Securing Your Network vs. “Wi-Fi Sense”

lockMicrosoft Windows 10 contains a new behavior called “Wi-Fi Sense“. If you connect to an 802.11 network encrypted using a pre-shared key, Wi-Fi Sense will offer to distribute that key to your Outlook contacts, Skype contacts and Facebook friends. While it is (nominally) opt-in for newly-added networks, this “sharing” is the default behavior for existing networks when migrating from earlier Windows versions to Windows 10.

As an administrator of an 802.11 network you likely would prefer that this “sharing” not happen with the credentials for your network. After the break, I’ll discuss why allowing “Wi-Fi Sense” is such a bad idea, and how you as a network administrator can mitigate the risks it presents.

boxLayout: A Simple jQuery Layout Plugin

I’m not a web designer by any stretch of the imagination, but sometimes I have to pretend to be one. In a (forthcoming) project, I was looking for a way to divide up the available space within a window amongst various div elements, in a (buzzword bingo!) “responsive design” way. I got frustrated with the complexity of various layout tools I tried, and rolled my own.

It’s ridiculously simple and (being written by someone with very little JavaScript and jQuery experience) may be buggy, but it’s just the thing for the task I was trying to accomplish. It’s yours for free after the break if you have a use for it.

We Stayed Dry (This Time)

This is rumor control. Here are the facts: Yes, this site runs WordPress. No, to the best of my ability to determine, we are not compromised by the “SoakSoak” malware that has been infecting lots of WordPress sites. (The link in the previous sentence leads to a description of the malware in question, not an example of it.) No, we don’t run the Slider Revolution plugin which apparently contains the exploitable vulnerability (“RevSlider“) used by SoakSoak. We have no plans to migrate mythopoeic.org from WordPress to something else, given that 1) the security issue is in a third-party plugin, not WordPress itself and 2) the WordPress team seem to generally act like adults with respect to infosec.

Spark Core Cloud Makefile

spark-icon-colorI recently acquired a Spark Core, and (after some minor hassle) got it connected to my network and walked through the examples. Neat product, though to some extent it suffers from problems of “trying to make it easier for the noobs, with a failure mode of making it harder for everybody” and “everybody wants to write features, nobody wants to write documentation”.

Past the jump, I’ll explain how to get around the 32-character wireless passphrase limit, and how to use cloud compilation but with a real Makefile, local copies of your source code and your favorite text editor.

Magnetometer VI: Working AVR Example

SONY DSCFinally, some progress on my AVR compass project. I’ve got a program that runs on the Adafruit Trinket and shows real compass headings, all in 3712 bytes. While it’s far from being a finished product, it’s a big step in the direction of one.

Below, I’ll give you the source code, talk about how recent compiler changes impact code size, tell you about a bug I fixed, and make a bunch of excuses for why this took so long.

MicroView: Lazy Fix

SONY DSCThe MicroView is a nifty little gadget with an ATmega328P microcontroller, an 64×48 OLED display driven by an SSD1306 controller, and an Arduino-compatible pinout. (The General Overview page at the Microview website has more useful information.)  It was produced as the result of a (very!) successful Kickstarter campaign.

Unfortunately, the nice folks at SparkFun had a teensy manufacturing complication. You can read their account of the details, but the TL;DR version is they shipped out something around 2000 MicroViews with no bootloader. It sounds like they’re making every effort to make things right, and shipping out a replacement to everyone with an affected unit. But in the meantime, they’ve got some instructions up if you want to try fixing the problem yourself. (Worst case, you won’t make it any more broken; Best case, you end up with two working MicroViews for the price of one.)

I got one of the “bad” MicroViews, and was able to revive it using the instructions. But I think I came up with an easier way to do one of the more difficult steps: connecting three wires to tiny vias inside the case. The punchline: use sewing needles (see picture above; click for larger version). Read on for more details.

Retina Scan

Right-20140625@155858Left-20140625@155918More medical imaging. I present for your consideration the insides of my eyeballs. (Click thumbnails to view original full-size images.) The images shown were taken on Jun 25, 2014 using an Optomap wide-field retina scanner, probably the 200Dx model.

So now I have plausible deniability for anything that I’m alleged to have done on a system using retina scans for biometric authentication…