Thanks to Micah and all others who pointed out the MS-CHAPv2 vulnetability demonstrated at DEFCON 20. I can't believe I missed this. Check out the writeup at cloudcracker.com
Previously on the show we used Adito to setup an OpenVPN server. This time I'm using Untangle and my Open Source router software of choice.
The setup couldn't be easier so follow along as I demonstrate an OpenVPN server setup on Untangle from within a Virtual Machine
Remember, once you've setup the OpenVPN app in Untangle and created your first user you'll want to hit Apply changes in order to find the Distribute link. Click Distribute and then the "Other OS" link to get the files you'll need for an Android client. Save 'em to the default location (~/Desktop) and now you'll be ready to SCP 'em to your phone or PC.
In Untangle just minimize the admin panel and you'll find a Terminal link in the bottom right. You'll find the config.zip file in the Desktop directory. In my demo the Android phone is running an SSH server on port 4444 so the command is
scp -P 4444 config.zip user@:
After uncompressing the zip file on the root of my Android phones SD card I SSH to the device and move the config files into a single directory - this is what the Android OpenVPN Connect app will want.
ssh -p 4444 user@
cd sdcard/untangle-vpn
mv hak5* untangle-vpn/
Once everything is in the right place it's simply a matter of opening OpenVPN Connect and importing the credentials from SD card.
If this is useful to you I encourage you to check out untangle.com/hak5 - it warms my heart to be sponsored by a cool open source project that I've been using since '09 and they might be a perfect fit for you too. --Darren
Feedback
Charles writes: I was wondering what distro and bash colors Darren is using in Episode 1225? It looks awesome...
Geekalomaniac: I pass by a few capptive portals on my way to work. That can be really annoying because my cellphone allways connects to the strongest available wifi. Is there a way to configure android devices to connect to certain wifis only.
Hi hak5 crew, I love the show and it’s been a long time we missed DARREN online
Hi, was going from debian over gentoo to arch and i’m very happy with it. ^^
I switched from Ubuntu to Arch with LUKS over a year ago, and there’s been no other distro for me. Except maybe Knoppix & Backtrack. Seriously though, Arch is fricken awesome, and for someone like Darren, it’d be perfect.
I have created two Android encryption applications that I want hak5 to review. The first one is GV Secure (Google Voice Secure), this application uses Google Voice SMS features to send encrypted text messages. It also uses Dropbox Cloud to store and share your pictures and videos which can be encrypted before you store them in the Cloud for your added security. You can even share the Dropbox link encrypted via a GV Secure text message. Lastly GV Secure supports a Google Voice call back feature. One thing great about GV Secure is no messages are stored on the device and the user needs to login every time to use.
https://play.google.com/store/apps/details?id=com.cybernetxsystems.gvsecurelite
https://play.google.com/store/apps/details?id=com.cybernetxsystems.cloudsecurecameralite
The second application is called CloudSecureCamera. This application is a standalone secure cloud feature that was added in GV Secure stated above and is not dependent on GV Secure to send your text messages just use any message application would work.
These application can be used on any Android device (phone/tablet) running version 2.1 or higher.
To improve security and performance speed in GV Secure I will added a read and burn method. When you read a message it will automatically get deleted.
I have an old free edition of untangle. Does it fit for this job?