Matt's Life Bytes

My lecture on Social Engineering for the Information Assurance Student Group at Iowa State University (IASG @ ISU). I demonstrate a real Social Engineering attack, then follow up by explaining how Social Engineering simply blends technology and social psychology.

This event and my comments regarding Social Engineering also received coverage from the Iowa State Daily, the Iowa State University campus newspaper:
http://www.iowastatedaily.com/news/article_388022f8-b559-11df-8095-001cc4c03286.html

Ethics Statement:

Please take this knowledge and use it to better understand the mindset of an attacker and the anatomy of a network attack. I do not support unethical behavior in any way. I will not answer any questions regarding malicious use. This video does not show you how to cover your tracks, meaning that any malicious activities you perform can easily be traced, so don’t do anything stupid!

---

Download Lecture Slides:

Microsoft PowerPoint 2007 (pptx @ 1,574kb)
Adobe PDF (pdf @ 1,142kb)

GNOME Security is based on the Fedora Security Spin. The spin includes many tools for security auditing, but comes with the LXDE Desktop Environment, of which I’m not a big fan. So I removed LXDE and added GNOME. The result is a fast and easy to use security auditing tool set based on Fedora that fits on one bootable CD or 1GB USB flash drive.

Interested? Read more over at the GNOME Security page!

After 5 long months of working on it, Google Voice Easy SMS 2.0 is now released to the public, for free, like always!

I’ve not been able to find a free application for Windows Mobile that allows easy text messaging (SMS) via your Google Voice account. I wanted something easy to use that also pulls from the phone’s contacts list. So since I couldn’t locate an app that suites these needs, I created one. After all, I’m a broke college student and I want something to give me free outgoing messages. Speaking of being broke, if you like what you see, consider donating using the PayPal button just below, anything at all would be greatly appreciated!

Download Now:
Touchscreen Devices: GoogleVoiceEasySMS-2.0-Touchscreen.cab
Non-Touchscreen Devices: Coming Very Soon!

Important Installation Note:
Once you have downloaded and installed Easy SMS, you’ll need
to enter your Google Account information by going to ‘Menu’ -> ‘Settings’ -> ‘Google Account Settings’. Fill in the info, then do ‘Menu’ -> ‘Check for Messages’.

XDA-Developers Forum Thread:
http://forum.xda-developers.com/showthread.php?t=604699

Project Source Code (Visual Studio 2008 Professional):
Touchscreen Devices: GoogleVoiceEasySMS-2.0-Touchscreen-Source.zip
Non-Touchscreen Devices: Coming Very Soon!

By the way, please don’t mirror the installation files, just link to http://www.mattslifebytes.com/?cat=7 to ensure that current versions always get distributed. Thanks!

New In Version 2.0

• Pretty much everything is new!
• Easy SMS is now a full suite application. You can both send and receive Google Voice SMS through it for FREE.
• All bugs with the old 1.x series have been fixed.

Features:

• It’s free. Who doesn’t like free stuff?
• Sends and automatically receives messages via the cellular data plan, meaning your outgoing SMS costs you nothing
• Interfaces with your phone’s contacts list
• Connects directly to Google via SSL to send your message, no man-in-the-middle servers that could potentially harvest your Google Account password
• Signature support
• Send to multiple recipients at once

Easy SMS is completely open-source!

Requirements:

• Windows Mobile based device; software has been tested on versions 6, 6.1, and 6.5, but the program may work with other versions.
• .NET Compact Framework 3.5
• A Google Voice account
• Cellular data plan or WiFi connectivity
• If your cellular data plan charges by the kilobyte, be sure to keep track of your usage; this program uses very little bandwidth, but don’t try to blame data charges on me
• You must abide by the Google Voice terms of service when using this program

Google has a bad habit of changing the way stuff works without letting people know. If you find that this program suddenly stops working, it could be because Google changed a setting and broke the way this program works. Check this site for info on known issues and patch releases.

Want to make calls easily via Google Voice from your Windows Mobile phone? Try iDialer and iContact, visit http://supware.net for those amazing programs.

I’ve tried to be very thorough in testing, but you never know. Find something odd? Tell me how to reproduce the error and I’ll try to take care of it. Toss me an e-mail

Oh no! Google changed how authentication works on their end, and this change has broken Easy SMS. I’ll be releasing version 2.0 on Friday, which will address these issues and update the software to be able to both send and receive messages.

A month or two ago I gave a lecture about the rather magical software suite Ettercap for the Information Assurance Student Group at Iowa State University (IASG @ ISU).  Ettercap can do crazy things with Ethernet traffic, including packet tampering, injection, and dropping.  Anyone with an interest in security should watch this; I post it hoping it gives you a better understanding of an Ettercap attack.

Ethics Statement:

Please take this knowledge and use it to better understand the mindset of an attacker and the anatomy of a network attack.  I do not support unethical behavior in any way.  I will not answer any questions regarding malicious use.  This video does not show you how to cover your tracks, meaning that any malicious activities you perform using Ettercap can easily be traced, so don’t do anything stupid!

---

Download Lecture Slides:

Microsoft PowerPoint 2007 with Hi-res Graphics & Backgrounds (pptx @ 562kb)
Adobe PDF With Backgrounds & Graphics Removed, Basic Text (pdf @ 1,792kb)

After a lot of late-night coding, version 2.0 is almost here! Watch the video below to check out some of the new features and the user interface:

I Wish More People Would Use Linux

Don’t get me wrong, I love my Microsoft products, I’ll be honest. Windows 7 feels wonderful on my laptop and desktop, and there’s nothing bad I can really say about it (once you outfit it with Chrome and Firefox that is).

But at the same time, I’m a big Linux fan, and a supporter of open-source software. A lot of people don’t want to take the plunge into dual-booting their computers out of fear of breaking their existing installations of Windows. So getting Linux exposure to the average computer nerd is often difficult.

Here’s where “Live CDs” come in. These CDs are full releases of Linux, burned to a CD, and run directly by your computer upon start-up. They don’t access or modify your data unless you tell it to. Problem is, you can’t make these installations truly yours. After rebooting the system, any fine-tuning you performed will be lost, and your Linux install will reset right back to when you started.

Why Fedora on a USB Flash Drive?

Fedora, a free “distribution” (or flavor) of Linux can be easily installed to a USB flash drive. I have a 16GB flash drive in my left pocket, right next to my cell phone. I always have it, I never leave home without my cell and my 16GB. I’ve installed Fedora 12 to this 16GB flash drive (and still have 15GB free for whatever else I want, mind you). When I go anywhere, I can simply plug the flash drive into any computer that allows booting from USB devices (most personal and public school computers, excluding university or corporate computers).

Once I’ve plugged the flash drive into the computer, I start the computer and voilà – my own personalized, speedy, instantly-mobile computing environment, loaded before my very eyes in less than 30 seconds.

It’s very snappy – loading from the flash drive, launching applications such as Firefox take less time than loading them from my normal Windows 7 installation. The entire operation runs like a dream, and the best part is that it’s 100% my own, and 100% portable.

When used on my laptop, I can get an extra 2 hours more battery life than when using Windows 7 (because the hard drive isn’t running). Such power savings is life-saving for those times when I really need to stretch out my use of the laptop.

Even as I type this post, my battery is almost drained from having the computer on during classes all day. But not to worry, I have plenty of power left to drain thanks to my current use of Fedora 12 on my flash drive. Practicing what I preach, woohoo!

Believe Me Yet?

You do? And you want to install Fedora 12 to a USB flash drive drive right now? Awesome! Here’s how:

Download the Fedora 12 Live CD and save it to your Desktop or Downloads folder, we’ll use this later. Now you’ll need to download and install the liveusb-creator utility published by the Fedora people. Clear off as much free space as you can from your flash drive, it will be in your best interests to have at least 3GB free (though a 2GB stick could work too).

Put the flash drive in your computer if you haven’t already. Run the liveusb-creator utility and click Browse and find the Live CD image you downloaded a bit ago. Make sure that “target device” is your USB flash drive. Now the important part, the persistent storage option. Persistent storage refers to how much space you’ll have for downloads, extra installed software, internet cache files, etc. Trust me, you’ll want to make this big.

I recommend taking that slider all the way over as far as it will go to the right. This will probably be around 2,000MB, but can be larger/smaller depending on your flash drive. Done that? Great, now press that big wonderful “Create Live USB” button and away you go!

So, You Know Linux Pretty Well, Eh?

If you don’t want technical jargon for experts, you can consider your work done; experts: let’s keep moving!

Now you’ve booted into your awesome new USB flash drive installation of Fedora 12. First thing: let’s get real accounts going (none of this autologin password-free crap). If you aren’t already in the automatic login account, go ahead and click it. Once you are at the desktop, do “Applications” -> “System Tools” -> “Terminal”.

Issue the following commands:

• su
• passwd root
  (you’ll be asked to set your new root password, don’t forget it!
• useradd tony
  (replace tony with whatever login you’d like)
• passwd tony
  (set a new password for your standard user account, not to be confused with the root password)

Go ahead and close Terminal now. Do “System” -> “Log Out xxxxx”. When you get to the login screen, choose to login to your new account. Now you are in your more permanent, secure, and all-around amazing account. If you can’t login (it keeps sending you back to the login screen when you click the new account), you’ll have to restart the computer, this is a bug.

Feel free to delete the automatic login account at this point. That’s found at “System” -> “Administration” -> “Users and Groups”.

Go ahead and restart your computer to get the full changes to take effect.

So I’ve been coding away on Google Voice Easy SMS lately (a program to send free text messages via Google Voice). I’ve found out something the hard way, hopefully know someone else won’t have to!

When my app would try to send a message to Google, for some people Google would reply with:
{“ok”:false,”data”:{“code”:20}}

or…

{ok:false,data:{code:20}}

or…

(500) Server Error

So what was the problem? Read on. It gets technical from here, just FYI…

---

My app does this to SMS someone:

POST https://www.google.com/voice/sms/send/

auth=GOOGLE_AUTH_STRING&phoneNumber=PHONE_NUMBER_TO_SMS&text=MY MESSAGE&_rnr_se=GOOGLE_KEY

Google wants phoneNumber, text, and _rnr_se to be URL encoded. For instance ‘text=my message’ becomes ‘text=my%20message’. Most programming languages have some library or class already built to do the job automatically. If you want or need more details on that, just e-mail me.

My problem was that I was not URL encoding the value of _rnr_se and that causes Google to spew either one of the two errors mentioned above. In my defense, I thought the value of _rnr_se was always alphanumeric and therefore didn’t need URL encoding. It took me about 10 hours to figure out the problem; hopefully anyone else with that issue finds this post first!

This version of Google Voice Easy SMS is out of date. Click here for the newest release:

http://www.mattslifebytes.com/?cat=7

This version of Google Voice Easy SMS is out of date. Click here for the newest release:

http://www.mattslifebytes.com/?cat=7