𝒍𝒆𝒎𝒂𝒏𝒏

Hey! Please contact me at my primary Fedi account: @lemann@lemmy.dbzer0.com

https://lemmy.one/u/lemann@lemmy.dbzer0.com

  • 5 Posts
  • 506 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle





  • It kinda depends on the setup I think, especially when vlans and firewalls are involved, you’d likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

    As always physical access is pretty much game over though lol.

    My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a “bridge” between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

    Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth “bridge” entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

    With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you’d only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera’s dropped off the network, unless you dropped a payload to force it to return a good status lol

    Does sound like a very fun exercise though tbh






  • Dang, that thing is the bees knees!

    Would make more sense to replace just the batteries rather than the whole unit IMO. Looks like it takes standard 12v 7Ah sealed lead acid batteries, so should be doable for under $120 (if you buy them individually and use the existing battery harness)

    I have three other UPSes, but none of them are as good as yours lol:

    • APC SUA1500RM2U - was a great online rackmount unit, stopped using this a few years back because of its tendency to overcharge batteries without a charge controller ADC calibration mod. It wrecked my last battery pack bad 😭 plan to convert it to LiFePo4 and put it back into service 🤞
    • Zigor Ebro - cheap and cheerful line-interactive UPS for the modem, network switch and CCTV cameras. Switchover time is pretty much instantaneous, worth every cent paid and has kept my network up through many outages
    • Cyberpower UT650 - A temporary offline UPS to hold the server gear specifically until I get the APC back in service. Honestly not worth the cheap price, the switchover delay is long enough to shut off anything that’s not a server PSU with massive bulk capacitors

    Edit: fix bullet list formatting






  • Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

    There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

    I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

    What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!



  • With the fake parts scandal for airplanes I wonder if this should be mandatory for parts that impact public safety for public transport like trains, buses, planes and so on.

    Airplanes are vastly more complex though. Four engines, flying at extremely high altitudes at hundreds of km/h, fully airtight, powerful onboard generators, food prep areas, bathroom etc, extensive ethernet networking for the small IFE units and WiFi access points, list goes on…

    Whereas a train doesn’t have anything close to that, even the high speed ones with all the bells and whistles, so I think it would be a bit unreasonable to expect them to be held to the same standards as an airplane.

    The only train I’d suggest an exception for would be a maglev though - OEM parts only there please, especially for traction and em equipment 😳

    Dont get me wrong, I want a full right to repair enshrined in law and using a system like this just to prevent it is clearly wrong, but if it could be adapted to allow for critical parts to be made under license by third parties and helped prevent fake parts then may be a small amount of good can come from this shitty practice.

    Some independent validation of the manufacturing materials, their grade and assembly quality could work well here, since I’m not too sure if blindly trusting the parts manufacturers would be a great idea as long as they have profits in mind