Insights For Success

Strategy, Innovation, Leadership and Security

The hidden dangers of using public WIFI

GeneralEdward Kiledjian

There are plenty of reasons to love WIFI (over wireless). It's free, fast and usually reliable. Often times though, its not a WIFI network you control (think coffee shop, retail store, mall, fast food joint, etc). Sure WIFI is ubiquitous but most of it is controlled by someone else which means is could and should be considered a hostile environment.

WIFI is a hacker playground

Man In The Middle Attack

A Man In The Midle (MITM) attack is an oldie but goodie. It allows a third party to intercept your communication. If successfully performed, an attacker can present a fake "hacker version" of a site you are trying to visit in the hopes of infecting your machine or harvesting your credentials.

An innocent use of this technology is when a WIFI provider intercepts your web browsing request (when you first connect to their network) and injects a logon or terms acceptance page (captive portal). This is a benign use of the technology but bad actors can use this to inject malicious code to infect your computer or trick you.

What you should do: Ensure any site you visit requiring a login or requesting private information is using an encrypted SSL/TLS connection (aka the green lock icon in Chrome). Look for a URL that starts with https instead of just http. Make sure the lock icon is green. 

We are seeing more and more sites switch to encrypted https but many have not made the jump yet. You should also add a free browser plug-in called HTTPS Everywhere. It is a free plug-in developed by the Electronic Frontier foundation and the TOR project which automatically rewrites requests to the secure https protocol when supported by the site. 

Fake WIFI networks

This is a very easy to use trick that is successful any time I have tested it. I basically setup a very strong signal WIFI network with carefully chosen (trustworthy sounding names) that get users connecting to it and then I simply do what I want to do and resend the traffic to the local establishment's free WIFI network thus performing a Man In The Middle attack. 

I can even use the same WIFI name as the local establishment's and your device will automatically connect to my rogue network if my signal is stronger (that's why automatic connections to untrusted WIFI networks can be a very bad thing unless you are always on VPN). I can create one of these network with cheap devices but my preferred tool is the WIFI pineapple. 

What you should do: Be weary if you see multiple networks with the same name at your local coffee shop. It doesn't always mean there is an attack happening but it should give you pause. The real solution is to always use a VPN network when connecting to a WIFI network you don't directly control.

Collecting your wireless information

Sniffing network traffic is a technique used by corporate network administrators to collect information to perform debugging and to try and identify system issues. Sniffing is basically collecting all (some or most) traffic flowing over a network. In the wireless world, this is made incredibly easy and can be done by hackers without anyone's authorization. All it requires is a special (cheap) wireless network card configured to startup in a special mode and then they can capture all the traffic flowing over the wireless network. Once you had the hardware, you simply need a free software like Wireshark to start capturing all wireless traffic. 

Anyone interested in WIFI testing should buy a WIFI Pineapple. You can't call yourself a real security pro without one. I'll wait while you go and buy from from here. (no that is not an associate link and I do not get anything for recommending them. It is just an awesome product).

What you should do: Ensure any site you visit requiring a login or requesting private information is using an encrypted SSL/TLS connection (aka the green lock icon in Chrome). Look for a URL that starts with https instead of just http. Make sure the lock icon is green. Encrypted traffic can be captured but is all garbled up and useless to the attacker. Or you can use a VPN service (which I will talk more about later).

Stealing cookies

No.. not cookies from a coffeeshop but cookies used by websites to authenticate your session. Most websites drop a session cookie in your browser after you log in so you don't have to log-in every-time you visit the site operators page. Most major sites go to great lengths to protect this cookie but many don't and attackers will try to steal these when patrons use unencrypted websites. By stealing the cookie and using it from the same location, many sites will be tricked into thinking the user is logged in and will allow him/her to perform actions without additional checks.

What you should do: Ensure any site you visit requiring a login or requesting private information is using an encrypted SSL/TLS connection (aka the green lock icon in Chrome). Look for a URL that starts with https instead of just http. Make sure the lock icon is green. Encrypted traffic can be captured but is all garbled up and useless to the attacker. Or you can use a VPN service (which I will talk more about later).

Peekaboo I see you

When organizing a security test for a company, my preferred method of attack is attacking the bag of mostly water (aka the human). Humans are usually careless, clumsy and easy to trick. It is much easier to compromise a human than an IT system.

Shoulder surfing is the art of looking over someone's "shoulder" as they type protected information info a computer system. This could be a building entry code, the PIN for your ATM card or a site password. 

This is an especially easy attack when you are in a crowded area where it feels normal to have people close by (packed coffee shop with tight tables, a bus, etc).

What you should do: When I travel, I have a 3M privacy filter on my computer screen to make it more difficult for people around me from seeing my private on-screen information from onlookers. Additionally I always cover any keypad when entering my PIN and never enter passwords when in a crowded area. The important thing is to realize this could happen and pay attention to your surroundings. 

What about that VPN option

My next article will be about 1 or 2 VPN providers that I trust and use but for now, I'll write about what a VPN is. A Virtual Private Network is a special technology that creates a secure connection between your device and that of the VPN provider. That means anyone eavesdropping (digitally) on your WIFI or LTE connection will only see garbled 

Of course the VPN provider will see all of your traffic as they send it to the general internet from their servers but at least you protect yourself from local WIFI attacks. Additionally, anytime you use an https site, that traffic is protected and even your VPN provider cannot see the content of that traffic.

As an example: 

I am sitting in a coffee shop browsing facebook via their mobile website. Their mobile website is protected because it uses TLS (https). I distrust public WIFI, I also have a VPN active.

This means that my connection (all traffic to and from the internet to my device) is encrypted inside that protected VPN tunnel [from my device until the server of the VPN provider] thus no one in the local coffee shop sees where I am browsing and what I am sending/receiving. This protects you from all those local attacks.

Because I am using the facebook website on my device, it is also using protected https which means traffic for that site is encrypted a second time between me and Facebook. This means that the VPN provider knows I visited facebook but can't see anything else.

Obviously you have to trust the VPN provider not to profile you but this is much better than trusting a coffee shop WIFI or even your wireless LTE carrier.

The US Government is moving to kill a law preventing carriers from selling user data to the highest bidder. This means even your home internet provider or wireless carrier will probably start tracking your every move on the internet and selling it to marketing companies. Many people should start thinking about running a permanent VPN from their home router to the internet to protect themselves from this type of profiling.

For those that want a fast, easy and reliable VPN appliance, read my review of the InvizboxGO here

Invizbox GO Review

GeneralEdward Kiledjian

As we learn more about how much data the intelligence community collects and what their capabilities are (Vault7), it reinforces the mantra of having good security hygiene. If you weren't using VPN while on (untrusted) WIFI connections, then you should be. 

I consider untrusted any WIFI network I don't directly control. I even use VPN (normally) when on LTE because I don't trust my wireless carrier.

VPN hardware galore

Appliances properly designed and maintained should make most tasks easier and safer. VPNs and TOR are no exception. Kickstarter and IndieGogo are full of entrepreneurs promising easy security. Unfortunately most fall flat because they are simply re-badged Chinese products with a crappy interface. 

The worst of the bunch are un-maintained products with tones of exploitable vulnerabilities leaking your data with every transaction. Invizbox was a Kickstarter funded company and their first product, a small gumbox sized WIFI anonymization router worked as advertised. It's major drawback was the requirement to have a physical connection to the internet and it was slow. Oh so slow. 

The design team came back with a vengeance and released the InvizBoxGO late last year.  The invizboxGo is a small battery powered device that will secure your WIFI connections and work as a battery backup if you need it. 

TL;DR The InvizboxGO is now part of my every day carry kit (EDC Kit).

The InvizboxGo is sold with an optional "white labelled" VPN service. When you buy the VPN service, you receive the "enhanced" TOR experience which basically means it uses VPN for the first hop to the TOR network thus protecting even that flow of traffic.

It also supports "pluggable transport" (description). Basically pluggable transport is a technology which allows you to change how the TOR traffic looks thus allowing you to bypass anonymity blocking tools (corporate or governmental).

A coming soon feature to force connections to htts when available (like a hardware implementation of https everywhere). 

You can also review the Invixbox firmware sourcecode on . The team hopes that this transparency will:

  • prove there are no backdoors
  • allow researchers to find and highlight vulerabilities
  • give the team immediate trust

InvizBoxGo Easy Setup

 

The testing

I ran the InvizboxGo through a gauntlet of technical tests (while on VPN) and it passed every single one:

  • does not leak DNS queries when in VPN mode (go here to test)
  • does hide your actual IP address (go here to test)
  • does not leak IP or DNS information via JAVA or Flash ( Go here to test)
  • protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and Invizbox did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
  • InvizboxGo is not subject to WebRTC leaks when in VPN mode (go here to test

I conducted my tests via VPN because that is what most users will likely use. If you are technical enough to use TOR, you can do your own testing.

Yes it did slow down my connection to the internet but that depends on a tone of factors. The amount of slowdown will be based on your ISP (potential throttling of VPN traffic), connectivity between you and your chosen VPN endpoint, number of hops, traffic on the net, encryption overhead, etc Overall there was a slowdown (which is normal) but not enough for me to panic.

The killer feature

The InvixboxGo was delivered with the promise of auto-update. The creators promised to keep the device updated to add functionality and patch vulnerabilities. This update should be automatic if you keep your device connected regularly. 

So far I have received one update (during my 2 months of testing) and think this is a big plus if they keep it up.

Issues with the InvizboxGo

My first complaint is that it works well for most captive portals (hotel and airport) but I have not been able to connect it to a corporate portal or WIFI requiring username/password to connect. I was told this issue is logged and that they will investigate.

The second issue is that the device doesn't have a physical ethernet port. Most of my connections are WIFI but recently I have stayed in top tier hotels that have only had Ethernet in the rooms which meant I had to use another Ethernet to WIFI device then use Invizbox to secure my connection. 

I would have liked some kind of additional add on that would allow me to use an Ethernet connection (for WAN) when required.

Conclusion

Overall this is a fantastic unit  that I enjoy using. It is fairly speedy, reliable and easy to use.

The Workflow IOS Automation app is now free

GeneralEdward Kiledjian

Automation can be help with simple tasks like converting a webpage to PDF or can become a complex monster saving you hundreds of hours a year. Until the Workflow app came to IOS, true automation was an Android only benefit.

The $5 app is now permanently free because Apple acquired them

The Workflow app has been around for a couple of years and is a distant cousin (functionally) to IFTTT. It allows users to string together a series of actions, tasks, conditions and inputs and perform all kinds of useful tasks.

It can:

  • Encode media
  • Record Audio
  • Post on social media
  • Automate app functionality where a URL scheme is exposed
  • Send emails
  • Pull RSS feeds
  • much much more

What we don't know yet is what Apple will do with the team and the app. It was made free but there is always the risk Apple will kill the app and move some of the functionality to:

  • a new Apple branded app
  • into a new version of IOS
  • into a new service running on iCloud

What the CIA Vault7 Wikileak really means for consumers

GeneralEdward Kiledjian
Wikileaks Unveils ‘Vault 7’: “The Largest Ever Publication Of Confidential CIA Documents”; Another Snowden Emerges
— Zerohedge
It includes software that could allow people to take control of the most popular consumer electronics products used today, claimed WikiLeaks.
— independent.co.uk
Surprise, everyone, the US Central Intelligence Agency (CIA) allegedly has the means to hack everyday electronics.
— techradar.com

Yes Wikileaks released a very large chunk of CIA information dubbed Vault7 that explains some of the hacking capabilities of the US intelligence service vis-a-vis consumer electronics. Obviously this "isn't good" from a privacy perspective because if the US intelligence community has these capabilities, other nation-states may also have them. 

After going through some of the information, I want to dispel some of the FUD (Fear Uncertainty and Doubt).

Are Whatsapp or Signal hacked?

I have written about Whatsapp security and professed my love for Signal . Many readers messaged me in a panic asking if these apps had "weak" security and had been breached by the CIA. 

Signal and Whatsapp encryption was not broken. 

The CIA would compromise the smartphone (iphone or Android) and then would install malware that would record audio, text or video before the Whatsapp/Signal encryption. 

The Wikileaks statement reads like this:

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.
— Wikileaks

So the short answer is no, these messaging apps were not compromised and their security is still good. Every security researcher know you must must must secure the endpoint because it is normally the weakest link in the chain. Here is proof. 

The security of Signal protocol was recently reviewed during a security audit and it passed with glowing colors. The EFF also rates Signal as an "all green" messaging app. 

Is the CIA hoarding 0 zero vulnerabilities?

We don't know what the CIA is really doing but based on the Vault7 Wikileak, I would say no. Very few 0 day attacks seem to be mentioned in the dump and any that were are being actively used. Nothing in the leak seems to indicate a hoarding of 0 zero vulnerabilities for emergency use.

The attacks mentioned in the leaks may be worrisome to John or Jane Doe but they are nothing new for anyone working in security. They seem to be leveraging "stuff" we already know about the Information Security circles. Yes they sometimes buy advanced attacks from brokers or researchers but most of what I read, I expected them to have.

Nothing I read would indicate that the CIA digital attack toolkit is better than that of the NSA. It is safe to assume the NSA has much stealthier and more powerful tools.

Do I break my Smart TV?

Don't throw away your Smart TV just yet. We learned that the CIA can hack your Smart TV and turn it into an espionage tool by running hacking software via USB port on the TV. Let me say that again, via USB port

Nothing in the document indicates that they can do this remotely via the internet. In security, we always assume that it is impossible to protect an asset if a bad actor can gain physical access to it. Nothing new here. 

Attribution

There are 2 pieces of malware in the wild that were thought to have come from China and Russia but can now likely be attributed to the CIA. These leaks provide enough information for security companies to now make educated assumptions about malware sources they know about and are trying to identify the source of. 

A colleagues working for a US security company said that they can now attribute 2 malware to the CIA previously thought to have come from China or Russia. He said his company will now use the info in these leaks to built signatures to detect and remediate some of the vulnerabilities mentioned here. 

Does this hurt the CIA. I would say no. There are enough vulnerability brokers in the dark market and the CIA has enough money to quickly rebuild a new toolkit.

Are these advanced hacking techniques?

No. They may seem advanced for the average Joe but there wasn't anything monumental or earth shattering for a security researcher. Funny enough, I've been chatting with one of my employees about a new tool from Hak5 called Bash Bunny. The Bash Bunny seems to be more advanced than many of the techniques revealed in this document. 

Is my tech safe?

The BBC published a good article documenting the reaction from major consumer tech manufacturers. 

As expected, Apple provided a lengthy response and committed to working with its security team to plug as many of the holes as quickly as possible.

While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities
— Apple PR

Samsung provided this response

We are aware of the report in question and are urgently looking into the matter.
— Samsung PR
We are aware of the report and are looking into it
— Microsoft PR

Notably absent (at least while I write this) is a response from Google about the vulnerabilities in Android that were actively exploited. As we know, not all Android phones receive timely updates and even those that do have some worrisome vulnerabilities. 

For the general consumer that is not being targeted by a nation-state intelligence agency, as long as you adhere to good security practices, an a Google branded Android phone will be just as safe as an Apple iPhone. I cannot recommend buying an Android phone from any other manufacturer as updates may be slow or non-existent. 

If you are in a job were security is critical, i would still contend that the iPhone is likely more secure because of the way Apple locks everything down.

Conclusion

I won't lose any sleep over the CIA leak. Yes it confirms that the US intelligence apparatus is actively targeting consumer hardware but we all assumed they were doing this anyway. Nothing in this leak revealed anything new and I would assume the NSA Signals Intelligence team is still the king of the hill. Sure the CIA seems to have a couple pocket knives but the NSA still has that 10" Rambo knife strapped to its belt.

 Also assume anything the US is doing can be easily replicated by other nation state actors. Do you really want foreign governments to have these abilities and your own (Canada, US, UK, Australia, etc) not to?

My Everyday Carry Pen (EDC) - TI Arto Review

GeneralEdward Kiledjian

A question I receive regularly is about what makes up my EDC kit. The first article I wanted to publish was about my pen. This is no ordinary pen. It is a magical pen that accepts over 200 different types of ink refills (roller-ball, ballpoint or D1). It is a beautiful pen made from aircraft grade titanium, which makes it super durable, light and incredibly beautiful. 

I have used hundreds of pens from a cheap BIC all  the way to an exclusive Montblanc. After everything is said and done, the TI Arto from Big Idea Designs is the one I chose to carry everyday (at work, during travel or at play). 

Why? First this wonderfully designed and carefully crafted pen accepts over 200 different types of ink refills (without hacking or modification). This means I can buy ink refills anywhere in the world and know it works. It even accepts the Uni-ball Signo DX without any modification. This is a highly prized refill by pen lovers worldwide but it never fits into these pen bodies. It works wonderfully in the TI Arto. How? Because the creative team at Big Idea Designs created a cone head that tightens as you screw it and therefore can securely hold almost any type of pen head in place. This internal compression cone is what makes this pen stand apart and is the secret to how it can accept 200+ ink refills. It is easy to use but will require a little fidgeting as you adjust it (when replacing the ink).

It is built from titanium which means it is extremely light and durable. I carry it in my wallet pocket along with a lighter and aluminium plate wallet and it has held up well. 

Overall I highly recommend the TI Arto. It will be a useful and beautiful part of any EDC kit delivering a lifetime of use.

link

you can see how beautifully the pen wears. This is with 1 year of use. Also note the TI symbol on the cap.

You can see the end of the compression cone holding my Uniball Signo 207 ink in place.

Example of Refills accepted by the pen without modification. This is grows every week.

Pen Name / Refill Name

Rollerball Style Refills

•Avant Pen Refills (0.5mm)
•Bic Velocity Gel Refill 0.7mm (Medium)
•Bic Velocity Gel Refill 1.6mm (Bold)
•Cross Gel Rolling Ball Refill 0.7mm
•Cross Porous Point Felt Tip Refills (Fine & Medium)
•Dong-A Fine Tech RT Pen Refill (GRC-43)
•Duke Rollerball Refill (Medium)
•Faber-Castell Ceramic Rollerball Refill 0.5mm
•Foray (Office Depot) Replacement Refills
•Foray (Office Depot) Replacement for Schmidt Rollerball Refills
•Foray (Office Depot) Replacement for Waterman Rollerball Refills
•Lamy M63 Refill
•Moleskine Gel Refills (0.5 and 0.7 mm)
•Mont Blanc Fineliner Refills
•Mont Blanc 163 Rollerball Pen Refills (F) & (M)
•Monteverde Rollerball Refill (Mont Blanc Style Replacements)
•Monteverde Mini Rollerball J22 Refill for Mini Jewelria Pens
•MUJI 0.5mm Refill
•Ohto C-304P Ceramic Rollerball Pen Refill – 0.4mm
•Ohto C-305P Ceramic Rollerball Pen Refill – 0.5mm
•Ohto C-307P Ceramic Rollerball Pen Refill – 0.7mm
•Ohto C-310P Ceramic Rollerball Pen Refill – 1.0mm
•Ohto F-300 Fude Pen Brush Refill
•Pentel EnerGel BLN105 Rollerball Pen Refill – 0.5mm
•Pentel EnerGel LR7 Gel Pen Refill – 0.7 mm
•Pentel EnerGel LR10 Gel Pen Refill – 1.0 mm
•Pentel EnerGel LRN5 Needle-Point Gel Pen Refill – 0.5 mm
•Pentel EnerGel LRN7 Needle-Point Gel Pen Refill – 0.7 mm
•Pentel HyperG Retractable KL257 Series (LR7 & KLR7)
•Pentel Sliccies Gel Multi Pen Refill (XBGRN3A) – 0.3 mm
•Pentel Sliccies Gel Multi Pen Refill (XBGRN4A) – 0.4 mm
•Pentel Sliccies Gel Multi Pen Refill (XBGRN5A) – 0.5 mm
•Pentel Slicci Techo Mini Gel Pen Refill (BG503) – 0.3 mm
•Pilot Ageless Future Gel Pen Refill (BLGS-7) – 0.7 mm (2 Colors)
•Pilot B2P Bottle to Pen Gel Ink Pen Refill – 0.7mm
•Pilot Frixion Ball Gel Multi Pen (LFBTRF refill) – 0.38mm
•Pilot Frixion Ball Gel Multi Pen (LFBTRF refill) – 0.5mm
•Pilot Frixion Ball Gel Multi Pen (LFTRF refill) – 0.38mm
•Pilot FriXion Ball 2 Biz Gel Pen Refill – 0.38 mm
•Pilot Frixion Erasable Gel Pen Refill (LFRF30P4) – 0.4mm
•Pilot Frixion BLS-FR5 (LFBK-23EF-B refill) – 0.5mm
•Pilot G2 Refills (America’s #1 selling ink gel pen, 0.38, 0.5, 0.7, &1.0mm)
•Pilot G2 Pro
•Pilot G6
•Pilot Hi-Tec-C Cavalier 0.4mm (Has more ink than the standard Hi-Tec-C refill)
•Pilot Hi-Tec-C Coleto 0.3mm (LHKRF-10C3) 15 different colors
•Pilot Hi-Tec-C Coleto 0.4mm (LHKRF-10C4) 15 different colors
•Pilot Hi-Tec-C Coleto 0.5mm (LHKRF-10C5) 15 different colors
•Pilot Hi-Tec-C Slim Knock Gel Pen Refill (LHSRF-8C3) – 0.3mm – 3 Colors
•Pilot Hi-Tec-C Slim Knock Gel Pen Refill (LHSRF-8C4) – 0.4mm – 3 Colors
•Pilot Hi-Tec-C “Standard” – 0.25mm (BLS-HC25)
•Pilot Hi-Tec-C “Standard”- 0.3mm (BLS-HC3)
•Pilot Hi-Tec-C “Standard”- 0.4mm (BLS-HC4)
•Pilot Hi-Tec-C “Standard”- 0.5mm (BLS-HC5)
•Pilot Juice Gel Ink Series Refill 0.38, 0.5, 0.7mm (LP2RF) – (3 Colors)
•Pilot Precise V5 RT/V7 RT, named Hi-tecpoint V5 RT/V7 RT in Europe
•Pilot Q7 Needle Point Refill 0.7mm (BLS-GCK-7 / LHKRF-8C7)
•Pilot V ball RT (BLS-VB5RT)
•Pelikan Roller Refill 338 Rollerball
•Platinum Gel Pen Refill (BSP-60S) 0.5mm
•Platinum Gel Ball Pen Refill (GSP-80N) – 0.5 mm
•Roting TIKKY Liner Refill – 0.5mm
•Sakura R-GBH Ballsign Gel Multi Pen Refill – 0.4 mm (4 Colors)
•Sakura R-GBP Ballsign Knock Gel Pen Refill – 0.4 mm (3 Colors)
•Schmidt Safety ceramic roller 888 Fine
•Schneider Topball 850
•Staples Classic Grip Pen 0.7mm Gel (#31581)
•TUL GL1 Gel Pen Retractable Needle Point Fine 0.5mm
•Uniball Signo DX 0.28mm Refill (UMR-1-28)
•Uniball Signo DX 0.38mm Refill (UM-151)
•Uniball Signo DX 0.5mm Refill (UMR-1-05)
•Uniball Fanthom Erasable Gel Pen Refill (UFR-122) – 0.5 mm (3 Colors)
•Uniball Impact RT 1.0mm Bold (Signo UMR-80)
•Uniball Style Fit Gel Multi Pen Refill (UMR-109) – 0.28, 0.38, 0.5mm (16 Colors)
•Uniball Signo RT Gel 0.38mm & 0.5mm (UMN-138)
•Uniball Signo (UMN-152)
•Uniball Signo 0.28mm (UMN-82)
•Uniball Signo 0.38mm (UMN-83)
•Uniball Signo 207 Gel Refill 0.7mm (UMR-87, UMR-85)
•Uniball Jetstream 0.38 (SXR-38)
•Uniball Jetstream 0.5mm (SXR-5)
•Uniball Jetstream 0.7mm (SXR-7)
•Uniball Jetstream 1.0mm (SXR-7)
•Uniball Jetstream 1mm (SXR-10)
•Uniball Mitsubishi Liquid Ink Rollerball Pen Refill(UBR-300)- 0.5 mm
•Visconti Rolling Ceramic 0.7mm (AA40)
•Waterman Rollerball Refill
•Zebra Sarasa Clip Pen Refill – 0.7mm (JF-Refills for Sarasa, Sarasa SE, Sarasa Clip)
•Zebra JF-0.4 Sarasa Gel Pen Refill – 0.4 mm (4 Colors)
•Zebra JF-0.5 Sarasa Gel Pen Refill – 0.5 mm (4 Colors)
•Zebra JJ2 Gel Ink Refill
•Zebra J15 Gel Ink Refill
•Zebra JJZ15 Gel Ink Refill
•Zebra JJ21 Gel Ink Refill
•Zebra Sarasa Dry Gel Ink Rollerball Refill (JLV-0.4) – 0.4 mm (3 Colors)
•Zebra Sarasa Dry Gel Ink Rollerball Refill (JLV-0.5) – 0.5 mm (3 Colors)
•Zebra Gel Ink Rollerball Refills (RBJF5) – 0.5mm (3 Colors)
•Zebra JT-0.4 Sarasa Gel Pen Refill (RJT4-BK)- 0.4 mm
•Zebra RJF3 Gel Ink Refill
•Zebra RJF4 Gel Ink Refill
•Zebra RJF5 Gel Ink Refill
•Zebra RJF10 Gel Ink Refill
•Zebra Sarasa (NJK-0.4) – 0.4mm
•Zebra Sarasa (NJK-0.5) – 0.5mm

Ballpoint Style Refills

•Ballograf Original Ballpoint Pen Refill (4 Colors)
•Ballograf Pocket Ballpoint Pen Refill (2 Colors)
•Bic Pro+ 1.0mm Pen Refill
•Diplomat EasyFLOW Ballpoint Pen Refill
•Caran D’ache Goliath Refill
•Faber-Castell Ballpoint Pen Refill (Medium)
•Faber-Castell Scribero Gel Ink Roller Refill
•Fisher Space Pen “PR” Series Refills – 15 Different Refills
•Fisher Space Pen “U” Series Refills (UF1, UF2, UF4) – 3 Colors
•Foray (Office Depot) Ballpoint Refill for Parker Refills
•Foray (Office Depot) Replacement For Mont Blanc Ballpoint Refills
•Foray (Office Depot) Ballpoint Refill for Waterman Refills
•Kaweco Soul G2 Refill 1.0mm
•Kaweco Sport Roller Ball Pen Refill (This is a smooth Rollerball gel ink)
•Kokuyo FitCurve Ballpoint Pen Refill (PRR-SJ7D) – 0.7 mm (3 Colors)
•Lamy M22F Refill – Fine, Med, Broad
•Metaphys Locus 3Way Multi Pen Refill – 0.5mm
•Midori Brass Bullet Ballpoint Pen Refill – 0.5 mm
•Moleskine Ballpoint Refill
•Mont Blanc Ballpoint Refills (F) & (M)
•Monteverde Needle Point Refill (Fine)
•Monteverde Soft Roll P13 – Colored inks
•Monteverde Soft Roll P15- (Superbroad, Medium, Ultrafine)
•Ohto P80-05NP Needlepoint Ballpoint Pen Refill 0.5mm
•Ohto P80-07NP Needlepoint Ballpoint Pen Refill 0.7mm (writing width is 0.35mm)
•OhtoPS-205NP Extra-Fine Ballpoint Pen Refill 0.5mm (writing width is 0.35mm)
•Ohto PS-207NP Extra-Fine Ballpoint Pen Refill 0.7mm
•Ohto 893NP Needle-Point Ballpoint Pen Refill – 0.3 mm
•Ohto 895NP Needle-Point Ballpoint Pen Refill – 0.5 mm
•Ohto 897NP Needle-Point Ballpoint Pen Refill – 0.7 mm
•Parafernalia Ballpoint Pen Refill
•Parker Ballpoint Pen Refill (Broad, Medium, Fine)
•Parker GEL Ballpoint Pen Refill (Medium)
•Parker Quinkflow Ballpoint Pen Refill (Medium, Fine)
•Pelikan Giant Ballpoint Pen Refill 337 (Broad, Fine, Medium)
•Pentel Rolly C4 Ballpoint Multi Pen Refill (BKSS7) – 0.7 mm (4 Colors)
•Pentel (KFLT8) Ballpoint Pen Refill
•Pentel Selfit Ballpoint Pen Refill (BKS7H-AD)- 0.7 mm
•Pentel Vicuna XBXST5-A Refill – 0.5mm
•Pentel Vicuna BXM5H Refill – 0.5mm
•Pentel Vicuna BXM7H Refill – 0.7mm
•Pilot BRFV-8EF Acro Ink Ballpoint Pen Refill – 0.5 mm (3 Colors)
•Pilot BRFV-8F Acro Ink Ballpoint Pen Refill – 0.7 mm (3 Colors)
•Pilot BRFN-30F Ballpoint Pen Refill – 0.7 mm
•Pilot BRFN-30M Ballpoint Pen Refill – 1.0 mm
•Pilot BTRF-6F Ballpoint Pen Refill – 0.7 mm (3 Colors)
•Platignum Standard Ballpoint Pen Refill
•Sailor Pica Kirei Anti-Bacterial Ballpoint Multi Pen Refill – 0.7 mm(3 Colors)
•Sailor Pica Kirei Anti-Bacterial “Mini” Ballpoint Multi Pen Refill – 0.7 mm (3 Colors)
•Sakura R-NOB Ballpoint Pen Refill ( SAKURA R-NOB#49) – 0.7 mm
•Schmidt P900 B Ballpoint Pen Refill (Broad, Medium, Fine)
•Schmidt P950M MegaLine Pressurized Ballpoint Pen Refill (Medium)
•Schmidt 4889 MegaLine Pressurized Pen Refill
•Schmidt 9000M EasyFlow Pen Refill
•Schmidt P8900 Super Bowl Refill (Fine)
•Schneider Express 735 Pen Refill (Broad, Medium, Fine)
•Schneider Slider 755 Pen Refill (Extra-Broad, Medium)
•Sheaffer Ballpoint Refill II (Medium)
•Sheaffer K Ballpoint Refill
•Sheaffer T Ballpoint Refill
•Stabilo Ballpoint Refill
•Stabilo EASYgel Refill
•Tombow BR-ZLM Ballpoint Pen Refill
•Uni SXR-80-05 Jetstream Ballpoint Multi Pen Refill – 0.5 mm (4 Colors)
•Uni SXR-80-07 Jetstream Ballpoint Multi Pen Refill – 0.7 mm (4 Colors)
•Uni Power Tank High Grade Ballpoint Pen Refill – 0.7 mm
•Visconti Ballpoint Pen Refill AA49 1.4 (Broad)
•Visconti Gel Refill AA38 (Broad, Medium, Fine)
•Zebra F-Refill Ballpoint Pen Refill – 0.7 mm (2 Colors)
•Zebra G-301 JK-Refill Gel Pen Refills – 0.7 mm (2 Colors)
•Zebra SK-0.4 Ballpoint Pen Refill – 0.4 mm (2 Colors)
•Zebra SK-0.7 Ballpoint Pen Refill – 0.7 mm (4 Colors)
•Zebra Stylus Pen LV-Refills – 1.0mm
•Zebra Zmulsion Ink Pen Refill – 1.0 mm (EQ-1.0)

D1 Style Refills

•Acme Black 4FP Four-Function Pen Ballpoint Pen Refill
•Acme Highlighter 4FP Four-Function Pen Multi Functional Pen Refill
•Aurora Mini Medium Point Ballpoint Pen Refill
•Caran D’ache Ecridor XS Mini Refill
•Cross Matrix Ballpoint Pen Refill
•Cross Micro Ballpoint Pen Refill
•Kaweco D1 Soul Ballpoint Refill
•Lamy M21 Ballpoint Pen Refill
•Lamy M55 Tripen Marker Refill (Orange Highlighter)
•Monteverde Soft Roll Ballpoint Pen Refill – D1 (628)
•Ohto R-4C5NP Needle-Point Ballpoint Pen Refill – 0.5 mm
•Ohto R-4C7NP Needle-Point Ballpoint Pen Refill -0.7mm
•Parker Mini Ballpoint Refills
•Parker Vector 3-in-1 Ballpoint Refills
•Pelikan 38 Ballpoint Refills
•Pentel XBXS5-A (0.5mm)
•Pentel XBXS7-A (0.7mm)
•Pentel Vicuna XKBXES7 Ballpoint Pen Refill – D1 – 0.7 mm
•Pilot BRF-8M & BRF-8F-B 0.7mm Refills
•Pilot Hi-Tec-C Slims (LHRF-20C3-B 0.3mm)
•Platinum BSP-60 Series
•Platinum BSP-100
•Platinum SBSP-120S Hybrid Ink Ballpoint Refill
•Retro 1951 D-1 Ballpoint Refill
•Rotring Tikky 3-in-1 Ballpoint Refills – 0.7mm (2-Colors)
•Staedtler Multi Pen Ballpoint Refill (92RE-09)- D1 – 0.7 mm
•S.T. Dupont Mini Olympio Ballpoint Pen Refill
•Tombow Outdoor Pen Refill (BR-VMP)
•Tombow VS Ballpoint Pen Refill (BR-VS) – D1
•Uni SXR-200 Jetstream Ballpoint Multi Pen Refill (0.5 and 0.7mm)
•Zebra Tele-scopic Slide Ballpoint Pen Refill – 4C – 0.7mm
•Zebra ESB-0.7 Emulsion Ink Ballpoint Pen Refill – D1 – 0.7 mm
•Zebra JSB-0.4 (RJSB4-BK)
•Zebra JSB-0.5 (RJSB5-BK)
•Zebra Sharbo X Ballpoint Multi Pen Refill Component – D1
•Zebra Sharbo X Gel Ink Multi Pen Refill Component – D1