RSS

Bookmark and Share


MyTake


Firewall 1 - Chromecast 0 
Wednesday, August 14, 2013, 9:38 PM - Hardware, Software, Security
Posted by Administrator
I unboxed my new Chromecast device yesterday. Setup was fairly straightforward, I entered my Wifi information, only to continually get an error that it "could not connect to the internet." I thought I might have has a Wifi issue, not connecting for some reason, maybe out of range or a DHCP issue. I was finally able to track it down. It turns out that it didn't like my DNS firewall. On my network I have blocked use of all DNS servers besides mine to handle problems like DNS Changer. I saw this traffic:

19:19:10.284578 IP 10.0.3.247.59034 > google-public-dns-a.google.com.domain: 57629+ A? pool.ntp.org. (30)
19:19:10.300858 IP 10.0.3.247.55306 > google-public-dns-a.google.com.domain: 6977+ A? clients3.google.com. (37)
19:19:11.300764 IP 10.0.3.247.48751 > google-public-dns-b.google.com.domain: 6825+ A? clients3.google.com. (37)


Chromecast is hard coded to use Google's Public DNS service and does not use the DNS servers provided by DHCP. Problem solved, but I had to punch a hole in my firewall specifically for Google DNS which is a little annoying.

view entry ( 193 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 741 )
US Government Digitally Signs .gov TLD 
Thursday, January 22, 2009, 2:41 AM - Public Policy, Software, Security
Posted by Administrator
Using my own DNS Check tool I noticed that the .gov is now signed using DNSSEC. This means that the government has actually met its schedule on this one. But there are a few issues:

1. Who actually signs it? NIST? DHS? Some other agency? This is important for answering #2.

2. How do we validate this key? How do we know this isn't a hacker's key? The agency that maintains the key should distribute a hash of the public key so that we know its the real deal.

I'm hoping in the near future all of this information will come out, but until it does, .gov isn't really any better off than it was before.

UPDATE [2-18-2009]: Apparently GSA is responsible for .gov and DNSSEC. It is still considered in experimental stages and keys may change, therefore no final key information is available for validation yet.

UPDATE [3-1-2009]: GSA has posted the .gov public key on their website.
view entry ( 164 views )   |  permalink   |  related link   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 1590 )
Your Phone is Your Boarding Pass 
Saturday, January 3, 2009, 10:44 PM - Computing Technology, Security
Posted by Administrator
Northwest airlines has begun issuing eboarding passes for select flights from Detroit, Indianapolis, and Minneapolis. The way it works is by following the usual online checkin procedure, but you are given an additional option to use an eboarding pass. You are then asked for an email address or phone number (text message) to send the url for your eboarding pass. If you choose to use your phone, you will be asked for the carrier along with your phone make and model. This is presumably to ensure that the boarding pass is provided in a format that is compatible with your phone. My phone (Motorola Z9) wasn't listed, but I chose a RAZR instead as they use very similar screen sizes and software and I didn't have any problems.

Upon checking in I was able to bring up my boarding pass on a third party website without a need for any further authentication. It consists of a WML format page with a gif image of an aztec 2D barcode at the top followed by standard boarding pass text. The barcode appears to include the standard boarding pass information without any type of digital signature.

When I got to the airport security checkpoint I never had to actually hand my phone over or even show my eboarding pass to another person. The eboarding pass scanner took about 15 seconds to boot up and I simply placed the barcode against the scanner and it displayed my name and other information for the security agent. There was an issue getting it to scan because the backlight on my phone was not on at first. He then checked my ID and I proceeded through security as normal. Next I walked through the metal detector and was asked for my boarding pass by the security officer. I simply stated that I used an eboarding pass and was allowed to continue. Therefore I question the effectiveness for only checking print boarding passes at this point.

Finally, boarding the plane was simple. I simply placed my phone against the scanner at the gate and was cleared to board.
view entry ( 128 views )   |  permalink   |  related link   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 576 )

| 1 |