Dump Google.

Google shows its true colors, and removes “don’t be evil” from the code of conduct. It’s time to dump Google.

For years, Google’s been the good guys of the internet. They’ve provided great services without showing a single stick up their customers collective asses. But when they decided to go to bed with the Pentagon war machine, those of us with an ethical backbone started to feel a tiny tingle in the pooper. I covered the utterly moronic decision in the post You Might Be Helping Pentagon Train Killer Dones back in March.

Even Google’s own employees thought playing with Pentagon was a bad idea, and several thousand of them petitioned the company to end the so called Project Maven. About a dozen employees even quit the company in the wake of information about the project surfacing. But that’s a tiny drop in the vast ocean that is Google. With its 85,000 employees, a dozen resignations don’t make a difference.

Now Google has decided to go full anal fist instead, removing the well-known “don’t be evil” from its code of conduct. For me, this is a clear sign the once beloved company is heading in the wrong direction.

It’s time to dump Google.

Continue reading "Dump Google."

How to install Nextcloud on NETGEAR ReadyNAS.

Once there was ownCloud. Now there is Nextcloud. It’s time to install Nextcloud on NETGEAR ReadyNAS.

If you’ve followed my 5-year-old guide How to install Owncloud on a NETGEAR ReadyNAS, you might have noticed that the ownCloud desktop client has complained about an unsupported server version for some time. ownCloud on your ReadyNAS server has been stuck on version 6, while the rest of the world has moved on to version 10. Unfortunately, the ownCloud version in the NETGEAR package repository has not been maintained, and upgrading using ownCloud’s own mechanisms has not been possible. ownCloud itself has also been through some rough times. In 2016, its founder, Frank Karlitschek, left the company, citing “moral questions”. Karlitschek went on to found Nextcloud, which is a ownCloud fork, and the file hosting software we will install now.

My particular ReadyNAS model is the 102, which uses an ARM CPU. There is no Nextcloud package in the NETGEAR package repository. This means that getting Nextcloud up and running on my ReadyNAS 102 would involve a lot of compiling, troubleshooting, and general hair pulling. Not ideal for a guy like me with a receding hairline, and I’d probably use a lot of my precious spare time that I’d prefer to prioritize differently. That’s why I’ll take the path of least resistance this time, and turn to someone who’ve gone through all those hoops already: Say hello to RNXtras.com.

Continue reading "How to install Nextcloud on NETGEAR ReadyNAS."

We Need to Toot About Mastodon.

Is Mastodon the silver bullet, or yet another social media dud?

First of all, we’ll have to clarify one thing. This post isn’t about the American heavy metal band Mastodon. It’s about the social network Mastodon. You’d think that the creator of Mastodon (the social network) would to at least a little research before picking a name, but apparently not.

With that out of the way, let’s get on with it.

The internet is great. It makes it incredibly easy to for us to connect, share, and educate ourselves. It’s also a place where trolls breed and feed, and hate is amplified. The anonymous nature of the series of tubes that is the internet often brings out the worst in people. There are few things that will make you lose faith in humanity faster than reading comments on a random, high-traffic site on the internet.

Historically, any lack of anonymity has restrained the trolls to a certain degree. And life was good. But with the rise of social media sites like Facebook and Twitter, we’ve seen that some people really don’t need anonymity to go absolutely nuts. They’ll write and share whatever they think about race, sexual orientation, global warming, and other heated topics. This has turned many social media sites into very hostile environments, and people are looking for alternatives.

So wouldn’t it be great if there was a Twitter, but without all the hate and hostility? Mastodon tries to be just that, but can it succeed?

Continue reading "We Need to Toot About Mastodon."

Defeating PoisonTap (and Other Dirty Tricks) with Beamgun.

Late last year, a neat little device called PoisonTap surfaced. With it, anyone can easily steal passwords, credit card numbers and other sensitive data from any computer – even when it’s locked. But hot on the heels of PoisonTap came its antidote: Beamgun.

PoisonTap takes advantage of Windows’ and OS X’ inherit trust in devices connecting to USB and Thunderbolt ports. A lot of different devices can be connected to these ports. Keyboards, mice, printers, scanners, storage devices, and network cards. Just to name a few. Both Windows and OS X will happily activate whatever device is connected without asking the user if it’s OK. Even if the computer is locked. Because if someone has physical access to the computer, they always have good intentions. Right? Wrong. It’s a terrible assumption to make, and one PosionTap takes advantage of. A better assumption is that everyone who has access to a computer has malicious intentions.

When connected to a USB or Thunderbolt port, PoisonTap quickly registers itself as a network card, and effectively becomes a man-in-the-middle (MitM) on the computer. As a MitM, PosionTap can intercept all inbound and outbound network traffic.

Continue reading "Defeating PoisonTap (and Other Dirty Tricks) with Beamgun."

PoisonTap – The $5 Tool That Steals All Your Stuff.

A while back I wrote about the WiFi Pineapple, a wonderful little device that can be used to “audit”1 wireless networks. The device makes it surprisingly easy to act as Man in the Middle (MitM), a technique used by hackers to effectively steal all your passwords and credit card numbers. The cheapest version of the WiFi Pineapple, the Nano, costs just shy of $100. Not a lot of money, but it’s a bit too much for me to spend on a device that can’t be used for anything cool without breaking more laws than I can count. But now there’s a new toy available that does many of the same things as the WiFi Pineapple: PoisonTap.

Price tag? Around $5.

PoisonTap also plays the role as the MitM, but there’s a big difference. While the WiFi Pineapple hijacks wireless networks, PoisonTap needs physical access to the computer you wish to audit. Because of that, it’s easy to dismiss PoisonTap as pretty useless. It’s hard to get physical access to an unattended computer, isn’t it? No, it’s not. If you’re working in an office environment, simply take a look around you at lunch time. And if you have access to a conference center or a hotel, take a look inside. I bet you can find an unattended computer within minutes.

Another reason you might dismiss PoisonTap as worthless, is the size of the delivery vehicle. The version of PoisonTap demoed by its creator, Samy Kamkar, runs on a Raspberry Pi Zero. While the Zero is small, it’s not exactly invisible, and not hard to spot. But the PosionTap software doesn’t have to run on a Raspberry Pi, it’s possible to install it on even smaller computers. Both LANTurtle or USB Armory are viable options. Not too easy to spot one of those connected to the back of the workstation tucked under your desk, is it?

On top of that, the PosionTap doesn’t have to be connected for long. Just leave it plugged in for a minute or two, then pull it out, and walk away. The target computer is now infected, and a persistent backdoor has been installed.

Continue reading "PoisonTap – The $5 Tool That Steals All Your Stuff."