WJD

by William Davis

Software Developer, BBQ Enthusiast, Soldier, Parent.

Read this first

BentBox.co Security Concerns

Please note that as of this writing, the majority of the problems discussed below have been addressed by the BentBox.co team. I will point out that they were fairly responsive and thankful for the issues that I presented them.

However there are still some of these problems that exist on their site.

On or around June 25th I discovered several security issues with the website BentBox.co. This website provides a platform for photographers and other artists to sell their work. I reached out to a well known security researcher whose name I wont mention until I get permission.

Following that individuals guidance I contacted the folks at BentBox.co where I provided them with the details of my findings. Over the course of the next few weeks we emailed a few times.

Below are the details of my findings.

 BentBox.co vulnerability

 Overview

Cookies are used to store session information. The

Continue reading →


Motorola Surfboard Hack

So I just found the article here:
http://thehackernews.com/2016/04/hack-modem-internet.html

That describes an CSRF attack to reboot, or worse, factory reset your cable modem. I wanted to see if my SB6121 was also vulnerable.

I quickly browsed to:

192.168.100.1

and was greeted with this screen:

2016-04-11_23-54-32.png

So I dug into the configurations page and found this:

a.png

So? I clicked it (REBOOT that is). And within a few short moments my modem rebooted…. Ok yep that worked.

So I put together this test:

curl 'http://192.168.100.1/reset.htm?reset_modem=Restart+Cable+Modem' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://192.168.100.1/cmConfigData.htm' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36' --compressed

(Actually I

Continue reading →


BitTorrent VPN

Since doing this project I’ve discovered NetworkManger’s dispatcher.d scripts. I’m currently working on a follow-up article using them.

 Backstory

I recently spun up a new Ubuntu instance (VM) to serve as my dedicated Bit Torrent client. I have an older Dell server that runs Virtual Box, which is what I’m using as the host. The Dell server also hosts my Plex instance. The main motivator behind the dedicate BT client was the Plex instance. A few friends and I share our libraries and they were constantly telling me my Plex server was unreachable. This was b/c I use a VPN service, PrivateInternetAccess.com to mask my use of bit torrent from the world. The problem was that Plex isnt reliabley reachable behind the VPN. Sometimes I could tweak the port and get it to work, but the solution was always short lived.

 Requirements

A few requirements for my final product:
-The VM should auto

Continue reading →


Pork Ribs 2/22/16

I wanted to do some pork ribs in much the same manner that I did the last pork butt. I’ve never injected my ribs before and I thought this would be a good week to try it out.

 Ingredients

 The Meat

1 Rack St Louis Style Pork Ribs

 The Injection

  • Apple Juice Concentrate (Frozen)
  • Cinnamon
  • Garlic powder
  • Salt/Pepper
  • Cumin
  • Red Wine Vinegar (half cup)

 The Rub

  • Mayonnaise
  • Light dusting of Most Powerful Stuff - Amazon
  • Light dusting of Zero to Hero - Amazon

 Wood

Cherry Chips - Amazon

 Sauce

Blues Hog Original - Amazon

 Smoker

Masterbuilt Electric - Amazon

 Process

  • Remove the membrane from the underside of the ribs
  • Rinse and dry the meat
  • Inject, make sure to saturate the meat on both sides.
  • Coated the ribs with a light mayo covering
  • Dusted the ribs with the combination of rubs
  • Smoked at 270 for 3 hours uncovered, no water bowl.

 Results

These ribs were pretty good. They

Continue reading →


Superbowl Pork Shoulder

Date: February 7th 2016

The Superbowl pork shoulder was iconic for a couple reasons:

  • Smoked shoulder of the year
  • It was the best one to date

tldr;

17# shoulder smoked over Cherry @ 270 for 5 hours - wrapped and placed in oven for 2 hours.

Anyway here is the quick ingredients list:

  • 17# pork shoulder (Costco) - $34

Injection

  • Apple Juice Concentrate (Frozen)
  • Cinnamon
  • Garlic powder
  • Salt/Pepper
  • Cumin
  • Red Wine Vinegar (half cup)

Rub

  • Light dusting of Butt Rub. - Amazon
  • Light dusting of Most Powerful Stuff - Amazon
  • Light dusting of Zero to Hero - Amazon

Wood

Cherry Chips - Amazon

Smoker

Masterbuilt Electric - Amazon

Process

Start this one by give the shoulder a good trim. Removing excess outer fat etc. It was a boneless shoulder, which I do not prefer, but, it was decent looking.

Next was a rinse and dry, just run the should under water and rub it down, removing

Continue reading →


Just want my Netflix and Chill

Its been a rough evening. I’ve talked to ~7 different “support” folks at Netflix, and 1 Person from Comcast.

It all started when I tried to watch some Netflix:

From there things just escalated…

I admit it. I got carried away

At one point I was on 3 chats and a phone call with Netflix. Im Sorry.

But seriously why are they asking me to do a DNS Flush? I’m hoping somebody can learn me on this one. What does Flushing my DNS Resolver Cache have to do with Netflix perceiving my connection as being a VPN.

Anyway it just kept getting worse:

Continue reading →


Why the story of Russia and Turkey just doesn’t add up

Cross Posted from a write-up I did on medium.com

According to an article published on the NYTimes the stories coming out of Turkey and Russia are not meshing very well (shocking).
The image below outlines the flight path of the shot down aircraft from both Russia (red) and from Turkey (purple).

styled-plane-path-map-720.jpg

According to the map the section of turkey that was violated is ~2mi across.
Keep that figure in the back of your head — 2 Miles.
The aircraft that was shot down was an SU-24

Sukhoi_Su-24_inflight_Mishin-2.jpg

According to WikiPedia. The SU-24 is a
“…supersonic, all-weather bomber aircraft…”
According to AxleGeeks.com the SU-24 has a Cruise Speed of 710 knots — That’s 817.053 MPH. Not to say that it is incapable of slower flight. According to the same website the average military jet is capable of an average cruise speed of 560 knots — Or 644.436 MPH.
Lets assume the jet was traveling at the slower, average speed of 560

Continue reading →


Using Moq to override calls to App.config

The other day I was working on a new implementation in our product to re do logging. I’m taking us from a custom File Writer to using Log4Net wrapped in a Facade.

To make this transition a bit smoother, and allow us to roll back to the old style if something breaks, I also implemented a Factory Pattern to provide the correct logger based upon the current App.Config settings.

To clarify, we are using Ninject for DI, and usually I would use the DI container to inject the correct implementation. However, we are also using the NinjectModule interface to setup bindings at runtime, based upon a compiled assembly. So instead, I’m using DI to inject the factory and it can provide the correct implementation.
I’m sure there will be countless opinions both ways here, but its convenient and makes sense in our project

I had sketched up my interfaces and got ready to write unit tests, when I

Continue reading →


Teensy Duino - Auto Login

Teensy 3.1 auto login sketch

I recently got a Teensy 3.1 and have been looking for little projects to do.

This is a quick one that I wrote that, when plugged in, automatically logs me into my computer.

It uses the basic keyboard emulation to send keys to the computer, typing in my password.

It uses 3 char arrays, with the letters/numbers properly offset so that its easy to send the proper int to the usb_keyboard_press function

char keysLower[31] = "0000abcdefghijklmnopqrstuvwxyz";

char keysUpper[31] = "0000ABCDEFGHIJKLMNOPQRSTUVWXYZ";

char nums[68] = "pppppppppppppppppppppppppppppp1234567890";

You call


  writeWord("Mywordtowrite");

here is the function - it just loops through each char and calls the proper write method

void writeWord(char sWord[])
{
  int i;
  char *p;
  p = sWord;
  for(i = 0;p[ i ];i++)
  {
    if(isNumber(p[ i ]))
      writeNumber(p[ i ]);
    else

Continue reading →


Bacon 2.0

 Bacon

Who doesn't love bacon

I mean seriously, its one thing that most everyone (sorry-not-sorry vegans / veggies) can enjoy. But how do you make bacon better than you get in the store? Well you make it yourself of course!

I was first exposed to this idea when my neighbor, Matt, smoked a pork belly about a year ago. It was incredible, Thanks Matt! About a month ago I decided to take my first crack at the fatty smoky goodness. I found a whole Pork Belly at Earth Fare up the road from the neighborhood. I’ve always been a big fan of their meats. I went ahead and purchased the whole belly, it was pretty entertaining watching the cashier trying to ring it up. Later that weekend I smoked that bad boy and we had bacon for a couple of weeks.

Naturally I wanted to up my game a bit more the 2nd time around. So last Thursday I bought a whole belly like last time. Only instead of just

Continue reading →

Subscribe to WJD

Don’t worry; we hate spam with a passion.
You can unsubscribe with one click.

sCvVyj1Bhe3XkFDXbbL
ssl yes