Hackers Love Gray Powell

I am sure by now that all of you have heard of the next gen iPhone that was left behind by an Apple Engineer at a Redwood City bar. Heck it's now even on the New York Times. I feel bad for the guy and am a little miffed at Gizmodo for sharing his name. But now that is is already out there everyone knows him, Gray Powell. I am not interested in talking about the technology or the, "Human" situation. I am interested in, "Speed to Market".

You see, the thing that really amazes me is how fast hackers have capitalized on this Internet meme. in less than 24 hours they have created hundreds of websites to fool you into clicking on an executable that will bring your poor computer to it's knees.

Take a look at this image I saved of a Google search for Gray Powell.

Notice all the nice "This site may harm your computer" notes that Google was so kind to add?

In less time than it takes to say, "Famously Secretive Silicon Valley Computer Firm", hackers have lined up to take advantage of you.

Surf carefully young padawan.

Confusing me is easy

Sometimes I am amazed at how confused I can get over WLAN configurations. What seems so straightforward and plain to me when I am advising someone else will appear convoluted and unknowable when it is my own configuration.

Take for example my own humble home network. Over the years it has evolved from a single Apple Airport (Graphite) Base station and a laptop back in 1999 which I still own to my rather complex hodgepodge of multiple networks I have today.

Today I have 3 networks which I have re-architected many times based on my own changing needs. One for media (music and in the future, Apple TV), one for testing and one for primary wireless access.

The network used only for music (AirTunes is Apple's name for it) consists of one Apple AirPort (Snow) Base Station on my Ethernet LAN and several AirPort Express wireless repeaters scattered liberally throughout my home attached to stereos and speakers here and there. The purpose of these are, as I already mentioned, is to provide me with ubiquitous and simultaneous music. They are all on channel 1 (2.412 gHz) so as to avoid the old Sharp Carousel microwave oven which would normally destroy my listening enjoyment when it is running if the network would use channels 5 to 13 (2.432 - 2.472 gHz). Happily this network has an option set that will not permit Clients (STAs) to attach to it and in fact does not appear on my AirMagnet WiFi analyzer except as actual 802.11 packets. The APs themselves are invisible to network scanners like Netstumbler and others unless you actually do packet analysis. Lastly it is encrypted with WPA2-PSK and is configured for 802.11g only with a 5.5Mb/s muticast rate so the music will play without skips or misses as it streams from my music server.
.

The testing network changes constantly and has AirMagnet Sensors and the Meraki nodes on it. You may have seen some of my previous posts about Meraki's cloud based wireless solutions. Very cool indeed

Now onto the primary network and here is where I got confused. You see, originally this was an 802.11b/g network using that old AirPort (Snow) Base Station. However, as a WLAN engineer I felt it important to have an 02.11n network in place but was worried about interference. This would be both co-channel and adjacent channel interference from other wifi devices as well as non-wifi interference from cordless phones, Bluetooth and my dreaded microwave oven. So I purchase the Airport Extreme Base Station N.This device supported both 802.11a/b/g and Draft N standards, it had Gigabit Ethernet and a port to connect a USB hard drive for NAS. However, I was extremely disappointed to learn that this device would only work on either 5gHz or 2.4gHz not both simultaneously. I wanted both at the same time. C'est la vie. I put the AP in place and started to have issues with the configuration right away. You see, I wanted to use the older Express devices as wirelessly connected repeaters as I had the the other AP but after 2 weeks of trying I could never get them to work so I figured that Apple must want me to upgrade them to the newer N model, however I was reluctant as there was nothing wrong with the ones I had. I chose to live with it the way it was.

Luckily for me Apple introduced a Simultaneous Dual Band version within a few weeks of my purchase and I was able to exchange mine for the newer model. This turned out to cause a new problem when I noticed that it was dropping client occasionally and had to be rebooted once or twice a week. I was perturbed and figured the problem was me or my configuration. I twiddled the settings a few times and changed the firmware but had limited success resolving my issues. I did notice that the Ethernet connectors were always loose no matter how firmly I inserted them but could not positively determine if this was the issue. Also, I suspected my aging ZyXEL DSL router to be a culprit but again could not reproduce the problem to my satisfaction. I just could not believe that it was an Apple product control issue. My internal standard for Apple's Quality control was very high after years and years of experience with their products. Finally, after awhile (2-3 moths) I grew tired of trying to fix it and gave up and just informed my family to reboot the Internet Router and the Airport if they couldn't access the Internet. To quote Julia Child, "This always works."

After a few months and independent from these issues, we decided to invest in a backup solution that was more comprehensive that the piece meal attempts at backup we were doing today. The consensus was to go with Apple's TimeCapsule as I had heard from others on how well it performed. For all intents and purposes it was identical to my current AP but with internal Hard Drive and Power supply so I was a bit trepidatious but gave it the green light. We purchased the product. Configured it in about 15 minutes and replaced the Simultaneous Dual-Band AirPort Extreme N Base Station and low and behold, all my problems went away! I was amazed and decided that 8 hours was not long enough for testing. 2 weeks later it is still going strong. I had found the weak link, or had I?

I repurposed the Slightly older AirPort to my boudoir/office and never had a problem again with either connections. To this day I am at a loss to explain it. Some combination caused the problem, once separated however, the problem disappeared.

You see, sometimes I get confused.

Disposable Income??

Well here we are, half way through 2009. This year saw the culmination of, arguably, the worst financial crisis since the Great Depression. Yada yada yada. We have heard this all before.

I thought we were going to talk about Wi-Fi?

Well today I thought I would talk about disposable computers. Several weeks ago an associate of mine saw her beloved 17 inch iMac G5 all-in-one start to shut down for no apparent reason. She had Apple Care and had no problem trucking it down to the local Apple Store Genius Bar for a looksie.

They had her Mac for a week and then called and said, "you better come down here". When she got there they broke it to her gently, her mac was dead. The logic board was failing and a replacement would cost more than the worth of the unit. A few tears were shed before she realized this would mean she would need a new iMac - STAT!

So she cam home with a new improved 20 inch, Aluminum Bezel, Glass front, 2.66GHz Intel Core 2 Duo iMac .

The poor old unit sat next to the front door accumulating dust until I stripped some parts off of it and sent the remainder to the recycling plant here in San Francisco where they are used to this kind of recycling, as I am sure they are elsewhere these days.

I felt bad. Seemed like a waste.

Then I did the worst thing a husband can do to a Wife's computer. I spilled a drink on my wife's MacBook. I freaked out, flipped the unit over, yanked out the mag-safe power cable and the battery and spent the next several hours wiping it down and blowing air through the unit to get it dry. I failed, the next morning she had a host of keyboard and restart issues. She was not happy, however, to her credit, she was not super mad at me either, just at the situation.

So, guess what I did? Yep. I took the unit down to the Apple Store, where again the Genius Bar Dude said it was covered by AppleCare and that they would call us in a few days and tell us what was up. And guess what the verdict was? 800 dollars, 100 dollars cheaper than the Brand New Macbook. Worth the investment? Probably not.

Now here is where most folks would start to rail against the new disposable society. Everything from cell phones to TVs are all disposable now. Right? Wrong.

Not me. Why? Well I have a small contribution to make to help stop this madness.

I found two places that were willing, with a little effort, to show me how to take care of these problems myself. No fancy Apple Store Genius, know-it-all, Fixer Upper, dude (BTW, most of the time, they do not even do their own repairs at Apple, they farm it out). It should be mentioned that I am no stranger to this kind of stuff. Awhile back I repaired my first original AirPort Basestation by replacing a burnt out capacitor. Heck, a logic board replacement for the MacBook doesn't even involve soldering

The first site I am sharing is run by a pair of guys who were in college and decided to try and fix their Mac themselves, then they were fixing their pals computers and then, weell, they said, You do it. They started iFixit. Ifixit will sell you the parts and show you how to replace them. This, of course, voids the warranty, but, hey, you were going to throw it out and get a new one anyway, right?

Here is their story in their words

It bugged us that most consumer devices lacked repair instructions. We think it should be easy for people to learn how to fix things.



So we wrote some instructions the first chance we got. And we posted them online, for free. For the first time, it was easy for someone with no technical background or experience to take apart a Mac. Our step-by-step instructions were enabling people to repair Macs they wouldn't have been able to repair on their own.



We thought the instructions would be useful to our customers -- and they were. But it turned out that they were useful to a lot of other people as well! We've heard repair success stories from forensic detectives, field translators, and even kids. From New York to Alaska, Tibet to the Faroe Islands, people have used our guides to fix their stuff. They saved money, they kept their Macs out of the landfill, and they did it completely by themselves.



And the amazing thing? They enjoyed doing it. It's fun to take stuff apart. It's interesting to see what's inside that magic iPod you carry around every day. It's gratifying to fix it with your own hands. Don't believe us? Try it! Fix your Mac yourself. Show a friend how to fix something.



We're all in this thing together, and if we work together we can fix the planet. Join us.

Neat! And they are helping the environment while making a good buck or two in the process. Oh, and not just Macs, Nintendos, Palm Pre's, iPones and iPods, and even bananas

Next up, I found there guys, The Powerbook Medic folks. Theyare similar to iFixit in that they sell parts and show you how to fix stuff. They also will fix it for you (for a reasonable fee) and they also have video tutorials on YouTube

Lastly, they have made their own Mac Tablet PC from an old MacBook - it looks pretty sweet

The total cost to fix my Wife's Macbook now looks to be around $250-$350. A far cry from the $800 plus I was quoted to do the same thing by the Apple Store. Don't get me wrong, AppleCare is awesome. It has saved my bottom so many times. Well worth every penny, but aside from that, do we really need to be tossing out so many electronics in this day and age?

So it turns out you do not have to chuck out that pretty awesome Apple MacBook after all. I am sure there are sites for Dell, Toshiba, Gateway, Sony and homegrown BYO (build it yourself) FrankenPuters and others as well. A quick google search shows you that anyone can do this kind of repair.

Oh, now, how I wished I could go back and get that iMac G5.

UPDATE!

We finally got the MacBook back from Apple and now it will not boot. It booted before, just had crazy keyboard shenanigans. Now, Dead.



So now we have to move forward with the plan. I will update as I do it.

The Myth of the Self-Monitoring WLAN

Recently, as you all probably know by now, Duke University had a WLAN meltdown. The CIO, Tracy Futhey (Comment here) and the assistant IT director, Kevin Miller (Comment here) have put to rest the notion that the Apple iPhone caused it. Cisco has issued an advisory to the effect and Apple assisted in the effort.

I am not going to go into the details of what happened or why. Suffice it to say that mobile handhelds of all types, not just iPhones, send a lot of ARP traffic and the Cisco infrastructure was not ready for it. The quote at Network World explains that, "The advisory finally makes it clear that the iPhone simply triggered the ARP storms that were made possible by the controller vulnerabilities. Any other wireless client device, moving from one subnet to another apparently could have done the same thing."

What I will point out, however, is the problem we in the Wi-Fi community have today with the following simple delusion, "Your WLAN infrastructure as a cohesive, integrated, single-vendor solution is all anybody needs. It is self monitoring and self healing." I talk to a lot of people about which WLAN solution they are going to purchase and implement and I am always surprised by how many believe that the AP and controller vendor has all the answers. Don't get me wrong, I am a huge fan of this type of solution. Central management is critical for even medium sized organizations of 50 or more APs, much less larger ones that may a few hundred or even thousands. Manually changing the configuration of each AP is not a viable solution in these cases. The Admin needs assistance. And the story sounds so great, "Implement our solution and it will fix itself when it breaks and protect itself when security policies are breached." Who wouldn't want that?

But the truth is a little more complicated. As we have seen from previous posts, sometimes the solution doesn't behave the way your business practices need. Similarly, sometimes there are security problems within the infrastructure itself. So what to do?

This will sound like an advertisement for the company I work for and I apologize ahead of time but there is a very good reason I continue to work there. Mainly, I believe in the message.

When the Duke network went down and the Assistant IT director looked at his WLAN infrastructure dashboard, what did he see? I have not spoken with him directly but my guess would be it said, "hey man, it ain't me. Everything looks good from my end" So what did he do? he pulled out a sniffer and got to work. With packet traces in hand and assistance from Cisco and Apple he solved the problem. Did the infrastructure fix itself? Did it correctly identify the problem and solution? No. A patch is now needed to keep this from happening again.

One should not blame the infrastructure for not getting this right at the outset nor should one blame Mr. Miller. He was correctly reading what the controllers were telling him. But it shows how important it is to have a separate, 3rd party solution also available to get down to the bits and bytes or even spectrum analysis (if the problem should be something other than 802.11 protocol madness.)

There are a few great WLAN security vendors out there and they make 3rd party, best of breed solutions for monitoring the security of your WLAN (one of which recently got snatched up pennies on the dollar and will probably be rolled into another integrated, self-healing, self-monitoring role; against my better judgment.) There are an even smaller number who both monitor your security and your connectivity and performance and give you great troubleshooting tools built-in (insert shameless plug here). These should be your trusted advisor's when things go wrong. I am in no way suggesting that they would have identified the problem and cause and given a solution at Duke either (although I think they at least would have shown alerts for denial of service and strange traffic behavior.) What I am suggesting is that with them in place you now have a set of tools to assist in solving the problem. Remote packet and/or spectrum analysis. Alarm thresholds that can be set by the admin and will continue surveillance. Reports. System-to-system notifications. Graphs of speed and traffic type. Lists of who is connected to what and how. All the things you would need to get to the bottom of any problem in that invisible Luminiferous Ether.

---

RFID Tags for Apple devices. Wi-Fi Enabled Apple Remote, iPod and Other Peripherals

While setting-up wireless Wi-Fi network in your home now is much easier then it was few years ago, configuring all devices and establishing sufficient security protocols can still be pain in the … for average user. Now Apple has a solution how to make everything easy, automatic and secure - RFID tags.

The idea, described in Apple’s patent “RFID network arrangement” is simple. Put RFID transceiver into a network wireless base station such as Airport Express or Airport Extreme and put RFID tags on other devices that you want to connect to Wi-Fi network.

All network configuration information, including communication parameters, SSID info, radio channels, encryption keys, etc; can be stored in the base station. When RFID enabled network device is brought in to close proximity of the base station, RFID transceiver collects this information and writes it to read/write RFID tag on the network device. When this device is turned on, it reads configuration data and security keys from RFID tag and establishes secure network connection.

That’s it. From a user stand point - you just bring you Macbook within a feet of your Airport Express and the network is set up. You don’t even have to have a Macbook on at the time. RFID info to the tag can be read/written without additional power source. Then you turn your laptop on and it’s already on the network.

RFID tags also solve the problem of how to connect various “dumb” devices that don’t have appropriate user interface (like screen or keypad) for easy configuration:

• This may be the final piece in the puzzle to make Wi-Fi iPod a reality. Put WI-Fi chip inside, add RFID tag and that’s it. You take your iPod to your base station and then turn it on. Your iPod is another device on the network. Of course, passing Wi-Fi synchronization data to the iPod was already technically possible. But RFID tags make the process so much easier.
• One of applications mentioned in the patent is Apple Wi-Fi Remote for:
  

  “… controlling the operation of the iTunes music software provided by Apple computer… Such a remote control might have buttons for a variety of playback-oriented functions, such as play, pause, skip forward, skip back, volume control, etc, but such a device might not include an alphanumeric keypad or display device suitable to allow configuration of the device to operate over a wireless network. Using the teachings herein, such a remote control could be configured merely be bringing it into proximity with the computer or network base station…”

• Extending your WI-Fi network. You can have RFID transceiver on Airport Extreme and RFID tags on Airport Express. Then you just sync them and plug Airport Express where you need extended Wi-Fi coverage.
• Wi-Fi enabled network printer and any other peripheral. Again, put Wi-Fi chip in it, slap RFID tag on, sync. Your printer is another device on the wireless network

Looks like Apple did it again. The basic idea is so simple and obvious in hindsight, yet it opens so many new possibilities that there will be lot of people wondering “Why didn’t I think of that earlier”.