For those of you living under a rock for the last 15+ years, you may not have heard of Bruce Schneier. He's a brilliantly opinionated cryptographer, privacy advocate, security researcher, businessman, author and inadvertent mentor to many. I don't agree with everything he says, but I like the buttons he pushes.
I love reading his blog because his coverage of the issues today are diverse and profound and very much carry forth the flavor of his convictions. Also, it seems Bruce really likes Squids...which makes this electronically-enabled Cepholopod-inspired security post regarding the theft of someone's wireless connection that much more funny.
Here's the gist: A guy finds that his neighbor is "stealing" his wireless Internet access. Rather than just secure it he "..."runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of it's local webserver." Talk about security by obscurity!
That's just f'in funny...so much so, I'm going to copy his idea, just like I did Bruce's blog entry! ;)
Actually the best part is the comment from one "Matthew Skala" who performs an autopsy on the clearly insecure and potentially dangerous implementation of the scripts and potential for "...interesting results." He's just sayin'...
I don't know all the details of how Squid interfaces to redirection scripts, but I see that that redirection script passes the URL to wget via a command line parameter without using "--" to terminate option processing. It first parses out what's supposed to be the URL using a regular expression, but not a very cautious one. I wonder if it might be possible to request a carefully-designed URL that would cause wget to misbehave by interpreting the URL as an option instead of a URL. I also see that it's recognizing images solely by filename, so I wonder if requesting a URL named like an image but that *wasn't* an image, could cause interesting results. Furthermore, it writes the images to disk before flipping them - and I don't even see any provision for clearing out the cache of flipped images - so requesting a lot of very large images, or images someone wouldn't want to be caught possessing, might be interesting.
Posted by: Matthew Skala at August 4, 2006 08:42 AM
Read the whole thing (with configs.) here.
Chris