Tuesday, January 3, 2017

The $9 NextThing ChipPC is Incredible Fun!

For those of you that drop by every now and then, you are aware that I have been a fan of projects using the RaspberryPI.
I had some free time and money on my hands and managed to get these from
NextThingCo during their completed Kickstarter Campaign:

My C.H.I.P     



ChipPC





















My PocketC.H.I.P


PocketCHIP


















Operating System:
  • Debian Linux

Installed Software for my Project:
  • hostapd    ( WiFi Access Point )
  • OpenVPN  ( Security )
  • Tor             ( Security )
  • oathtool     ( Two Factor/Multi-Factor Authentication )

Highlighted Hardware Capabilities:
  • Boots from internal flash ( no sdcard required )
  • Dual WiFi ( wlan0 and wlan1 )
  • Bluetooth
  • Can be managed with minicom or screen using a standard mini-USB cable

For the record I have 3 C.H.I.P units and one PocketC.H.I.P purchased during the KickStarter so my costs were a little higher than what you are seeing here.

Lets break this down in current costs from their site: 

  • ChipPC - $9
  • Chip Case - $2
  • Battery ( LiON 3.7v ) - $5
  • Composite Cable - $5
  • A complete Linux System with a dedicated WiFi AP with built in VPN with Tor I can run in my pocket  ( Priceless!)

Happy New Year and Happy Hacking!


Friday, August 21, 2015

Data Confidence or Breach of Security?

I'm sure most of you reading this are familiar with what happened to Ashley Madison and some of you may have even seen the dump of information from their MySQL database. Whether or not is was done as an inside job or through SQL Injection, it emphasized the responsibility for all of us to make sure we are encrypting all corporate and customer data at all times.
Let me show you a brief example of how MagusNet, LLC. and Torduckin data  stays protected from these kinds of data extraction attacks.

In this example I took a known poem and inserted it into a test PostgreSQL database using the default schema for MagusNet, LLC.

-==========THE POEM===============-
I met a traveler from an antique land
Who said: "Two vast and trunkless legs of stone
Stand in the desert. Near them on the sand,
Half sunk, a shattered visage lies, whose frown
And wrinkled lip and sneer of cold command
Tell that its sculptor well those passions read
Which yet survive, stamped on these lifeless things,
The hand that mocked them and the heart that fed.
And on the pedestal these words appear:
My name is Ozymandias, King of Kings
Look on my works, ye mighty, and despair!
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away".

-=============THE DATABASE============-

This is what a sample of the data in the database would look like.
This example is using Base64 encoding.
Our production data is always stored using Triple DES

psql -d test -c "select * from  file_data LIMIT 1;"

------------+-------------------------+--------+------------------+----------------+-------------------------------------------------------------------------------+
 1440182782 | txt |      2 | Text Data | OZYMANDIUS.txt | SSBtZXQgYSB0cmF2ZWxsZXIgZnJvbSBhbiBhbnRpcXVlIGxhbmQKV2hvIHNhaWQ6ICJUd28gdmFz\+ | Content type: text/plain

The snippet above is meant to show that if an attack from inside, outside took place, nothing useful would ever be revealed.

As a habit, learn from the mistakes made by your peers and use good practices.
1.Never, never, never allow direct communication to your databases.
   Follow best practices to defend against SQL Injection.
   https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

2. Never, never, never store information in any database in cleartext!

My .02.

Friday, April 10, 2015

Security Is Hard


This entry is the result of watching John Oliver interview Edward Snowden

Last Week Tonight with John Oliver: Government Surveillance (HBO)

 
I finally understand why the conversations about solutions for OpSec and extending protection for information everywhere by default don't exist outside of a small group of people.

From Aug 2013 to present, I have prototyped and built a dynamic working methodology that uses #IaaS with #Virtualization to proactively and reactively deal with small to large scale systems that is designed to deal with attacks and intrusions against Operating Systems and Application Data. By using this on the Internet, and allowing malicious intrusions on test systems, I have been able to test and refine what works while removing what doesn't.

Over many years I discovered that when I explain how this works and why it is needed to individuals that do not work in IT, no one will attempt to do it because my method requires a change in how systems and data get managed and that makes it "too hard" or "too expensive" to use to protect customer data.

I'm not worried, I can wait.
I created my first free Internet VPN / Public Proxy in 1997 with strong encryption and anonymity well before business and regular Internet users were interested. Since all the revelations on Internet Surveillance, many have become my customers.

What I have learned is that if all of us that work with information, applications, and communications can find a way to explain how encryption will prevent compromising photos of naked men and women from having their pictures getting intercepted, stolen, or revealed, we will all be very, very, rich.....and safer for it.



Tuesday, November 25, 2014

Torduckin Evolution


There are only so many ways that any system can be protected.
Encryption is one method but just using encryption isn't enough.

Using encryption is easy, using encryption correctly is hard.
Breaking encryption is always done at the weakest link,
which is usually a lot weaker than we think it is ( xkcd on Security ):



I had an idea in 1998 that I finally found a use for after recent events around seizures of Tor Onion sites.

My 1998 requirements:

1. Create a Database that only stores data as text
2. Make sure every INSERT is padded to be exactly the same size
3. Each SELECT is decrypted and used to determine the next SELECT
4. The Encryption Method must be drop in
5. The Decryption Method must be seamless

I dusted off this personal project in 2014 and my prototype still works!!!

In 2015 I plan to complete what I plan to call something like the "Torduckin Rubberhose Virtual Machine Deployment System". I'll work out a cool sounding acronym later.

* Every MagusNet Torduckin Anonymous Proxy VPN virtual machine will be deployed from a central encrypted database using an SSH connection through Tor.

* After launch, the virtual machine will look up it's configuration via an SSH connection through Tor.

* Every 4 hours the whole process will kick off again without any human interaction.

Questions and Comments are always welcome!


Friday, October 10, 2014

Funding keeps the lights on...


The MagusNet Public Proxy ( Torduckin ) always needs your support.

We accept Bitcoin donations on the main web site page:

MagusNet Public Proxy ( Torduckin ) Main Page

New this year is the ability to help us meet our financial obligations we are using Go Fund Me:

MagusNet GoFundMe Page

Thank you all for your continued support.

-- MagusNet

Tuesday, April 22, 2014

How I Made My Google Chromecast Work In Hotels

If there has ever been a more useful and inexpensive way to send High Definition video from my phone to my television before the Google Chromecast I have yet to see it.

The Google Chromecast comes in at a cost of $35.00 USD in a very compact package. [1]

In this posting I will outline how I was able to get my Google Chromecast to work with hotel provided WiFi using my Debian Linux laptop.

Because this is meant to be an outline there will be no screenshots but I will provide text examples for anyone with the technical know how to use as a

starting point.

Lets begin.

The first step was to purchase a second WiFi network Interface. I chose to use the Tenda W311M Wireless N150 Nano USB [2] since it works out of the box with Linux and because of it's small size it is easy to leave plugged into my laptop USB port without worrying about it getting snagged or broken.


Configure your built in WiFi to connect to the hotel WiFi Access point.

Plug in the second WiFi adapter.


On my Debian Linux laptop I installed hostapd and dnsmasq to support the WiFi Access Point and DHCP address I will need for my phone and my Google Chromecast to connect to my laptop.


First things first, lets install the packages we need:

apt-get update

apt-get install dnsmasq

apt-get install hostapd


This is my /etc/dnsmasq.conf

# -====================

port=0
interface=wlan3
domain=laptop
dhcp-range=192.168.0.50,192.168.0.150,12h
dhcp-option=42,0.0.0.0

# -====================



This is my /etc/hostapd/hostapd.conf

# -========================

interface=wlan3
driver=nl80211
dump_file=/tmp/hostapd.dump
ssid=ADDYOURSSIDHERE
ieee80211d=1
hw_mode=g
channel=11
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=1
ieee80211n=0
own_ip_addr=127.0.0.1
wpa_key_mgmt=WPA-PSK-SHA256 WPA-EAP-SHA256 WPA-PSK WPA-EAP

# -==================================-

Execute the following to start it all up:

/etc/init.d/hostapd start

/etc/init.d/dnsmasq start


Execute the following so all traffic now goes in/out through the primary WiFi interface:

/sbin/iptables -v -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

NOTE - The SSID is NOT broadcast so make sure to add it by hand!!!
Attach your phone/tablet to the laptop SSID.

Attach your Chromecast you your laptop SSID.

Start Casting! :)



1. Google Chromecast
2. Tenda W311M_150Mbps_Wireless_N_USB_20_Adapter



UPDATE: April 23, 2014

I don't use Microsoft Windows but someone passed these commands to me to make a MS-Windows-7 system into a WiFi Access Point. This should also work with a second WiFi interface.

1. Enable Windows Internet Connection Sharing

2. Open a Command Console in MS-Windows-7+ and try the following.
NOTE: Please change PASSWORD to something more secure. :)

netsh wlan set hostednetwork mode=allow ssid=SECURE key=PASSWORD keyUsage=persistent

netsh wlan stop hostednetwork

netsh wlan start hostednetwork

netsh wlan show hostednetwork


Thursday, February 20, 2014

MagusNet Torduckin VPN & Raspberry Pi

The photo is the final result of my Raspberyy Pi deployed as a
WiFi Access Point with OpenVPN and Tor.
The signal does manage to cover my whole house ( 1800 sq.ft. )
Max throughput is 5MB/s.
Very low power.
Generates very little to no heat.
Total cost was less than $60.
I added a USB drive stick that you can see under the antenna.
The USB drive stick is for backup and recovery when the SD Card fails.


Friday, September 6, 2013

The Torduckin Promise

My desire to be technically creative has been moved by recent revelations of government capabilities in gathering intelligence on USA citizens.
One of the most influential books I have ever read was "Applied Cryptography".
I purchased the first edition when it came out and have followed the insights of Mr. Bruce Schneier ever since.

In his blog, Mr. Schneier makes very compelling arguments here
  •  http://www.schneier.com/essay-438.html 
and here
  • http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
The Internet was built on public funds for public use. The Internet made it possible for me as a 13 year old in The South Bronx to reach out to the world and become successful at what I do today. I have found my way to giving back to the Internet by running completely free Anonymous Email Remailers and Anonymizing Public Proxies since 1997.

Effective Saturday September 7, 2013 I will be making a change to the MagusNet Anonymout Public Proxy ( Torduckin ) as an attempt to deal with the possibility that OpenVPN + Tor + SSH + Linux/OpenBSD may have an unknown vulnerability that has yet to be revealed in their cryptographic capabilities.

I will be auto-generating new SSL Certificates for OpenVPN on my website every 6 hours. There will be no logging of any kind in any location and the virtual machines that run in RAM and house the VPN  + Tor  + Citadel Hidden Sites will be wiped by writing over all RAM addresses multiple times before reloading.

This may be paranoid or maybe not going far enough. Either way, I am dedicated to making sure that I use my technical capabilities to engineer the most secure solutions I can to allow everyone everywhere in the world to use the Internet and feel just a little bit safer along the way.

Thank you.

-- Jean Francois - President and Founder of MagusNet, LLC.




Wednesday, April 17, 2013

Imagine a better future, then create it!


There is a huge gap between the way we want the world to be and the way it functions in reality. If you have been paying attention to the state of the world, and global current political events, you may be asking yourself, Why?

Let's ask this question to two men from history:

Only one answer is possible. 
Because man has within him a lust for hatred and destruction. In normal times this passion exists in a latent state, it emerges only in unusual circumstances; but it is a comparatively easy task to call it into play and raise it to the power of a collective psychosis. Here lies, perhaps, the crux of all the complex factors we are considering,
an enigma that only the expert in the lore of human instincts can resolve.

- From Einstein's letter to Freud
- The Einstein-Freud Correspondence (1931-1932)

Thus it would seem that any effort to replace brute force by the might of an ideal is, under present conditions, doomed to fail. Our logic is at fault if we ignore the fact that right is founded on brute force and even today needs violence to maintain it.

- From Freud's letter to Einstein 
- The Einstein-Freud Correspondence (1931-1932)

It's time to change the world.
What have you contributed to make tomorrow better?

Thursday, January 3, 2013

Virtualization, Gaming, and the Cloud

Welcome to 2013 and in this new year I would like to put together my own prediction of what should be a big year for Virtualization, Gaming, and Cloud convergence.
For the record I am currently a VMware Certified Instructor and Consultant.

In case you missed it here are the players and what they did in 2012:
-  Valve Corporation has released Steam ( http://store.steampowered.com/ ) for Linux gamers.

- VMware ( http://www.vmware.com/ ) has made it possible to have NVidia GPU  support in Virtual Desktops (VDI).
Press Release Here:
http://www.vmware.com/company/news/releases/vmw-vmworld-emea-nvidia-joint-10-19-11.html

- Gamers want to be able to play games without having to spend a lot of money on hardware/network connectivity and want to be able to play anywhere at anytime.

Here is what I would love to see:

A partnership between VMware and Valve that would create Virtual Desktops so that Valve would no longer need to develop for various platforms. The gamer logs into their Steam account which launches a virtual desktop. Think of a game library or portal that uses VMware Horizon to display what games you have access to and can launch them at the click of a mouse or a tap of a finger.
The game launches and plays on a virtual desktop and gamers can connect or disconnect at will and play from any platform from phone to tablet to desktop.
This would allow seamless switching between gaming platforms and eliminate an incredible number of support and development issues.

Who wins?

VMware will get to show the world how "The Cloud" really works beyond the Business Enterprise.

Valve will get to penetrate the gaming market in a way that makes the desktop obsolete and introduces truly mobile gaming the transforms the definition of the gaming platform and removes limitations based on location.

Gamers will get the benefits of running games on server class systems inside of an architecture that guarantees network/storage/graphics performance on any platform they choose to use to access their game library.

All I need to know is who do I/we need to call to make this happen?