If this were a live FonBar, you would log in to the hotspot through the form above.
 

Heads up if you use Broadcom wifi drivers! Critical exploit discovered!

November 13, 2006

“Critical Broadcom Windows driver exploit released!

Posted by George Ou @ 2:42 pm

The MoKB (Month of Kernel Bugs) project has released a Metasploit 3.0 kernel-level driver exploit for Broadcom based Wireless LAN devices for Windows 2000 and XP. The flaw was discovered by researcher “Johnny Cache” and had been privately disclosed to Broadcom so that they could prepare a fix before the details of the research and proof-of-concept was released in to the public.

According to Johnny Cache, this particular exploit is extremely reliable and results in “100% ownage” which means your computer belongs to the hacker if it’s attacked using this exploit.”

read the full article at:

http://blogs.zdnet.com/Ou/?p=365


The Missing Week – Unexplained downtime for Boards.fon.com 11/7-11/14

November 9, 2006

(This post is being published post-event and summarizes several original posts which may still be viewed at the original blog site).

Without advance warning, Fon’s English-language discussion board “boards.fon.com” was taken down from 11/7 through 11/14. In it’s place was a banner stating that it is undergoing maintenance. This began just after the Nov 6 announcement of Fon buying Gspace in Fon’s own English blog. At least 250 visits ocurr to my blog that week alone; perhaps as people searched for explanations. Fon’s French and Spanish boards are up and running, though they appear to all be hosted on the same server. A brief search in these remaining boards on 11/9 does not reveal any obvious signs of discussion about the English board’s demise.

When the boards come back up, there was no announcement or apology from fon regarding this signifgant event. I wait through most of the day, then post a new thread titled “Why was boards.fon.com down from 11/7 to 11/14?”. Other people join me in expressing their interest in an explanation. All we got from the moderator was two separate, terse statements: “down for maintenance” and “thank you for your comments”.

Minutes after making my last post to that thread on 11/15, which was in reply to the moderator’s resistance in providing answers, my IP address appears to become banned. I confirmed that ANY connection from my IP address to the boards server is redirected. This includes foneros using my hotspot!

Being unable to find the moderator’s email address in Google (it is visible now), I make a combination attempt to contact help/make a protest by replacing my avatar and other graphics with a thumbnail containing a text message, and post about the events in my (original) blog.

By way of comments in the blog, I learn that the board moderator, “moderfon”, maintains that I was not actually banned, but that I must have somehow been put in the board’s new automated spam filter.

“If you send your IP, I’ll tray to find it in the banned ip” … “by the way, he change his avatar, I dont link words “banned”, because isnt true. and NOW his account is blocked. when AUSTINTX send me email telling that “he was wrong about it” I’ll enable his account in the FON BOARDS.” -moderfon

OK, so here’s the situation: the moderator say’s he’ll unblock and UNBAN me if I send him an email saying that “I admit to being wrong” about being banned. But he just *said* that I really was blocked now! Anyway, i’m just echoing the term used by the actual banner i’m reading!

The moderator and I have also had wildly different interpretations of reality in the past. I’m less interested in winning an argument with him than I am in rejoining the community, so I make the following, apparently favorable statement in my (original) blog:

Moderfon, I have no proof that I was manually added to the “spam filter”. Therefore, I was premature in declaring that I was banned.

 

1) I acknowlege that I was wrong about it.

2) I clicked on the link you gave me so you may locate my current IP address. -AustinTX

ADDITION: I am now able to login to the boards again, so i’m restoring my diagrams and photos. Thank you all for watching. Tune in next week when we run on hot coals, bang our heads into walls and tug on Superman’s cape while he pisses into the wind.

ADDITION: The thread I created had several more posts added, and then could no longer be found in the board. It has reappeared after being moved to: https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?t=2370

I continue to maintain my own HTML-save of the thread which I made just after my own final post to it:
http://fon.fondoo.net/h/moderbanned.htm

I’d like to give my particular thanks to those Foneros who, ultimately successfully, argued against inappropriate banning and censorship in the board during my brief absence.


Fon buys Gspace internet storage provider and announces new “Liberator” router.

November 6, 2006

Gspace is the creator of a Firefox plugin that allows you to use the unused portion of your 2 Gigabyte Gmail account’s storage space as a folder for holding personal files, and  additionally, you can access these files anywhere you have an internet connection. This is similar in concept to an FTP service or Yahoo’s Briefcase.

Also on Nov 6, Engadget writes that fon has announced the Liberator version of El Cheapo (La Fonera), which adds a USB connector which allows the use of a flash drive. FON announces Liberator, adds NAS

I’m a little confused about the implication that Liberator will benefeit from the Gspace acquisition. If I have a flash drive, why do I need Gspace? If I have access to Gspace storage on the internet, why do I need a flash drive? [EDIT: If I have DD-WRT with Samba support (and I do), why do I need Gspace or a flash drive?] Is the best place to attach a removable mass-storage device going to be on the tiny Fonera router which I will likely want to have mounted high up or outside?

It is unfortunate that the English-language boards has suffered this sudden, extended blackout just when fon is making such important announcements. This may serve to have a dampening effect on open discussion of Liberator’s practicality and Gspace’s usefulness. That would not benefeit fon, would it?

ADDITION: Visit fontastic.org for their contribution to the Liberator/Gspace story:

http://www.fontastic.org/wifiproducts/fon-aquires-gspace-liberator-announced/


SLASHDOTTED! Hacking the Free “La Fonera” Wireless Router

November 5, 2006

Oh no! Could this be the counter-revolution we have feared?

Despite efforts to keep La Fonera (which we affectionately call “El Cheapo”) secured against firmware reflashing, it appears that it can be done without opening it up or building special hardware!

Visit these links to evaluate the grim evidence:

http://hardware.slashdot.org/hardware/06/11/05/1919220.shtml
http://fonblog.wordpress.com/2006/11/05/a-ssh-access-to-la-fonera-without-phisical-hack/
http://stefans.datenbruch.de/lafonera/
http://www.pobletewireless.es.mw/

ADDITION: Nov 6: Martin Varsavsky, in his Spanish version of his blog only, acknowledges the script weakness and states that it has been patched:

http://spanish.martinvarsavsky.net/fon/hackers-bugs-y-fon.html

ADDITION: Nov 8: Dema writes that there are reports that script weakness appears to have stopped working:

http://fonblog.wordpress.com/2006/11/08/fon-patched-the-injection-code-vulnerability/


Martin V on evolution of fon router and future router designs

October 24, 2006

In his english-language blog, Martin Versavsky takes us on a walk down memory lane and shows us pictures of the (R)evolution of fon routers: http://english.martinvarsavsky.net/fon/fon-router-design.html


“router final.JPG” ……………Uh, WTF is this? It scares me!

FINAL-final production model here.

This last model will be distributed for free to homeless Germans and Austrians who lurk about in dark subways so they can make an honest income providing wifi and reading light.

Ross: [Wed Oct 25, 2006 11:43]: I actually own a leg lamp (really) and now that you mention it it would be funny to shove a router in it!

inquisitor: [Wed Oct 25, 2006 12:10]: Shame on you, Ross! This trumpery attracts the devil! Burn it immediately! These are my proposals for a new router housing:

AustinTX: [Wed Oct 25, 2006 15:00]: But inquisitor, your submissions are not ORANGE! :lol:

Ross: [Wed Oct 25, 2006 20:43]: I’m going to call my leg lamp router “Ooo la la fonera”


No good deed goes unpunished

October 12, 2006

This is a long, but fun post about how the wicked get away with anything, and no good deed goes unpunished. This contains a series of saved bulletin board posts as well as emails laid out in chronological order to tell the story that went on behind the scenes.


Chapter One:

Mike Puchol blogs about his experience using the POI (hotspot coordinates in offline .csv) export feature on the relaunched maps.fon.com resource to confirm fon’s official statistics:

http://tech.am/2006/09/25/the-real-fon-statistics-lies-manipulation-or-fantasy/


Chapter Two:

The creature known on boards.fon.com as “mosbach” starts a whole new thread complaining about how Mike Puchol posted as “mother” on boards.fon.com without revealing his real-life identity. The thread started by “mosbach” was eventually deleted by “moderfon” of boards.fon.com. It was allowed to remain up longer than *anything* else!

http://fon.fondoo.net/~fone/h/motherouted.htm (this page looks like a link to boards.fon.com, but is actually just an html-save.)


Chapter Three:

This “mosbach” uses his own fon-themed fonblog.de to suggest death threats to Mike Puchol. Here are two blogger’s responses to that:

http://tech.am/2006/10/11/my-first-death-threat-by-mosbach-the-chief-fon-forum-troll/
http://fonblog.wordpress.com/2006/10/12/kill-mother/


Chapter Four:

I run with this information, and create a new thread in boards.fon.com entitled “mosbach is outed” as a parody. I don’t narrate the post, or slander “mosbach” in any way. I just mirror Mike’s information, provide links to some text files that archive earlier expamples of mosbach’s threatening and slanderous temper-tantrums… as well as the remarkable reluctance of boards.fon.com moderators to do anything about him, and whatever I could google up about mosbach in 5 mins or so. I didn’t html-save my own thread, but it essentially looked like the section below:

Subject: “Dr. Gerhard Mosbach” has been outed now!!

FROM GOOGLE AND MOSBACH’S

VARIOUS ONLINE PROFILE PAGES:

Gerhard Mosbach
Frankenwaldstrasse 27
D-95138 Bad Steben
——————————————————————————–
privat : http://www.gerhardmosbach.de/

email : public@gerhardmosbach.de

fon/mobile/sms: 0163.692.9580
fax : 09288.925.9083
skype : gerhardmosbach
sipgate : 8708240

FROM BOARDS.FON.COM:

https://web.archive.org/web/20080515210639/http://boards.fon.com//search.php?search_author=mosbach

http://fon.fondoo.net/t/mosbach.txt
http://fon.fondoo.net/t/mosbach2.txt

WHOIS:

Domain: foneros.de
Domain-Ace: foneros.de
Descr: Gerhard Mosbach
Descr: Frankenwald 27
Descr: 95138 Bad Steben
Descr: DE
Nserver: ns1.kundencontroller.de
Nserver: ns2.kundencontroller.de
Status: connect
Changed: 2006-01-27T17:54:33+01:00

GOOGLE MAPS:

MAPS.FON.COM:

Within minutes, my thread had dissapeared from boards.fon.com. I left the page open and occasionally pressed “Refresh” to monitor the situation. I had copied the text from the message posting window, so I reposted it again… gone again in under a minute! I reposted it once more with the following preface:

“Listen up, people. fon deleted my original thread by this name without any warning and didn’t even see fit to delete the mosbach thread it’s name was inspired by. All of this information is public and is easily found with google. There is nothing slanderous said here (unlike mosbach’s post) or untrue. Just a simple posting of public facts. let us ask ourselves what schiszm causes fon to encourage and support his behaviour, and to continue to succor him when the entire fon boards community screams for his banishment?”

Deleted moments later.


Chapter Five:

Moderfon private-messages this ambigous question to me about my new thread. I don’t see it until after he’s allready deleted it, but I take the opportunity to bring mosbach’s infinitely more offensive material, which survives his critique, directly to his attention:

From: moderfon
To: AustinTX
Posted: Wed Oct 11, 2006 16:49
Subject: what is this ?

what is this ?
https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?t=2180
could you explain it ?

From: AustinTX
To: moderfon
Posted: Thu Oct 12, 2006 14:39
Subject: Re: what is this ?

I don’t know what you’re referring to. There is nothing at that URL.

[Edit: moderfon feels that I am “lying” about this PM unless I include the following line which I had not quoted in my reply to him]Perhaps you have been drinking too much?

From: AustinTX
To: moderfon
Posted: Thu Oct 12, 2006 14:53
Subject: Re: what is this ?

what is this ?
https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?t=2082

could you explain it ?

SO suprising to see it is still there!

[Edit: moderfon feels that I am “lying” about this PM unless I include the following line which I had not quoted in my reply to him]Is he your boyfriend?

In the meantime, the controversy is exploding in other blogs, and Martin Varsavsky himself, is backpedaling and posting excuses about the statistical anomalies. The boards moderators apparently decide to pursue an information blackout, and so they delete mosbach’s thread. The POI export tab is removed from maps.fon.com. Moderfon needs to tie off my loose string, so he sends me the following warning:

From: moderfon
To: AustinTX
Posted: Thu Oct 12, 2006 14:58
Subject: Re: what is this ?
I dont know this persond, and I dont know you too.

This is the your last chance. We dont like post like this.

[Edit: moderfon insists that I am “lying” about this PM unless I include the following line which I had not quoted from him earlier]I send you a PM asking about this post, you didnt say anything.


One post more and you will be banned.

Its clear ?

You or anybody, ok ?

Mosbach removes his threatening blog post, and later posts a nonapology in his blog, which appears to now be deleted, too. Everything swept out of sight and forgotten, right? Well, *almost* everything…


Chapter Six:

I move my “mosbach is outed!” post to my private blog. I suppose it probably belonged there to begin with. You might think this is the end of the story, but NO.

A week after mosbach’s thread was finally purged from boards.fon.com, my fon.cjb.net address and email stopped working. After some personal investigation, I email cjb.net:

It appears my cjb url redirect has been disabled. using the address “fon.cjb.net” goes to your main page now, and I cannot fetch email. I cannot access the account settings page – “incorrect password” – but I have no doubt about what the password is. I tried re-applying for it and the message I got was that the address “can not be used”, which is different from the message “allready in use” for other url redirects. I initiated a “forgotten password” request, but am not 100% sure of what email address I used when I applied. I have not recieved any complaints or other comments about this url redirect whatsoever. Can you please bring me up to date and help me re-establish my redirect? This redirect is important to me because it is very short and handy, and also relates to an hotspot-sharing outfit which I participate in as a hobby. Thanks.

Their terse reply:

That account was removed and banned due to its use for harassment which is a violation of the agreed to Terms of Service.

So “someone” apparently convinced a cjb.net representative that my simple and unnarrated mirroring of public information constituted “harassment”, and so my url-redirect was disabled, and locked. My follow-up:

I have to say I am extremely shocked to hear this. I have never recieved complaint ONE about my website. Isn’t there, at a minimum, some kind of remediation process? I recieved no warning whatsoever. There is nothing even remotely harassing about my website, which describes my experiences with fon.com and lists related resources and contacts. I deserve to know the identitiy of my accuser. I have been an enthusiastic user of cjb.net for more than two years and have reccomended it many times. Please help me to remedy this to everyone’s satisfaction.

Their icy response:

Complainning about a bad experience is one thing, just having a page devoted to handing out someone’s personal info which was resulting in harassment is another. I’m sure you can figure out whom was complainning about the page.

*Devoted* to harassing poor, heartbroken and water-soaked mosbach? Hardly! My extensive and sincere plea goes unanswered:

This is the This is the kind of email i’m sure you hate to recieve. People who work in IT generally like to see matters closed and have better things to do than get involved in personal squabbles. I myself work as a NOC technician and have also been a call-center tech for a number of years. I have been responsible for similar admin email. Please believe me when I say I am sincere about my cause to be reinstated. As you can see, I am not ranting, threatening you with lawyers, or employing the usual histrionics. I am taking the time to write you at length to make my case clear and to demonstrate my respect for you in these regards. I hope to demonstrate to you how you have been manipulated and I hope your response will be to restore matters to their rightful places.

To begin with, I would have to agree with your last email. A page which is designed and devoted to handing out someone’s personal information and which others are directed to visit mainly in order to distress another person might be construed as harassment. However, this is not an accurate description of my webpage which you have disabled.

My web page is firstly, an demo of what I would like to see appear when someone first opens their web browser when connected to my fon.com hotspot before logging on to recieve full internet access. This demo was set up as part of a contest which took place in fon’s boards. Secondly, it contains a blog as an example of content provided by the host of this hotspot. Sixteen entries in that blog were copies of emails that chronicle my experience in joining fon.com and ordering their equipment. Thirdly, there are at entries which are provided so that I can provide a url to helpful technical instructions so that I don’t have to retype them each time. Having the instructions in one place and referring to them by url allows me to improve and update them in a single place instead of tracking down every place I have posted, and editing individually. These urls are still posted throughout https://web.archive.org/web/20080515210639/http://boards.fon.com/ and are to be credited for driving traffic to your ad-supported website.

Fourthly, and lastly, the blog was, presumably, a safe and personal place for me to place unofficial opinions and other material which would be innapropriate for fon’s official boards, for fear they may result in deletion or banishment from the official forum. This is clearly acceptable to the fon.com moderators, as my http://fon.cjb.net url is prominently placed in each of my posts, and I have NEVER been spoken to about it. If you had looked at my website before banning it, you would see that I had listed many private, unofficial blogs relating to fon, and these authors all post in the official fon board and list personal urls there. By utilizing my http://fon.cjb.net url, I am earnestly attempting to “do the right thing” by keeping official -vs- unofficial matters separate. I also use my subdomain email to recieve communications about board activity, private messages and blog comments into separate inboxes. There is a great deal of organization in place which is dependant on cjb.net’s services. I am grateful for cjb’s services, and I emphasize again that I create legitemate traffic to your advertisers.

Addressing the “personal info” contained in the final blog entry at the top; every iota of this is public information! Most of the material displayed is simply copied from another blogger’s post at http://tech.am/2006/10/11/my-first-death-threat-by-mosbach-the-chief-fon-forum-troll/ . The rest of the information was found within minutes by simply typing this person’s name into Google, with no tricks or hacks involved. The subject is highly visible to the public, and has made his full identity and contact information available dozens of times over a signifigant period of time. I am doing nothing but summarizing what he himself has made available to his audience.

He posts as “mosbach” on https://web.archive.org/web/20080515210639/http://boards.fon.com/, and does, or has, advertised the url to his german-language fon.com blog “fonblog.de”, where he posts as “gerhard”. WHOIS on that domain shows it is operated by a “Gerhard Mosbach” and lists the rest of his contact information. Googling that name in that locale shows dozens of verifyably authentic instances where he has posted to boards or advertised his other websites. http://maps.fon.com shows an active fon-branded hotspot at that exact address. Again, nothing found here is nonpublic, nor has any of it even been retracted from the Internic record or Google as of this date. I have never even recieved comments about the information on my website, which has simply served as a minor mirror of information others are still displaying. How can one take the position that I myself am creating a problem, and that it is fair to censor me without any notification or recourse?

It is a painful irony that I am described as “harassing” anyone since this is what that individual is chiefly infamous for himself. Please briefly examine the content of his posts at https://web.archive.org/web/20080515210639/http://boards.fon.com//search.php?search_author=mosbach . He has been a serious matter of contention with all of the board participants familiar with him. Read some of the disturbing things he has said to me in private email here: http://fon.fondoo.net/t/mosbach.txt. If this individual feels less secure about shooting off his mouth in public, now that it is demonstrated how easy he is to identify, then this is a good thing. My website makes no threats to him in any way. You will observe that I do not make any comments or characterizations about him in the post. It’s simply a list of public information. I argue that it fails the Turing Test to define it as “harassment”.

In closing, I assure you that I have nothing to prove to that individual, and my only goal is to restore the services I supply to the fon.com community. I would be *extremely* grateful if you would restore control to me of my fon.cjb.net account settings with the password of “**********” so that I can continue to supply them. As of this date, I have made 1,696(!) posts to boards.fon.com, and the task of manually updating what I have written with new urls and email addresses would be overwhelming. If you insist, I will remove refrences to the presumed complaintant, and only ask that you notify me in the future if I have recieved further complaints.

Way to go, fon and cjb! Cross your arms while a bully runs around the playground like a mad bull, and give a good slap on the face to anyone who pushes the bully back. Protect that insensible twat but bring down the Hammer of Thor on anyone who annoys you by asking you to do your job and bring peace to the community.

And thus, was born http://fon.fondoo.net/ and this post is awkwardly hosted separately. Stay tuned for further developments.


Chapter Seven:

Moderfon comments in my blog that I am *lying* about what I have said. Then, in PM at boards.fon.com, (in the capacity as board moderator, you understand), cites three trivial omissions which I made from this blog entry. I put them back. You tell me if it blows my case.


How El Cheapo’s firmware is locked

October 10, 2006

On Oct 10, Freddy says he has plans to port DD-WRT to La Fonera and provides a link to his site where he provides the script which checks the Fonera firmware’s encryption key: http://fon.freddy.eu.org/fonera/fon-0.7.0-rev4/bin/fonverify

——————————————————————————–

One of fon’s firmware developers joins the discussion and provides us with further technical facts about the encryption:

https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?p=14226#14226. I mirror the text here in case it gets deleted:

Pablo [Sun Oct 22, 2006 07:16]:

Those .FON file bundles are packages signed by Fon (using a private RSA key and an RMD160 message digest), and verified during the upgrade process at the router.

.FON files are not “coded” or “crypted”. They are just signed. Thus, after the first four bytes, the signature length, and the signature itself, there is a tar.gz package containing the files to upgrade the router.

Everyone can see the contents of the file, since it is not crypted. The signature is used to ensure the upgrade file came from Fon, regardless of the way it got into your router. It is the same idea as for the .deb files used to upgrade your Debian/Ubuntu system. You can always check they come from the right source, and see their contents.

The foncheckrsa executable does the same verification that can be issued with OpenSSL:

openssl dgst -rmd160 -verify public_fon_rsa_key -signature

——————————————————————————–

On Oct 25th, As Nerokak is unable to compile code that runs on La Fonera, he Launches this thread asking for help:
La Fonera: ipkg installation issue https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?t=2328

Here is the advice he recieved:

dicks [Thu Oct 26, 2006 05:02]: https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?p=14337#14337
La Fonera uses an Atheros Mips CPU running in big endian mode. OpenWrt is built for Broadcom MIPS CPUs running in little endian mode. So you will need to build your applications yourself, using a big-endian tool set.

Nerokak [Thu Oct 26, 2006 12:24]: https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?p=14347#14347
Can i build package in big endian mode from FONbasic 0.6.6 source?

Freddy [Thu Oct 26, 2006 14:51]: https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?p=14354#14354
you can, you just need a big endian toolchain (use mips instead of mipsel in TARGET)

——————————————————————————–

On Oct 31, President of fon, Martin Varsavsky, announces the official release of the open source firmware for La Fonera in his English-language blog: http://english.martinvarsavsky.net/fon/fon-publishes-source-code-.html

The code was located at this address at that time: http://download.fon.com/firmware/fonera/latest/fonera.tar.bz2

He asks that people who have examined the code and wish to submit improvements email them to:

mailto:iurgi@fon.com or mailto:iurgi@fon.es

He’s apparently recruiting OpenWRT developers for unspecified projects, to be paid for by grants from fon.

——————————————————————————–

Stay tuned for more developments!


Well, dip my router in queso, and call it *legal*

October 9, 2006

A new Internet Service Provider (ISP) launches (this month?), expressly for people with fon-compatible routers, who wish to make sure that their Terms Of Service (TOS) allows them to share and to resell their internet connections. Just what we need! While this service is available only in the UK, if it is sucessful, other ISPs may adopt their practices.

Visit them and enjoy their distinctive yellow gooey, er, “GUI”, heheh.

http://www.fondoo.net/

Addition 2008: Unfortunately, Fondoo has closed for business. Their main website and Cheesy Musings Blog have been abandoned, but have been left running by the hosting company. I still have full administrative access to El Fon Blog, but we are in zombie status now. In the event we are shut down, I have a backup of the blog and will resurrect it elsewhere.

Addition June 2012: By happy circumstance, I have acquired the domain and am now hosting it myself! This is truly amazing, as I have long ago lost contact with Alan Bell of Fondoo, and had no connection whatsoever to the new owners.


Mother performs an autopsy on El Cheapo!

October 6, 2006

Mother, AKA Mike Puchol, examines and analyzes the manufacture of the El Cheapo (La Fonera).

Click the picture for his Flickr photos, or click this link for his blog entry:

http://tech.am/2006/10/06/autopsy-of-a-fonera/


Hollando provides more El Cheapo nude shots

October 3, 2006

He’s working to build a JTAG cable to interface directly with the router, but the project is incomplete. See the discussion and larger photos here:

https://web.archive.org/web/20080515210639/http://boards.fon.com//viewtopic.php?p=13474#13474