Skip navigation

Monthly Archives: November 2014

Thank you to everyone who reached out to me, helped spread the word, helped re-tweet, and did things I don’t understand on the Facebook, something of which I am not a user. ¬†ūüėČ ¬†Extra big thanks to Heidi Potter whose exceptional efforts in spreading the word came to the attention of some other hacker friends elsewhere in PA. ¬†Their cat has been lonely ever since her companion bunny rabbit in the house passed away. ¬†They reached out and so lovingly offered up a home for Chico and Mouse Face.

The actually process was nothing short of a catastrophe, thanks to the badly-managed and logistically broken SPCA here in Pennsylvania.  Despite making all arrangements with the Philadelphia office to have the cats held and waiting for their new owners on Friday, things went awry.  The new folks were driving all the way down from the Poconos to meet me in North Philly at that SPCA office when I learned that, with NO explanation, the cats had been MOVED many hours away.  So, abruptly and after having almost made it to Philadelphia, they pulled off the road, I spent time on the phone, and we tracked down the cats like prisoners who had been mistakenly lost somewhere in the DoC network.

In the end, we all arrived at the Danville, PA SPCA and it was so dysfunctional that over an hour passed before things could be completed. ¬†The administrative “do not adopt out” holds that had been placed on the cats’ files could not be removed, then the staff kept attempting to attend to¬†dozens of other odd tasks at the same time, and even (surreally) a farmer and his wife came in and started trying to talk to everyone present about a sheep theft from their¬†farm. ¬†This was a case of over-worked staff trying hard to do “everything” at the same time and ultimately doing nothing at all in the process. ¬†Eventually, we took matters in to our own hand and took the carriers back to the holding areas and sprung Chico and Mouse Face from their cage. ¬†They were so scared.

This is the most morally-conflicted part of the tale for me. ¬†I mean, I love the SPCA and the work that they do and I am SOOOO grateful for the organization’s No Kill policy, but let’s face it… it’s kind of a hell hole back in those holding areas. ¬†There are just row after row of huge barracks of cages. ¬†All the animals are stirred up and constantly yowling and yapping and howling. ¬†It’s really like some sort of awful jail to them, where everyone is shaking and unsure of what’s going on. ¬†Chico immediately ran into my arms when I popped the lock on¬†his cage. ¬†Mouse Face was initially hard to find… he had hidden himself beneath all of the bedding and cushions in the cage.

In the end, we got them secured and finished all the paperwork, petting them the whole while…

IMG_20141205_175701

IMG_20141205_175708

IMG_20141205_175751

And, many dollars in fees later, my friends were taking them home.  Getting a photo sent to me later that evening showing my pair of cats resting comfortably and undisturbed on nice chairs like regular pets set my heart glowing and lifted a tremendous weight from my shoulders.

cats home

Despite all its logistical failings (and the stories we heard from staff and patrons while waiting were manifold… Transport services often moves animals incorrectly, people lose paperwork, medications are handled incorrectly, etc etc etc) the SPCA is a wonderful organization and deserves our support.

And, of course, if you are thinking of bringing a new pet into your home… please consider adopting from shelters or other services where animals without homes are waiting for you.

Thank you.  And thank you to all my friends who helped make this one of the best Holiday Seasons ever for me.

Much love to you all.

– — —–[ ORIGINAL POST]—– — –

As some folk who know me are aware, I¬†am the owner of two adorable and friendly cats — Chico and Mouse Face — who deserve more love and attention than I can provide at this time.¬† When it was me and my then-girlfriend, someone was always around.¬† Then it was just me, plus other housemates from time to time.¬† Now‚Ķ it‚Äôs just me.¬† And I am out of the area (and out of the country) more and more every month. ¬†My time is becoming divided between D.C., Montana, Europe, and the Middle East.

 

chico 01

Chico

Because I am¬†spending as much as half of my time overseas for the foreseeable future, it was undeniable that this¬†was not fair to the cats or to any friends whom I would ask to look after them when I‚Äôm away.¬† I was¬†forced to seek a new home for them where people were¬†around more often and they would¬†not get so lonely. ¬†One friend pitched in for a while, because he shelters animals with no place else to go. ¬†In his tiny 2-bedroom house he was caring for 5 cats but still agreed to give Chico and Mouse Face a good home. ¬†This arrangement was imperfect, but for the past few¬†months it’s been what we had to do.

mouse face 01

Mouse Face

 

Now he is forced to take on an 85-lb Labrador pup because of an owner who was urgently called out of the area on a legal matter.  The situation at his place reached a breaking point, and my cats had to move on.  After trying for weeks and weeks to ask anyone whom I knew, it was clear that we were out of options.  With the dog deadline day looming, the hardest thing I can recall doing in my life was to take Chico and Mouse Face to the SPCA and offer them for adoption.  The PA SPCA has a no-kill policy and Good Home Guarantee if the pets meet proper health and personality criteria.  Many medical tests, many fees, and many tears later, they were being accepted back to their new cat condo in North Philly.

Because they are a pair, that means they get a little more space at the shelter.  But it might also be harder to place them.  So I am turning to the Internet for help.

 

kittens 01

 

These two cats are both almost 8 years old and from the same litter.  They squabble on occasion but always make up soon after.  They are both fixed and have clean medical histories.  I will supply their new owners with treats, toys, and also their hardware.  What hardware?  Well, these two cats use an automated feeder that dispenses their servings at the right time of day and a water fountain that recycles and cleans itself.  My buddy also still has their pet carriers.  All you’d need to provide is love.

If you are from anywhere in the tri-state area or even as far north as New York or as far south as DC, I would totally make it cost-neutral for you to¬†adopt these two lovely, lost souls. ¬†I will cover all fees at the SPCA, help you with mileage to and from here, and even take you out for a meal (I’d want to do that anyway, to get to know you.)

If anyone in the hacker or tech community is willing to open their home to two little animals who need more love than I can provide, I can’t say what a difference that would make for my Holiday Season. ¬†It’s all I want for Christmas.

Please feel free to email me anytime… deviant@deviating.net

 

 

I’m totally not above trying to play on your emotions here. ¬†So allow me to just say: here are my two cats looking up at you, hopeful that your home would be right for them…

IMG_0002

IMG_0001

And I’d like to tell you a little bit more about them. ¬†Chico loves to explore in order to¬†find new places to investigate…

2012-03-22 16.05.34

… and Mouse Face loves to explore in order to find new places to sleep…

2012-02-12 15.05.32

… Chico likes to sleep, too. ¬†But his favorite sleeping spots tend to be under covers (see the white feet sticking out)…

2012-01-16 14.36.21

… some of Mouse Face’s favorite spots are boxes…

2012-01-24 13.04.21

… but what cat doesn’t like boxes? ¬†Chico also appreciates them sometimes…

Chico in a Box

… Mouse Face always gets told how¬†a brave and well-behaved he is, even on trips to the vet…

2012-10-05 15.36.00

… but mostly these two just like to lounge and stretch out and spend their day sleeping. Next to people if possible, but on any soft surface is all they ask…

2012-11-07 8.06.29

… well, that and tummy rubs. ¬†If you see this inviting pose…

2012-02-23 13.58.50

… then you shall know immediately what time it is!

2012-06-11_07-55-01

Please let me know if you think you have extra belly rubs to give to deserving cats this holiday season.  Thank you.

In mid-November, Twitter follower Kevin Anderson asked me about a firearm lock box product called the GunBox.  Every now and then, because of my general interest in teaching and presenting about firearms and gun technology folk will reach out with such questions.  Often, the safe and lock box inquiries come my way because of a presentation I gave at DEF CON 19 regarding the relative security (or insecurity) of many popular firearm lock boxes.

According to the manufacturer’s¬†web site, the GunBox “has cutting edge technology, state-of-the-art design, and incredible features that make safely storing firearms with quick access a reality” and it is “the ideal way to Defend Responsibly.” ¬†As you will see from the analysis below, while the GunBox is as effective as any other low-cost firearm lock box (most of them retail in the $150 – $300 range and the GunBox is within this zone, albeit on the higher end) at preventing a toddler from accidentally laying hands on your gun and having a terrible accident, it¬†is not at all suitable for long-term storage or for deterring criminals or even curious teenagers.

The staff who monitor the GunBox’s Twitter account were not keen on discussing how their hardware functions, but it becomes apparent from the moment that you open up this unit how their lock (and also the bypass/override method) works. ¬†Honestly, this is the first thing you see when the lid is open. ¬†I didn’t even have to take the internal compartment apart or pull back any rubber or plastic elements. ¬†Because the bypass method is so painfully obvious, I do not have any real ethical qualms with¬†documenting it here. ¬†The manufacturer is more than adequately aware of how this works and (it would seem) has no plans to¬†change how this feature (or “vulnerability” depending on your point of view)¬†¬†is implemented.

 

Amazon has this item available via Prime shipping, so the unit actually beat me to my house.  I ordered it a couple of days before flying home from the Persian Gulf and it was there when I arrived.

gunbox01

Upon opening the unit, one immediately can see the latching mechanism that keeps it shut when closed and locked. ¬†There is a small peg with a metal cone on its tip¬†sticking up from the base…

gunbox03

… and this peg interfaces with a pair of sliding metal plates in the lid that form a hole which can expand and contract via spring pressure…

gunbox04

 

As the lock box¬†can be closed just by¬†pressing the lid shut, one can immediately discern that the metal plates slide apart simply by any force acting upon them. ¬†The lock and circuitry mechanism is not needed to cause them to move…

gunbox05

gunbox06

 

As mentioned by the GunBox folk on Twitter, the unit ships with a small hex head Allen key which can be used to bypass the main locking mechanism and open the box if other methods fail to work. ¬†While the conversation they had online was intentionally vague, they attempted to indicate that the Allen key¬†was¬†simply¬†“the tool that is used [to access the bypass¬†hole]” and they went on to state that “the manual override is not that simple.” ¬†This is patently false.

Yes, the hex head¬†bit is used to remove¬†a small set screw in the bottom of the box, exposing the bypass hole. ¬†After that, however, the same exact tool is inserted and simply wiggled from side to side. ¬†That is all. ¬†That’s the entire attack. ¬†The shaft of the Allen key interacts with this small slot on the metal plates…

gunbox07

When we opened up the box and look at this, you can see that we figured it out in seconds. ¬†The following video (which was Take One of the whole analysis) shows the process unfold. ¬†Not only did we figure out the attack in short order, but it was trivial to perform. ¬†It took me about 15 seconds to seat the handle of the Allen key in the correct slot the first time, then 5 seconds later the box was open. Subsequent attempts took under 10 seconds total. ¬†It’s a process of (1) insert, (2) rock the handle of the tool toward you and therefore angle the inside tip of the tool rearward, (3) find the bypass slot in the metal plates, (4) press the tool to your right and therefore disengage the upper plate which moves to the left inside the box, (5) press the tool to your left and therefore disengage the lower plate which moves to the right inside the box, (6)¬†the box is open.

.

(If for any reason that video becomes unavailable on YouTube, I’ve also uploaded it here on Vimeo)

 

There were quite a few things that I found disturbing about this whole process…

1. This entire bypass process was monumentally trivial to discover and to perform.  The fact that anyone could speak of this as though it were some massive secret is astonishing.  The bypass hole and the slot in the plates where it is performed are immediately visible to anyone operating the safe or even just glancing at it when it is open.

2.¬†There is no evidence at all that¬†the bypass is used. ¬†The safe doesn’t appear to have any logging functionality if the latch is released manually. ¬†The small set screw could be secured with a tamper-evident seal (although, as The CORE Group¬†will tell you, tampering with security seals is often¬†a very valid attack vector, as well)

3. The unit does not alarm if the lid is made to open up without any valid credential or token associated with that event. (For instance, by bypassing it.)  There is no reed switch or contact switch to tell the GunBox if the lid is open or closed.

4.¬†In general, it was surprisingly hard to actually set off the “tamper” alarm at all. ¬†I could not tell what manner of conditions cause it to beep, but as you can see in the video a lot of jiggling and banging did not set it off. ¬†Apparently, only totally tipping the unit vertically seemed to cause the alarm for me. ¬†Maybe I was doing something wrong.

5. The fingerprint reader and RFID tag appeared very unreliable in their operation. ¬†Again, I’ll leave it to GunBox to respond… maybe I was making too many repeated attempts with fingerprints and mis-reads of the RFID tag and this caused some kind of delay/timeout period to trigger. ¬†In general, however, I would most assuredly NOT trust my safety or my family’s security to this unit during a tense situation when a firearm was needed quickly.

6. The RFID technoloy used looks highly clone-able. ¬†Babak is still in the Gulf for another week, but once he gets home we’ll test the RFID tokens out with his ProxMark. ¬†I’ll wager dollars to doughnuts that these RFID credentials have zero protection against cloning and copying. ¬†That will constitute Part Two of this review and analysis.

.

Beyond all that, the unit appears to be your run-of-the-mill firearm lock box. ¬†It is spacious enough to store one (or more) pistols or revolvers of adequate size…

gunbox08

gunbox09

gunbox10

… and I even hit on an interesting phenomenon:¬†when I had two of my H&K pistols in this box together, they obscured and occluded the bypass hole and made it unfeasible to perform the manual override opening technique…

gunbox11

… of course, given how shaky the fingerprint and RFID readers were on the GunBox that I¬†was testing, I don’t know how wise it is to lock up any valuable pistols with the override disabled. ¬†ūüėČ

Honestly, though, if I were forced to choose between a lock box that offered almost no protection versus a box that was unreliable but had no bypass¬†opening, I’d probably go with the latter. ¬†Were I to own a GunBox, I’d use some ThreadLock (the red permanent kind, not the blue light-duty variety) on that little set screw and feel a lot better about the unit. ¬†But that’s if I were somehow forced to use this. ¬†In the end, my plan will be to let my buddy tinker with the RFID controls, then box it all back up and return it to Amazon. ¬†The folks at GunBox have stated that they “do¬†not¬†want everyone knowing the manual override” but I can’t imagine how anyone would predict this information not becoming public. ¬†They have taken utterly no steps to obfuscate or protect the bypass feature. ¬†Ultimately, of course, security engineers know that the best way to prevent details of a backdoor in your system from becoming public is to not design a bypass¬†in¬†your security in the first place.

Personally, I’m very happy¬†with my MicroVault and LockSńÄF products, since I’ve modified their manual override locks for greater protection and robustness against attack. ¬†And that’s just for times when I need a quick-and-simple solution in my home or my car for carry pistols. ¬†Essentially ANY small firearm lock box tends to be something designed first and foremost to prevent little hands from causing a negligent discharge and then –only secondarily– to guard against some forms of basic quick theft attempts. ¬†Small firearm lock boxes should NEVER be though of as guns safes and they should not be considered a means of housing and storing¬†valuable firearms in a permanent way. ¬†Only my daily carry pistols are kept in small lock boxes. ¬†My main collection all resides in heavy-duty Liberty safes at the various homes where it is housed.

That’s just my two cents. ¬†Feel free to do your own testing and do whatever you feel is right and best for you and your loved ones. ¬†Stay safe out there!