).

Continue reading 1,199 words...

March 2011

On Tinfoil Hats

posted to writings on mar 23rd, 2011 with tags nerd and security

Some time in 2010, Google, Adobe, and "dozens of other high-profile companies" were hacked by the Chinese government. The attack was done through a previously unknown vulnerability in Internet Explorer and considered to be highly sophisticated. The attackers copied intellectual property of these companies and accessed Gmail accounts of human rights activists.

Rather than directly hack into the accounts of those activists, the entire e-mail provider was compromised.

Continue reading 1,375 words...

April 2010

Properly stopping a SIP flood

posted to writings on apr 11th, 2010 with tags asterisk, nerd, openbsd, ruby, security, superblock, voip, and work

At about 9am yesterday morning, I noticed on the monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into /etc/idiots to block it and went back to my work.

A while later, I noticed the traffic still hadn't died down, so I reported the incident to Amazon and my server's network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance's owner (yeah, seriously) and the network provider said they wouldn't bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server's monthly bandwidth cap.

Continue reading 831 words...