Saturday, 16 February 2013

Security of embedded devices - saved config

Many routers offer the ability to save a configuration file, to restore to the router later. This can serve as a backup. However, it also exposes the config of your router to anyone who might have access to your computer. There are much easier attack vectors for routers, but this is definitely one of them. I have tested with two routers, the Belkin F5D7230-4 and the Apple AirPort Extreme 802.11g.
The Belkin revealed the WPA password, network name, DHCP leases, everything really apart from the admin password to the router itself, all in cleartext. Anyone who might gain access to your computer essentially has your router's config. This is what I expect from Belkin which don't make the best quality routers.
The AirPort offered the ability to encrypt the file however it wasn't selected by default, and even if I did, all that was encrypted was the actual password to the router and the WPA2 password. All the other info was available, and changeable. For example, if you had access, you could change values in the config file and reset the router, causing the person to re-upload their config file which had your settings changes in it (or alternatively, you could just use AirPort Utility as it saves your password).
The unencrypted file revealed the WiFi password however didn't reveal the base station password.
Overall, this isn't a major attack vector however I would encrypt these files if you can and also take care when allowing physical access to devices as once you have physical access, you can gain access to the system.

Thursday, 14 February 2013

Setting up a new WiFi router: Part 2: The Initial Setup

So, in this blog post I'll be setting up the AirPort Extreme using AirPort Utility 6. As much as I dislike version 6 it is the most common version so that is what I'll be using.
Choose "AirPort Extreme..." or "AirPort Express..." or "Time Capsule..." and this will connect your computer to the network. Then, open up AirPort Utility if it hadn't already opened.
For the first step, set a network name (SSID). This should be something easily memorable and unique. For "Base Station Name", this is the name that appears in the AirPort Utility and in the "Shared" sidebar of the Finder (and also in iTunes if you have an Express). For "password", this is the WiFi network password. Make it alphanumeric with at least one capital letter, and at least 8 characters long. This also acts as the "admin" password to access the AirPort Extreme via AirPort Utility.
Now, it's time to wait. AirPort Utility will set up the base station and save info to the station for you, as well as going to your cable or DSL modem and connecting to your ISP's network.

Tuesday, 12 February 2013

Bizarre and stupid errors

Just a compilation of bizarre and stupid errors/crashes, Windows and OS X.
I don't even know what happened here. Just booted up my G5 and there it was.

Nothing needs to be said about this one.
Taking a trip back to Mac OS 9, here we have, well, a frankly ridiculous suggestion for how to get the Memory control panel to run.
Er Logic? Logic? Hello? Anyone home? (This was actually caused by a lack of video memory. Why, I don't know).

Ah the joys of working with Access. What is an "fmain cont error" I'd like to know?

Monday, 11 February 2013

Setting up a brand new WiFi router: Part 1: The Introduction

So, in this series of posts, I will be purchasing a brand new  WiFi router, reviewing it in a separate post, and showing you how to set it up. The setup will be Mac oriented however I'm sure it will work for both Windows PCs and Linux boxes.

The router I have selected is the TP-Link TL-WDR3500, which is a dual band Gigabit Ethernet WiFi router. It is a relatively cheap router compared to other dual band routers (update: it may also be an Apple AirPort Extreme, haven't decided yet).

The series will start with Part 2 (Unboxing and initial setup), then we'll go to Part 3 (USB sharing and advanced security), and finally Part 4 (port forwarding and other stuff). It will focus on common security mistakes made by people who have just bought a new router, and will also go into finding your way around the web interface.

Also, I will be doing some opinion coverage of MWC 2013, and at some point in the future I'll be doing a "Bizarre Errors" post and maybe a review of Everything Everywhere (EE) and their Bright Box (no, not their OM4G 4GEE, but their ISP arm, which I may be setting up for a relative).