WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

Well they have used up all the awesome vulnerability names, hence the POODLE Attack (Padding Oracle In Downgraded Legacy Encryption). Twitter security chatter has increased around the POODLE Attack and there has been a CVE number assigned CVE20143566.  

Links to both the google paper and the CVE.
High Level Explanation:
The quick and dirty is even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server side interoperability bugs. In the google security advisory, they discuss how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.

The only real work around is to disable SSL 3.0 but for many web admins supporting legacy clients, Window XP running i.e.6 for example, disabling SSL 3.0 is not an option. 

If you end up enabling SSL3.0 you can enable TLS_FALLBACK_SCSV. This forces a more controlled negations of ssl between the client and the server limiting the possibility of clients and servers skipping protocols during the SSL negotion.

I will add more specifics to the F5 and how you would enable the TLS_Fallback command, as well as how to order your SSL protocol and cypher strengths.

***UPDATE***
According to F5 they do not currently support the TLS_FALLBACK_SCSV cipher. There is talk about an engineering hot fix that may include support but there is no solid ETA.  F5 is recommending you disable SSL 3.0 where you can.


OpenSSL command to test if a webserver supports SSL3.0:

openssl s_client -connect target:443 -ssl3
If the command makes you enter more information, then you just made an SSLv3 connection. If the command returns you to a prompt right away, then SSLv3 is disabled on that target host.

Another Defcon and Holly Shit there where lot of people. I registered Friday morning and they had run out of badges. Defcon has out grown the Rio, and to support that theory where rumors the Con would be moving. For conventions over 14,000 attendees the options narrow.  On the Defcon Wikipedia page and the Defcon DC News site they list Defcon 23 will be at both the Paris and Bally's hotels.  Not sure how that will workout, but it definitely needs a larger facility.  This may be mis information though, remember Defcon is canceled every year.

The theme this year at least the talks I attended was Botnets... Botnets... Botnets...  The first talk I attended was Domain Name Problems and Solutions with Dr. Paul Vixie. His talk was a deep dive into how Botnets and other nefarious entities are exploiting DNS. The industries movement to provide convenient and low priced DNS names are fueling the fire.  He also went into analysis of DNS meta data and how it is used in DNS RPZ or a (DNS Firewall.) 

Don't DDOS Me Bro: Practical DDOS Defense presented by Blake Self and Cisco Ninja, was one of the better talks I attended.  They spoke about Layer7 DDOS detection and defense, and brought some real world data from their site soldierx.com.  They presented some examples of multi layer defenses from F5 rules to Apache tools. They also released their DDOS monitoring tool RoboAmp that will run on a Raspberry Pi.

Lastly and trust me it was a tough talk to get to was Catching Malware En Masse: DNS and IP Style. OpenDNS presented tools and techniques they have developed to identify bonnet and malware traffic on the internet.  They also presented an awesome 3D visualization engine they use to graph and identify this rouge DNS and IP traffic. 

Between the parting and binge consumption there was a lot to take away from this years Defcon. It was good catching up with old friends and meeting new ones, and I can wait till next year.

If your familiar with F5 you understand the need for a quick and dirty virtual lab on your lap top.  From testing code upgrades to writing and testing iRules you'll quickly learn how important a lab is.

To get started your going to need a few pieces that will make up your virtual lab.  Most of the following will work on a Mac or PC, but I am running a mac, so i apologize in advance if some of the configuration is different.

Software needed:

  • F5 LTM Software: virtual lab edition is $99 you can also ask your F5 sales team for a trial lisc.
  • Hypervisor: I am using VMWare Fusion
  • Virtual Router: Vyatta (Brocade bought them but you can still find the open project iso.)
  • Servers: Use what you feel comfortable with.
Step 1) Install Virtual Software (VMWare)

Step 2) Go to Preferences > Network and create several virtual machine networks.  These vm networks will work like VLANs  and you will assign virtual nics for devices that will operate in those networks.

Step 3) Install and configure your F5 Virtual Lab software.  You will want  to configure at least three network connections, one for management, server side and client side. Make sure you make the gateway IP the IP address you will assign the interface on the Vyatta router.


Step 4) Install and configure your Vyatta virtual router.  This will allow your PC to communicate with all of the networks as well as bridge the server network to the internet for updates and package installs.  Here is a great guide I found for vyatta commands.

Step 5)  Install and configure your servers configuring their nice to participate in the server VLAN.

Step 6) Build a Virtual server on the F5 using an IP address on the client network, and your pool member that exists in the server network.

You should be up and running and able to play with the F5.

So everyone's heard of Amateur Radio, but certified Amateur radio operators are becoming a rarity. It's not hard to speculate why Amateur radio is disappearing, just go to a restaurant or visit the mall you'll see every other person focused on their cell phone.

Even though our nation's cellular networks are growing and becoming more robustAmateur radio operators still provide an important public service.  The largest disaster response by U.S. amateur radio operators was during Hurricane Katrina. More than a thousand ham operators from all over the U.S. converged on the Gulf Coast in an effort to provide emergency communications assistance. Subsequent Congressional hearings highlighted the Amateur Radio response as one of the few examples of what went right in the disaster relief effort.

A good way to be introduced to Amateur radio is to attend a local Amateur radio group event.  I have included a link to help find your local group.

The next step is to get certified.  Many local chapters provide Amateur radio certification tests. Also this year at Defcon they will be offering the exams right at the convention. 

The Defcon guys provided a terrific study resource to help you with the exam.

Finally you'll need a radio. For my first radio I decided to play it safe and bought a low-priced hand held to get a feel for ham radio.  Here it is:


  • Frequency Range: 136-174 / 400-480MHz; 25KHz/12.5KHz Switchable
  • 128 Channels 50 CTCSS and 104 CDCSS; Channel Step: 2.5/5/6.25/10/12.5/25KHz
  • Dual-Band Display, Dual Frequency Display, Dual-Standby; A/B band independent operation
  • Comes with all necessary accessories, backed up by 12 Months Seller Warranty