About

This is the homepage for James Brokaw. I'm a Lieutenant in the United States Navy, currently stationed in Washington State. I'm a avowed snow lover, part-time ski instructor, and year-round backcountry enthusiast. The header photo was taken of me atop Cowboy Mountain. Other hobbies include hacking, juggling, and generally being geeky.

This page exists primarily to serve as a homepage and link list for my web server, but it's set up as a blog, and I'll post interesting thoughts and ideas here.

Tag cloud

Archives

01 Nov - 30 Nov 2008
01 Oct - 31 Oct 2008
01 Sep - 30 Sep 2008
01 Aug - 31 Aug 2008
01 Jul - 31 Jul 2008

Links

Log into Hedgie
Hedgie Photography
Hedgie Photography Blog
Ladyhedgehog's Web
Waiting for War
Alpha Centauri on Linux

Links off Hedgie:
Slashdot
Quadradius
Hack A Day
Beermapping
GovTrack


Search!

Search for words used in entries on this website

Last Comments

Tim Williams (Open Source Inves…): Looks like CAUSS.org solv…
LordHedgehog (What is a Hacker?…): L – Yes, they’re going to…
Lady Hedgehog (What is a Hacker?…): Oh, dear Gods of Print! …
L Towles (What is a Hacker?…): I’ve been looking forward…
L. Towles (Chapter One Relea…): My quick impressions – th…
Lady Hedgehog (Chapter One Relea…): More! Please? As I sai…
The Swamp Fox (Hedgie.com gets a…): Hey, Hedgie, looks good. …

RSS Feeds

XML: RSS Feed 
XML: Atom Feed 

Overcoming a DNS Attack

Sunday 30 November 2008 at 12:53 am

Last summer Kaminsky outlined a flaw in DNS that could be used to make DNS cache poisoning attacks easier. The public comment period for the introduction of DNSSEC has ended, but it hasn’t been implemented yet. This weekend, I found myself unable to visit Yahoo! services when all the DNS entries came out wrong. Was it a DNS poisoning attack, or just a misconfiguration? I don’t know, but I wasn’t about to spend Sunday without my live Fantasy scores updating. Here’s how I worked around the problem, and how you could “fix” an attack against your favorite servers, too.

(continue down this rabbit hole)
| No trackbacks | No comments Used tags: ,

Open Source Investigation

Sunday 09 November 2008 at 01:28 am

No matter how hard I try, I cannot seem to convince some people just how powerful open source research is. Google is your friend, I say. Unless you’re trying to hide something, of course. But RJMetrics has put together a great demonstration of what you can discover by searching the Internet, and how he did it. It’s very enlightening, and hopefully inspiring enough to get you to solve whatever mystery has been bugged you lately.

(continue down this rabbit hole)
| No trackbacks | one comment Used tags:

Correction: WPA not cracked, merely fraying

Friday 07 November 2008 at 10:34 pm

In an update to yesterday’s post, it appears the new exploit doesn’t actually allow recovery of TKIP keys, but does allow decryption of shorter packets. Decryption of packets doesn’t sound too useful, but it does still allow injection of small downstream packets. Small downstream packets include… DNS and ARP messages. So while the exploit itself remains pretty much useless, it can provide that little hole to insert the lever of poisoning. The fact remains that users of WPA are vulnerable to attack. More details here.

The root source of the exploit? While WPA2 requires AES, WPA doesn’t require it… meaning DES is still in the standard. Whoops.

| No trackbacks | No comments Used tags: , ,

WPA Cracked. Film at 11.

Thursday 06 November 2008 at 8:48 pm

Encryption isn’t measured in terms of “secure” or “non-secure,” at least by professional cryptographers. There’s exactly one provably secure cipher, and it’s such a pain to use you’ll rarely see it at all. Everything else is broken in time, either through advances in computing speed (brute force method) or mathematical breakthroughs. WPA has joined the ranks of the mathematically broken ciphers… sort of.

(continue down this rabbit hole)
| No trackbacks | No comments Used tags: , ,

Linkdump