Guitar Hero Pedal Fix

My cat chewed through the cable of my Guitar Hero World Tour bass pedal. While there is a cheat code that automatically plays the pedal as required, and thus lets me continue playing, it does mean I can’t earn any cash for playing songs. And with replacement pedals selling for $50 on eBay I couldn’t bear to buy a replacement. I could call Red Octane and try for a warrenty repair, but it’s really hard to explain how a cut cord is a manufacturing defect. So, I repaired pedal, and took photos in case anyone else has the same problem.

Good News

So I got word today that the Navy has decided to let me stay in, despite my pacemaker. This is good news. Who wants to lose thier job two days before Christmas?

Overcoming a DNS Attack

Last summer Kaminsky outlined a flaw in DNS that could be used to make DNS cache poisoning attacks easier. The public comment period for the introduction of DNSSEC has ended, but it hasn’t been implemented yet. This weekend, I found myself unable to visit Yahoo! services when all the DNS entries came out wrong. Was it a DNS poisoning attack, or just a misconfiguration? I don’t know, but I wasn’t about to spend Sunday without my live Fantasy scores updating. Here’s how I worked around the problem, and how you could “fix” an attack against your favorite servers, too.

Open Source Investigation

No matter how hard I try, I cannot seem to convince some people just how powerful open source research is. Google is your friend, I say. Unless you’re trying to hide something, of course. But RJMetrics has put together a great demonstration of what you can discover by searching the Internet, and how he did it. It’s very enlightening, and hopefully inspiring enough to get you to solve whatever mystery has been bugged you lately.

Correction: WPA not cracked, merely fraying

In an update to yesterday’s post, it appears the new exploit doesn’t actually allow recovery of TKIP keys, but does allow decryption of shorter packets. Decryption of packets doesn’t sound too useful, but it does still allow injection of small downstream packets. Small downstream packets include… DNS and ARP messages. So while the exploit itself remains pretty much useless, it can provide that little hole to insert the lever of poisoning. The fact remains that users of WPA are vulnerable to attack. More details here.

The root source of the exploit? While WPA2 requires AES, WPA doesn’t require it… meaning DES is still in the standard. Whoops.