HiR Information Report

Links for 2010-03-16 [del.icio.us]

Wed, 17 Mar 2010 00:00:00 PDT

Shadow Timelines And Other ShadowVolumeCopy Digital Forensics Techniques with the Sleuthkit on Windows
Crazy stuff!

Links for 2010-03-15 [del.icio.us]

Tue, 16 Mar 2010 00:00:00 PDT

Links for 2010-03-14 [del.icio.us]

Mon, 15 Mar 2010 01:00:00 PDT

Not Always Right | Funny & Stupid Customer Quotes » Don’t Pin Your Hopes On This One
Here we fucking go again… « Moonlit’s Rants
Moonlit Rants about Ubuntu. Again.

Links for 2010-03-13 [del.icio.us]

Sun, 14 Mar 2010 00:00:00 PST

Educating Elite Hackers and Cybersecurity Experts - Newsweek.com
Kind of a fun read.
http://n0where.org/talks/samsara_20100310.html
Slide deck from Quine's disclosure talk

Teaser: Cory Doctorow's new novel, For The Win

noreply@blogger.com (Ax0n) — Fri, 12 Mar 2010 05:09:00 +0000

It was an odd bit of coincidence this morning. Frogman had shared a story with me from Boing Boing: 200 advance-release promo copies of Cory Doctorow's newest novel, For The Win, are being given away to teenage gamers to review. I should mention that I am thankful to have a few friends who skim Boing Boing for the really awesome and interesting stuff. There's far too much content for me to wade through in my RSS reader, so folks like Frogman are my Boing Boing filter.

Thinking back to an email conversation I had with Cory back in late November (in which I requested a preview copy for HiR), I was wondering if we were going to actually get one of the them. Not 5 minutes later, UPS knocked on my door and dropped off a special package:

At any rate, we're excited to be able to get a sneak peek of Cory's latest work. Frogman will be doing the review. Look for it in the coming weeks!

The end of an era: SecurityFocus

noreply@blogger.com (Ax0n) — Thu, 11 Mar 2010 21:14:00 +0000

SecurityFocus announced in a memo yesterday that it would, for the most part, cease operations.

It is survived by Bugtraq (which SecurityFocus picked up more than a decade ago) and a few other high-volume mailing lists. In turn, SecurityFocus was picked up by Symantec in 2002. This is a sad day, indeed.

Via UnsafeBits

Ye-olde tech: Slide Rule

noreply@blogger.com (Ax0n) — Sat, 06 Mar 2010 06:41:00 +0000

Even though this virtual slide rule is full of actual win, you can buy a real (if chintzy) slide rule for cheap from ThinkGeek.

I suck at math, and I'll readily admit it. You still need to be okay at math to use a slide rule: namely, you have to keep track of the order of magnitude of your calculations in your head or on paper. It's no secret that I dig old tech, though. Plus, analog calculators are fun and you can't exactly stuff a Babbage difference engine into your pocket.

A short course on how to use a slide rule

Wikipedia entry on Slide Rules

Related: Upgrade!

Links for 2010-03-02 [del.icio.us]

Wed, 03 Mar 2010 00:00:00 PST

SolutionBase: Performing common administrative tasks in Solaris 10
decent intro to solaris admin stuff.

Links for 2010-03-01 [del.icio.us]

Tue, 02 Mar 2010 00:00:00 PST

Password Chart
I'm not sure what to think of this. You hash a phrase to a password table, then map your password to entries on the table. Seems complicated.
Mushroom Life
A derivative of Conway's Game of Life. I'm a sucker for stuff like this!
The Trouble with Tribbles...: Opening up some details of OpenSolaris under Oracle
It looks like there's finally some movement from Oracle with OpenSolaris.

Links for 2010-02-28 [del.icio.us]

Mon, 01 Mar 2010 00:00:00 PST

Disk Space Fan - Manage disk space with art
This beats the hell out of WinDirStat, my previous tool of choice for this. Wish there was a good OS X equivalent!
The Solution for Seagate 7200.11 HDDs - MSFN Forums
Via hackaday. It's easier to just make backups part of your lifestyle, but if you feel like taking a crack at resurrecting your firmware-borked drive, this looks like a good read. Remind me to avoid seagate/maxtor.
Parallels cuts virtualization down to the bare metal on Xserve
Kind of like Xen and ESX for Xserves. I was a bit disenchanted with Parallels back in the 2.x and 3.x days, but they seem to be getting their act together.
WinXP / IE exploit via WinHlp32.exe - Potential RCE.
It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command.

0x0d - Happy Birthday, HiR!

noreply@blogger.com (Ax0n) — Mon, 01 Mar 2010 06:01:00 +0000

March 1st, 1997. That's the day I uploaded the first volume of HiR e-Zine (then called "Hackers Information Report") to a few local BBSes. This included pushing it out to a small inter-BBS forum with world-wide reach, and finding its way onto some "hacking" web sites within a matter of weeks.

The first issue was penned by me alone, and almost entirely on a road-trip with my parents, on my old NEC Versa 550D while sitting in the back seat of a powder-blue 1989 Ford Aerostar for hours on end. I was just a kid. Going back and reading some of my older stuff is sometimes embarrassing.

A few months later, I had friends from local BBSes submitting content - Frogman being one of them. Soon thereafter, I'd run into a reader of HiR in a college class -- Asmodian X, who also had plenty of fascinating things to add. Contributors came and went, and I'd answer some e-mail questions. I still keep in touch with some of the past contributors and commenters.

From 2001-2007, HiR faded in and out and was mostly dormant. I got busy. We all got busy. The core contributors all grew up, in one way or another. We'd come up with one or two interesting articles, and think maybe we should put together a new "issue" of HiR.

Even though we all live fairly close, that never happened.

In early 2007, we decided to go with a "blog" format. I think it works better. We write when we get a chance, and the comments section gets us closer to our readers. We changed the name, mostly to shed the "hacker" from our name -- I think most of us have long given up hope of completely reclaiming "hacker" as a good word in all use cases. Now it's just a recursive acronym: HiR Information Report. Why the lower-case i? Partially to encourage HiR to be spelled (like H. i. R.) and partially as a throwback to the uBiQuiToUS LoWeRVoWeLiNG of the 1990s. Can we leave that part behind us?

Some months, we really hammer out the content and muster up a post nearly every single day. Other months, we're all but silent. We're still busy, but we are still passionate. Also, in the last year, we've had a pair of really great guest posts. We hope to have more of these, and maybe even land a few more regular contributors.

At any rate, this is me saying "thanks" to those who've contributed to our journey, on behalf of the entire HiR crew. The co-writers. The guest posters. The commenters. The friends who have been around with us for what seems like an eternity in Internet years -- tossing us link-love even back in the 90s. (Lookin' at you, HNNCast), the folks who still archive our mess of old text files (yes you can find us there, no I'm not linking to it), the folks who have kicked it with us at meetups, cons and user groups. And, of course, the readers, without whom we'd probably have given up on this little project long ago.

Risk Assessment: Electronic Lock Impressioner

noreply@blogger.com (Ax0n) — Fri, 26 Feb 2010 18:35:00 +0000

I've kept kind of quiet about this wonderful device. It's an electronic lock impressioner.

Barry Wels talks about the possible mode of operation on his excellent Blackbag blog. I kind of assumed that's how it worked, since it claimed to work only on Ford locks for the time being.

Meanwhile, people are freaking out, labeling it "a car thief's wet-dream."

While I could agree that this device has some potential value to nefarious ne'er-do-wells, there's a fatal flaw in the media panic: You can't steal a car by impressioning the lock.

This device will give you a series of numbers, known as a key code. If you told me the key code to a car right now, I'd honestly have no clue what that key should look like. I could look it up on the Internet, probably. But then I'd need to get out my dremel, a file, a key blank and my digital calipers. If I had a cheap key-milling machine, it might save me a little bit of time. If I spent several thousand dollars, I could get a computer-controlled machine that would simply spit out a key with the right cuts. If I was convincing enough, I *MAY* be able to trick a professional locksmith to cut a key exactly to a code, but most of them would be hesitant to do this without seeing an original key, even if it was a badly damaged one.

The barrier to entry here isn't exactly high, but it's not like you can simply insert this tool into a car door and immediately drive off with it. It's going to take quite a bit of effort or a pricey initial investment for this tool to pay off. The initial investment has already been made by licensed locksmiths who already have these tools laying around. J. Random Carthief, however, probably does not. A successful auto-theft ring MAY have these tools at their disposal. As we already know: if you're being targeted by a sophisticated attacker, it's game over. They'd probably just tow your car away, repo-man style, and break it down at a chop shop.

Let's just assume for the sake of argument that you used this device to get the key code for the car's door, and spent the time to fabricate or acquire a matching key. That's a lot of hassle, but now you can open the car's door, maybe its trunk and glove box. You could even put the key in the ignition. But you couldn't steal the car. Let me explain.

This is my car. I got it a decade ago. Do you like my license plates?

At of the time of purchase, Ford (and many other manufacturers) had already been using two-factor authentication of some variety behind the scenes for years to activate the ignition system. Long gone are the days of pulling a bundle of wires out of the steering column and touching some wires together to start the car, as are the days of simply getting a copy of the car key.

Inside many keys, there's an RFID module or some other device that's somewhat unique to the key. On snazzier cars, this is an encrypted challenge/response module that can't be easily copied. On others, it's a small handful of static "signatures" which may be easy to clone with an RFID programmer or other specialized tools. Either way, without the proper code, the car won't start. In fact, if this module is missing or un-recognized, the car will often completely disable its Engine Control Unit for a period of time, usually 10 minutes.

To provide a further layer of complexity to the issue, the end-user must provide proof of owning two separate keys in order to authorize new keys to start the car. In my case, if I had two keys and lost one, I would need the dealership or a high-end locksmith to attach a special computer to my car in order to authorize a new key. That keeps the valet guy from copying your key and activating it himself. Typically, these systems require the programmer to stay connected to the car for a period of one hour before new keys can be added. Even a miscreant would need unfettered access to your car for a whole hour in order to configure a key that works.

In short, the Electronic Lock Impressioner would give a bad guy the ability to make a key that allowed him to steal the stuff in your car, and nothing else. That person would be much better off shattering your window with a brick. In the hands of a good locksmith who has all the proper tools and skill to create a key from a key code and re-program your car's ignition system, this tool should save many hours that would otherwise be spent replacing or re-keying locks. This savings will ultimately be passed on to the customer. In my opinion, this is a revolutionary device that provides benefits to the locksmith industry as well as people who need to use their services. It does so without providing much incentive to car thieves.

Teaching curiosity

noreply@blogger.com (Ax0n) — Mon, 22 Feb 2010 23:13:00 +0000

A theme that commonly comes up among security professionals and hackers:

"Is it possible to teach the curiosity that's so important to this field?"

"Can you really teach someone how to be a hacker?"

And so on. I'm usually of the opinion that curiosity is somewhat intrinsic, and that some people are just born curious, or at least their natural curiosity wasn't stifled by oppressive and over-protective child-rearing techniques. But the more I think about it, the more I believe that people can become good at it later on in life if that's what they want to do.

I was interviewed by a student today who was asking what skills one needs for my career. Hands down, the most important skill I have is Critical Thinking. Most of us use a derivative of the Scientific Method when tinkering, whether we acknowledge it as such or not. Being able to clearly communicate the results of our research is also very important.

So, to those of you who are still in school or who are thinking of going back to school, I would suggest that the following classes will help you sharpen your skills in realms that will come in handy for most analytical careers, especially in information security, programming, and systems administration:

Philosophy:

Logic and Critical Thinking

English

Research Skills
Technical writing

Speech:

Public Speaking
Elementary Debate

Science:

Any introductory course that provide hands-on lab time to learn the Scientific Method

There may be pre-requisites for some of these, or the need to pass an appropriate placement test, but the above courses would likely fit into any degree program you're considering, even if they go above and beyond the basic requirements for the degree. These will provide valuable skills to help you in your career path. Even if you didn't grow up with an intrinsically inquisitive nature, I believe that pretty much everyone is capable of "learning how to be curious."

Thoughts? Any other suggestions? Were there some other non-IT courses that provided you with tools you use daily?

Nominated for Best Of Craigslist

noreply@blogger.com (Ax0n) — Mon, 22 Feb 2010 01:30:00 +0000

Someone want to help him out? You could get a whole bunch of VHS tapes. Hahah.

I'll pass.

Fraud and Identity Theft are not "Hacking"

noreply@blogger.com (Ax0n) — Sun, 14 Feb 2010 19:19:00 +0000

[H]ard|OCP: Hacker gets record 13-year sentence for hacking.

Originally a haven for hardware hackers looking for advice on extreme overclocking, system cooling, gaming, and case modifications, you'd figure [H]ard|OCP would "get it", wouldn't you? At least one front page contributor doesn't.

I'm not one of the hopefuls that really thinks society will ever ditch its stigma against "the H word" but this story strikes several nerves for me, and continuing to sensationalize "hacking" like this is only part of it.

Max Butler (now known as Max Vision) got a whopper of a sentence, but it wasn't for "hacking," it was for multiple counts of wire fraud, identity theft, and transfer of stolen identity data. While Max undoubtedly had the mindset of a hacker for most of his life, his ethics (I'll get to that in a moment) made him a criminal. Although he was obviously brilliant and capable as a hacker, Max abused his skills to become a carder, a con man, and a low-life, deceptive criminal. Those are the things that got him into trouble. Criminals with little technical skill get busted for the same things.

More disturbing, though, is how Max came to the center of this vast arena of identity theft. With a troubled past, he emerged as a skilled security consultant with a bit of a naughty streak -- a habit that would get him thrown into the slammer (for computer fraud) after breaching government and military networks with a clever tool that would patch a well-known hole while leaving a back-door for him to use later. This is the kind disruptive mischief that used to be associated with "cyber criminals" years ago, putting him in the same arena as Robert Morris, Adrian "The Homeless Hacker" Lamo , and MafiaBoy, to an extent.

During this 18-month stay in the pokey, he would befriend the hardened career criminals who would eventually conspire with him to create genuine financial havoc, on par with the destructive forces of those responsible for the TJX and Heartland breaches.

What do I make of it? I'm not entirely sure. It's hard telling if Max Vision would have found collaborators outside of prison and ended up on the same path, or whether prison life genuinely corrupted him. I do know, however, that no one gets arrested for "hacking."

Previously.

Oh noes! Google Buzz FUD!

noreply@blogger.com (Ax0n) — Thu, 11 Feb 2010 20:18:00 +0000

Silicon Valley Insider came up with this wonderful sensationalist FUD piece: WARNING: Google Buzz has a huge privacy flaw!

Please.

They recommend shutting off Buzz completely, or un-following your automagically-generated "friends" that Google "chose" for you (i.e. other Google Profiles that you exchange e-mail, Google Reader, or GTalk with). This isn't really a Buzz issue at all, though. It's been a "problem" since Google Profiles came out, it's just a lot more intuitive to see who people interact with in Google Buzz, since it's built into GMail directly now.

UPDATE: It looks like contact sharing *IS* enabled only once you sign up for Buzz. So, shame on Google? If you don't sign up for Buzz, these options won't even show up (and neither will your contacts on your Google Profile) - Thanks, Genesiswave, for pointing this out.

Or, you could think rationally, and simply un-check the option to make public the list of people you interact with. Imagine that?

So, take a deep breath, log in to some google service, then click this link to edit your profile if you're really that worried. Again, this option is only displayed once you opted in to Google Buzz.

Now, the followers/following links are only visible to myself. I verified this through Google Buzz and by looking at my profile page from a different google account.

IT Security Certifications: Path to payday, or just a farce?

noreply@blogger.com (Ax0n) — Wed, 10 Feb 2010 04:14:00 +0000

Network World claims that security certifications are worth their cost while other certificates aren't holding their value so well.

I'm going to use Network World against themselves. You see, they also put Security Specialist/Ethical Hacker at the top of the list of the 10 best IT jobs right now.

By all metrics, IT Security careers are on the rise. Qualified pros are in demand and the pay is up. Since the majority of people who have these certificates are working in an "on the up-swing" industry, that alone could explain the reason that people who hold these certs are getting raises when non-security certs don't seem to be paying off.

Note: I don't have any certificates nor degrees, and I've had several great interviews and a few job offers already in under a month of job hunting. Some of these even listed degrees or certificates in the "Required" or "Strongly desired" category of the job postings, but it didn't keep me from getting in front of a hiring manager. It's worth mentioning that WHO you know -- your network -- is often just as important if not more so than what you know or what pieces of paper you hold.

I might take an employer up on their offer to train me and pay for certification, but I haven't seen much solid proof that you need the certificates if you have the experience, the passion, and the references to back up your skills.

What's your take? Good for getting to the top of the applicant pile from HR? Good for landing you that dream job? Good for getting a raise once you're already in the industry? Or is it just a piece of paper?

Juxtaposition - Subscription-walls

noreply@blogger.com (Ax0n) — Tue, 09 Feb 2010 06:02:00 +0000

A new paper on Johnny's "I Hack Stuff" blog requires a subscription. Meanwhile, Sensepost is abandoning their "Regwall" for research papers.

I feel the same way about news paywalls, really. They don't force people to pay, nor do they keep people from getting the news. They just make sure they don't get the news from YOU.

By the way, I threw together a Google Reader "Bundle" of my favorite security feeds. If you use Google Reader (and let's face it, why WOULDN'T you?!) you can easily import these. Beware: it's over 200 RSS feeds, and can get awfully noisy at times.

Wrapping insecure web apps with Apache

noreply@blogger.com (Asmodian X) — Mon, 08 Feb 2010 14:00:00 +0000

When dealing with a web service which for one reason or another cannot or should not be allowed on the web. Apache has several wonderful modules which allows the services to be wrapped and behave like a web app should (working SSL certificates, forced encryption, authentication ...)

In this article I will discuss and show some examples on how to create an authenticated reverse proxy with mod_authnz, mod_proxy,mod_rewrite and mod_security.

-=-=-=-=-=-=-=-ToC-=-=-=-=-=-=-=-
1. Prerequisites
2. Installation of Apache
3. Configuration of Apache
4. Configuration of mod_rewrite
5. Configuration of mod_proxy
6. Configuration of mod_authnz(optional)
7. Configuration of mod_security
8. Summary
9. Informative Resources
-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-
1. Prerequisites

In this example you will need:

Ubuntu Linux
LDAP compatible server with valid SSL certificate
Apache2
Wildcard ssl certificate or valid certificates for each service published
Apache mod_rewrite
Apache mod_proxy
Apache mod_authnz
Apache mod_security

2. Installation of Apache
Install Apache2 by any of your favorite package managers or at the prompt:

sudo apt-get install apache2

3. Configuration of Apache
Then create a new config file for each of your new relays.
Inside of the virtual host tag:

UseCanonicalName Off
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
#incase you have a self signed certificate on the ldap server
LDAPVerifyServerCert off
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/generic/example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/generic/example.com.key
Servername weirdone_wrapped.example.com
CustomLog /var/log/apache2/access_log.relay-weird.vhost vcommon

4. Configuration of mod_rewrite
(mod-rewrite is included with apache2)
To enable mod_rewrite:

a2enmod rewrite

Then add the following virtual host entry to redirect http traffic:

RewriteEngine On

#Force HTTPS
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]

5. Configuration of mod_proxy
First install additional mod_proxy:

sudo apt-get install libapache2-mod-proxy-html

Then enable the modules:

a2enmod proxy proxy_connect proxy_html proxy_http

Insert the proxy section and commands into the SSL (port 443) vhost section:

Order deny,allow ProxyPreserveHost On ProxyPass / http://weirdapp.example.com:50281/ ProxyPassReverse / http://weirdapp.example.com:50281/

6. Configuration of mod_authnz(optional)
First install mod_authnz:

apt-get install libapache2-mod-authnz-external

Then insert the following into the proxy block for ldap authentication of the connection:

AuthType Basic AuthBasicProvider ldap
AuthName "Please authenticate your connection using your network login."
#Some Ldap servers will reject un-encrypted simple authentication, plus this is
#just a good idea any way.
AuthLDAPURL "ldaps://1.2.3.4/?cn" SSL
AuthzLDAPAuthoritative on
AuthLDAPBindDN cn=authbot,ou=users,o=org
AuthLDAPBindPassword password
AuthLDAPRemoteUserAttribute uid
AuthLDAPRemoteUserIsDN on
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group cn=Staff,ou=groups,o=org
Satisfy All

7. Configuration of mod_security
First install mod_security:

apt-get install libapache-mod-security

Then enable it:

a2enmod mod-security

Mod_security is fairly tricky, I am using a default configuration but I am only logging errors and not preventing them. Configuration beyond this is outside the scope of this article.

Edit /etc/apache2/mods-available/mod_security.conf and use the configuration example in
"/usr/share/doc/mod-security-common/examples/" as a template.

If it proves to be too restrictive, you can switch the part which says:

SecRuleEngine On

to

SecRuleEngine DetectionOnly

8. Summary
So, after this is installed, Apache will listen to a static IP then relay a a website to the end user over SSL after authenticating the connection with an LDAP server. And if anything fishy happens it will be logged/(or blocked) with mod-security.

This is not a 100% silver bullet solution. Apache http authentication is generally a bad idea, especially over an unencrypted session. In this example it is partially mitigated with mod_rewrite but at this time Apache does not natively support any modern authentication technologies with hooks for LDAP or any other authentication service. If you have the opportunity to prevent the need to do this then make it so.

The best way is to do it right the first time and write into your web application (or specify in the RFQ) the correct security measures.

9. Informative Resources

Breach Security "Mod Security home page". (Accessed April 2009)
http://www.modsecurity.org

The Apache Software foundation. "Apache webserver website". (accessed Jan 2010)
http://httpd.apache.org/

See also :
Asmodian X's Securing php web applications:
http://www.h-i-r.net/2009/05/securing-php-web-applications.html

Ax0n's OAMP (Apache, Mysql, PHP on OpenBSD) Article:
http://www.h-i-r.net/2008/12/sysadmin-sunday-amp-on-openbsd-44.html

Asmodian X's Name based hosting mini-howto:
http://www.h-i-r.net/2008/10/sysadmin-sunday-apache-name-based.html

Asmodian X's Workbench - Suhosin :
http://www.h-i-r.net/2008/12/asmodians-workbench-suhosin-hardened.html

Via Adrian Lamo's Twitpic...

noreply@blogger.com (Ax0n) — Mon, 08 Feb 2010 09:44:00 +0000

Challenge/Response in real life. No, it's not photoshopped.

Guest post: Fonera Power-Over-Ethernet

noreply@blogger.com (Ax0n) — Sun, 07 Feb 2010 00:28:00 +0000

Editor's notes:
This technique should be useful for short runs of ethernet (6' or less) and to power pretty much anything that needs 5VDC and doesn't require a lot of current. I've seen USB ports provide up to one amp of current, though it's usually advised to keep it under 500mW. If you have a dual-USB Power/Data cord like the ones that come with external 2.5" hard drives, I'd advise using that to help get more power to the Fon, but there are several people running USB power directly to the Fon, and it seems to work fine. This is the first time I've seen a POE injector/splitter used in combination with USB before. Pretty clever.

This is a guest post by cyb3rassasin, a student in the midwest that's interested in security technologies. You can follow him on Twitter.

Okay, so I’m sitting in the coffee shop with my LaFonera router in front of me, and my netbook on my lap. I look at my fon just sitting there with its 4 AA battery pack, pondering how else I could power this little guy. A battery pack is bulky, and I don’t really want to have to carry a wall wart with me everywhere I go.

So the options that come to mind are usb power, battery pack, and power over ethernet. The first two aren’t bad ideas but I was kinda looking for something a little more compact and cleaner. I decided to look at some PoE injectors/splitters because they’re inexpensive and compact.

The only problem I could forsee is again I’d have to carry a wall wart around with me. Then I thought why not cut the power adapter off the injector and replace it with a usb plug. It would be simple, clean, and I’d only have to have one cable running to the fon. The Fon can run from 5VDC just fine.

I decided to pick up a set of PoE cables from Passive PoE. I grabbed a usb cable from an old phone that I had, I chopped the end off and stripped all the wires. I then cut the power plug off of the injector and stripped the two wires. ( note: the copper is ground and the red is positive)

Now, don’t make the same mistake I did: put the heatshrink on the injector before soldering the usb plug and the injector together. I soldered up the connections, wrapped each individual connection in electrical tape, and heatshrunk it.

Before testing this with my fon, I thought it would be a good idea to make sure I got the polarity correct. I plugged the injector into my netbook, hooked up an ethernet cable, and then attached the splitter. I took a multi-meter and to the splitter and sure enough, I had the polarity right. Center pin: positive 5VDC, outer barrel: negative

Now it’s time to take a leap of faith and plug in my fon, and woot! It works!

So now I successfully have a compact way to power my fon via usb and PoE. I’ve found one downside to this, it drains my netbook battery faster than if I would use a battery pack. Other than that this is an effective alternative way to power the fon.

cyb3rassasin also showed me the Open-Mesh mini router, which seems to be nearly identical to the original Fon2100 shown here. Since the Fon2100 is no longer available new from the manufacturer, and the newer hardware isn't as friendly for things like Jasager/Karma, it's nice to know there is still a comparable piece of gear out there to take its place in our hackpacks. Long live evil wifi! Here are some photos he sent us, comparing the Open-Mesh and the Fon2100.

Memories of a Timex Sinclair 1000

noreply@blogger.com (Ax0n) — Sun, 31 Jan 2010 05:08:00 +0000

Someone brought this wonderful pile of memorabilia to CCCKC last week.

This is a Sinclair ZX81. It was introduced to England in 1981. It was a Zilog Z80-powered entry-level computer that used a cassette tape (remember those?) for storage of data, and hooked up to a TV for a monitor. The ZX81 used the european PAL standard, so this machine won't work on normal analog TVs here in the US.

The ZX81 features a whopping 1kB of built-in RAM, and a CPU clock speed of 3.25 MHz, or for you kids out there that don't know what a kB or a MHz is: It had about 0.0000001 GB of RAM or about 1,024 characters, and ran at 0.00325 GHz. It could be purchased pre-assembled, or in kit form, which required soldering.

The version that made it stateside -- the Timex Sinclair 1000 -- was my very first computer. It was a slightly modified version of the ZX81. Mostly, it featured twice the RAM (still not enough to hold the typed text from a single page of a paperback book) and an NTSC modulator that was compatible with our television sets. Graphics were mostly block characters on the screen, and if you wanted a program with much power behind it, you had to use Z80 assembly language, if for no better reason than more efficient use of the RAM.

My Sinclair died sometime in the early 90s. It still powers on (if I can find it) but the membrane keyboard's ribbon cable became brittle and broke, mostly due to the heat sink inside that sits very close to... well... everything, since the machine itself is so tiny. I'm wondering if I could get away with using my small portable "watchman" style pocket TV as the monitor and a voice greeting card to store a program or two. I have a few ideas about fixing the keyboard's ribbon cable. If I can unearth my old Sinclair, I'll see if I can get it fixed up. Until then, I'll just gawk at these pictures and remember with fondness the days that kick-started my interest in computers.

What was your first computer? Do you still have it?

Remapping the MacBook Keyboard

noreply@blogger.com (Ax0n) — Wed, 27 Jan 2010 13:50:00 +0000

I love OS X, and I also have this thing for Apple hardware, especially their laptops. You can rant and rave about "Apple Tax" until you're blue in the face. You won't sway me. One thing that kind of irks me, though, is the keyboard on the MacBook series.

While the sunken, chicklet-style keyboard garnered much criticism in 2006, I like the feel of it. As you can probably tell from the title of this article, my primary complaint isn't in the style of the keyboard. It's in the keys that seem to be missing. In OS X, the MacBook's scant 78-key input device makes sense. Other keys are nice, and are provided on the full-size keyboards for the desktop behemoths, but as a general rule, the slimmed-down laptop keyboard gets things done.

Being an Operating System Junkie, however, I often find a need for some oddball key that's nowhere to be found. In Linux and BSD (or when SSH-ing) from Windows using PuTTY, Shift-Insert pastes text to the terminal. There's no Insert key. In Windows, I'd rather not install vestigial bloatware to grab screen shots. Alt-PrintScreen is the old standby. There's no PrintScreen button, either.

At the same time, there are keys I rarely use in OS X, and they become completely useless on any other platform. They also happen to be near the places that I expect Insert and PrintScreen to be on a full-size keyboard.

There are registry hacks to remap keys on Windows. RandyRants has a great write-up on this, and wrote SharpKeys to help people easily re-map their keyboards. In my case, I wanted to remap F12 to function like PrintScreen, and the Keypad Enter key (next to the arrows, shown prominently in the photo above) to function as the Insert key.

The resulting registry patch is included so that you need not install vestigial bloatware just to remap your MacBook keyboard. Save the text below to a file called "remap.reg" and import it to your Windows Registry -- usually, by double-clicking it. Still, SharpKeys a nice utility to know about, particularly if you have any portable computers lacking a full set of keys.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,\
00,00,00,37,e0,58,00,52,e0,1c,e0,00,00,00,00

On Linux and BSD, xmodmap will do the same thing, a lot easier. I didn't bother remapping Print Screen, but getting Enter to function as Insert was important. Create a file called ".xmodmaprc" in your home directory, and add the following content to it:

keysym KP_Enter = Insert Insert Insert Insert

The next time you log in to Ubuntu, you'll get a dialog asking what you want to do with this file:

Load the .xmodmaprc file, and if you wish, choose to not show the dialog again. Click OK.

On BSD and perhaps many Linux flavors, you may have to manually edit some files to load xmodmap. You can usually put this line at the beginning of your .xsession or .xinitrc file to load the .xmodmaprc file when X starts. Alternatively, you can run it in an xterm to make sure it works:

xmodmap .xmodmaprc

These tricks work just as well on bare metal as they do in a virtual machine, or at least as tested in VirtualBox. That's a major annoyance out of the way for me!

Getting the Lock Code on an LG Mobile Phone

noreply@blogger.com (Ax0n) — Wed, 27 Jan 2010 02:00:00 +0000

A few weeks ago, my trusty LG Env3 met its untimely demise in a washing machine. I immediately yanked the battery out first. None of the usual tricks worked. I tried many of them, but here are a few that HAVE worked for me in the past with other peoples' phones:

Take it apart and blow-dry the electronics
Seal it in a container of uncooked rice or other desiccant overnight

This isn't about drying a phone out, though. I surfed eBay and was taken aback by the prices for used but working Env3's. So I decided to buy a broken one. Preferably one with a mechanical problem where the non-damaged mechanical parts from my electronically-fried phone could be put to good repair use. Like this one:

Lo and behold, the case was pretty well damaged and the ribbon cables joining the two halves had been severed. Otherwise, the phone seemed to be in okay shape. Commence repair. We are Env3 of Borg. Parts everywhere, mix and match a frankenphone. What a mess!

There's not much I can teach you about this. If you have the know-how to disassemble the pieces of two nearly-identical non-working objects and you know which parts are bad, you can probably assemble one good working unit. That's not what this is about, either.

This is about what happened to me once I powered on the resulting piecemeal ware -- something that happens probably more often than you'd think, whenever you buy a used phone from someone you don't know: The Lock Code... OF DOOM.

By default, the lock code is the last-four digits of the phone's programmed phone number during initial programming. This is different than the SERVICE CODE which is usually six zeroes. In the case of the eBay phone, though, we don't know the phone number. The easiest way to find out is to access the service menu. On newer LG phones, you enter "##PROGRAM" followed by the VX- model number, and hit send. The model number can usually be found inside the phone behind the battery compartment.

If it's a QWERTY clamshell like mine, the phone must be opened and the code must be entered on the QWERTY keyboard. Example: The Env3 is a VX-9200 and the service menu is accessed by hammering in [Sym]3[Sym]3PROGRAM9200[SEND] which shows on the screen as "##77647269200"

A prompt will show up for the service code. Again, this is 000000 by default.

Access the "Service Programming" menu, usually the first option. And don't change anything.

You'll see the Mobile Equipment ID and ESN on the first screen...

...and the Phone Number on the second screen. Write the phone number down. Exit the service programming menu. This will usually cause the phone to turn off or reboot.

Try the last four digits of the phone number as the unlock code. Usually, this works. When you call your provider to activate your phone, this unlock code should be changed to the last four digits of your phone number, and you're in the clear. Consult your user manual if you wish to de-activate locking.

In my case, however, the user was savvy or paranoid enough to know that friends who know the mobile number could probably guess the lock code. That is to say, the lock code on this phone was NOT the last four digits, and I was still locked out of the phone I paid for. At this point, I'm thinking that it'd have been nice for the seller to remember there was a lock code and to provide it. Oh well. Who am I to let a little 4-digit code get in my way? Not bloody likely.

Most phone service techs will charge $30 to $50 to remove the lock code. Highway robbery is somewhat expected with these guys, though. Enter my good old friend: QPST. Officially for service technician use only, QPST is a suite of programs for troubleshooting and programming phones using Qualcomm's lineup of mobile baseband processors. I used QPST in an article just over 2 years ago when discussing tethering.

The same thing applies. You can't buy QPST, but it's "out there" and you can easily download it or get it from a friend who works in the industry. You also have to run it on Windows, or at least in a virtual machine. If you do try to get it "in the wild" you should probably have a good anti-virus solution installed. You'll also need a data cable for your phone. LG's newer phones ship with a data cable and a USB Wall-Wart, so you probably already have a data cable.

Once you have the phone hooked up and the drivers installed, you should be able to see the phone in the QPST Configuration tool. If not, click "Add Port" and add one of the USB Serial ports. Select the phone from the list and launch the "Service Programming" tool from the "Start Clients" menu.

Flip over to the "1X/HDR Security" Tab and click the "Read From Phone" button. Voila. You've found the lock code! Below, you can see it was set to 4776. You should also be able to change it from this menu, but I didn't bother trying.

While there are some pretty cool things you can do with QPST aside from the things I have covered on HiR, you can also brick or damage your phone when you mess with it at this level, so think before you act.

Fixing Windows: NTLDR missing, install CD won't boot

noreply@blogger.com (Ax0n) — Mon, 25 Jan 2010 02:26:00 +0000

I ran across a bizarre Windows issue today on a friend's laptop. It appears to be relatively common, but the answers seem to be elusive, or all over the map. Not only was there an "NTLDR Missing" error, but in trying to access the Recovery Console, the Windows XP Install CD was halting as a blank screen right after "Setup is inspecting your computer's hardware..."

The short answer:
The partition table or boot sector is corrupt and it's messing with Setup when it scans your hard drive and causing the lock up before the installer starts. You are going to have to delete the partition and re-install Windows from scratch. I hope you have backups! Of course, if you prefer, now's a good time to try some other Operating Systems. ;)

The long answer:
Normally, "NTLDR Missing" errors are easy to fix with the recovery console of the Windows install CD or with 3rd party tools like FixNTLDR, UBCD or BartPE (builds a live-CD from your Windows install CD)

The first things to try are replacing the core boot files from the pristine versions on the XP CD (as per the Microsoft KB article) -- ntdetect.com, ntldr, and verify that the syntax of boot.ini is valid. Also, running fdisk /mbr can fix certain boot problems. These should be non-damaging to the data on your drive. You should try to fix it before you go blowing away the partition table.

In my case, none of the third party tools were working, and all the Windows XP CDs I have failed to boot past the "Setup is inspecting..." screen on this machine. The screen went dark and the CD stopped spinning, the system hung and refused to boot. No boot means no recovery console. I tried using the Windows 7 CD, too. It would boot but couldn't find a valid windows partition to repair.

My next step was to boot into Backtrack 4 Final from USB, and try to replace the files as one would from the Windows Recovery Console. I was able to write to the hard drive, and get the files off the OEM Restore CD just fine. Boot.ini was also intact. Still, the system wouldn't boot from the hard drive or the XP install CD.

As mentioned above, it was time to blow away the partition table and start over. Fortunately, my friend had good backups on an external hard drive. I opted to use BackTrack 4 Final to perform the partition-ectomy. Several boot CDs can do this, too. YMMV.

Deleting the partition with BackTrack is simple. Once you have booted backtrack, execute "cfdisk /dev/hda" - This assumes you have only one hard drive in the machine, and that there's only Windows XP installed.

Select the partition using the up/down arrow keys and navigate with the left/right arrow keys to the "Delete" menu option. You may be wondering what I'm doing with a scant 2GB hard drive. This is actually a Windows XP Virtual machine, used for lab testing.

Then, use the arrow keys to navigate to the "Write" option.

Quit cfdisk, then reboot with your Windows CD to start the installation process.

Review: Master 1500iD "Speed Dial" lock

noreply@blogger.com (Ax0n) — Sat, 23 Jan 2010 06:42:00 +0000

On a whim, I picked up a Master Lock 1500iD a few weeks ago. Mostly, this was for physical security research because I was bored at the time. Well, and I wanted a new lock for keeping my bike locked up at the job I used to have.

I had been using a derivative of the somewhat vulnerable Master 175 Padlock. I have always been a proponent of security in depth, so a somewhat chintzy lock combined with a very sturdy bike rack, a length of towing chain, and a parking garage with patrolling officers and cameras everywhere provided adequate layered protection. Also, in fair weather, several other lesser-secure bikes would be parked with mine, adding a layer of Darwinian Bicycle Security.

Advantages that made me choose this lock were many. First, the shrouded hasp meant it was likely to be resistant to shimming. Also, the "combination" could be entered in low-light conditions and while wearing gloves. This is important, because the parking facility I was using at the time was not heated (so it was cold!) and they'd switched to fluorescent lights that never really warmed up or achieved full brightness whenever it was below freezing. On REALLY cold days, some of the lights would refuse to turn on. All of these factors made this lock look like a solid winner for the situation.

Note: This lock is meant to keep your mobile phone and sunglasses safe in the locker room at the gym. It's meant to keep middle-school kids from stealing your homework. Alone, it's not the best tool for locking up a bicycle or anything valuable.

One of the first things I wanted to know was how it worked inside. I also wanted to know how difficult a task it was to get it open without completely destroying it. To the first end, I stumbled on Michael Huebler's 1500iD visualization flash simulator, and subsequently the PDF breaking down most of the facts on this lock.

In fact, Michael had covered most of the angles I was hoping to discover on my own, and did a better job than I could've done here. Therefore, it's worth the read if you're interested in locks, locksport or mechanical things.

By the way, with a good set of drill bits meant for cutting steel, it took me about 7 minutes to get into the lock on my workbench without completely destroying anything. In practice, an attacker would use a large set of bolt cutters since the hasp isn't completely shrouded. This should make short work of a lock like this one in just a few seconds.

I noticed a few collisions, another point that mh's article brought to attention. The lock opens when the four wheels are in the correct state, and every movement of the joystick changes the state of three out of the four wheels. It is for this reason that there is more than one way to get to almost any given state. Using the state in the screenshot above, Right-Left-Down-Left is the combination shown. The same state can be accomplished with Up-Right-Down-Left.

In short: The number of combinations is unlimited, but the number of mechanically-possible states is markedly finite: 7,501 to be exact. mh likens this to the mechanical version of a hash function. I can't think of a more concise allegory for it.

Mechanically, I think Master did a lot of stuff right. First off, the hasp acts as the wheel reset mechanism. This allows the hasp to be locked with a gate that doesn't rely on a spring. Even without the hasp shroud, there is no way to shim this lock. The best you could hope for is to wiggle a very thin wire in through the reset slot on the back to probe for the various gate positions.

If nothing else, the inner workings are innovative. It's simultaneously bizarre but fitting that Master would test new technology in a "toy" lock like this one. Perhaps there's a way to make it scale, either via more positions per wheel, or more wheels to gain more state space.

Flexible operating systems

noreply@blogger.com (Ax0n) — Wed, 13 Jan 2010 02:12:00 +0000

A while ago, John from TAOSSA mentioned something under his breath (or as much as one can do so with a keyboard) about Gentoo Linux. I replied with the fact that I learned the (very) hard way that if you think you want to play with Gentoo, you actually want to play with Arch Linux.

Gentoo is flexible -- perhaps maybe a bit too much so for most people. And it requires a lot of setup. Arch starts small, but it's not minimalist. There's a specific philosophy to most distribution families. It so happens that Arch Linux' philosophy is similar to that of another OS that I love: OpenBSD.

Arch values code correctness and cleanliness over convenience. They start you out with a small but powerful core that doesn't have a GUI or many fancy apps installed, but they provide you with everything you need in order to have your ideal setup running pretty quickly. While most Linux distributions make broad-sweeping assumptions about what the end-user will want or need to do. Flexible operating systems do no such thing. They might require a little bit more work to get set up, but what you end up with will be precisely what you want, not just something that you can make work.

Also, HiR got about 3.5 seconds of fame via Mubix on Hak 5 Episode 621 (a little after the 3:00 mark). Mubix mentioned most of what he was doing with FreeBSD was shell stuff. All of the BSDs require some work to get all configured and ready to use with a GUI, they don't go too overboard on assumptions.

For example, the things I do first on both ArchLinux and OpenBSD:

Set up package repositories. In OpenBSD, set PKG_PATH to the URL of a package mirror. In Arch, un-comment some lines in /etc/pacman.d/mirrorlist
Install sudo and give the %wheel group sudo access.
Create a user-level account, place it in the wheel group.
Log off, log on with my user-level account
Start adding packages and setting things up!

It's up to you to figure out what packages you want. X.org, a window manager, web browser, IM client, a word processor, and your favorite CLI tools are probably the first things you'll want to set up. Or maybe you just want an AMP web server. Flexible OSes do both of these things well and without much fanfare. Truly, you make your own distribution with every install.

Arch Linux is interesting in that there is no "release" schedule. You just perform "pacman -Syu" to upgrade all the packages to the latest stable version. Upgrading OpenBSD can be a bit more of a pain, so I genuinely like how Arch handles it.

Minimalist distributions (DSL, TinyCore and Puppy Linux come to mind) still make too many assumptions. Although they're tuned for systems that have limited resources and they can be tweaked and expanded quite a bit, you may find that the partitions aren't configured the way you want, that the organizer included applications that you don't need, or worse: they compete with the applications you'd rather be using.

New year, new opportunities. Want to hire me?

noreply@blogger.com (Ax0n) — Sun, 10 Jan 2010 05:39:00 +0000

I am officially on the prowl for a new job. I have many passions related to technology, security, and writing. I'm currently in Kansas City and if the deal is sweet enough, I'd be willing to relocate. I have a quiet, distraction-free home office that's perfect for telecommuting if you're not in the area. If you know someone who could put my skills to good use, let me know. I can be reached via e-mail at ax0n (at) h-i-r.net or via GVoice: 913-259-4HiR. Full Resume available upon request.

I'm genuinely jazzed about what opportunities lie ahead for 2010!

Free Antiviruses

noreply@blogger.com (Ax0n) — Wed, 30 Dec 2009 01:56:00 +0000

I'm not a huge proponent of anti-virus. It's not that I think I won't get one. It's just that I'm usually running an OS that's not a big target for viruses. I can't even list one AV tool specifically for OS X, BSD or Linux, but I'm sure something exists. I just stick with NoScript and RequestPolicy on FireFox to keep the browser malware at bay.

With Windows 7, I figured it might be time to look into AV if for no other reason rhan to get rid of the nagging system tray icon warning me that my computer might be at risk. Then, just today, Keith posted a list of free AV solutions for Windows. I went with MS Security Essentials. It stays out of the way for the most part from what I've seen, but it's not like I've tried pulling up a bunch of Russian Serialz, Crax & w4r3z sites or any crap like that -- A move I'd consider to be asking for trouble.

I know plenty of readers are Windows users, by choice or by force (employer?)

What have you had the best luck with? What other anti-malware tools are you using for yourself or for others who already hosed their systems up?

From the comments: Apache + UserDir + Chroot on OpenBSD

noreply@blogger.com (Ax0n) — Tue, 29 Dec 2009 16:48:00 +0000

In the comments on the OpenBSD 4.6 OAMP article, azhax and I hashed out how to get UserDir functioning in a chroot. I don't usually need UserDir, but it's a common configuration for multi-user systems such as those found at universities and ISPs. It's definitely worth covering.

UserDir is the configuration directive in Apache that lets you use tilde shortcuts for users' web directories. ex. http://some.server.edu/~axon/

The first thing you need to do is realize that when Apache is running in a chroot in the default OpenBSD install, Apache can't access anything outside of /var/www. The default OpenBSD apache install comes with a directory created for this: /var/www/users

First, edit /var/www/conf/httpd.conf and uncomment the "UserDir /var/www/users" line, and delete or comment out the "UserDir disabled" line. Use whatever editor you're happy with, but you may need to chmod it first, or use :w! in vi, since the file is read-only.

Then, I created a directory for my user account, gave myself ownership of the directory and created a public_html symlink to my home-directory. Keep in mind some ftp servers do not like to follow symlinks in the name of security, but SCP or SFTP might do just fine with this.

$ sudo mkdir /var/www/users/axon

$ sudo chown axon /var/www/users/axon

$ sudo ln -s /var/www/users/axon ~axon/public_html

And finally, I restarted apache. "apachectl restart" doesn't always work properly, so start it manually after stopping it with apachectl.

$ sudo apachectl stop

$ sudo /usr/sbin/httpd

Thanks go to azhax for asking how this one is done. It's definitely more involved than your average Ubuntu Server install, where only a public_html directory is needed in users' home directories and little else. If you find that most of your users will need web directories, you may want to create a script to put in /usr/local/sbin that you can run with sudo after running adduser just to make it a little easier.

#!/bin/sh#addwebdir.sh
#syntax: addwebdir.sh [username]
mkdir /var/www/users/$1
chown $1 /var/www/users/$1
ln -s /var/www/users/$1  ~$1/public_html

Windows 7 on a MacBook: Kind of a pain to install

noreply@blogger.com (Ax0n) — Mon, 28 Dec 2009 21:08:00 +0000

But it's sweet once it works with all the drivers installed

Let me step back a bit. I already had a license for Win7 Home Premium upgrade. That means I had to install it on top of Windows XP or Vista. So, I had to install XP Home first, which I also had a license for. Getting XP up and running was the root of my issues.

A while back ago, Apple pushed out an EFI update that supposedly removed the necessity to use BootCamp to install Windows or any other OS, really. With a spare partition on my hard drive, I decided to clobber Ubuntu, and install Windows XP over it. That ended up trashing the entire partition table, and bricking my MacBook.

Time Machine to the rescue. 3 hours later, I had restored my OS X partition from bare-metal to a point-in-time backup where the only thing I lost was 30 minutes of browser history. In other words: it worked perfectly. 45 minutes later, XP was installed, but the boot.ini file was pointing to the wrong partition. Using the XP recovery console to attempt a repair, I had whacked my partition table. AGAIN. Wash, Rinse, Repeat.

You need XP SP2 or higher, as it turns out. I guess I should have read the entire Boot C(r)amp manual first. I used BootCamp Assistant to create the partition this time, instead of partitioning it during restoration with the OS X install CD. Once XP Home SP2 was installed, I was without any drivers. The OS X CD supposedly contains them, but it was showing up as a blank disk when inserted. I wasn't worried about video drivers, or audio, or anything other than getting it on the network so I could activate Windows and commence the upgrade to Windows 7. For that, I ended up using a Linksys USB wireless adapter (and the driver CD). Then it was home-free.

Windows 7 installed fine without a lot of problems. It had many of the drivers already built-in, including the wireless. The audio and touch-pad drivers were sub-par, though. Other things like the iSight had non-existent support. Again, the OS X DVD I have wasn't showing the drivers under Windows 7 either and the BootCamp download from Apple wouldn't even run. I finally found a BootCamp driver download on the Digiex forum. Of course, you will want to use third-party supplied drivers at your own risk, but it seems to be working pretty well.

All in all, I burned almost an entire waking day attempting to get Win7 installed on my MacBook. A good part of that was the initial install of XP. Going straight to Win7, at least once you have the drivers, is probably not too bad. I can't stress enough how important it is to have a good Time Machine backup before you start, though.

End result:

Let it never be said I'm completely bigoted when it comes to Microsoft. My wife has been using 7 for a few months, and I'm already digging it. This may be Microsoft's best Windows release since Windows 2000, which I also had plenty of good things to say about.

Time will tell as I put it through its paces, but usability is just as good as OS X now that all the drivers are working properly, and this is a rather comfortable operating system for daily use.

Guest Post: Setting up a Pfsense firewall

noreply@blogger.com (Ax0n) — Tue, 22 Dec 2009 15:41:00 +0000

This is a guest post by BIOSshadow. You can follow him on Twitter and at his blog, Geek Crack.

Pfsense is a free, as in speech and beer, firewall for home, business, and any other purpose you can think of. It's based on FreeBSD, so it's very stable and has a very good TCP/IP stack. It has a serious feature list.

I have to explain how little PfSense needs in the hardware department. My setup is an old desktop computer that a client gave me because it "went bad." The power supply unit blew out during a lightning storm in the middle of the night. Anyway, it's a single core Intel processor, I am not sure what speed, with 512 MB of RAM, and a 40 GB hard drive. Now the only reason I have 40 gig is because it was easier to keep in there than fight the case, and put in a 10 gig I had around. So any basic computer you have around will work. But as with any computer, the more memory the better. I will get into that later.

You will need a video card/monitor and keyboard and of course a Pfsense CD. USB keyboard will work, a PS/2 won't need to load extra drivers. After the install and a little configuring is done, you can remove the video card/monitor and the keyboard, you can do everything through the web panel or SSH connection, if you turn it on.

Now onto the setup. (Note: For the screenshots I am using VirtualBox. This for the screenshots only). When it boots up to the bootloader, you want to boot with default, either by waiting for the timer to run out or by hitting enter.

Now if you have two NICs, which I recommend, you do not need to setup VLANs, but you can. If you only have one NIC, you need to setup at least two VLANs.

Now this is one of the great things about Pfsense that I can't find anywhere else: You unplug the ethernet cables, and it askes you to plug in the LAN cable into the LAN NIC. Then it does the same for the WAN cable and NIC. Now if you want to setup a DMZ with third NIC this where it do it.

Pfsense will ask you if you want to proceed and then build the config files and startup all the daemons, like the Web Panel and others. Congrats! You have running Pfsense firewall, but everything is in memory and running from the CD. If you want run it like this then you are set, but if the power goes out you will have to set it up again using a backup config file or from scratch. If you want to install to a hard drive you will need to type "99" and hit enter to continue.

The hard drive installation is menu-driven and easy to use. If you are having issues, feel free to edit the setting and accept when done.

Select "Install PfSense" and select the hard drive you want to use. Format the disk and select "use this Geometry".

If you are lucky enough to have a muilti-processor system or are using a embedded system, select those options. Now remember this is "muilti processor" not "muilti-core processor".

Now Pfsense is installed and ready to go. Just restart it and remove the disc.

After the reboot, we will need to setup local IPs and their ranges. Unless, of course, you have a separate DHCP server, then set it up to connect to the server.

The IP settings are all up to you, I used a normal home setup for the sanity of my family (networked printers, NAS, and etc.) just remember the IP you give Pfsense, because you will need it to access the Web Panel.

Now you are all set up. You can unplug the monitor and keyboard, and other stuff were using for set up.

Now back on your computer, open up a browser and go to the IP of Pfsense. The default username is "admin" and the default password is "pfsense".

Of course, you want to change the password and if you want, you can change the username as well. To do so on the red navigation bar at the top, hover over system and click on General.

To enable SSH, which I recommend, you need to go the the Advanced section of the System Menu.

If your ISP is like mine, your MAC address is tied to the account and if you use it, you don't get access to the Internet. To edit it Go to Interfaces and then WAN.

Now you have working Pfsense firewall, have fun!

There are a few things Pfsense lacks, like a Squid proxy and A/V scanner. But it makes it up with its packages. It has quite a few packages, but remember: the more packages, processes and packets it handles, the more memory it uses and the lag increases. But they have packages for Snort, Squid, SquidGuard, and an A/V scanner.

Well there it is: a completely setup and configured Pfsense, with A/V scanning, proxy and traffic monitor.