It has been a very interesting week, wrestling with uploading Raspberry Pi OS images and trying to tame the bugs in Fedora 25 for Pi. But we’ve got downloadable images here!
To keep the numbers manageable, I’ve set this up so that you can sign up as a student here (use the Register link above), then you’ll get access to the link and instructions.
Our School for Hackers Linux running Fedora 24 with the Security Spin (or Security Lab), on the other hand, is stable and highly useful for teaching security testing. I started using the FSS quite a while back rather than turning students loose with the bazooka that is Kali, and at this point I’m building my lessons for use on School for Hackers Linux.
Let me say for the record that at the moment, Fedora 25 for Pi is “beta” in the strictest sense: It will boot. Almost everything else takes manual bashing as root, from networking to shutting down. I made it run, and got it stable, but I can’t in good conscience turn this OS image loose in the wild. People could get killed.
Compressed, the S4H Linux F24 images are 3.7GB and 4.6GB, but that still makes for some ugly uploading from my end. Downloading, on the other hand, might be slick.Comment here on your experience: downloading it, imaging it, and using it. Let’s make this a sweet cyber security teaching OS. Thanks –
From Hackaday comes this interesting article about the Internet of Things, which will inevitably lead to a few terrible ideas, what they call the “Internet of Wrongs.” What would you think of a device that sends out Wake On Lan packets to every device on your network? Or how about a little “de-auth” box that kicks everyone off the local WiFi?
Well, these things would be very bad ideas. In the US, the FCC would swoop down on you in black helicopters. But wait, there’s more: read the comments on this page to find links to a couple of wonderful “make everyone reboot” tools. I’m sure that wouldn’t be annoying at all, though it would certainly be a minor felony – so don’t do it.
What you should do, however, is think about how some devices intended to be useful might in fact do some pretty terrible things:
Massdrop (www.massdrop.com) is a group-buy website located out of New Jersey where people commit to buying a product. Once enough people commit to buying the product, the price begins to drop. After the drop has ended, Massdrop will place an order with the manufacturer. Massdrop has several different “communities” that it uses to list like products in the same area. A few of these communities include: Everyday Carry for knives and useful tools that you can keep in your pocket, Audiophile to suit your listening needs, and Tech for gadgets like a Raspberry Pi or other devices. Those are just a few of the (currently) 13 communities that Massdrop has to offer.
Each product has different requirements for the total number of people needed in order to get the discounted price. When the chair first “dropped” or came available for purchase, it was listed for $399.99. As more people purchase the chair, the price drops by $10 with every five people until it reaches the lowest price available of $369.99.
If you are interested in the product but only want it if it reaches the maximum discount, you can commit to buy the product at the lowest price. IMAGE (Commit) To compare the requirements for purchase, we will look at some GMK QMX-Clip Sound Dampening Brackets (located at https://www.massdrop.com/buy/gmk-sound-dampening-brackets).
These brackets are used to dampen the sound coming from a mechanical keyboard and are much cheaper than the chair. In order for it to be cost effective for both Massdrop and GMK, more people need to purchase the clips in order to justify a group-buy discount. In this case, at least 50 people are needed to get a discount with 100 people needed to reach the maximum discount.
Now, before you rush onto the site and place a bunch of orders, there are a few issues to understand about Massdrop.
One major complaint is the amount of time that it takes to receive a package. For example, I ordered a wicked set of keycaps on September 30,2015 (https://www.massdrop.com/buy/danger-zone-sa-keycap-set). The keycaps (I know, they’re badass huh?) didn’t arrive until February 17, 2016. Four and a half months is almost unheard of to wait for a product to reach you, especially when Amazon Prime will ship me something in 2 days. One reason is that it was a custom set of keycaps that was made specifically for those who purchased it from Massdrop. The other reason is that your order doesn’t drop ship directly to your door. The manufacturer sends the entire order to Massdrop who then sorts the order and ships it to the customer. I have since purchased other products from Massdrop and both of those orders took about three weeks.
Another major complaint that I have seen, especially recently, is that for products that are not custom made (think knives, chairs, headphones, etc.) it is possible to find the exact same or very similar product for the same price (give or take $5-10) on a major online retailer like Amazon or eBay. In that case, is it worth a few dollars extra to have your product within a week, or are you ok waiting significantly longer to receive it from Massdrop?
Nevertheless, I have used and will continue to use Massdrop.com and watch for new drops that happen daily. If I feel that it is a good deal, I will do my research to make sure that I cannot find the same product for cheaper elsewhere, and if I can’t, I will buy from Massdrop. As a price-conscious consumer, it would be unwise to do differently. As a techie, how can I help myself?
[Daniel Clark is an up-and-coming IT and security consultant in Albuquerque, NM, USA. This is his first contribution to School for Hackers, with more articles on technology and related goodies to come.]
The choices of OS for Raspberry Pies haven’t been many, especially since the fading of the Pidora distribution. Raspbian has stayed the top choice, among some smaller players, as well as the Debian-based Kali ARM distro.
Kali is a great tool, but learning the basics of security testing with Kali is like going to the shooting range with a bazooka. If you’re not aware of the many (many) interactions, dependencies and moving parts, it can be dangerous.
The people at Fedora both produce an up-to-the-minute ARM kernel for Pi and other ARM computers, and they also sponsor “spins,” which are specially-configured versions of Fedora for a large number of uses – including security testing. You can find some basic information at https://labs.fedoraproject.org/de/security/.
We’ve taken the trouble out of setting up the boot scripts, installing Fedora 23, setting up the Security Lab, VNC Server so you can use VNC remote desktop access, the sshd so you can SSH in immediately, and much more. The 8GB Class 10 card has room for your files and is the highest speed category.