in-flight entertainment vs avionics

For those of you who have had the opportunity to see one of my presentations "Can you really hack an airplane: Myths & Truths", you are already familiar with what is really happening and the confusion between in-flight entertainment systems and avionics (https://en.wikipedia.org/wiki/Avionics). I was asked to put this article up by a number of friends in the security industry to highlight a few very important points. The purpose of this article is to provide food for thought. Especially, when you hear someone saying that "hacked" an airplane, or made it fly "sideways" by tampering with its systems through the in-flight entertainment system. Consider the following points and come to your own conclusions. 

Anyone who is trying to "generalise" and claim that during an actual flight, for example through the in-flight entertainment system, managed to take control of the plane and/or that it is possible to actually fly an aircraft like this, should first read what the law has to say about this. (Tokyo Convention 1963). 
Do you really want someone with the excuse of being a "security researcher" tampering with the airplane's systems while you are on an actual flight, because he/she decided that has nothing better to do? I am sorry, but from where I stand, we (security researchers) respect the law, and make sure we have permission to conduct any security assessments & penetration testing, in a safe and approved environment. 

Parrot AR.Drone 2.0 Power Edition (How to)

I recently got a Parrot AR.Drone 2.0 Power Edition and I had a few issues with setting things up and running. After researching on the Internet many others had similar issues and a number of opinions and solutions were being suggest but without definitive answers. 

Due to the fact I had to spend a lot of time trying to find out who is right and who is wrong on the forums, I decided to make this non-security related blog-post because I believe it will really help a lot of people when it comes to that particular drone.

New laptop with a noisy (annoying) fan

I will keep this short. If you bought a new laptop (it can happen for desktop computers as well) and the manufacturer did not make sure the fan is completely silent (and you really want to punch them in the face because it is not 1998) then I suggest:

a) check if there is a firmware update for your laptop (sometimes there is and it fixes many issues)
b) you download this little utility before you start breaking things around the house and see if it works for your make/model. 

https://github.com/hirschmann/nbfc/releases 

(at the time of writing this blog post the version of the utility was 1.4.2)

Hope this helps, but make sure you keep an eye on your temperatures via an utility like HWmonitor to make sure the cooling still works properly. 

How to train your facebook ads..

Most of you use Ad Blockers and I am happy that you do for all sort of reasons, which I will not discuss here. This blog post is about how you can train the ads you get on different websites (mostly on social media) based on what you care less. Yes, that is right. If you really want to avoid being distrusted or even tempted from clicking on (sometimes malicious) ad links, then what is better than training the system behind the scenes to show you ads only on things that you really don't care about at all. :D

I will use the example of Facebook, which I have been doing for a long time and I realised just know that I haven't actually shared this with you all. 

What you see on the left hand side is a print screen from the ads I get on Facebook. Those side ads are not a problem due to way they are being displayed but, based on these ads, you get similar ads in your news feed as well. 

Thus, by training these ads, you will get relevant ads in your news feed as well. As you can see on your left, all the ads I get are about sports and sometimes about music. 

The reason is because I DO NOT CARE AT ALL about sports, or what is happening in the music industry. 

When you click to hide an ad, Facebook asks you the following:

 Why did you hide it?

 - I don't care about this

 - I keep seeing this

 - It's offensive or inappropriate 

 - Other

 - I want to see something else

When you are presented with these options, you just need to use them in a clever way. Anything that seems like you would be interested, lets say politics, environment, science, space exploration, ninjas, you select any on the options that classify it as "something you don't care". 

On the contrary, when you get ads that you really never cared about, such as sports, or gambling, you keep leaving these ads in your feed like it really matters to you. 

Doing that 3-4 times in a day, for a couple of days, trains the engine behind Facebook and starts displaying ads that you don't really care. 

Actually, our brains learn to ignore ads after a while, but when the content is irrelevant to your liking, your brain ignores them completely. I know it sounds weird, but you will end up going through your news feed and your brain will keep ignoring the ads. Especially ads that you don't care about, in such a way that you won't ever remember seeing the targeted add. Trust me and try it! ;)

Electromagnetic Field 2016 - EMF Camp

Electromagnetic Field [1] is a UK camping festival for those with an inquisitive mind or an interest in making things: hackers, artists, geeks, crafters, scientists, and engineers.

This year's badges were amazing! If you want to start hacking your badge, go to this link: https://badge.emfcamp.org/wiki/TiLDA_MK3

I actually had the opportunity to give a talk on the myths and truths when it comes to hacking airplanes. Thank you all for coming to my talk! The talk was recorded and streamed live at the same time. Soon, the video will be available on EMFcamp's youtube channel if you would like to watch.

This year the event took place between Fri 5th - Sun 7th Aug 2016. The organisers found a really nice location outside Guildford. It is an awesome camping site with power to your tent (if you remembered to bring an extension) and Internet access. Tickets are approximately £120 and if you are thinking of driving down, you need to purchase in advance a parking ticket. If you have a motor-home, you are also welcome. 

EMFcamp welcomes everyone, supports diversity and does not tolerate misconduct. So, pack your tent, some warm clothes, a couple bottles of/for water, a torch, your favourite drinks and you are all set. I suggest you get earplugs as well, especially if it is windy, you wont be able to sleep. 

Plenty of presentations to watch, a few canteens with drinks and food, and many different workshops. Many different villages [2] and a lot of fun stuff to do all day long! Except from attending interesting talks and workshops, from hacking stuff, making stuff, creating music through algorithms, practising your soldering skills, lock-picking, talking to people around the world through radio broadcast, and play fire ping pong, you can also enjoy the day with all sort of people, make new friends while have a a cold drink and warm food.

There is also a kids area as well where you can let them play from 10:00 am until 20:00 pm and overseen by professional carers. 

Pick your favourite activity as you go along or plan your day in advance by looking at the schedule on the website. 

You can follow EMF camp on twitter: @emfcamp 

[1] https://www.emfcamp.org
[2] map.emfcamp.org

0x Haxors - Deck of Playing Cards (hexadecimal)

Ever wanted a #geek version of a deck of playing cards based on the #hexadecimal numeral system (68 cards)? At last, a deck of playing cards based on the hexadecimal numeral system, also known as HEX. (meaning this is a custom-made deck that has 68 cards, not the 52 standard deck). ..check this Kickstarter project out!

Then you should check this out: 

https://www.kickstarter.com/projects/gfragkos/0x-haxors-deck-of-playing-cards 

This project in order to be completed needs to place an order for a custom design (graphics included) and a custom cut for these cards. All existing playing-cards printing facilities (patterns) are made to print the normal 52 cards deck and in this case we need way more: 68 custom high quality prints and cuts. (special packaging for each deck is needed as well)

Thus, by backing this project you will help with the significant cost of placing a custom order for designing and printing this special set of cards. 
We are aiming to make the cards high quality in order to last longer when you play.

So, to summarise: 
Please note that making a deck or 68 cards, instead of the standard 52 cards, it means that even the packaging is custom-made and the cost involved is WAY HIGHER that simply changing the drawing on a standard 52 cards deck.

• Graphics (by a professional graphic designer). 
• High Quality print 
• Quality cards with clear plastic coating to last longer and fill nicer (than paper cards). 
• We want them to be water resistant as well. 
• Special Order to print 68 cards for each deck. 
• Packaging design and making to fit 68 cards. (packaging need to be custom made) 
• Staff costs to pack all these decks and ship them worldwide.

Please, help this project to become a reality!

Start Google Chrome in Incognito Mode by Default

I tend to use different browsers for different tasks, and that makes my life a lot easier when it comes to managing all the different things I have to do. From my point of view, the Google Chrome web browser is the ideal browser for its incognito mode when accessing known safe websites. 

In order to speed things up, I tend to start it in incognito mode by default. Not many people know this, but it is really easy to start Chrome in incognito mode by default. 

If you already have Chrome already installed, locate the executable on  your system. You can R-Click on your existing shortcut (i.e. on the Start menu) and choose, "Open file location". 

Format a memory card back to its original size

After using an SD card to install Kali Linux on Raspberry Pi, I decided I had to reformat it to its original size. If you try to do this using the format tool on Windows you won't be able to format your card. 

The best way to do this, if you want to use Windows, is to start the command prompt and use the diskpart command line tool. Insert your memory card and follow the instructions below.

Start the command prompt and run the command: diskpart

This will open up a new command prompt window similar to the following screen.

Raspberry Pi 2 Model B and Kali Linux 2.1 - quick setup

In order to install Kali Linux on Raspberry Pi, you will need to download the new image for Raspberry Pi 2 version 2.1 from https://www.offensive-security.com/kali-linux-arm-images/ (filename: kali-2.1-rpi2.img.xz). 

Many people want to play around with this combination of a Raspberry Pi and Kali Linux, but they do not want to waste any time figuring out why something is not working as it should. This quick setup guide is structured in a way that will allow you to streamline the process and make sure you have your Raspberry Pi up and running within a few minutes. 

[Extraction]
The .xz extension (for more info on xz see: http://tukaani.org/xz/) means that the image file is compressed and needs to be extracted. You can download the xz utilities using the command: apt-get install xz-utils 

Under Linux, in order to decompress the file you can use the command:
unxz filename.any.xz or the command xz -d filename.any.xz 

Since version 9.04 the package p7zip manages xz files and can extract them using the command: 7za e filename.any.xz

The "prediction" frenzy for 2016 in CyberSecurity and the Black Swan effect

The past few days, a number of articles have hit the web, which have as their main subject the attempt to predict emerging threats for 2016. Moreover, numerous webinars and discussion panels are being organized, mainly to express an opinion on these claimed predictions. I would like to share with the readers of my blog that this “prediction” frenzy is happening for a very specific underlying reason. 

The information security industry and more specifically the vendors, attempt to shift their value proposition once more in 2016, and make it the year of “predicting” attacks, initially from detection to prevention, and now to prediction. This is going to be the InfoSec buzzword for this coming year. 

Detection > Prevention >  Prediction 

It is sometimes annoying to see that some industry professionals (especially tied to specific vendors, as a publicity stand for quick profit) discuss/present such ideas as novel, when in reality researchers, especially in academia, have worked upon the evolution of threat assessment, and detection, many years back. Several PhD theses have been written on how intrusion detection will evolve, and even more on how unification of networkevents will address the problem of managing the vast amounts of information generated (later called “Big Data”). Also, how prevention can be effective across different geographic locations, how will this lead to “Threat Intelligence” needs, by sharing attack patterns across heterogeneous systems in real-time (including IoT), and what are the realistic expectations for predicting cyber threats, based on the abstraction of network events, and the behavioural analysis of cyber-criminals, and trends in cybercrime.

Restore Points in Windows 8.1

How to create a Restore Point:
1. Press the WinKey+X to display the system menu and click System.
2. On the left side menu, click System Protection.
3. In the Protection Settings section, click the C: (system) drive.
4. Click the Create button.
5. Type a name for the System Restore file (The Date and Time will be added automatically).


Rolling Back to a Restore Point in Windows 8.1:
1.Save your work and then close all running programs.
2.Press the WinKey+X to display the system menu and click System.
3.On the left side menu, click System Protection.
4.Click the System Restore button.
5.Click Next
6.Select the restore point you’re considering and then click the Scan for Affected Programs button.
7.If you don’t see any major problems with the restore point click Close, and then click Next.
8.Follow the instructions to save any open files, close all programs, and then click Finish.

A Weapon for the Mass Destruction of Computer Infrastructures

Disclaimer: This is NOT a weapon. This is AN EXPERIMENT. 

You MUST NOT try this at home. The tests were performed under the supervision of licensed electricians, in a controlled environment. 

I intentionally do not provide any technical details about the devices. The purpose of this blog post is not to tell you how to do this, but to raise the awareness that this can actually happen. I believe, entities should be aware of this threat and take any necessary actions to protect their infrastructures. 

Having done a number of physical security assessments over the years, I started wondering how vulnerable our computer infrastructures are. I tried to think of a way for a malicious insider or an external third-party, to target a company’s computer network and take it down by damaging it (someone who doesn't have physical access to the server room). I started thinking about this from a different perspective and I tried to approach this "question" with an outside-the-box point of view. 

Due to my experience with physical security assessments I noticed that there are many unattended Ethernet ports (sockets) everywhere around a building. These ports might not be “active” but most of the time they are connected at the far-end on a managed or unmanaged network switch. 

I started wondering what would be the effect if one tried to apply electric current on an Ethernet socket from a power socket directly. The picture on the left illustrates a cable which sends electric current (220V-250V) directly from the power socket to the Ethernet port (This is very dangerous, do not make one, and do not try to use it). In reality, such attempt is actually pointless, as it will only "toast" the device you connect this modified power cable. 

The hypothetical network switch at the other end will end up toasted in a split second and the person doing this will experience a loud bang and a bright flash, along with the smell of burned plastic at the Ethernet socket side. 

This is a very dangerous thing for one to do and not a very convenient or an effective way for taking down the whole computer infrastructure. The whole point is to manage to "fry" all the devices behind the network switch!!! (..even after the network switch is "toasted", and the circuits are burned). Also, without exposing ourselves to any danger, as it would have happen if someone have used the cable mentioned earlier on. 

Registering a .dll under Windows (solutions for 64-bit / 32-bit compatibility issues)

If you find yourself missing a .dll under the latest versions of Windows, you will have to download the missing DLL and register it in order to make it work. Also, due to the the 32-bit and 64-bit versions of Windows, you might end up with errors which you need to troubleshoot further. In this blog-post I am trying to give you a couple of hints on how to solve these compatibility issues when registering a .dll (32-bit/64-bit). 

How to force downloading/upgrading to Windows 10 on a VM for testing

I really wanted to test Windows 10 migration before I updated my Windows laptop. I decided to install a copy of Windows in a VM and upgrade that copy to Windows 10. Once I had Windows installed, I run Windows Update and got all the latest updates for my installation. But, the Windows 10 logo on my taskbar (Get Windows 10) did not appear. I restarted a couple of times just in case and run Windows Update again, but still nothing. 

Even though I could download an ISO image of Windows 10 or force the update through wuauclt.exe /updatenow, I discovered that the best way to do this is through the task scheduler which initiates the upgrade process as intended. Before you begin, you should navigate to C:\Windows\SoftwareDistribution\Download and delete all the files in that folder. 

Was I just overcharged for a free copy of Windows 10 ???

Everyone is talking about Windows 10, and articles pop out left and right informing people about the new and technically the "last version of" Windows you will ever need! Well, to rephrase that, Microsoft is presenting Windows 10 as "the last version of Windows" you’ll ever need to get. After that, you will receive regular feature updates and product improvements.

shell: command in Windows - Did you know?

I recently discovered that not many people are aware of the shell: command in Windows. Windows Explorer (not the Internet Explorer) recognises the command shell: allowing you to open specific system folders. (you can also use: shellnew: instead of shell:)

For example, type the command shell:startup in the address bar and hit Enter.

This action will open the StartUp folder which under Windows 8.1, it is located here:

C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Burp Suite - Error handshake alert: unrecognized_name

This is the first time I had to deal with this error in Burp and I was trying to figure out what was the problem. It seems there is a problem with Java which causes Burp to fail when accessing some specific websites. This is the screen you get when this particular error occurs. 

Figure 1 - Burp Error handshake alert: unrecognized_name

If you ever stumble upon this problem the solution is easy once you know what to do. As a start, make sure you have the latest version of Java installed. 

What is the process to verify a particular certification?

I recently had people coming to me asking me what is the process to verify a particular certification and if I knew of a centralised way for doing this. 

Unfortunately (or fortunately as some may say) there isn't a centralised way where you could query for a particular certification. 

For example, the PCI Security Standards Council (PCI SSC) maintain a list of all certified companies and Qualified Security Assessors which is constantly up-to-date. If you want to verify a consultant's certification the only thing you need to do is to visit this link. 

Anyhow, this blog post is intended as a reference guide to the various webpages where you can verify a particular certification. If you do know of any other or you found that the list needs to be be updated just send me a message on Twitter and I will update it as soon as possible.

Below, the certifications are listed Alphabetically according to the respective company which have issued each certificate. 

Adobe Flash Player - Keep it up-to-date

There is a big debate about uninstalling Adobe Flash Player completely from your systems or not. Unfortunately, Adobe Flash Player has been found to suffer by a number of vulnerabilities and new ones surface each other week. 

If you still want to keep flash player on your system, I suggest you change your browser* settings and make sure any flash content runs after you have authorised it by clicking on it and not automatically when you visit a web page. 

I also suggest you make sure you have the latest version of Adobe Flash Player which YOU MUST ONLY download from the Adobe website and not through any random popups or third party links. 

This is the official URL where you can download the latest version of Adobe Flash Player for your system and the browser you are using is https://get.adobe.com/flashplayer/. Please note that you need to run Windows Update in order to download automatically the latest Adobe Flash Player update for Internet Explorer. I suggest restarting your system before you run Windows Update and after you have completed patching your OS through Windows Update. 

By visiting the following link you can check if you are running the latest version of Adobe Flash Player: http://www.adobe.com/uk/software/flash/about/

* Make sure you have updated your browser (Firefox, Chrome, Opera, etc.) to its latest version before updating the flash player. In order to check if you have the latest version, run your browser, hit the Alt key from the keyboard, go to the Help menu and select the "About" option. Your browser will inform you if it is at its latest version or it will start downloading the latest version for you. 

How to initialize your brand new SSD (Windows)

If you decide to buy a new Solid State Drive a.k.a. SSD, before you can use it, you have to initialize and partition it. 

Otherwise it will seem to you that you connect the drive and nothing is happening. You can do the initialization by connecting the SSD through a USB cable (SATA to USB).

1. Attach the SSD as a secondary drive and load Windows from your existing drive.
   
2. In Windows 7 and earlier, open 'Disk Management' by right clicking on 'Computer' and selecting 'Manage', then 'Disk Management'. In Windows 8 and later, move the mouse to the lower left corner of your desktop and right-click on the Start Icon, then select Disk Management.
   
3. When Disk Management opens, a pop-up should appear and prompt you to initialize the SSD.
   
4. Select MBR (Master Boot Record) and click OK
   
5. Right click in the area that says Unallocated and select New Simple Volume...
   
6. The New Simple Volume Wizard will open, click Next
   
7. Leave the Specify Volume Size as the maximum (default value) and click Next
   
8. Select a Drive Letter and click Next
   
9. In the Format Partition screen, decide on a Volume label (the name you want to give the drive) and click Next

The drive is now formatted and ready for use.