Posting a screenshot of your desktop is the cool thing for geeks to do apparently.
It’s Ubuntu 8.10, no big surprise there. I’m using the “Dusk” theme with the proposed background for the next Ubuntu. I really like it.
Archive for February, 2009
The weekend I Kayaked to Anclote Key. Here is a picture of us unloading our Kayaks! (Not me in the picture)
We Kayaked 4 hours to the north end of Anclote Key. Here the the google maps link.
We camped overnight on the night of Valentines day. How romantic right?
And here is Cody inside the tent looking cutsy:
And if you have Google Earth, here is a link to a path I made of the trip: anclote-key-trip 
And if you want to use Google Maps, here is a link to the arial photo.
I suppose I come from a… short line of engineers. My father used to work for Paradyne which was gobbled up by At&t, and is now owned by Zhone.
But back in the day they worked on “Terminals“. You know, back when “Computers” has a gazillion serial ports and the “Terminal” was the box that had a monitor and keyboard which parsed the 300baud green text? Yea neither do I…
But I’ve read about such times, and I know about the history of my xterm and picocom programs. They emulate these devices. Such devices that my Dad (Richard Anderson) designed! It is good to know your roots. Amazing:
Link to the Original Patent (uspo.gov)
A couple of years ago, a large list of phished Myspace accounts was leaked on the internet.
I stumpled upon them and ran a very simple analysis. Check it out:
root@a:/# cat myspace.hackedlist | cut -f 2 -d : | sort | uniq -c | sort -n | tail -n 20
14 qwerty1
15 123456a
15 babygirl1
15 blink182
16 123456
16 123abc
16 iloveyou2
17 football1
17 nicole1
18 number1
19 password
23 myspace1
24 fuckyou1
28 iloveyou1
28 monkey1
29 fuckyou
54 abc123
74 password1
The file was in the form of “Username:password”, so the first part of that command “cuts” the second column, with the colon as the delimiter. Then it is piped through sort, which sorts the list alphabetcially, then the uniq -c command, which counts the number of times that a word shows up, then I sort it again to get the most freqent passwords, and tail the last 20 lines.
It is interesting to see that a lot of these passwords just tack “1″ on to them. And of course blink182 was all the rage back then aparently…
Take a look at some wireless keys that I’ve collected from some Verizon FiOS installs around Tampa:
00-18-01-EA-3D-99,E3X12,6,WEP,1801349FCA
00-18-01-F0-6D-C4,NAMX2,1,WEP,18014B311F
00-18-01-F0-95-78,MWXV2,11,WEP,180149FF66
00-18-01-FD-4F-0E,R0LC7,1,WEP,1801BC5C6B
00-18-01-FE-15-46,JE2K7,1,WEP,1801C1B02B
00-18-01-FF-DF-DD,HH150,1,WEP,1F900396C5
00-1F-90-E0-B1-F8,3RA18,6,WEP,1801CDF4AF
00-1F-90-E0-B5-AC,OQ838,6,WEP,1801CF5700
00-1F-90-E2-7E-61,7WY20,6,WEP,1F90021D27
00-1F-90-E3-1E-90,C7WA0,6,WEP,1F9007C188
00-1F-90-E3-2E-07,DJP80,6,WEP,1F90063349
00-1F-90-E6-A7-D5,BJ2Z0,11,WEP,1F9018F797
00-1F-90-E6-D4-E3,RSHZ0,4,WEP,1F901944DB
What you are looking at here is MAC, SSID, Channel, Encryption, Key.
Notice that they are all WEP, 64bit, with 5 Alpha numeric SSID’s.
I want to emphasize that these are the defaults, and only geeks, nerds and the like change the defaults. 
Here is a typical type of router (actiontec) that does this:
Take a real close look at two of the examples:
00-18-01-FE-15-46,JE2K7,1,WEP,1801C1B02B
00-1F-90-E2-7E-61,7WY20,6,WEP,1F90021D27
Notice the relationship the MAC and the key have. Let me split up the bytes for you:
00:18:01:FE:15:46 - 18:01:C1:B0:2B
Verizon, or Actiontec, or someone is setting the first byte of the 40bit key to the second byte of the MAC of the unit. And then they are setting the second byte of the key to the third byte of the MAC!
You can look on the list, and this is mostly the case, there is some overlap on the OIDs. (sometimess it is 1801, sometimes 1f90) Why is this useful? Well if you know it is a FiOS install, you have already decreased your “64bit” key to a real “40bit” key, and you already know 16 bits of it, so you only have to crack 24 bits. This is insane. This is like guessing 3 letters.
The way to use this is with the Aircrack-ng program. Capture some packets, and use the -d option to tell it what the key starts with.
aircrack-ng -d 1801 stupid-fios.cap
You will get the key in No time! Silly Verizon, you didn’t think we would notice you weren’t using constructed (not random) keys?
Have FiOS yourself? Want to share your MAC and default key in the comments?
