Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

3/25/2014

Keyless Entry Tools!

Filed under: Fun Work,Life Goals,Never trust a Network Admin with a screwdriver,Review,The Dark Side,Things to Read — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:21 am for you boring, normal people.
The moon is Waning Crescent

RetirementPlanningKeyless entry tools may be a bit of a misnomer, but, technically, that’s what I’m talking about in this very special Tools for Tuesday post.

Actually, since I missed posting a tool last week, I’m going to mention several tools in this week’s post.  The difference is that these tools are all related.  Of course, all these things are related to lock picking, sometimes referred to as “lock sport” or “steel-bolt hacking”.
We’ve all seen this on TV or in the movies.  The hero, or anti-hero, needs to get into a room for some reason, only to be confronted with a locked door.  A locked door that would stop the average person, but not the hero of the story we’re watching.  Instead of being stymied by this apparently insurmountable obstacle, our hero, or heroine, simply pull out a set of lock picks with which they proceed to fiddle about with, often by the light of a flashlight held in their mouth, until the formerly locked door is suddenly, almost magically, opened.  Who among us has not wanted to be able to do the same thing?  How many times have we found ourselves on the wrong side of a locked door, wishing we had a set of lock picks with which to quietly gain entry to whatever is on the other side of said door?  And, perhaps more commonly, how often have we simply forgotten our keys, to home of office, and wanted to avoid the inconvenience of going to fetch them or find someone who could let us in?

Well, I have long wanted to be able to do all those things at one time or another.
In August of 2012, while attending DEF*CON 20, I finally got my initiation into the world of lock picking.  Or, as I more often prefer to euphemistically refer to it; keyless entry.  I spent several good hours at the Lockpick Village put on by TOOOL, The Open Organization of Lockpickers.  It was there that several very patient people taught me the basics of lock picking.  There were other opportunities to learn things like bumping and impressioning, as well as learning how to bypass locks other than the standard door lock or keyed padlock.  I haven’t had the time, or opportunity to explore those non-picking tools too much yet, but several of the tools in the photo above came from TOOOL.  TOOOL sells a fine starter’s set of lock picks and tension bars, which I bought at DEF*CON and can be purchased via their Equipment page.  You can see the two picks I use most often, and a tension tool on the right, resting on top of the TOOOL leather case.
I like these picks and tension tools because they’re light, but sturdy and relatively economical.  They also have nice sized grips which feel comfortable in my meat-hook-like hands.  It’s important that I feel like the tools I’m using to open a lock aren’t constantly in danger of breaking off in said lock, further complicating my opening of it.  These tools do that quite well, and look good while doing it.

The other thing in that photo which came from TOOOL is the progressive training locks, as they call them, though they’re really just specially prepared tumblers.  They’re in the large-ish grey thing near the middle of the photo, which I refer to as a lock picking vice, perhaps incorrectly, and which I’ll describe in a minute.  Actually, to be specific, the three training locks in the vice are the first three of a complete set of ten.  They start with a single pin in the tumbler and go all the way up to six pins in a tumbler, for the first, “normal” training locks.  The last four are a special spool-shaped pin, which is harder to pick, and go from one pin up to four pins in the “security” training lock set.  To get the entire set of ten ran me $120 before tax and shipping, but they are totally worth it.  In theory, I could have gotten ten of my own locks, stripped them down to just the bare necessities and pinned them out myself, but I can guarantee that they would not look as neat as these.  And, that’s assuming that I could find a source for the spool-shaped security pins for those last four.
I just got these recently, and I think it was just in time because my skills were getting pretty rusty!  I hadn’t touched my picks in a couple of months and found myself completely unable to pick a simple padlock that used to take me a couple of quick seconds to open.  It was mortifying!  I should note, these training locks are a little looser and easier to pick than a real-world lock, but that’s intentional.  The idea being, of course, that you need to get the feel for it before graduating to a real lock.  Incidentally, a standard padlock usually has four pins.  The average American door lock, like we normally use on houses, has five pins.  And, I’m told, that normal European door locks, like would be used on most residential doors, use six pins.  So, that’s why the training locks are pinned the way they are.  They make a logical progression of difficultly with real-world application.

When I found the Tri-Pik, as I call it, I was actually looking for something else, but I was thrilled.  The “Deluxe Adjustable Tri-Pik LOCK PICKING Holding Fixture“, as it is called on the website where I found it, is pretty fantastic.  In fact, I’d just about call it essential to my reintroduction to lock picking.
The basic idea is this; a real lock would be surface mounted in, say, a door, and would leave me both hands free to manipulate the tension tool and pick, and this tool lets you simulate that.  Without this, I would be holding the training lock in one hand, keeping tension on the cylinder via the tension bar with that same hand, while manipulating the pins with the pick in the other hand.  A fine way to learn, but not very realistic.  The Tri-Pik fixes that.  It is so named because it’s designed to let me mount up to three training locks in it at once, locking them in place via a hand-tightened set screw from below.  It’s quite a good system.  Simple, but effective, and reasonably priced at $35 plus tax and shipping.  I cannot recommend the Tri-Pik enough to someone learning how to pick locks.  It’s really, really fantastic.

Oddly enough, I found the Tri-Pik while looking for the fourth tool I’m mentioning today; the Southard Jackknife Lockpick Set.  I had seen this at DEF*CON, but I was a little hesitant to buy one, since I was flying back to Houston afterwards and didn’t want to have it mistaken for a knife and taken from me by a TSA agent.  But, now that I’m back, and it turns out the NSA has been watching all of us all along anyway, I decided to go ahead and get one of these little beauties.  Eventually, I’ll add this into my “every day carry”, so I’ll always be able to open doors, but first, I need to practice with it a bit.  Obviously, the idea is to fold it all up like a pocket knife and carry it with you, but the genius, in my opinion, is how they handle the tension tool.  It fits over the top of the folded-away picks, with one end sliding into a tight, narrow opening in the center of the main body of the tool set, using tension to keep it all together.  It works quite well and provides the amateur locksmith with a complete set of tools including; the tension tool, a long hook pick, a diamond-shaped pick, a half circle pick, a “snake rake”, an alternative rake and a diamond-shaped broken key extractor.  Add to that a really nice mechanism hold the picks in both a closed and “ready to use” position and you’ve got a great, portable toolset here for just under $40, before tax and shipping.  A fantastic deal in my opinion.

The last “tool” is really a book.  Namely, the very good lockpicking primer, The Visual Guide to Lockpicking.  I have to admit, even though I had this book long before I learned how to pick locks at DEF*CON, I found it just a little too intimidating and confusing to use before I had some hands-on experience.  Now that I do, however, I can see just how good a resource this is.  It covers the majority of mechanical locks that a self-taught locksmith might encounter and have to deal with, including tubular locks and locks with pins on both the top and bottom of the cylinder, which are both challenges I have yet to master.  While no substitute for a good teacher, this book really is a great place to start if you can’t get direct instruction and has fantastic illustrations explaining the entire process.  It’s well worth the $15 or so that Amazon.com is asking.  (And, yes, if you buy a copy from that link, I get a credit.  Thanks!)

Incidentally, if you can’t quite figure the connection between “network geek” and “lockpicking”, the answer is far simpler than you might imagine.  In the early days of computers, the best of the best were pretty much all at M.I.T.,where it is widely believed the term “hacker” originated, and, to get access to computer labs, and a place to crash while programs ran on the big, old iron that were computer systems back then, the hard-core computer geeks all became locksmiths so that they could get the tools to pick locks and never be on the wrong side of a locked door.  Or, at least, that’s what I read in Hackers: Heroes of the Computer Revolution by Stephen Levy back when I was just getting started in IT.
So, yeah, that’s a mess of tools for Tuesday this week and a peek into the crazy way my mind works.  I hope it makes up for missing last week!

2/23/2014

Flawless Victory!

Filed under: Geek Work,GUI Center,MicroSoft,Pressgram — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:37 am for you boring, normal people.
The moon is Waning Crescent

Okay, so maybe not “flawless”, but victory nonetheless.
What this is, is a screen shot of me remotely accessing my new, upgraded server, after about 11 hours of work, with a break for dinner.  I migrated the complete Active Directory server, as well as the DNS and DHCP servers.  (Which for you non-geeks means I moved all the network services that let people get to both this server and the internet.)  Trickier still was getting the print services moved to the new server.  For some very strange reason, in my opinion, the import of the exported print configuration wouldn’t work unless I had the Windows Firewall turned on for the new Windows 2012 server.  That’s just crazy to me.  Why does print services care that the firewall is turned off?  It should be able to ignore that and just go!  Damn Microsoft….  (Grumble, grumble.)

In any case, after 10+ hours of work, the upshot is that most people won’t even realize that the server was upgraded on Monday.  (At least, I hope that’s the case.)  I may still have a few issues with printing on Monday morning with some people, but, I hope, those will be few and minor.  We’ll see, I guess.  But, everything else went about as well as I could hope for.
No, it wasn’t quite “flawless”, but I was able to work it all out, so that’s good enough.
Besides, what I really get paid for, in my opinion, is not the fact that I make few mistakes, but that I make virtually no catastrophic mistakes and I can work out pretty much all of the mistakes, catastrophic or not, that I do make.
In shot, I’m very good at what I do for a living.  As a character from an old Western, “The Guns of Will Sonnet”, used to say, “That’s not brag, just fact.”

So, now, it’s off to church to give thanks for not completely fucking this up!

Published via Pressgram

2/21/2014

Weekend Plans

Filed under: Geek Work,MicroSoft,Pressgram,The Dark Side — Posted by the Network Geek during the Hour of the Monkey which is mid-afternoon or 4:23 pm for you boring, normal people.
The moon is a Third Quarter Moon

Guess who’s spending the weekend upgrading the company’s main server?

Finally after dealing with an aging server for too long, we’re upgrading.  And, not a minute too soon, either.  I have the joy of migrating Active Directory from a Windows 2003 server to a Windows 2012 server.  Not to mention, I get to migrate printing services, an iSCSI array connection, DNS and DHCP.  Wee!  What fun!

Well, I suppose that’s why I get the “big bucks”, right?  A system administrator’s work is never done!

Published via Pressgram

7/26/2013

Open Source Digital Darkroom Software

Filed under: Art,Fun,GUI Center,Linux,Review — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:55 am for you boring, normal people.
The moon is Waning Gibbous

I would imagine by now the few regular readers of this blog have figured out that I love both photography and free software.

I, personally, use Lightroom.  And, yes, I paid for it.  I’ve gotten used to it and I understand the workflow and I can get the little bit of editing I do to photos done that way.  But, I am always on the look out for software that I can recommend to people unwilling to make that kind of…
Read More

7/19/2013

Free 3D!

Filed under: Art,Fun,GUI Center — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:47 am for you boring, normal people.
The moon is Waxing Gibbous

So, this month, the theme has been free graphic software, more or less.

Well, as much as I love taking as realistic photos as possible and capturing the actual moment, I have to admit, graphic artists who start with photos and make them into more always impress me.  I’m especially impressed by those who create whole realities from nothing.  That’s one reason I backed the Kickstarter project The Tube Open Movie.  When they’re done developing this, now late, movie, the things…
Read More

2/15/2013

Color Scheme Designer

Filed under: Art,Fun,Fun Work,Geek Work,GUI Center,Ooo, shiny... — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:52 am for you boring, normal people.
The moon is Waxing Crescent

I am not a designer.

This may be painfully evident from the look and feel of this website, which, I did not code myself.  It is a WordPress-based website which, at best, I have “themed” myself, but with lots of help from code “borrowed” via Google and other sources.  In fact, there are so many code sources it would be hard to link to them all or list them all or thank them all.  It’s the way of the web, I’m…
Read More

2/1/2013

Adding Style To Your Webpages

Filed under: Art,Fun,Fun Work,GUI Center,PERL — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:23 am for you boring, normal people.
The moon is Waning Gibbous

I am NOT a designer or web programmer.

Sure, I’ve dabbled with Perl enough to be a Level 11 Perl Monk on Perlmonks.org, but I’m not really a programmer.  And I’m sure not a designer, either, even though I can appreciate really good design work.  In fact, my ex-wife used to say that I was from the “big orange button” school of design, because I was more interested in the technology behind the button you pushed on a website than making…
Read More

11/2/2012

Opensource Writing Tool

Filed under: Art,Fun,GUI Center,Linux,MicroSoft,NaNoWriMo,The Network Geek at Home — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:46 am for you boring, normal people.
The moon is Waning Gibbous

In honor of the first Friday of NaNoWriMo, I’m bringing you a free writing tool and not from my usual main site.

This week, I’m originating my regular Friday Fun Post from JKHoffman.com, where I hope to move most of my more creative work, instead of my regular Diary of a Network Geek.
If you’ve given serious thought to writing, you have probably heard of both National Novel Writing Month, AKA NaNoWriMo, and a writer’s program called Scrivener.  Personally, I’ve done most…
Read More

3/7/2012

Security and QR Codes

Filed under: Criticism, Marginalia, and Notes,Geek Work,The Dark Side — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:53 am for you boring, normal people.
The moon is a Full Moon

Do you trust everything you see?

We’ve all seen QR codes, even if we may not have all recognized what they are.  These little, square dot patterns are everywhere these days, especially in advertising.  In fact, some people have gotten so used to scanning them with their smart phones to get more information about products and services that hackers are now exploiting them.  I recently read a very interesting article on TechRepublic by Michael Kassner titled Beware of QR Codes about an exploit found in the wild, and QR code exploits in general.  The problem is, we tend to trust them, mainly, I think, because they’re too new for us to have been burned bad by them yet, and they are popping up everywhere!  Pay attention as you go through your day and see how many of these little deals you bump into.  They’re in everything from magazine ads to product labels to posters to coupons!  Even Doonesbury has run a strip with a QR code in it!

So, as you swim out there, awash in the ocean of marketing and sales that we live in, pay attention to those who might subvert your complacency.  If it’s easy for you to use, it’s probably easy for someone to abuse, just like the QR code seems to be!

2/7/2012

DNS Attacks Are On The Rise

Filed under: Geek Work,News and Current Events,The Dark Side — Posted by the Network Geek during the Hour of the Snake which is just before lunchtime or 11:14 am for you boring, normal people.
The moon is a Full Moon

DNS has inherent weakness.

In it’s current form the Domain Name System, by it’s open nature, is pretty primed for exploitation.
Some of these attacks are more obvious than others, but there are two that I find particularly troubling.  More so that I can see them being used together to really mess with a website owner.
The first of these two attacks isn’t new.  But, the fact that it isn’t new and has been dealt with before doesn’t mean that it has suddenly stopped being effective.  The attack is called “DNS poisoning” and it works by corrupting the DNS cache on a server, which then forwards those poisoned DNS records as legitimate to other, unsuspecting servers.  The end result is that the attackers can redirect traffic from a legitimate website to their own site.  It’s hard to flat out stop right now, though, once discovered, it can be fixed with relatively little trouble.  This attack was used recently against several websites who were supporting SOPA and PIPA.  Of course, since these folks were trying to make a statement, it was pretty clear what had happened, so techs were working to fix it pretty quickly.
The second attack, which I would think include the first attack at its initial stages, is sub-domain hijacking.  In this attack, the attackers redirect the sub-domain of an existing site to another location.  This is a little more subtle and hard to detect.  In this case, the attackers are looking to profit from a well-established domain by “piggy-backing” on their reputation.  They poison the DNS records to point something like Viagra.google.com to their actual website, selling Viagra, or a site filled with spammy links that redirect a potential victim to their website selling Viagra, or whatever.   This attack takes a proactive system administrator to catch.  Since it doesn’t redirect any of the main, honest, actual site anywhere, but only uses its reputation to improve their own spammy links, it’s not always obvious that it’s going on.  Regular DNS record audits are about the only way to catch this, barring an angry end-user contacting the main site.

The internet is still a wild and wooly place sometimes, folks.  The reasons the professionals get paid what they do is because, theoretically, they have to deal with all that stuff and keep us safe!  Which reminds me, I have to go check my own company’s websites and DNS records, not to mention my own!
(The title, incidentally, was inspired by the movie that helped get me into this business, Sneakers. “Cattle mutilations are up.“)

Next Page »

Powered by WordPress