Slashdot Mirror
OLPC's XO As a Wireless Hacking Tool
twistedmoney99 writes "InformIT.com has a whimsical yet intriguing look at the OLPC in an article series titled "One Leet Pwning Child — Give one, Get Owned". Part one details how to upgrade the core system with some extras, but part two is where the fun begins as the author converts the OLPC into a lean green hacking machine to enable wireless sniffing, setup the OLPC for vulnerability assessments, and stage the device for a little autopwning with Metasploit."
Might just be virgin messing with me but the site isn't loading well, so here's the 1 page version
and the google cache
IranAir Flight 655 never forget!
I like the name of the article. It makes me feeling like participating in the GOGO program all of a sudden...
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
Great. Now we'll have to worry about those leet African hackers doing phishing.. Oh wait.
Does it come with Zealous Autoconfig?
Nigerian scams just got more interesting. :)
-- All this knowledge is giving me a raging brainer.
Sounds interesting! And there is one of these cut-down bare-bones minimalistic machines on ebay for just £389 plus postage.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
Wasn't it the whole point behind these things---to make kids more technical/geeky. It would've been a complete waste if everyone just used it for email and word processing.
Now if only actual kids in 3rd world countries did cool things with these laptops---like coding/hacking/whatever.
"If anything can go wrong, it will." - Murphy
The wireless sniffing section seams a bit weak, if they can Dsniff working, would aircrack-ng not also work?
On an active network, with a bit of patience, aircrack & wireshark can get you all the information you need without leaving a trace, (granted if its a WPA network with a good key its a lot of patience).
IranAir Flight 655 never forget!
I'm sure someone will happily correct me if I an wrong here. However, seems to me that just about any wireless enabled linux box + same toolkits = wireless hacking tool. Nothing to see here folks, just move along please ;)
Teach a man to phish and he'll never be hungry again!
Computers can be used for hacking.
Obviously this must be stopped now! Think of the children.
Once they gain this forbidden knowledge, they'll threaten the social order in the god forsaken dirt hole where they live.
1. Distribute computers.
2. Children become L337 H4X0RZ
3. ???
4. Cthulhu
So a slightly modded (which is part of the original charter right?) OLPC can own the fleet of upcoming XP based OLPC's?!
Am I the only one who finds that more than a little amusing?
Sheldon
First off, parent should (IMHO) be modded as troll, because it has nothing to do with the subject, and looks intended to start a flame war. But just to debunk the argument:
I'd say the OLPC project has succeeded in a technical respect. It produced a computer that's rugged, cheap, power-efficient and flexible. And for the combination of properties, better than what existed before. What's more, if it didn't break open the market of cheap, ultra-mobile machines like the Asus EeePC, then at least accelerated that. Causing millions of people to use smaller, more eco-friendly computing devices than before.
From the education side, success needs more time to show, if it will happen. But progress is blocked here by political or market forces rather than technological options.
So even if the OLPC project hasn't (yet) succeeded in helping poor kids to connect to the rest of the world, and improve their education, it has done 2 things: a) realize part of that dream, and b) bring that goal closer.
-- Oh and btw. it's Nicholas Negroponte
Give a kid a fish, he eats for one day.
Teach a kid to fish, he eats for a lifetime.
Give a kid a laptop, and he empties your bank account.
Teach a kid to program, and your job is outsourced to him.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
I saw this article and ran to get my XO. Keep in mind I'm not a Linux user, so I type those command line instructions very slowly. After 15 minutes, I'm actively scanning my home network using Zenmap. If this goes well, I'll have to bring it along with me to a local, unidentified coffee shop! I personally think the most telling aspect of this excercise is that it has helped open the door of linux a little bit.
These things cost $400* each, so it's not exactly a cost effective tool. You can get a used laptop with built-in wireless for quite a bet less than that. There's one on ebay for $90 closing in four hours at the time of this writing, in fact.
*G1G1 price. I know they were alleged to be paying for additional laptops for impoverished children in foreign countries, but that seems really difficult for an outside party to audit, to me.
It does disappoint me that Negroponte doesn't want to think of the laptops as a product, though. They have some interesting features and selling them would have allowed them to grow the economies of scale necessary for the charity goals to be achieved.
Can you be Even More Awesome?!
So even if the OLPC project hasn't (yet) succeeded in helping poor kids to connect to the rest of the world, and improve their education, it has done 2 things: a) realize part of that dream, and b) bring that goal closer.
A dream can be a dangerous thing. The dream of nuclear energy can all too easily be perverted to the quest for nuclear weapons.
The dream of the OLPC was powerful, but it has been perverted into a Microsoft market development system.
I find it funny that using the very words from the "vision" of the OLPC constitutes a troll.
I will never understand why even bother with the OLPC...
Why not just use an Eee PC, it's a solid computer, and with the price you end up getting significantly more. Coming from someone who owns an Eee and has used an XO several times; I can tell you that the XO is inferior in so many ways. Not just with little things either, anyone who has tried using that screen in non-ideal conditions knows what I mean.
Hmm. I would have modded you 'Offtopic' or 'Flamebait'.
:)
- Offtopic because the topic was about the hardware, not the mission - (there are a lot of us disappointed by recent events).
- Flamebait because of the name-calling, which is pointless and typical of flamebait posts.
Mod this post 'Offtopic' because there is no 'Condescending' mod.
You can't talk about Wikipedia's flaws on Wikipedia
Perhaps the looming Microsoft specter will finally light a fire under the collective bottoms of all the F/OSS zealots out there to stop proclaiming the superiority of Sugar and start making it a reality.
Sugar, in its current state, is holding back the capabilities of the xo. Seems fitting that the devs jumped ship after all the big pieces were finished and it was down to the grueling and monotonous (yet very necessary) polishing of all the small stuff.
I'm not a fan of MS, but if the Sugar proponents can't get their act together it shouldn't bring down the rest of the project.
Offtopic because the topic was about the hardware, not the mission - (there are a lot of us disappointed by recent events).
I'm not sure I agree, obviously, because I think, and wouldn't you agree, that the mission of the OLPC is inseparable from how we evaluate its success, failure, or functionality?
Also, before you say calling Negroponte an ass was name calling, I would submit that it would be hard to find people who would disagree with it as a general purpose title.
I think he assumes that most of the XO laptops will be used just like ordinary kids use computers. This is "cool" in that the kids involved ordinarily wouldn't have the opportunity, but it's not "cool" in the geeky-cool sense.
Eventually, we'll also be hearing about some of those kids doing geeky-cool stuff with their XO, but AFAIK no story like that has hit Slashdot.
I agree with your appraisal of Negroponte.
Regardless, calling someone an ass is flamebait even when it's true.
Using his words to describe the mission was off-topic because the topic is: "OLPC's XO As a Wireless Hacking Tool."
You can't talk about Wikipedia's flaws on Wikipedia
So, you're supposed to be sneaking around and not raising suspicion while hacking on a brightly colored plastic computer that looks like a child's toy?? A generic laptop - or even better, a smartphone with wifi - allows you do do the same level of hacking, but look like your average person and not attract attention.
On the other hand, you can take advantage of the military's lust for ultimate weaponry to create a world where energy is cheap and efficient.
Symbiosis. It is perfectly reasonable for two groups with different goals to help each other out, especially if it has the potential to benefit both groups.
I have an XO, I love it - but Sugar sucks and the file management 'Journal' is idiotic and clumsy. I've found that the only way to get any productivity out of the thing when not simply surfing the web or checking email in the basic browser is to go to the terminal. Writing, saving, and sending a simple text document via the Sugar GUI and apps takes takes forever; I knew nothing of linux when I got it, but now do all my writing and email in the terminal with Midnight Commander, then use Lynx to email it out - I can do any text/email stuff 100x faster that way. I'm looking forward to the rumored 'ubuntu lite' I've heard whispers of - getting an XO prompted me to switch over the home box to Ubuntu, and having a portable system that runs the same would be great.
If no one has your back, time to move your back.
"I knew nothing of linux when I got it, but now do all my writing and email in the terminal with Midnight Commander, then use Lynx to email it out..."
Mission Accomplished.
"The Adobe Updater must update itself before it can check for updates. Would you like to update the Adobe Updater now?"
I'd been thinking similar thoughts about my OLPC, but with very different terminology. I'd been wondering whether, with appropriate software installed, it would make a good "net admin" tool.
;-)
Specific example: One of my other toys is a Mac Powerbook, which talks to the Airport that's attached to our local LAN (with a linux firewall/router). Yesterday was a very nice day, and I did as I've often done on other nice days: I carried the Mac out to the patio and tried to work from there. Without much success.
While I've done this a lot over the past few years, this time the wifi went into its "fluctuating access" mode. The wifi signal strength, according to the Mac's little wifi icon, changed on a time scale of seconds from near full strength to various intermediate valued, to no access at all. I grabbed my OLPC, carried it out to the patio, and it reported a constant near-max signal level from the Airport. But I can hardly do any work on the OLPC, because of the crippled Sugar GUI. The two laptops have nearly the same pixel count on their screens, but the Mac lets me have 3 or 4 non-overlapping Terminal windows open at the same time, while the OLPC only allows one.
Anyway, since the OLPC seemed to have no problems with the wifi, I'm wondering if I could use it somehow to diagnose the problem. The few times I've asked about such things on a Mac forum, the responses could be summarized as variants of the "It Just Works" mantra. I shouldn't worry my little head about things like this that are beyond my ken; I should just accept what's given to me. No clues about how I might diagnose such problems. Either that, or I should just pay for new hardware, which might not have the same problems.
Now, I'm quite aware that to the media, the very fact that I'd consider installing software to analyze local wifi transmissions immediately puts me into the "hacker" category. I try not to tell them that I've been known (and paid) to write such software. ("What sort of shady corporations would pay a hacker like you to do their dirty work?" Dirty as in diagnose and fix problems.
But it does occur to me that people here might be a bit more sympathetic. And it seems to me that if the poor kids in remote places can learn to use their OLPCs to "hack" the network around them, they could be a real service to their communities. The commercial folks aren't supplying their communities with service, and probably never will. Here in the US, the comm companies can't be bothered to supply decent service to remote areas, and never will unless those evil government regulators force them to.
So maybe we need an open project to take tools like the OLPC, the EeePC, and others like them, and turn them into good "hacking" platforms. That way, people in poor and rural areas can support their own comm system.
To me, this article just tells me how the media will spin it, to make such self-help efforts look criminal and subversive. But I can't even find decent diagnostic help for a wifi problem here in a Boston suburb from the makers of the equipment. Maybe it's time we get serious about finding ways to fix such problems ourselves.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Regardless, calling someone an ass is flamebait even when it's true.
:-)
Oh, that's just not fair. Surely "flaimebait" must follow the same legal restrictions for slander or libel, i.e. if its true, it isn't.
I'm confused... we give them a computer and assume they shouldn't be able to do everything that a computer should, including hacking. Do people seriously see this as a bad thing? If anything, this is good, we gave them a computer that acts like a normal computer, so what about the hacking...
Disclaimer: I am not god.
We may not be created equal
But we can be treated equal.
From the Slashdot FAQ: Offtopic -- A comment which has nothing to do with the story it's linked to (song lyrics, obscene ascii art, comments about another topic entirely) is Offtopic.
Flamebait -- Flamebait refers to comments whose sole purpose is to insult and enrage. If someone is not-so-subtly picking a fight (racial insults are a dead giveaway), it's Flamebait.
Troll -- A Troll is similar to Flamebait, but slightly more refined. This is a prank comment intended to provoke indignant (or just confused) responses. We've wasted enough electrons here, I think.
You can't talk about Wikipedia's flaws on Wikipedia
Plus, Sugar'll lead to tooth decay. That's hardly ideal.
Ezekiel 23:20
Computer runs software.
Film at 11.
...is about education...
Sounds like a great educational opportunity, indeed!
Freedom isn't free; its price is the well-being of others.
My guess is as long as they aren't able to make any significant sales and the Intel reps are able to keep coming in behind the OLPC and "talk" them into using Classmate instead that nothing will happen. The second that Intel feels they are a threat will be when we see an announcement from MSFT stating that "The OLPC is simply too underpowered to give an acceptable Windows experience and therefore after further consideration we simply cannot allow sales of XP to OLPC to continue." Of course by that time all the Open Source developers will have walked away in disgust and the OLPC will be dead in the water. On the bright side maybe when they have run it out of business someone will buy up the OLPC designs and sell it to everyone and thus letting economies of scale drive the cost down so it might actually someday approach the $100 as originally envisioned. But that is my 02c,YMMV
ACs don't waste your time replying, your posts are never seen by me.
Its not an olpc, but my EEE makes a handy platform for launching an attack, its small, its handy and it has that, its not possibly big enough to be a threat factor. Although,when I pair it with my 500 gig external drive that is happily chugging away, it probably looses a few innocence points. But overall, it is a great little platform and was worth every penny.
If you could actually find one..
It would be better to see this done on something like an E, at least that you can actually buy.
---- Booth was a patriot ----
http://wiki.laptop.org/go/Xfce
/usr/sbin/wifi-radar and change default eth1 to eth0)
su
yum install xfdesktop xfce-utils xfce-mcs-plugins xfce4-session
yum install xfce4-mixer system-config-date xfce4-genmon-plugin xfce4-systemload-plugin
yum install wifi-radar
(Edit
Once that's done, you'll have a much more useful XO.
Sugar is nice, but it just isn't ready yet.
That method is easier than putting Ubunut on the XO.
http://olpcnews.com/forum/index.php?topic=1435.0
and
http://olpcnews.com/forum/index.php?topic=1436.0
Should help you with the Ubuntu install.