Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the twentyfifteen domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/sunapi386.ca/wordpress/wp-includes/functions.php on line 6121
sunapi386's Blog – Page 19 – Hacker/scientist/entrepreneur.

TCP 32764 Backdoor

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
TCP 32764 Backdoor
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
by Jason
Jan. 24, 2014
AKA Rooting Routers for Fun
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Firstly, I apologize, this is a little dated, but I think it is extremely interesting and worth sharing about. Unlike most other security related articles that just document an attack and tell the story in the past tense -this is an active, vulnerable, exploitiable backdoor.

About a month ago, a backdoor was discovered[1] on a Linksys WAG200G router. There is a process that listens in on port 32764, and it allows free access to many hosts on the internet. No patches are available, as this is an older router that is out of maintainence. The backdoor doesn’t have any kind of authentication and allows some very dangerous commands[2], like giving access to a remote root shell, dump wifi, PPPoE creditials, and file copy! It’s unclear as to what caused this backdoor, only that the program is in thefirmware itself. This vulerability is interesting because it’s currently active and people are just figuring out how to systematically attack it[4].
Continue reading TCP 32764 Backdoor

Internship and curiosity

I’ve been on internship since September, and I’ve not had this feeling for a while. Not since when I was on vacation in August and finished reading the entire course materials for CS 458 Security! I was wondering how to get it back… reflecting back to my exam cramming days, where I’d be up till 3 or 4 am and in a trance, studying. I thought coffee/tea/energy drinks would help get this kind of concentration, but it doesn’t. This kind of concentration is rare, and magical. I think it stems from curiosity!
Continue reading Internship and curiosity

Five year vision

I’m reading up on amateur radio licenses. I’ve always been curious about it, I’m planning to get a radio set – and talk to other people. Similar to the way it was done in the movie Contact. I’m fascinated by space, and radio is one of the things the space shuttle predominantly uses to communicate with earth. Also the thought of being able contact with aliens is nice – however unfeasible.
Continue reading Five year vision

Accessing VPN

Discovered this great free VPN service called spotflux – it is so easy to use. On public networks, every website you visit can be tracked – VPN tunnels your traffic to spotflux servers. Though – the price you pay is having ads getting injected into unsecured html (http).

For example, there is a black rectangle. For me, it looks like this (with adblock enabled):

mywebsite

Continue reading Accessing VPN

Hackers & Painters: Big Ideas from the Computer Age

I’ve just completed a book, Hackers & Painters: Big Ideas from the Computer Age by Paul Graham.

I thought it was very articulate, it feels like he is giving a talk, so it was easy to follow and understand. It’s a relatively non-computer-science friendly, though some parts of the book were rather technical. The chapters didn’t necessarily follow one another, so each chapter felt like reading a separate essay. As a result, the book overall didn’t flow well. Individual chapters reads great, each with its introductions, arguments, and takeaways.

Several things in the book that caught my attention:
Continue reading Hackers & Painters: Big Ideas from the Computer Age