Jump to content

Thomas

Members
  • Content Count

    2,103
  • Joined

  • Last visited

Everything posted by Thomas

  1. Thomas

    Single P4 3.4 or Dual Xeon 2.8

    Yeah, the PE 1800's are not quiet. You can tell when it's starting up, and when it's generating heat. 2U racks and larger are generally not going to be quiet.
  2. One thing that may explain why your copper looked like it was a lot less is that the 70% stuff looses it's braiding really quickly.
  3. Thomas

    Single P4 3.4 or Dual Xeon 2.8

    Yeah, the P4 3.4 can handle it with some power to spare.
  4. Thomas

    Single P4 3.4 or Dual Xeon 2.8

    Which ever is cheaper. Might even look at a P4 2.8 .
  5. Thomas

    Laptop wont shut down

    http://www.knoppix.org/ It's a live CD, so you boot, give it a moment and you have a working system that is working from the ram rather then the HD. So you can have Win XP installed, put a live CD in, reboot and you're in Linux. Remove the CD and reboot and you're back in Win XP with out the drive having been touched. It's great for diganostics like troubleshooting hardware.
  6. Thomas

    Laptop wont shut down

    Kind of a long shot, but try a linux live CD and see if that can turn it off.
  7. Thomas

    Sun with a Rainbow around it

    It's a humity effect.
  8. You can, the BIOS by generally by default will turn off on board video if a video card is presant.
  9. Thomas

    Backing up 4GB

    Rory, I've run into the Nero won't work/ XP burner will problem before. Nero has a fix on their website.
  10. Pelco's tech support is pretty good too.
  11. Yep, the signal being sent is straight serial, the converter is just changing the wires. If you want to get real cheap, you can wire it directly to the serial port. Pelco's D protocol is well documented.
  12. Thomas

    Point Of Sale Interface

    Depending on the POS system you can easily grab the data. Most large scale POS systems are SQL based, or some sort of database. IBM used to (not sure if they still do) make a number of terminal POS systems. For the Linux types who wondered who is still using SCO's flavor of Unix, you find them in a lot of larger POS systems. The problems are that the people who want POS are not using these larger scale systems. They also tend to have the least time to use that data.
  13. In the US it is legal to buy knockoffs, under the theory that the buyer has no way to know it's a knockoff. Selling a knockoff generally falls under trademark infringment.
  14. Thomas

    DigiFlower Demo Site

    No-ip doesn't have the popup.
  15. Thomas

    BIOS PASS

    Depending on your perpsective, it can be alot of fun or a night mare to reset. The Toshiba laptops keep thier CMOS batteries in a nice hiden area. The fastest way to reset any Bios password is to remove the CMOS battery. This will blank the BIOS settings.
  16. Thomas

    Geovision advisory

    The web app has been extremely secure so far.. SQL isn't designed for security and we strongly recommend not exposing it directly to the net ever.
  17. Thomas

    Geovision advisory

    This came in via the bugtraq mailing list a few days ago. I have debated back and forth about if to post this. This primarily applies to verison 6.04 and 6.1. 7.0 has a feature to protect against this vunerablity, but it is not turned on by default. I would like to point out that the gentleman who posted this followed proper ethical guidelines for when this was posted. Geovision was contacted, and a suitable embargo period to allow them to fix it was allowed for. He waited to post this one month after 7.0 was released. There is proof of concept work in here. That is standard for software security reports. In the spirt of open disclosure, I do work for a company that competes with Geovision. I am not attempting to defame thier product, as I have pointed out version 7.0 does fix the problem. From: Tirath Rai [mailto:tirath@esqo.com] Sent: Monday, May 09, 2005 8:18 PM To: bugtraq@securityfocus.com Subject: Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues Esqo www.esqo.com Security Advisory Advisory Name: GeoVision Digital Video Surveillance System – Multiple authentication issues Release Date: 10-05-2005 Application: GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 Platform: Microsoft Windows Severity: Sniffed credentials can be replayed or descrambled to view live and recorded CCTV footage, also unauthenticated access to still images Author: Tirath Rai Vendor Status: Vendor alerted - details below Reference: www.esqo.com/research/advisories/2005/100505-1.txt Overview: The GeoVision Digital Video Surveillance System is a PCI card based digital video surveillance range for Microsoft Windows platforms. The GeoVision system is expandable to support POS, Central Monitoring Station and License Plate Recognition Systems. The GeoVision system is in use in commercial and residential installations worldwide. Multiple issues exist revolving around poor authentication mechanisms. These issues allow sniffed authentication credentials to be reused as-is or descrambled to allow the discovery of the original password. In certain configurations still pictures from security cameras can be viewed without providing any authentication. GeoVision client software is used to view live and recorded video from a GeoVision system. These clients may be used to authenticate a user over an untrusted network, perhaps a wireless LAN in an airport lounge or coffee shop. In such an instance GeoVision credentials can be captured and replayed (or descrambled) to allow access to digital video surveillance system footage. Details: First issue - No authentication required When the GeoVision software is set to create JPEG images for use via the JPEG Image Viewer it can be seen that no authentication is required to view the JPEG images. Using GeoVisions own demonstration as an example the following URLs can be used to access images. This is true even for servers who specify that a username and password is required for authentication. In the current GeoVision demonstration only a username is required to access footage. This method works on GeoVision 6.04 or 6.1 systems which are configured to create JPEG images. It will also work on GeoVision 7 systems which are not configured with the 'Enhanced Network Security' feature. This is understood to be the default setting. http://webcam.geovision.com.tw/cam1.jpg http://webcam.geovision.com.tw/cam2.jpg ... http://GeoVision/cam[1-16].jpg Esqo was informed by GeoVision that the issue is known and that future GeoVision documentation will make this issue plain to those wishing to use the JPEG Image viewing facilty. In the version 7.0 documentation this is not made plain to the user. It is our belief that some version 7.0 installations may be vulnerable due to users not being aware of this. Second issue - Plain text authentication During the authentication phase using the live playback client it was seen that the username part of the authentication component is passed in plain text. In this partial dump taken using tcpflow the username is seen to be 'gvUser'. Here is a partial network dump of an authentication attempt - --------------------- Network traffic sniffer --------------------- 192.168.105.136:01187-192.168.105.130:00514: .... 192.168.105.130:04550-192.168.105.136:01186: RDY. 192.168.105.136:01186-192.168.105.130:04550: ..7d6a6666636e.gvUser. 192.168.105.130:04550-192.168.105.136:01186: ... 192.168.105.136:01186-192.168.105.130:04550: 2. ------------------------------------------------------------------- This testing was performed with GeoVision 6.04, 6.1 and 7.0. Version 7.0 was tested with the 'Enhanced Network Security' feature off, this is understood to be the default. Our research shows that a simple transformation of the password based on hex values for ASCII characters is used to scramble the password. This scrambling is simple to do in reverse, as seen in the example below. Sniff from network - this dump is interpreted with tcpflow. --------------------- Network traffic sniffer --------------------- 192.168.105.130:04550-192.168.105.136:01186: RDY. 192.168.105.136:01186-192.168.105.130:04550: ..7d6a6666636e.gvUser. 192.168.105.130:04550-192.168.105.136:01186: ... ------------------------------------------------------------------- Here we see the username 'gvUser', still in plain text and the scrambled password '7d6a6666636e'. In order to go to the from the scrambled string to the original password a few simple steps are performed. Split the string into pairs of hex strings 0x7d 0x6a 0x66 0x66 0x63 0x6e Each pair represents one character in the original password, so this scrambled string is for a password of 6 characters Iterate through the pairs subtracting a number from each pair starting with 0x6, for the first character as there are 6 characters in this password. 0x7d - 0x6 = 77 0x6a - 0x5 = 65 0x66 - 0x4 = 62 0x66 - 0x3 = 63 0x63 - 0x2 = 61 0x6e - 0x1 = 6d Then use an ASCII table to translate into characters 0x77 = w 0x65 = e 0x62 = b 0x63 = c 0x61 = a 0x6d = m So the original password was 'webcam'. This issue is encountered for all the authentication options below- Mpeg4 Encoder Viewer 56kMpegView0.htm LanMpegView0.htm MultiView.htm Remote Play Back PlayBackX.htm Emap Emap.htm For the JPEG Image Viewer (JPGLogin.htm) the authentication credentials are passed using the HTTP POST method completely in plain text. Scrambling is not used - see below. --------------------- Network traffic sniffer --------------------- 192.168.105.130:34707-192.168.105.136:80 POST /password HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, */* Referer: http://192.168.105.136/JPGLogin.htm Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: 192.168.1.5 Content-Length: 37 Connection: Keep-Alive Cache-Control: no-cache id=gvUser&pwd=webcam&send=Submit ------------------------------------------------------------------- Here the id= value is the username and the pwd= value is the password. Vendor Response: After Esqo initially notified GeoVision in Dec 2004 the issues were explained and received due care and attention. The issues were first noticed on version 6.04 they were confirmed on version 6.1. We were informed that version 7 would include strong authentication in order to resolve these issues. GeoVision version 7 was released in April 2005. Upon testing this new release the issues are still seen though they can be mitigated by using a newly added 'Enhanced Network Security' feature. It is understood that the 'Enhanced Network Security' feature is not enabled by default. Recommendation: If you have a pre version 7.0 GeoVision installation it is recommended to authenticate only over trusted or private networks. If you have a version 7.0 GeoVision system it is advised to enable the 'Enhanced Network Security' feature, newly introduced in version 7.0. This feature is said to utilize RSA encryption. GeoVision version 7.0 documentation does not inform system administrators of the risks they face if they do not enable the new 'Enhanced Network Security' feature. Company Information Esqo is a UK based IT security firm with worldwide reach, we have performed successful engagements across the UK, Mainland Europe and the Middle East. Esqo provides a range of E-risk identification and management services. We strive to minimize exposure to risks while maximizing the business benefits of IT systems. Esqo has been retained by TACGuard (www.tacguard.com) as its lead IT security partner. TACGuard is a UK based digital CCTV specialist. Together we aimed to verify the GeoVision system before it was deployed by TACGuard in commercial installations. It was during this collaboration that these issues were discovered. This advisory is created in accordance with the Full Disclosure Policy (RFPolicy) v2.0 available at http://www.wiretrip.net/rfp/policy.html Copyright © 2005 Esqo. All rights reserved worldwide.
  18. Thomas

    DigiFlower Demo Site

    Rory, try using No-ip.com. They have a port redirection options.
  19. Bah, pringles can for war driving.
  20. Thomas

    New GeoVision GUI coming very soon....Finally

    The USB dongle still cracks me up. Grabbing the driver/firmware and faking it in software will be trival for the companies that pirate Geo.
  21. Generally a Yagi is too big for war driving. If you're just crusing around looking for open APs then you usually don't need a big antena.
  22. Thomas

    Cannot Get Rid Of Login Screen

    Just one warning, the ASPNET account is used as a sandbox for ASP.Net programs. It's generally only installed if IIS is installed and running. So some web based apps may not run correct, or may become security risks.
  23. The registry key I posted. If you aren't familuar with the registry, then you may want to try Tweak UI from MS.
  24. Thomas

    Interesting read

    Except when you enter industries with more oversight (Osha, EPA, etc) you're more likely to get nailed for undocumented workers. I'm not saying they aren't working in sweatshop factories, but a real factory isn't going to have some one who's payroll taxes they can't account for. And Wal-Mart will close stores before they go Union. They have already done it in Canada. The econemy of the US is not a closed system. Calling for bans/tarrifs/embargo's of forgien imports is foolish.
  25. Thomas

    Interesting read

    Except that very few real factories will hire illegals. Sweatshops yes, but they tend to be in violation of so many laws that what is one more? Most illegals are working menial labor. Construction seems to be the exception from the rule. Oh and Wal-Mart likes illegals for cleaning staff, but they will shut down a store before they accept a union.
×