First December Post

You can almost track my work based on how much posting happens - more posts equals easier work, fewer posts - hard work. In this case it's very much hard work; as I observed to my mother yesterday it's the hardest projects that expose the gaps in your knowledge, caused by gaps in your knowledge. In this case I'm testing from inside a VM, itself inside a VM, to accomodate a client's two-factor RSA-token based authentication, and all the attacks that rely on having an actual IP while sitting physically plugged in to the client's network can't be done, including any that call back to a SimpleHTTPServer you spin up with python, or anything for MITM-ing traffic.

I'm using the installable version of Burp for the first time in Windows, and it's really a pleasure to use. It's stable and doesn't require allocating extra ram via JRE in the Command Line Interface. It now has 13000 requests stored in the Proxy History, which previously would have required a restart by now, and all those requests take up only 70 MB of the "Save State" file.

Here are some questions I've had about VAPT as a result of recent work:

What's really the goal for a pentest? e.g. I'm great at vulnerability testing, but pivoting, and knowing what's permitted, and not disclosing my hand too early when the client asks for a daily update and I'm the talkative type, that's something to work on. Like, is the difference finding misconfigurations, then tying them together to get higher? Then explaining that to the client? How does tying stuff together help the client, other than emphasizing the need to  patch or configure things properly?

Backing up Pi using Synology and rsync (works for DSM 6)

I followed this guide, but made some changes. For starters, DSM had been updated after the guide was written, so the following link needs to be used to change the root password.

https://superuser.com/questions/1056922/synology-ssh-root-password-does-not-work

Before configuring each Pi for which a backup is desired, make the following temporary change:

sudo nano /etc/ssh/sshd_config
PermitRootLogin yes
sudo /etc/init.d/ssh restart

then change back to "PermitRootLogin without-password" once finished with setup and restart the SSH service.

Additionally, make sure to switch to root on the Pi using sudo -i and create a ".ssh" directory with mkdir .ssh.

Also, use the following "backup_target.sh" because the path to rsync has changed from the original, and because this provides a better log format (imho).

 SERVER=$1  
 ADDRESS=$2  
 NOW=`date +"%Y-%m-%d"`  
 LOGFILE="$SERVER-$NOW-log.txt"  
 ping $ADDRESS -c 10 >> /volume1/backups/logs/$LOGFILE  
 /usr/bin/rsync -av --delete --exclude-from=/volume1/backups/_scripts/rsync-exclude.txt -e "ssh -p 22" root@$ADDRESS:/ /volume1/backups/$SERVER/ >> /volume1/backups/logs/$LOGFILE 2>&1  

Todo: https://unix.stackexchange.com/questions/14191/scp-without-replacing-existing-files-in-the-destination

Update (For the life of me, can't get this to work): http://blog.tafkas.net/2015/01/15/monitoring-a-synology-diskstation-with-munin/

Projects so far - 1

Set up and configure conky for immediate inclusion in all future Kali installs (!!), like this

Well that's done:

 
Obtain links to (cough cough) videos on a website, write a bash script to download everything.








Done. Let BurpSuite run for a bit, and saved all the links I wanted. The bash script reads the txt file with the links and feeds them to hls-fetch one by one. One-off of course, so probably I'll break it up.
 
Convert TS files into an MP4 after all.

 Not yet, will do eventually.

Learn enough PHP to make a web app to avoid having to login to the Plex Server Pi everytime I want to download something new

Turns out this is rather difficult. See my previous post about alltube.

Sanitize old pentesting reports - in progress

Finally finish my wireless sharing Pi Zero project (the existing Pi zero didn't like getting jostled across the US of A and died)

After struggling with getting USB wifi dongles such as the RT5370 and Edimax to work, I'm temporarily abandoning this project on the Pi Zero. The first zero wasn't actually dead, just the SD card had stopped working. So there goes the original form factor idea, which was to get it to fit inside a wallet. Tried instructions meant for a Pi 3 on a Pi 2 Model B v1.1 and had to redo the sd card. 

Installing alltube on a Raspberry Pi 3

1. Assuming you already have apache2, otherwise:

 sudo apt-get install apache2  

(and whatever else is needed for apache2 or custom /etc/apache2/apache2.conf or sites-enabled/000-default.conf)

2. Obtain the package on this page and unzip into /var/www/html folder: https://github.com/Rudloff/alltube

3:

 sudo apt-get install libapache-mod-jk-doc libapache-mime4j-java php5-curl rtmpdump  

 sudo apt-get install php5 php5-intl libapache2-mod-php5  

 sudo rm /var/www/html/index.html  

 sudo mkdir /var/www/html/config/  

 sudo nano /var/www/html/config/config.yml  

 # Path to your youtube-dl binary  
 #youtubedl: vendor/rg3/youtube-dl/youtube_dl/__main__.py  
 youtubedl: /usr/local/bin/youtube-dl  
 # Path to your python binary  
 python: /usr/bin/python  
 # An array of parameters to pass to youtube-dl  
 params:  
   - --no-playlist  
   - --no-warnings  
   - --playlist-end  
   - 1  
 # True to enable audio conversion  
 convert: true  
 # Path to your avconv or ffmpeg binary  
 # I commented out the included avconv as it is already installed for use with Plex on the same device  
 # avconv: vendor/bin/ffmpeg  
 avconv: /usr/bin/avconv  
 # Path to your rtmpdump binary  
 rtmpdump: vendor/bin/rtmpdump  
 # True to disable URL rewriting  
 uglyUrls: true  
 # True to stream videos through server  
 stream: false  

This worked, but the download speed of the completed file is oddly much slower than the intranet network speeds 10 MB/s vs 90 kb/s. So for now I've settled on https://github.com/MrS0m30n3/youtube-dl-gui, (edit) which has all sorts of options and also works with playlists, and download the music to a connected NAS folder for later transfer to the Plex server on the Pi. Probably will set up a script on the NAS to periodically check the folder for files and move them over directly.

Second update: The bookmarklet idea here, preserved below, is cute and I'll be sure to try it out someday:
 "

My quick and dirty equivalent:

Saved as ytdl.php, with the youtube-dl binary in the same directory.
I then put the following bookmarklet on my browser toolbar:
javascript:location.href='https://myserver/ytdl.php?v='+document.location.href;
Which works like a charm.

"

 

Brain dump time - Planned projects

Lest I forget my project plans, here is a current list on my mind:

0. Set up and configure conky for immediate inclusion in all future Kali installs (!!), like this
1. Rsync to backup all raspberry pis daily to NAS
2. Obtain links to (cough cough) videos on a website, write a bash script to download everything.
2a. Convert TS files into an MP4 after all.
3. Learn enough PHP to make a web app to avoid having to login to the Plex Server Pi everytime I want to download something new
4. Sanitize old pentesting reports
5. Work reports
6. Read 2017 Verizon DBIR report
7. Read Wi-foo book
8. Clean-up Munin install
9. Update base images of VMs
10. Finally finish my wireless sharing Pi Zero project (the existing Pi zero didn't like getting jostled across the US of A and died)
11.  Plunge into the Edgerouter X, break everything, and cry miserably when it doesn't work (e.g. move fast and break things)
12. Learn how to use Graylog and extract cool data from nzyme.
13. Read this ICS/SCADA primer again and actually look into some of the protocols.
14. Keep listening to Professor Messer Network+ videos (in mp3 format) while working out at the gym

And finally, setting up a VM environment for the lab discussed here:

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20workshops/DEFCON-25-Workshop-Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks.pdf

And also considering implementing EAP-PEAP on my home network for practice with this lab. 

Playing with hls-fetch - part deux?

The site that I'm using hls-fetch for has teaser videos for non-members and full videos for members. The naming structure is quite similar with the exception of a little something extra on the tail end of the URL. Since I can't predict what the full URL will be, a different route is to spider the listing of videos using BurpSuite spider, then right click to copy all the URLs in the discovered pages, and take out the m3u8 files and the subtitle files for later extraction.

Next, I'll write a quick bash script to read files line by line and download everything, via a handy Raspberry Pi Plex server, to a NAS. Currently If it detects an existing TS file, hls-fetch will helpfully skip it.

I also found that VLC recognizes TS files without needing to convert them to MP4.

Note: Lest anyone get any funny ideas, the site is for streaming music videos. I'm intentionally vague to avoid letting the word out.

P.S. On a different note, check out the ultimate wardriving (warwalking?) rig:

https://blog.adafruit.com/2017/08/02/wificactus-when-you-need-to-know-about-hackers-wearablewednesday/

 

Reporting (again)

There's something about writing reports that stimulates the creative thoughts. Wracking your brains for a better way to word a finding really gets the mind to think about anything else. Fortunately, Thanksgiving is coming up - a great opportunity to do some small side projects and finish up the dratted CPE training that is required at KPMG, of which I have about 10 hours left. Investing 101, here I come!

Regardless, some other posts about fun stuff are bound to come by during these days.

First November post

Wow, not a single post in November yet? I'll admit to finding it difficult to muster up energy for my usual escapades. The trip to Europe was great, but mostly it made me want to quit and go travel Europe for a few months. Imagine, I've had a sweet Synology NAS since early October and still haven't set up rsync to backup my raspberry pi systems on a regular basis.

My CISSP training was cancelled due to conflicts, but at least I have the CISSP book.

Quick post from NM

Well here I am in Roswell NM, looking at the vast flat expanse of a town at 3571 foot elevation, on what used to be a military air base and is therefore really really big. Dry, pleasant weather (but cold in the evenings.)

Parsing Grepable nmap formats

I was recently tasked with finding a way to output all the IPs and associated open ports found during an engagement. My primary data source was from nmap, so that's what I used.

Here's my method (doubtless to be improved). The tips I got from scripts and files somewhere:

1. cat .gnmap | awk '{printf "%s\t", $2;
      for (i=4;i<=NF;i++) {
        split($i,a,"/");
        if (a[2]=="open") printf ",%s",a[1];}
      print ""}' | sed -e 's/,//' | sed -e 's/\t/ /' > parsed.txt

2. In Excel, either open the parsed.txt file, or in a new sheet, click the "Data" tab, and click "From Text" to open the Text Import Wizard.

3. Choose "Delimited", and click "Next".

4. In the Delimiters section, only "Space" should be checked. Click "Next".

5. Select each Column and click the "Text" radio button. It should look as below.

6. Finish Importing. If using the Text Import Wizard, click OK.

Getting GPS dongle (BU-353S4) working on Raspberry Pi

I followed this guide:

http://blog.boberglund.com/Build_GPSD_from_sources.txt

found on this forum topic: https://www.raspberrypi.org/forums/viewtopic.php?t=138711

but ultimately found something on https://www.raspberrypi.org/forums/viewtopic.php?t=128045

To run gpsd as daemon:
cat /etc/default/gpsd
START_DAEMON="true"
GPSD_OPTIONS=""
DEVICES="/dev/ttyUSB0"
USBAUTO="false"
GPSD_SOCKET="/var/run/gpsd.sock" this I did not follow, choosing instead to include that when running


 

Building a Raspberry Pi Hacking Box

This has been on my mind for some time now, on and off. The emphasis is almost exclusively on having a lightweight wireless reconnaissance and hacking device, instead of carrying out a laptop with a 2-hour battery life during wireless testing.

The current setup is as follows:

Raspberry Pi 3 Model B (onboard wifi) + heatsinks for CPU and LAN

LiFePO4wered long-life battery backup/UPS: Expensive but worth it. Now the Pi can be moved between locations and plugs without needing to be turned off. It also has a touch-sensitive power button. (Minor downside is that the UPS itself is always in very low power mode.) Actual power will be provided by an external battery pack during engagements, and with the UPS backup it is assured that power loss caused by accidentally removing the battery pack connection doesn't cause wireless data to be lost.

Raspbian: The Kali Linux image for Pi3 has proved to be quite frustrating, as it does not allocate all the space on a 16 GB SD card to itself, instead requiring manual resizing which always fails due to either read-only issues or a fake bad superblock. I tried several times without success, which is unfortunate as having the base Kali install plus the Kali wireless metapackage would be much easier to build.
I also tried to add the Kali repo but ran into issues using the latest version of Raspbian (Stretch) and java dependencies.

Instead I installed Raspbian Jessie and followed the following steps:

1. Sudo raspi-config.
2. Sudo apt-get update && sudo apt-get upgrade && sudo apt-get install git screen htop && sudo apt-get install nmap
3. Rather than connecting the pi via a cable to a travel router, or connecting the Pi to a wireless travel router AP and connecting a phone to that same AP, you can make the Pi its own AP with hostapd using this guide: http://www.ericescobar.com/wordpress/raspberry-pi-3-wireless-hacking-platform-wifipi/ and connect to the AP with a phone and SSH connection. Update 10-11-17: The end result was flaky, so I tried https://gist.github.com/Lewiscowles1986/fecd4de0b45b2029c390 which worked perfect on a clean install of Raspbian Jessie.
4. sudo apt-get install kismet iw wireshark tshark tcpdump masscan wifite
5. Install giskismet (which failed, but here are the steps):

1. cpan configuration
2. sudo reboot
3. cpan install YAML
4. cpan install DBI (like to do the packages separately)
5. cpan install DBD::SQLite
6. sudo apt-get install libxml++2.6-2
    

6. Install Fruitywifi, then access it on the phone and install some modules, such as GPSD to work with kismet.
7. Install hax0rpi collection of hacking tools.

Update 10-10-17: This guide from BlackHillsInfosec had the flag that helps Kali take up all the space (in red):

xz -cd kali-2017.01-rpi2.img.xz | dd of=/dev/mmcblk0 bs=4M iflag=fullblock oflag=direct status=progress

Once that was done, it was possible to successfully use gparted to resize the partition, without losing any data from the fresh install.

Raspberry Pi cases

My favorite raspberry pi case so far was this one, with pretty colors. With a heatsink on the CPU, the temperature averaged around 56 degrees C. Other cases I've used include this one without the top for air ventilation, and this one for Pi Zero, which is simple and utilitarian.

Recently I decided to try to clean up the mess of Raspberry Pis by the router, and got a "cluster-type" case to put them all together. Assembly was trickly, but the end result looks clean. The only issue is the temperatures, which are roughly 10-15 degrees C warmer inside the cluster than outside, where the devices were exposed to ambient room temperatures and air currents. Although the case did come with extra heatsinks for LAN and CPU, some devices did not receive the new addition (for space reasons), and so they heat up. Average around 60 C, warmer for items nested deeper in the case. With temperatures going even higher when I leave for travel and raise the A/C setting, it behoves me to get something that could permit more air-flow, and thus it was. The next case will be a stackable dog-bone style set.

Busy busy bee

How interesting that I'm more likely to post when super busy with a task that has a pending deadline. Anyway, just wanted to share a neat tool for combing segments of HTTP streaming files into one. Last night I decided to see if the content of a certain music video streaming site could be downloaded offline. The website can be clunky, and streaming over the internet is sometimes less preferable to watching offline and reducing system load (ish).

First, some basics. (This won't be an exhaustive list, just what I've encountered in the past.)

When you stream media, it will come to your browser via several methods.

One method is to simply provide a whole big file, and let the browser handle how to play it. Firefox has a built-in media player, and HTML5 has built-in tags, so why not have the user click on a link that hides an MP4 file and let the browser play it how it wishes.

An alternative method is to build your own serving capability and web application around serving media, such as Soundcloud, which appends all sorts of authentication and one-time-use tokens to actually get to a file, rather than just having a list of files.A corollary to this one is to encrypt the music and decrypt on-the-fly, such as with RTSP, which adds some level of restrictions against bypass, but can still be scripted away.

A third method, possibly more in use for large video files, is to "break the overall stream into a sequence of small HTTP-based file downloads, each download loading one short chunk of an overall potentially unbounded transport stream." (Wikipedia, HTTP Live Streaming) This works well for live video, such as on Youtube, Facebook Live, Snapchat, etc, where there is no defined end and therefore no file size to start with. It's also easier on the user, which only needs to load content chunk by chunk, and can be used in situations where the user's network might be unreliable.

Before the stream beings, an m3u8 playlist file is downloaded by the browser, with all the pieces listed. The segments have an extension of .ts, and if you look at just one, it'll be a few seconds or so of the overall piece.

Now, on to the process. If you open an intercepting proxy such as BurpSuite or Zap, load a webpage with streaming media on the associated browser, and watch the traffic, you'll see a series of requests being made. First the HTTP page where the media, for example's sake a piece of music, sits. Next will be some script and content style files which could have some use, but most likely not. Then a request will be made for something like "file_128kpbs.mp3", and a big file will show up, which is the entire mp3 itself. If we're loading a streaming movie, you'll see a request made for an m3u8 file with a response containing all 507 pieces.

There is a tool on Github called HLS-fetch, which can be given either the page with the content or the m3u8 link itself to download all the files and stitch them into a TS file. Plex can play that right off the bat, no transcoding.

Back from Europe - Update

A fitful sleep (like switching to night shift), and I'm back from Europe. Wish so much that photos could be posted of the trip in linear format just as they were in WhatsApp, but that is quite some hassle. For now I simply assure you it was like no other.

Update - While unpacking I thought it worthwhile to document what was most and least useful. Prior to packing I'd read many posts from reddit.com/r/solotravel, on vital things to do, to take, to prepare, and purchased many items that would not otherwise have come up.

More Useful:

Merino fleece - Best recommendation ever. Light but warm, machine-wash warm, dries quickly when sweating. They were worth the higher price, when purchased in-store from REI. (Relevant thread.) However, on my laundry cycle it was necessary to purchase an additional long-sleeve shirt in Prague.

Bandana - Sneeze? No napkins? You got this.
Bottle opener
Light sweater - It proved to be much colder than I'd expected, and a thicker sweater was purchased in Prague.
Sewing Kit - Wasted too much time walking around Prague looking for this when the single light sweater developed a rip along the shoulder seam. Found one in a cute store called Little Copenhagen in the tourist area of Prague.
Sleep mask for travel
More t-shirts for sleeping - Purchased in Prague, as I'd forgotten about sweating during sleep.
Day Pack -  The one in the link worked, but was a bit too light. It tended to cause more sweating on my back, and in the future a more solid backpack is the way to go.
Large Ziplock bags - Stinky laundry.

 Less Useful:

Umbrella - Better to just have a good rainjacket and a cover for the Osprey Backpack.
Siddur - Everything is available online.

Europe here I come!

Last weekend before my trip to Europe. Here's the planned itinerary. I've packed, mostly, but still trying to figure out how much clothing to take and how to pack it properly into a 46L bag, which is all I'm taking as opposed to 70 pounds of luggage that went with me to Paris, and 75+ that came back. Also still planning what to do in each city, but I have a good idea and should have no trouble finding what to do.

Here goes nothing!

Busy recent weeks

I've been traveling for five consecutive weeks now, which is the longest stretch so far during my time at this current job. As such it leaves little time for other projects, but I promise to post a guide to setting up GoPhish on Windows Server 2012 sometime next week.

As a substitute, here's a short blurb about SQL Injection.

In my time doing manual verification of scanner results, I found 1 certain SQL injection vulnerability and maybe 2 potential others. When doing manual web application assessments I found none (the cool stuff had already been picked out by previous testing).

I wonder if hitherto unchecked internal environments are more likely to have SQL injection vulnerabilities. As an example, let's look at this site:

example.com/dir/default.asp?page=profile&action=lookup&option=Name&StrSearch=

We're looking up user profiles, testing each parameter for generic XSS and SQL with something like <>"'%^&*()[] or some other banging of the keyboard. And what do we see when we put a single tick in the StrSearch parameter?

Let's pull out SQLMap and direct it at the StrSearch parameter, making sure to include the right cookies. Voila, it works!



A shell and all the database content our heart desires.

A second example. This one came courtesy of Nessus which flagged it as a potential Blind SQL injection, using a time-based injection. I wouldn't have found it otherwise, as this was a pentest where the only IP information given was a list of IPs to exclude. The rest was up to me to find. I found 2100 live hosts, and was told there are about 2500 total. Just the 2100 was enough for me.

Here's the query string (some parameters removed):

example.com/index.asp?tbUserName=&tbPassword=&search=&a=verify&t=66

The potentially vulnerable parameter was "t". After verifying that the time-based injection worked (ala ;WAITFOR DELAY '0:0:5'--) by sending various commands that request for a response after a certain number of seconds, I fed it to SQLmap.

Payload: 66 UNION ALL SELECT NULL,CHAR(113) etc etc

And oh hey, look, all the database tables of this company. Users, passwords in clear text (from some tables), PII (which I didn't dare touch), all your greedy little heart desires. The passwords looked like they came from a time before minimum password restrictions, because "1v10" isn't terribly secure.

So in conclusion: SQL injection is super rare but when you find it you get the keys to the kingdom.

Connecting to Raspberry Pi on the go

A side project I'm working on, using a Raspberry Pi Zero W, is small enough to carry around. For this, I needed a way to SSH into the raspberry pi zero locally, since the project involves the use of the wireless chip on the Zero Pi W. The folks on reddit.com/r/raspberry_pi suggested a bunch of options, and I followed the top one: Raspberry Pi Zero OTG mode, option 1.

I installed Bonjour for Windows, and then followed this guide to install the right driver for the new ethernet device.

Now, to get an external wireless adapter to work.

Great Wireless Hacking Course from Defcon

Defcon is over and the PDFs are out, available here.

Since I'm sitting here in beautiful, cool Pittsburgh, waiting for credentials from the client so I can test what they need me to test, instead it's time to read through the presentations. One fantastic guide is on Wireless Hacking of Enterprise Networks, including targeting wireless networks and escalating through Evil Twin attacks, like downgrading SSL connections with man-in-the-middle attacks.

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks-Course-Guide.pdf

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks-Lab-Setup-Guide.pdf

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks.pdf

Switch upgrade

Recently I upgraded the switch on which my Tor relay sits from an FS108 (unmanaged switch) to a Ubiquiti US-8 (managed), and the traffic throughput of the relay approximately doubled, recently hitting an all-time high of 3.15 MBit/s average speed, with 32 GB transferred total in a single 24-hour period. I'm still trying to figure out how having a managed switch worked this magic. Granted, I also increased the max bandwidth rates permitted, but the change in traffic was noticeable before that increase.

Replaced switch on July 09, 2017

Update: A colleague suggested QoS as the most likely improvement in a managed switch.

Russia

Great country, but its politics and government? Horrible.

https://www.theatlantic.com/politics/archive/2017/07/bill-browders-testimony-to-the-senate-judiciary-committee/534864/

Check out my Guest Post on the Internet of Things

Check out a guest post I wrote last week on IoT. After being sent an inaccurate image of "IoT Attacks: Top 10 Things you need to know" I got riled up and wrote a more accurate summary.

http://elephantscale.com/2017/07/iot-top-10-things-need-know-non-fluff-version/

Note: To make it snappy I avoided being pedantic. While routers with smartphone apps for remote access could fall into the IoT or "smart" category, there is a difference between the former and routers that have issues with their firmware or the web management interfaces (for internal use). The original graphic gets mixed up between the two.

Groceries of Interest - Wilmington, DE

While enjoying the flow of oxygen during exercise, a delusional thought arose, that perhaps it is worth writing about the supermarkets and groceries I seek out when traveling. Each is a reflection of the area, and each has something to distinguish them. For me it's something fun to do in new destinations, and I am always on the search for kosher products and interesting foods. It is something else to write about, even if it is spoken from the perspective of a white, Jewish, privileged male ("dazed choir boy" comes to mind, thanks to Terry Pratchett).

The last several weeks have seen me visiting Wilmington, Delaware, a town with a business center in downtown filled with people who all commute from the suburbs, some even from Philadelphia. The downtown core is also surrounded by some of the most dangerous neighborhoods in the United States. In this way it is reminiscent of Detroit, although not in the same bereft, rundown manner. Half the downtown area is still very much urban core, while the other half is financial and covered in sleek glass buildings. It was here that I encountered a grocery that redefined my expectations of such markets, forcing me to read the definition of a grocery on Wikipedia. Turns out, "supermarket" and "grocery" are not the same. One is like a dry-goods store, the other usually has fresh produce. In need of something to eat for a weekend stay, caused by a visit to a local refinery for work that stretched too late for a flight back in time, I went to a market somewhere on 2nd street in Downtown. While the couple behind the counter did sell sandwiches and other foods, there was no produce at all, just canned foods, chips, diapers, and cleaning equipment, and milk in the refrigerators. No yogurts either.

Now perhaps this is what supermarkets look like in food deserts, but privileged me hadn't ever seen this sort of thing. Fortunately, canned spinach and asparagus is just fine.

There was an actual grocery store at the outskirts of downtown, dingy and dark. In the evening, bins of potatoes and wilted cabbage are covered with burlap, while a row of artificially flavored sodas sits nearby. Apples are not to be found. Aside from some sparkling cider, the grape juice to be had is full of corn syrup and lots of artificial purple coloring. A bit depressing.

Check out my Guest Post on the Internet of Things

Check out a guest post I wrote last week on IoT. After being sent an inaccurate image of "IoT Attacks: Top 10 Things you need to know" I got riled up and wrote a more accurate summary.

http://elephantscale.com/2017/07/iot-top-10-things-need-know-non-fluff-version/

Note: To make it snappy I avoided being pedantic. While routers with smartphone apps for remote access could fall into the IoT or "smart" category, there is a difference between the former and routers that have issues with their firmware or the web management interfaces (for internal use). The original graphic gets mixed up between the two.

Update due to link rot: https://web.archive.org/web/20171028125822/http://elephantscale.com/2017/07/iot-top-10-things-need-know-non-fluff-version/