As the guy on stage giving the presentation, I feel the need to comment. I see Nick was already here ahead of me covering most of the points, but I figured I'd chime in.
The FlightGear Demo video was, as Nick mentioned, a way to show that it was possible to put ADS-B data into the air with equipment available to any hobbiest. We used a flight sim and a dummy load because at no time would we ever put real data into the air without proper permissions and safety precautions. As much as I want to know what would happen, I have no desire to see anything bad happen to any aircraft or members of the flying public. It was a proof of concept to show the theory and a potential tool to test these theories.
I fully admit I dont know the system inside and out. I dont see how someone needs to be in order to spot things that are just not right.
In all the comments, much was said, but little evidence was offered. If you have evidence that you can share publically, please do so. Contact me at renderlab.net and prove me wrong. I would love to do a presentation where I answer all of my questions to my complete satisfaction.
A few points were raised repeatedly that I'd like to address:
"But multilateration takes care of that". Really. Please show me the report. What was the methodology for establishing that as adaquate?
"But pilots and controllers are smart people" They are also human and make mistakes. Training and preperation are going to be key to solving this
"Publicity seeking" Yes, I am seeking publicity, to get the aviation authorities to open up about these issues and provide some transparancy into the
"Try to hack it, nothing will happen". I want to, with permission of course. This is why I'm asking anyone who has access to aircraft, ATC operations gear, manuals, avionics, etc. To come forth and let us test our theories publically. If everything is secure and safe, then the worst thing that happens is I look a bit foolish, but we all can fly home feeling a bit safer.
Yes, there may have been errors in the slides. I admit so right at the beginning. The aviation industry is more acronym happy than the computer industry. Some of the numbers are from official documents and older versions of SOP's or summaries or any number of sources. Until I have the controllers procedures and standards manual in my hand, I only have publically available documents to go from, which may contain variations or errors. I'm human.
Lastly many comments questioned my motives and the logic of going public. I set out to prove to myself that ADS-B and NextGen were safe. I failed in that. I do not think it is as secure and safe as has been made out to be. I kept trying to prove to myself it was safe but every avenue turned up more evidence to the contrary. I exhausted all the documents and resources I could find and so wanted to turn to the hacker community that I know and love and get thier help in trying to prove my theories wrong. These theories have been around longer than I and are most certain to have been discussed by existing bad guys. As was stated many times, dont shoot the messenger.
TL;DR version: Show me your evidence, prove to me NextGen is safe. Let us test it for ourselves publically.
The RFID reader was for access to the big door for customers/staff. There's a whole lot more behind door number one. It's not like you walk straight into the racks or anything. Mantraps, guards, etc. before you get to the fun stuff.
The best data center I've seen is an un-named co-lo company in Canada who has their operations on the top floor of a mall in what used to be movie theaters.
The escalators go up to the floor and promptly end at a wall. A one way mirror hides an RFID reader which 'open sesame' style activates the wall to move and let you in.
No signs, or outward indications as to it being there. Lotsa space, redundant everything and all hiding in plain sight. It was pretty cool.
At this past years Defcon Hacker conference in Las Vegas a buddy of mine, after seeing your beer cooling episode decided to hold a 'beer/beverage cooling contraption' contest among the attendee's. At a hacker convention known for copius amounts of alcohol and in ~120F temp, it was a great idea.
There were Several different entries all using different styles. My entry was a styrofoam cooler filled with isopropyl alcohol and dry ice, creating a ~-65F bath that was good at rapidly cooling the beer, but not so fast as to be impossible to regulate immersion time and keep from freezing it into a beer block of ice! The solution worked so well and stayed so cold I kept the cooler with me, flash chilling everyones drink that went by for the rest of the weekend.
All that said, after participating in a contest spawned by your investigation and creativity, I was wondering what sort of other events, contests, research, contraptions, etc that you (and your undercredited build team!) had been named (or blamed) as the inspiration for, and which was your favorite?
P.s. We are having another beer cooling contest next year, we need judges!
I think that there's alot of crap floating around about the idea of downloading TV shows.
Is it piracy if I am paying for the cable channels the show is broadcast on and I record it to watch when it's more convenient and I can fast forward through commercials? The Betamax decision says no (for the moment anyways).
So why is there anything illegal about me getting a copy of a broadcast I already paid for from someone else?
It's just time shifting. It think that thier panties are in a twist over situations like a UK viewer downloading '24' *before* it's broadcast over there (alternatly, the new 'Battlestar Galactica' series released in the UK first, downloaded by N.Americans before US broadcast).
Someone needs to wake up to the fact that there is demand for these shows and that regional distribution is not a viable containment method anymore. The people want to see it and are going to get it one way or another. Might as well make it widely available.
My ISP is the cable company. I'd gladly pay a fee if they would buffer, say, a month of broadcast on a 'groupTivo (tm)' that I could access at my convenince. Pay for what you view, watch alot pay more. Watch a little, pay a little. Watch alot, pay more.
Actually, that was BigEZy. He did drive all the way out to LA before the start of the competition, provided evidence of his being there at the time of the contest, but through some technical goofs, they did'nt get thier data in by the deadline and so the LA run did'nt count.
I know this because I was one of the other contestants who was angry and impressed by the interesting interpretation of the rules.
FCC regulations for unlicensed spectrum mean that it's basically a free for all, you have to accept interference. You can't complain (technically anyways), and you can't intentionally screw with or overpower thier signal.
However, being a good neighboor can solve the problem with a bit of leg work.
My neighboorhood was the same way, AP's on different channels all over the place causing no ned of problems. I did a little direction finding, knocked on the doors and explained the problem. Ended up orginizing the entire block so that everyone was using non-overlaping channels and no-one was interfering with each other. Solved alot of thier problems as well in doing so.
Perhaps you might speak to your neighboors and see if you can bring a little orginization to the chaos. I'm betting your not the only one who's having problems, I'm sure your neighboors would love the help.
I've participated in the Lockpick contest for the last 2 years. It's been a blast. Quite a challenge too. The book is'nt anything hugely groundbreaking (check out Security.org for a really amazing book), but it's a good thing to read if your curious or if your like me and are not very good at explaing how to do it to others.
I just find lockpicking facinating because it's yet another case of people proving manufacturers claims are often highly exadurated, or just full of BS. Knowing, and proving for yourself what makes a good lock vs. a bad lock fits well into the computer security dynamic (Physical security anyone?). That extra $1-2 for a master brand lock can buy you several minutes more security vs. a cheap look alike that can be shimmed in about 3 seconds, kind of useful to know. They can both be opened, but your less likely to have a thief willing to be exposed for several minutes than for a few seconds. The Kyptonite vulnerability now makes everyone re-think trusting the manufactureres claims now does'nt it?
It's also a handy skill for those inevitable times when someone locks the server cabinet and loses the key and you don't want to pay a locksmith through the nose. I also use my skill in security audits to very dramatically show how little security that cheap lock on ther server room provides.
I've got some descriptions of the contests and LP resources up at my site and some links to videos and the MIT guide if anyones curious.
Just remember that there is little a set of bolt cutters, a crow bar, or a sledge hammer can't get through. Lockpicking is the 'elegant solution' to that (literal) brute force.
Yeah that was me. Won the Fox&Hound Minigame. Not wanting to toot my horn at all, These kids did alot more than I did and deserve the attention and I hope to compete against them next year.
I was in the second row, middle block 3rd seat in from speakers left. I probobly have a picture of the back of your head there vbrookslv.
I was blown away by these guys too. It was most impressive because they had the stuff lying around, made a decision to enter and did it. Despite parents objections they made the trip and got a standing ovation and a heap of well earned praise.
They did'nt brute force it by just adding more power (they said they were only at about 600mw), they just sat down and did the math to build the dish right. Far more design thought than several people I still see claiming pringles cans are the greatest.
I just love the fact they also build some targeting equipment and were using linear actuators to align the dishes. Just brilliant. I wish them the best, and a safe drive home.
It just seems fitting that Douglas Adams had the forsight to record the lines for a character who always dies, so that he himself could be re-incarnated in a way.
Lets just hope he does'nt mind coming back as a potted plant at some point
Since your co-workers/friends seem to be having the same problem, help them too. It might just be as easy to arrange to have the SO's get together for a weekly (insert common interest here) meet while you go gib your friends.
Still will probobly cut into your gaming time, but at least they are doing something as well and not feeling ignored.
The internet is great for finding quick facts and information for curiosity, work, or to settle a bet (done that more than once!)
The internet is probobly my primary source of information, but far from my only one. The skill of knowing WHERE to look for something is the most valuable. Using the internet to find deadtree to read is very useful, and even for finding places to get obscure books is a huge resource.
I just shudder to think about how much knowledge will be lost when future generations don't know of anywhere else but the internet to go for information.
Now here is a man that has mastered Double-think if I ever saw one.
I'm wondering if I should start hounding him to replace my DVD when it gets stepped on since it's 'timeless'
Hackers = Terrorists??..
on
Ask Kevin Mitnick
·
· Score: 2, Insightful
It's been agreed upon by yourself and others that what you did was wrong but the punishment did not fit the crime.
With more and more people getting caught up in the 'hacker = terrorist' retoric of late, especially those in high places, changing minds is more important than ever. I shudder to think of what would happen if your activities had occured a few years later (that whole 'whistle launch codes into a phone' thing...).
What do you think is the most important thing that the hacker community should do to make sure that cases like yours don't occur again, and that cases involving computer crime are treated fairly and not trumped up to terrorism?
As a wardriver, I think that this would definatly confuse and annoy anyone driving around.
However I've noticed that companies with wireless AP's tend to be in clusters in close vicinity to each other. I'm just wondering what the effects on the persons neighboor would be. I could just see someone running this and just confusing the hell out of his neighboors. It would be even worse if the fake broadcasts were on different channels, then there would be real chaos with legit users.
Fun to play with, but not practical for production since a determined attacker would wade through the data to get your real SSID
Slashdot Mirror
I would like to point out for the record, this is the group that decided it appropriate to label thier conference tracks 'new f#gs' and 'old f#ags'.
http://www.rogueclown.net/what-are-those-track-names-again/
I'd be curious how much the tiger has changed its stripes
Greetings,
As the guy on stage giving the presentation, I feel the need to comment. I see Nick was already here ahead of me covering most of the points, but I figured I'd chime in.
The FlightGear Demo video was, as Nick mentioned, a way to show that it was possible to put ADS-B data into the air with equipment available to any hobbiest. We used a flight sim and a dummy load because at no time would we ever put real data into the air without proper permissions and safety precautions. As much as I want to know what would happen, I have no desire to see anything bad happen to any aircraft or members of the flying public. It was a proof of concept to show the theory and a potential tool to test these theories.
I fully admit I dont know the system inside and out. I dont see how someone needs to be in order to spot things that are just not right.
In all the comments, much was said, but little evidence was offered. If you have evidence that you can share publically, please do so. Contact me at renderlab.net and prove me wrong. I would love to do a presentation where I answer all of my questions to my complete satisfaction.
A few points were raised repeatedly that I'd like to address:
"But multilateration takes care of that". Really. Please show me the report. What was the methodology for establishing that as adaquate?
"But pilots and controllers are smart people" They are also human and make mistakes. Training and preperation are going to be key to solving this
"Publicity seeking" Yes, I am seeking publicity, to get the aviation authorities to open up about these issues and provide some transparancy into the
"Try to hack it, nothing will happen". I want to, with permission of course. This is why I'm asking anyone who has access to aircraft, ATC operations gear, manuals, avionics, etc. To come forth and let us test our theories publically. If everything is secure and safe, then the worst thing that happens is I look a bit foolish, but we all can fly home feeling a bit safer.
Yes, there may have been errors in the slides. I admit so right at the beginning. The aviation industry is more acronym happy than the computer industry. Some of the numbers are from official documents and older versions of SOP's or summaries or any number of sources. Until I have the controllers procedures and standards manual in my hand, I only have publically available documents to go from, which may contain variations or errors. I'm human.
Lastly many comments questioned my motives and the logic of going public. I set out to prove to myself that ADS-B and NextGen were safe. I failed in that. I do not think it is as secure and safe as has been made out to be. I kept trying to prove to myself it was safe but every avenue turned up more evidence to the contrary. I exhausted all the documents and resources I could find and so wanted to turn to the hacker community that I know and love and get thier help in trying to prove my theories wrong. These theories have been around longer than I and are most certain to have been discussed by existing bad guys. As was stated many times, dont shoot the messenger.
TL;DR version: Show me your evidence, prove to me NextGen is safe. Let us test it for ourselves publically.
The RFID reader was for access to the big door for customers/staff. There's a whole lot more behind door number one. It's not like you walk straight into the racks or anything. Mantraps, guards, etc. before you get to the fun stuff.
Can't say (signed NDA to get the tour) but it's smack in the middle of a major western Canadian city.
The best data center I've seen is an un-named co-lo company in Canada who has their operations on the top floor of a mall in what used to be movie theaters.
The escalators go up to the floor and promptly end at a wall. A one way mirror hides an RFID reader which 'open sesame' style activates the wall to move and let you in.
No signs, or outward indications as to it being there. Lotsa space, redundant everything and all hiding in plain sight. It was pretty cool.
on the main mission site linked to in the article, they have an mpeg posted of the seperation
/ sts-121/mpg/srb_fd01h_ra.mpg
http://spaceflight.nasa.gov/gallery/video/shuttle
Quick bit of backstory:
At this past years Defcon Hacker conference in Las Vegas a buddy of mine, after seeing your beer cooling episode decided to hold a 'beer/beverage cooling contraption' contest among the attendee's. At a hacker convention known for copius amounts of alcohol and in ~120F temp, it was a great idea.
There were Several different entries all using different styles. My entry was a styrofoam cooler filled with isopropyl alcohol and dry ice, creating a ~-65F bath that was good at rapidly cooling the beer, but not so fast as to be impossible to regulate immersion time and keep from freezing it into a beer block of ice! The solution worked so well and stayed so cold I kept the cooler with me, flash chilling everyones drink that went by for the rest of the weekend.
All that said, after participating in a contest spawned by your investigation and creativity, I was wondering what sort of other events, contests, research, contraptions, etc that you (and your undercredited build team!) had been named (or blamed) as the inspiration for, and which was your favorite?
P.s. We are having another beer cooling contest next year, we need judges!
I think that there's alot of crap floating around about the idea of downloading TV shows.
Is it piracy if I am paying for the cable channels the show is broadcast on and I record it to watch when it's more convenient and I can fast forward through commercials? The Betamax decision says no (for the moment anyways).
So why is there anything illegal about me getting a copy of a broadcast I already paid for from someone else?
It's just time shifting. It think that thier panties are in a twist over situations like a UK viewer downloading '24' *before* it's broadcast over there (alternatly, the new 'Battlestar Galactica' series released in the UK first, downloaded by N.Americans before US broadcast).
Someone needs to wake up to the fact that there is demand for these shows and that regional distribution is not a viable containment method anymore. The people want to see it and are going to get it one way or another. Might as well make it widely available.
My ISP is the cable company. I'd gladly pay a fee if they would buffer, say, a month of broadcast on a 'groupTivo (tm)' that I could access at my convenince. Pay for what you view, watch alot pay more. Watch a little, pay a little. Watch alot, pay more.
Just my rant
Actually, that was BigEZy. He did drive all the way out to LA before the start of the competition, provided evidence of his being there at the time of the contest, but through some technical goofs, they did'nt get thier data in by the deadline and so the LA run did'nt count.
I know this because I was one of the other contestants who was angry and impressed by the interesting interpretation of the rules.
FCC regulations for unlicensed spectrum mean that it's basically a free for all, you have to accept interference. You can't complain (technically anyways), and you can't intentionally screw with or overpower thier signal.
However, being a good neighboor can solve the problem with a bit of leg work.
My neighboorhood was the same way, AP's on different channels all over the place causing no ned of problems. I did a little direction finding, knocked on the doors and explained the problem. Ended up orginizing the entire block so that everyone was using non-overlaping channels and no-one was interfering with each other. Solved alot of thier problems as well in doing so.
Perhaps you might speak to your neighboors and see if you can bring a little orginization to the chaos. I'm betting your not the only one who's having problems, I'm sure your neighboors would love the help.
$20 of PVC pipe, an old hiking pack frame and you can build a pack to do whatever you want.
As long as the contests don't get overlapped again and I get a chance to rest my arms before the LP con, I'll kick your ass! :)
I've participated in the Lockpick contest for the last 2 years. It's been a blast. Quite a challenge too. The book is'nt anything hugely groundbreaking (check out Security.org for a really amazing book), but it's a good thing to read if your curious or if your like me and are not very good at explaing how to do it to others.
I just find lockpicking facinating because it's yet another case of people proving manufacturers claims are often highly exadurated, or just full of BS. Knowing, and proving for yourself what makes a good lock vs. a bad lock fits well into the computer security dynamic (Physical security anyone?). That extra $1-2 for a master brand lock can buy you several minutes more security vs. a cheap look alike that can be shimmed in about 3 seconds, kind of useful to know. They can both be opened, but your less likely to have a thief willing to be exposed for several minutes than for a few seconds. The Kyptonite vulnerability now makes everyone re-think trusting the manufactureres claims now does'nt it?
It's also a handy skill for those inevitable times when someone locks the server cabinet and loses the key and you don't want to pay a locksmith through the nose. I also use my skill in security audits to very dramatically show how little security that cheap lock on ther server room provides.
I've got some descriptions of the contests and LP resources up at my site and some links to videos and the MIT guide if anyones curious.
Just remember that there is little a set of bolt cutters, a crow bar, or a sledge hammer can't get through. Lockpicking is the 'elegant solution' to that (literal) brute force.
Yeah that was me. Won the Fox&Hound Minigame. Not wanting to toot my horn at all, These kids did alot more than I did and deserve the attention and I hope to compete against them next year.
I was in the second row, middle block 3rd seat in from speakers left. I probobly have a picture of the back of your head there vbrookslv.
I was blown away by these guys too. It was most impressive because they had the stuff lying around, made a decision to enter and did it. Despite parents objections they made the trip and got a standing ovation and a heap of well earned praise.
They did'nt brute force it by just adding more power (they said they were only at about 600mw), they just sat down and did the math to build the dish right. Far more design thought than several people I still see claiming pringles cans are the greatest.
I just love the fact they also build some targeting equipment and were using linear actuators to align the dishes. Just brilliant. I wish them the best, and a safe drive home.
It just seems fitting that Douglas Adams had the forsight to record the lines for a character who always dies, so that he himself could be re-incarnated in a way.
Lets just hope he does'nt mind coming back as a potted plant at some point
Since your co-workers/friends seem to be having the same problem, help them too. It might just be as easy to arrange to have the SO's get together for a weekly (insert common interest here) meet while you go gib your friends.
Still will probobly cut into your gaming time, but at least they are doing something as well and not feeling ignored.
The internet is great for finding quick facts and information for curiosity, work, or to settle a bet (done that more than once!)
The internet is probobly my primary source of information, but far from my only one. The skill of knowing WHERE to look for something is the most valuable. Using the internet to find deadtree to read is very useful, and even for finding places to get obscure books is a huge resource.
I just shudder to think about how much knowledge will be lost when future generations don't know of anywhere else but the internet to go for information.
Now here is a man that has mastered Double-think if I ever saw one.
I'm wondering if I should start hounding him to replace my DVD when it gets stepped on since it's 'timeless'
It's been agreed upon by yourself and others that what you did was wrong but the punishment did not fit the crime.
With more and more people getting caught up in the 'hacker = terrorist' retoric of late, especially those in high places, changing minds is more important than ever. I shudder to think of what would happen if your activities had occured a few years later (that whole 'whistle launch codes into a phone' thing...).
What do you think is the most important thing that the hacker community should do to make sure that cases like yours don't occur again, and that cases involving computer crime are treated fairly and not trumped up to terrorism?
As a wardriver, I think that this would definatly confuse and annoy anyone driving around.
However I've noticed that companies with wireless AP's tend to be in clusters in close vicinity to each other. I'm just wondering what the effects on the persons neighboor would be. I could just see someone running this and just confusing the hell out of his neighboors. It would be even worse if the fake broadcasts were on different channels, then there would be real chaos with legit users.
Fun to play with, but not practical for production since a determined attacker would wade through the data to get your real SSID
Just my $0.02
My question is, if they are doing this with software to switch between those protocols, what new and funky harware are we going to need?
It would be really cool if they could get an 802.11 to talk to bluetooth and others.
Just adding my $0.02 to the comments.
Congrats Taco, I only hope that when I find someone I can propose in such a grandiose fashion.
Attrition.org has a pic of a bunch of enterprising individuals who taped off the entrance to a cubicle and filled it with foam peanuts Here's the pic