Today, Slashdot posted a story to the front page regarding a widespread SMC 8014 router/modem vulnerability, allowing access to administrative functions.  I would link to the original blog post, but it seems to be slashdotted. (Edit: no longer. I also indulged myself with a comment on the slashdot story and the blog post, both came late in the game. No, I’m not selling anything nor do I get ad revenue.)  In any case, this is nothing new.  These and similar SMC routers are common in New York and are identifiable in their use of a four digit hex SSID.  Naturally, all APs broadcast their Wifi adapters’ MAC address in the clear, allowing for identification of the manufacturer (barring spoofing).

These SMC routers were ordered in bulk with a custom firmware, with some “features” that were put in place to (presumably) assist in over the phone tech support.  The firmware enables WEP encryption with a preset key on the network and uses Javascript to disable more advanced features, including choosing WPA.  If that wasn’t problematic enough, the WEP key is derivable from the MAC address.  Let me repeat that point as clearly as I can.

The preset WEP key is derivable from the MAC address that is broadcast in the clear.

That last part is trivial, and I’m not going to give out (what I hesitate to call) the algorithm.

But wait, there’s more.  One of the advanced features disabled by the Javascript hack is the ability to change the WEP key.  I was not vulnerable to this (I use a different service with my own hardware), but a friend was -which allowed me to do a bit of work on these routers and their deployment.  We were told (July 2008) by a customer service rep that changing the WEP key was not supported for the end user – even after I asked my friend to claim that she thought someone had her “network password” (which was technically true).

Ironically, the vulnerability mentioned in the Slashdot article is the means to secure the router: by using various techniques (disabling Javascript, Greasemonkey, etc.)  you can restore these functions: changing the mode of encryption, the key, and the administrative values.

SMC is not the only company to have sold these gelded all-in-one routers to bulk telecom customers; nor is Time Warner the only customer to deploy them.  In a private discussion sharing these findings with some westcoasters at Defcon in Aug 2008, I was told there was an L.A. telecom doing exactly the same things – mass deployed routers with predictable keys and a broken firmware that prevented a fix.

Haven’t posted in ages, mostly cause I’ve been having too much fun biking around the city on my new bike.  I’ll post pics when I’m done adding/swapping parts to my liking.

I’ve been religiously googleling “N800 skype” for two weeks now. I shouldn’t have bothered – I fired up tableteer on my N800 looking for the free Earthlink setup (not available in NYC, sadly) and it suggested an update to 2007.26-8 – with Skype, Flash 9 support, and (mainstream) SDHC support. Go and get it!

From our field correspondent, via his Nokia N800. I got my WordPress client working; Rob’s got Gizmo and is working on binding his Wiimote. More to come as soon as I learn to type quicker on this thing.

Well, a bunch of stuff has changed on the site of late, though it might not be obvious:

• Various version updates for software.
• The text section finally has some things on it, albeit two old poems.
• The tech* section, while still bare, has my long forgotten DEFCON mod available for download.
• Some bad photographs have been removed from the gallery.
• An actual bio page, rather than the previous blurb – though this still needs editing.
• A navbar button to the about page has been added.

Still much to do – I need to bolster the text section, add some promised hacks, and some new photos would be nice.  Content, content, content.
I finally tested the site IE7, and noticed the navbar CSS problem returned because of a sync problem in my local copy of the site; it’s fixed.  I guess no one I know (the principal users of this site) uses IE7. Honestly, I’m not going to kill myself over this – the site looks fine in Safari (Mac & Win), Firefox, Opera, and Konqueror. Hell, even Lynx more or less worked. I could fix some compliance here and there, but that time is spent for the benefit of all, not IE users.  Anyway, lots to do.

It’ll come.

In a previous post, long ago I mentioned how I made this mod for DEFCON and was going to release it soon.  Well, I stopped playing DEFCON a while ago and never got to releasing it beyond some friends and personal requests.  This past weekend I noticed a decent amount of hits looking for the file.  You can now find it over in the tech* section.

‘Cause Tuxedo has come to town.

So I’ve begun to allow robots to index parts of this site. While I give a rats ass about SEO, I would prefer that this is the first site returned by Google for searches on my name.

So I guess now is the time to build content, content, content.

Forthcoming, initially as posts, but eventually as the first section of my “tech*” section, will be some guides to using, tweaking, repairing, and modifying my favorite computer – the bullet stopping, rinseable, 3.5 lb wonder – the Panasonic CF-M34.

UPDATE:  If you are here, you should probably be there, reading that post instead. By all means, read this too, its a bit embarrassing seeing how long it took me to zip up these BMPs.

In my previous post, I mentioned a modification I made for DEFCON. While it’s not quite ready for release, I thought I might put up a few screenshots to give y’all a taste. Note that the impetus was to make this as accurate as possible, so I will use the right icon when possible, even if I personally prefer the default graphic. Also, limitations of the game prevent me from making this truly compliant – but I think it’s pretty good .

Many of these were taken from an online game. If you were in that game and object to one of these screenshots, let me know.

Russia gets hammered by subs, while Indian silos remain in AD mode.

(more…)

Much to my surprise, this site is coming together, and despite the variety of software packages involved, it even looks fairly cohesive.

Other than cleaning some CSS and resolving my watermark issues with the photographs, I probably will let the robots begin indexing this site very soon. And then I can concentrate on content alone. At least mostly.

You know, I’ve grown to hate coding (and I use that term loosely) webpages. There is no great meaning in formatting a page to appear consistent across platform, browser, and screen resolution. Moreover, because of the nature of webfonts, I can’t even use the typefaces I like. Dwelling on that is of little value, but I have learned one useful thing in this dance of two steps forward one and a half back – the back of a 20″ CRT is a great way to reheat food in styrofoam packaging.