SSL problem, it wasn’t me!

broken keyI just assumed that the problem was related to my recent SSL renewal.  Turns out, Google security recently published Distrusting WoSign and StartCom Certificates and removed them from chrome.  How did I miss this?  It turns out that the SSL on my site has been broken on Chrome for some time.  It must be that I have been using Brave recently as my daily browser.  I moved this site to letsencrypt.org and it’s working fine for everyone now.  I don’t even know how much time I waisted on this one.  wow.

Ubiquiti’s USG router steps up with dual wan support!

I was very excited to discover this feature listed in my Unifi controller today.  You can now repurpose the VOIP port to act as a WAN2.  The ironic part is that i don’t believe the VOIP port serves any actual VOIP function as of yet.  I’ve been recommending these USG routers since I learned of their existence. Unfortunately a lot of my clients want dual WAN and until now, the Unifi Security Gateway fell short.  No longer, Ubiquiti has a really great product line with the Unifi.  I am continuously discovering great new innovation with the latest update to their software, firmware, or cloud platform.  I have been waiting for this!

Unifi WAN2 option

Modernizing a lifebook from 2003 with Lubuntu

Lubuntu 11.04 My doc was a bit confused about the age of this computer when he gave it to me to setup.  We spoke about a 5 year old laptop. It turned out to be a beast from 2003: a Lifebook n series by Fujitsu.  I’ve always said that Fujitsu must be run by a supervillain or at the very least, a rebel billionaire.  They make industrial equipment and infrastructure, while at the same time making laptops and other select home electronics.  Like someone just wanted their ideal laptop and then as an afterthought sold it as a product.  Don’t get me wrong, I am not trying to disparage Fujitsu in any way.  Quite the opposite in fact.  I have relied on their hard drives for my most precious data and their Lifebooks have always been some of the best out there.  The fact that this 13+ year old laptop is operating with all original parts and a working battery is testament to Fujitsu’s commitment to quality.

My first clue was the XP sticker.  I decided to go with Lubuntu, a minimized variant on the popular Ubuntu Linux.  Ubuntu is a wonderful distribution, especially for those new to Linux, but it’s built on top of Debian, so it’s not just for beginners.  For years, I’ve used some of the older (still supported) Ubuntu versions for old machines.   I hate to see workin computers fail because of a lack of software support.  Thanks to the good people at Lubuntu, Ubuntu, GNU/Linux, this is a thing of the past. This guy is running all the latest in security and cryptographic technology, a fully modern web browser and a full suite of productivity software fully compatible with the latest MS Office.

 

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to created some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.

Mac Pro takes a dive. There went my Sunday.

I return to my computer after letting it idle to this maelstrom. Pinwheel of death to 11!  Luckily I was left with at least one tool in my belt. Initial signs point to Disk I/O but with SSD??  Sometimes I feel like the cobbler with no shoes.  no such thing as a day off.

Mac Pro - Force Quit Window

UPDATE! – It was drive related, but not my boot drive. Apparently all this was caused by file system corruption on an external drive. it’s not that it wasn’t in use, but that drive was certainly not in use by all of these applications.  It was a drive that contains large files that don’t require especially high performance (like my bitcoin blockchain).  I must now give a shout out to DiskWarrior for saving my Sunday.