Category Archives: security

Bash script to easily sign multiple PGP keys

Posted by on 21 October 2011 11:16 No comments

The project this week in Computer Security (CS 465) deals with secure email. Everyone in the class generated a PGP key, and we had a “key-signing party” in class. Everyone identified his or her PGP key ID and showed two forms of identification to prove ownership.

The second part of the key signing is done by each person individually. It requires downloading each key, verifying it, and signing it. This can be a tedious process that consists of four gpg commands:

gpg --keyserver pgp.mit.edu --search-keys user@email.com
gpg --fingerprint user@email.com
gpg --sign-key user@email.com
gpg --keyserver pgp.mit.edu --send-key KEY_ID

Typing those is obviously a pain, so I wrote a bash shell script to automate them. I also added a grep-like command that extracts the KEY_ID from the fingerprint output so I don’t have to read and type it in manually. The whole thing loops infinitely until I press Ctrl+C. Here’s what it looks like:

“Pre-crime” being developed by Homeland Security

Posted by on 10 October 2011 22:42 No comments

CNET reports that the Department of Homeland Security is developing a technology to predict intent through monitoring behavioral changes.

This could be used for all sorts of benign things, like a police officer approaching your car and knowing whether or not you were about to do something rash—he can brace himself before you get too close. The article also cites uses in high traffic events or at border crossings where behavioral analysis can aid in law enforcement.

One can’t help but wonder about the privacy implications this will entail. DHS has said that the system doesn’t store any personally-identifiable information about individuals, but it does require that information to function. Hopefully this system won’t garner the same omniscient status as had the pre-cogs in Spielberg’s film. But even in that case, this system, as any computer system, could be exploited in myriad ways. The technology is only useful within safe, reasonable limits that respect our privacy and agency as human beings.

Convenient security flaw in BYU network authentication

Posted by on 17 February 2010 13:01 No comments

My 54 Mbps NetGear router

A few months ago I purchased a Netgear wireless router for my dorm room at Brigham Young University. It’s just a simple, low-end router, but it does the job. And I recently discovered an interesting way of using this to get around BYU network authentication procedures.

In the past, any user connecting to the residential network was required to authenticate about once a week with their NetID (a personally identifiable username on the BYU network) and password. This had to be done through a web browser (a process with which I disagree, but that’s a topic for another post). The system would record the MAC address or something and use that to link all network activity originating from that address with that NetID. In this way, BYU network security analysts have a way to pin down any suspicious activity to a responsible person.

That is still in force, but starting this month a new layer of security is being added. All Windows computers connecting to the BYU network are required to have (a) the most recent operating system patches from Windows Update and (b) an approved, up-to-date virus protection program. Note that this only applies to Windows computers. Macs and Linux boxes can get onto the network with just a NetID and password.

BYU has had these security measures on their campus-wide wired and wireless networks since last fall, but this is the first time these measures are being implemented in the residential wired network.

This is where it gets interesting. Enter NetGear router.

My router manages the laptops that my roommate and I use (which are connected to it via Ethernet), as well as my iPod, my Palm Pre, and any of my other roommates’ computers (via the router’s wireless). The two laptops on the Ethernet have Linux or Windows (or both), my iPod is recognized as a Mac, and the login page doesn’t know what to call my Palm Pre. Of all of those, the Windows side of my laptop is the only one the network authentication will quarantine for virus checking.

Because the router assigns private IP addresses (192.168.1.x) to all the devices connected behind it, the only thing the BYU network ever sees is the IP address it gave my router through the DHCP. As far as the network can tell, I have only one device connected.

Because of that, I can run through the network authentication using my Linux box, or my iPod, or even my Palm Pre. None of those are required to have anti-virus or the latest Windows updates. That clears the way for me to connect any virus-infected, out-of-date PC to that router, and the network will never know the difference.

Brilliant. Network security circumvented.

Of course, everything that goes onto the network through my router will be linked to whatever NetID I used to authenticate it. So that still leaves me in charge of making sure nobody does anything stupid through my router.

I don’t know if there’s any way for our beloved network administrators to fix this (rather large) hole in the system. But until they do, my router will carry on connecting anyone and everyone I authorize, regardless of whether BYU thinks them fit for the network.

Spyware for law enforcement; the TSA; and programmers in the real world

Posted by on 18 July 2007 17:18 Comments Off
  • The FBI recently used spyware through MySpace to track down a bomb threat. The software logged the Windows user’s online activities and gave the FBI the information they needed to track him down.
  • A very interesting read about one person’s run-in with the Transportation Security Administration and their dislike for his “not sold in Wal-mart” homemade devices.
  • What must computer science graduates do once they’ve earned a degree? Learn to be good writers, no matter how good they are at coding. Pure brilliance isn’t always obvious to the CEO–you have to learn to write well, too. UPDATED: Thanks, Dr. K! I misinterpreted your post. I hope this is better.