Skip navigation

Category Archives: security

What does dead.phpYou have to do with Oprah? That was my first thought when I read the SMS in the wee hours of the morning, at least early enough that my feet hadn’t hit the tile. I hear a Hel-lo, two-beat beep, expecting an SMS from maybe family, but get this quizzical phishing request? It’s a text from Yahoo mail sent via iPhone. Any comments on whether my early morning missive is harmful or not?

Can read about it in the new Oprah book.

Can read about it in the new Oprah’s book. Alana

Advertisements

I bought a $50 Chinese router from Amazon.

Netgear WNDR 3800 Router

Netgear WNDR 3800 Router, WAN thru LAN with CEROwrt

The WNDR 3800 is a capable router, it’s in good shape, and it works as it should. But, it is a WNDR 3800CH, Chinese router, not a WNDR 3800 NA, North American router. And, it seems more used than I expected, not by appearance but by the fact it was previously commercially owned by a cable company, not an individual. I did finally make this router work with an alternative firmware, which was my goal, but not the alternative firmware I’d originally wanted.

I bought the router to extend my network to a back bedroom, and to follow the EFF CEROwrt open router research and development projects. First I wanted to flash BrainSlayer’s DD-WRT on it, and maybe later, in a few months, play with the cutting-edge CEROwrt firmware. Nothing turned out as I’d imagined. I didn’t manage to flash BrainSlayer’s firmware.

I needed to downgrade the router to an earlier Netgear version, and this Chinese router is finicky about what firmware it accepts, unlike the North American version. And, though the Chinese WND R 3800 CH is cheap, keeping the original Netgear firmware is out of the question, it’s buggy and insecure, not to mention it’s Charter Communication’s firmware, which, if I’m not mistaken, leaves a back door for password changes when a customer cannot access their router.

The WNDR was advertised as new and open box without a setup CD. It came packed in a brown box that said, “used, like new, MADE IN CHINA.” The router was wrapped in clear cellophane with a white label for the Charter Communication’s SSID, MyCharterWiFi6a-2G, and password, cloudycanoe219.

The North American model’s last update was December 2013, and it was V1.0.0.0.48. This Asian model came with V1.0.0.0.51CH, a developer’s version. The guidelines for flashing DD-WRT onto the WNDR 3800 NA suggest downgrading to V1.0.0.0.16 so that the router can be flashed. Netgear added a marker to disallow installation of other firmware on their router after V1.0.0.0.16. I could not get the Chinese router to downgrade from the 51CH version to the earlier version.

I thought about boxing the router up and sending it back – the EFF site states that the CH version does not work with their research project, either. I did, however, find a very good CEROwrt CH version by a developer who changed some code, and engineered an up-to-date CEROwrt 3.10.50-1, with Heartbleed bug update, and other fixes. It’s referred to as the “ready to bake” version. It’s ready for the not-too-timid user to flash their primary router with, and use it day-to-day.

Toronto CEROwrt works great on the WNDR 3800 CH router; it’s tough, and kind of amazing. Turning the firewall on is a rush. It cascades down the page, live. The default password: Beatthebloat refers to removing the bloat to speed up the router, which apparently works. The link is snapon Lab Index of/~Cero2/test-wndr3800CH, and the code name is CEROwrt Toronto 3.10.50-1/LuCl Trunk, build 7/28/2014.

So, now I’m running a very fast TORONTO CEROwrt on the WNDR 3800 CH and wondering how to add a repeater bridge. It seems CEROwrt 3.10.50 CH doesn’t set up bridges in the old sense, it port forwards. It does repeat when I hook it into the Ethernet port on my primary router, the ASUS RT-N16 (TomatoUSB by Shibby). And, the speed tests done with the Netgear hooked into the Ethernet port of the Asus are far faster than done on the Asus alone.

After a week of tinkering, I have a router with an option for MESH, which I don’t yet understand, and a weird type of repeater, which I’m guessing is WAN through LAN (?), where I can plug or connect the Netgear WAN into the Asus Ethernet port 1 and use it for a DUAL LAN. This speeds up the wireless connections and increases signal for all the routers connected including the two additional Linksys routers that are repeater bridges.

The thing I haven’t figured out, is how and if I can add WPA2 to the WNDR 3800 WAN to LAN connection. And, this might not be in the spirit of Openwrt philosophy, but the WNDR 3800 won’t connect with encryption enabled while it’s hooked into the Asus Ethernet Port. Although, it has every kind of encryption combination you might want, and every service you might need, including, Polipio, a light, fast proxy, that runs by default, it can be overwhelming. The interface is slick, it’s professional, an unexpected gift. It’s a perfect fit for the WNDR 3800 CH.

This router wasn’t what I expected, but it’s definitely been fun, and now, it even seems rock solid. I might add there isn’t any going back to the original Netgear firmware after CEROwrt CH is flashed, unless maybe you download the CEROwrt V1.0.0.0.51CH from a developer’s site, which I haven’t tried.

I backed up my original firmware but the CEROwrt declined to restore the backup. I ran a 30-30-30 to make sure old settings were gone. I waited 30 minutes for the flash to finish, and lost patience, and shut the router down. The Netgear router turned on and the lights flashed and I logged back on. The router with the CEROwrt seemed impervious to whatever I tried to do to it for about 4 hours of trial and error, to remove it. So, if you flash it you probably own it.

Would I buy the WNDR 3800 CH again? Yes. I wanted an inexpensive router that I could run alternative firmware on, and I didn’t want to pay over $50 for it. The router works like a new router, and I don’t like that it’s been used as much as it most likely has, but it is a powerful, older router that will most likely allow me to follow the EFF research and development as an offshoot, which will be interesting.

I do wish I hadn’t been surprised by the Chinese router. I don’t remember reading in the description that the router was Chinese not North American. And I’d like to read more war stories from early adopters who use TORONTO and it’s later iterations as a primary home router.

20130323-DSC_0578

Bit Coin fascinates me not because it is a get-rich-scheme or a convenient way to buy weed off the grid, which I don’t smoke, but don’t mind if anyone else does, or because I’m a Libertarian with gold on hand, I’m not. Bit Coins are the perfect storm heading our way, and the perfect opportunity.

Bit Coins or Bit currencies are the tip of the “Fat Tail.” Fat tails “are events that appear highly unlikely to occur but that are earth-moving when they do.” Bit coin is the Cat 5 hurricane coming to you and me in the next five to ten years. It could be your best friend or your worst enemy depending on how world wide acceptance shakes out.

Bit currency is an emergent electronic payment system similar to Pay-Pal, which is an over simplistic way towards explaining it but about the best I can do. It’s an electronic money system whereby we all could become merchants. It’s a system where a few law abiding entrepreneurs now pay for a pizza or buy a WordPress site or sell yard sale items without a credit card or without cash. It’s a money-medium that’s convenient for not-so law-abiding people to buy and sell items, or move money they don’t want traced. It’s a money system without bill collectors. It’s permanent; you can’t get your money back. All sales are final.

Speculators are drawn to it. It has a future. It’s security is okay — that is until you cash out your cyber bits in exchange for dollars. That’s a crack in the system right now. There are robbers waiting to take your money when you cash out. It helps if you’re tech savvy. And, oh yea, speculators may try to crash the currency so they can buy it back from you when the price drops like it recently did. Or you may lose your encrypted back up file or accidentally wipe it out, and your Bit coins are gone. Yet, this nascent system is the tail end of the hurricane.

Since it’s an emergent system, it’s also similar to a snowflake or a termite cathedral or DNA replication or Wolfram’s computations where a pattern begins simply but generates complex designs over replication. Like DNA something pleasing might come from it like a baby or like the termite cathedral something not altogether likable. Emergent systems like Bit Coin don’t emerge in a vacuum, they bring other systems to the forefront with them, hence complexity.

Eric Schmidt, Googleplex person, says that by 2020 the entire world will be online. If so, we will want to buy and sell from our neighbors, which will include the entire world, which will require other emergent systems as helpers. If that’s so, a fairly secure Bit currency is going to be necessary, a stronger Maker culture will most likely be put in place, and a faster transportation system might have evolved.

We’ll need a world wide communication system to propel the buying and selling, and making, and a same day world wide system for delivery of concrete goods, and a maybe an unsettling shift in government. But like termites when disturbed governments are self-organizing, and seem to fare well after turmoil, coming back stronger and we should hope, more democratized.

A fairly secure Bit currency: Fairly secure but not absolutely secure Bit currency with a fast connection, and maybe free phones, is all that’s keeping us from buying instant art from an African artist in Timbuktu or hand knit wool socks from North Korea (well maybe more). The network doesn’t need to be absolutely secure, just secure enough. If products were cheap enough that I could afford to lose money on a small percentage of my purchases or sales, then it would would work as a currency. If we accepted a small loss it could work. It might be called fuzzy accounting for Bit currency instead of bank or credit card accounting where each penny is accounted for, and an over-priced transaction fee is charged.

A healthy Maker culture: Couple Bit currency/micro payments with a home or community based, Maker printer, and an artist living in Timbuktu, Africa, could send me her sculpture plan, created in her village, or the North Korean, homemaker could send me his sock design created in his village, ready to print anywhere in the world on a Maker printer in any suitable medium, be it yarn, wood, plastic, or steel. Or if the fat tail is really fat, and imaginative, those original North Korean socks could be delivered same day by a transport fueled with a NASA UW fusion rocket recently proposed to reach Mars within 30 days. Far fetched, maybe, but … I’m still waiting for my robot.

So, why should Bit currency matter to you and me? Bit currency is an emerging technology that’s going to revolutionize commerce. It may not stay in the present form but mutate into something we haven’t anticipated yet. Whatever it is when Bit Coin was unleashed it was like going through a gate that had a one way spring, there is no going back — Bit currency is here, and it’s a reality. Oh, yea, there are going to be Bit currency billionaires made just like railroad moguls and oil barons. Wouldn’t you like to be one of them.

20130323-DSC_0540


“I think the case against Auernheimer is deeply flawed, and that the

principles the case raises are critically important for civil liberties online.”

 

“In a blog post Thursday, Orin Kerr, a professor from the George Washington University Law School, said he is stepping in to help Auernheimer due to concerns over the length of his sentence and the manner in which the Computer Fraud and Abuse Act (CFAA) was applied in the case.”

AT&T HACK

A few days ago, I read about “Weev” Auernheimer hacking AT&T to reveal a deep flaw. He did it for the challenge and a notoriety. He was hacking for fun not profit. He’s going to jail. Why?

Why are our brightest minds wasted in jail? A rapist gets one year and a non-malicious hacker gets three to four, and another altruistic one is driven to take his life, and yet another one, a talented Texas journalist rots in jail. It’s more than unfair. It’s wasteful. And, heart breaking.

I’m not a hacker. I tinker. Yet, our society is so backward, and so under-educated about technology that I might be lumped into that category. I tinker, like so many others. To say that I hack is like saying that singing Karaoke is the same as performing a musical virtuoso. What I like to do is write or at least think about writing. It’s probably what Barrett Brown likes best, too — what he thinks about while in jail for hacking, which he probably didn’t know jack about, what he knew about was writing and investigative journalism.

Technosociofile, Subspecies of the Nerd

Years ago I got fascinated by a new thing, a bulletin board, run by a skinny teenager who worked at Walmart. I don’t remember his name; I remember he killed himself, though. One day I had someone to share a hobby the next I had no one. I used to talk to him about computers when I went there to shop. I’d look him up. One day he wasn’t there, and they told me they found him by the wood pile near the shanty he lived in. He’d shot himself. He was a Technosociofile, not a terribly understood subspecies of the nerd. Seems they are the most vulnerable.

Brown, Swartz, and Auemheimer

In a small way that’s why I feel so bad for activist, Aaron Swartz, altruistic JSTOR hacker at MIT who committed suicide while under Federal indictment “facing decades of prison”, and to some degree, I feel bad for Andrew ‘Weev’ Auernheimer in what is considered “Federal overreach”, for the AT&T hacking. And then there is Barrett Brown, who got hold of a story that his journalistic personality wouldn’t allow him to let go.

Cyberwarfare Discussion

Don’t get me wrong I don’t like or support malicious hacking but hacktivism is another story. It often doesn’t come tied up in a nice bow with manners and etiquette. It’s comes in the package of a sometimes obsessive, reclusive, inquisitive mind who just wants to know if they can climb one more level in the game. And when they are caught, nowadays, lately, the crime often does not fit the punishment. I’m not saying all who hack and get caught should go unpunished I’m saying recently this is beginning to look like a witch hunt.

Is this an era we will look back on as a destruction of the best minds of the early twenty-first century, the ones who are self taught, self-motivated, the possible geniuses who might protect our country against cyberwarfare through exposing holes in the technology-Internet-infrastructure? I’m saying let’s have open discussion, let’s have oversight in sentencing, and let’s understand the difference between malicious destruction and hacktivism. It’s a very fine line but democracy has always allowed us to tread that fine line delicately.