The Blog of Tom Webster

Chronic Ranter, Reviewer, and Developer. I speak only for myself, opinions are my own.

Social Engineering Talk

  2014-02-13 06:59:00 PST

Tonight I’ll be giving another talk at Ohio InfoSec Forum, this time about Social Engineering. I decided to choose a horror-movie theme for my deck (you know, hacking people…), and I think it turned out pretty well. Anyway, if you want to check it out, head over here. As always, my slides are a bit thin, so download the zip file and check out the speaker notes.

WebDev: Handling Large Files

  2014-01-26 11:00:00 PST

With the release of my post on Vagrant, I discovered a personal need I had to host and store large files, semi-professionally, without much hassle. After considering Dropbox, various file lockers, or uploading the file to my webserver, I decided to use Rackspace Cloud Files.

I’ve talked about Rackspace in the past, and am currently using their cloud servers to host this site (among others). The interface is clean, easy to use, and it’s reliable. I wanted to have downloads from my site coming from, it just looks better and provides a more cohesive user experience. I solved this problem very quickly by using a CNAME. It was really really easy. Check it out:

First, create a new public CDN container. Next, click on the gear and hit “View All Links…”. Copy the http or https link and take a look at it:

Head over to your domain host and go to your DNS settings. You’ll need to create a new CNAME record. I’ve named mine files.

Take the fully qualified domain from your link, minus the http:// and make that the target host of your new CNAME. Like this:

Host: files
Target Host:

You can now upload files and head to to access those huge files, without bogging down your web server.

Vagrant Box: Debian 7.3 32-bit

  2014-01-22 12:53:00 PST

Recently I’ve been tasked with the job of becoming a Ruby on Rails application developer. In the past few months, my skillset has gone from “complete noob” to “not-a-complete noob”. I’ll be making more Rails posts as time goes on, but I needed to share something I made today: A Vagrant Base box.

Yea, I get it, they’re everywhere. Honestly, though, I looked for a long time and couldn’t find a stupidly clean, Debian 32-bit machine made for VirtualBox 4.3.6 (with Chef-Solo). I decided to take the half-hour and make my own. The way the Vagrant docs read, they make the whole premise of creating an image out to be this insane time-consuming thing. It’s really not. As a matter of fact, it’s pretty easy (especially if you have Linux experience already). But this post isn’t going to walk you through how to create that, there are far better resources out there for creating Vagrant Base Boxes. Instead, I’m going to share mine that you can use for any and all of your projects. Here’s the details:

Vagrant Base Box: Clean Debian 32-bit
OS: Debian 7.3 x86
VirtualBox Additions: 4.3.6
Chef Client: 11.8.2
Preinstalled applications: Curl

I do most of my configuration through Chef, today. I’m not an expert by any means, and I do rely on custom scripts for some items. If you need something added, get a cookbook or script it. This is supposed to be lean, clean, and easy to stand up without getting in your way. If you have any ideas, throw them out in the comments.

Download Vagrant Base Box: Clean Debian 32-bit

URL for Vagrantfile:

Ship It with Netcat

  2013-12-31 10:24:00 PST

Ever needed to get a file across the internet, but securely, without SSH? I know, crazy to think about. What if all you’ve got is some spare TCP ports and a Windows box with the full version of Nmap installed on it? It’s a bit of a long shot, but I needed to do this the other day and didn’t want to use file locker to move my data. There are better ways to solve this problem, and it’s more of a parlor trick than anything else. In any case, it’s easy to set up and very cool.

We’re going to use a combination of nc (netcat), gpg, lzma, and tar to accomplish our goals. I’ll explain what each part of the command does along the way.

On the sending machine:

tar c myproject/ | lzma | gpg -a -c --cipher-algo AES256 --digest-algo SHA512 -o - | nc -w 1 1337

On the receiving machine:

nc -lp 1337 | gpg -v -o - | lzcat | tar x -C ~/

Feel free to change any of the variables to suite your particular need. File transfer can be done in better/more efficient ways, but if you’re in a bind, this can work in a pinch.

Cisco Wireless Access Point and the Google Chromecast Problems

  2013-12-30 12:01:00 PST

A while ago, I plunked down $35 to get Google’s second attempt at the living room stream box. After being extremely impressed with the price tag, I became extremely disappointed in the way it worked in my almost-corporate home network.

For the life of me, I couldn’t get the Chromecast and my devices to see each other. I’m using a home-built Astaro-at-Home (now Sophos UTM Home Edition) box coupled with a dumb gigabit switch and a nice Cisco wireless access point. Not really a typical home setup, compared with all the unsecured Linksys boxes running around, but not overly-complex either.

I tried everything I could, got frustrated, and gave up on the device for a couple weeks before tackling it again over a slow weekend. I found a couple fantastic pieces of information that pointed me in the right direction. I needed to add two statements to my AP configuration (yes, in text mode, there is no web option for this).

Adding these two statements over SSH solved all of my problems with the Chromecast:

no ip igmp snooping
no dot11 igmp snooping-helper

These two lines allow the Chromecast to talk to devices over the access point and complete the set up correctly. Not really the way I wanted it, especially since the Nexus Q was so much easier to set up, but it works now.

As far as the Chromecast goes, it’s a great device for $35. From a technical perspective, the Nexus Q was far cleaner to set up and run with, the Chromecast seems to crash and disconnect more than I would like it to, but for $35, I’m not going to complain.

Page: 11 of 32