Posts

Posted on

Funny Quote

I came across a funny quote on Twitter yesterday:

“Anyone who thinks American Idol is a great show should be smacked upside the head with a Wal-Mart.”

Posted on

Black Hat DC 2009

6a00d83451e4d369e2011278f92f2d28a4I’m on my way back from the Black Hat DC 2009 briefings, and thought I’d give a brief synopsis of my experience there while waiting to catch a plane.

This was the first opportunity I’ve had to attend such a conference, and it was made possible by Alan over at StillSecureAfterAllTheseYears.com (yes, you made my year!).  Being in the DC area, this smaller-brother version of the Black Hat Vegas conference is geared more towards the federal sector, which was perfect for me since that is where I work.

The conference was kicked off by Paul Kurtz (check it out here), former advisor to Presidents Clinton and Bush, and current candidate for President Obama’s Cyber-Czar position.  He described the complex, if not disturbing, state of our country’s cyber-readiness in response to a “cyber Katrina” disaster.

It is a grim situation for which a lack of communication between the various parts of our cyber infrastructure are at fault.  He likened it to the pilot training facility in Florida, which trained the pilots of the 9/11 attack, not passing along any info to the government about what was going on.  The same thing, said Kurtz, is occuring with our country’s ISP’s.  He didn’t really go into how to solve it in detail, but I was left fearing that an increase in communication between ISP’s and the government would only lead to more of a Big Brother scenario than we already have.

I chose to attend the Attack and Defense tract of briefings as opposed to the Reverse Engineering tract at Black Hat.  All in all, I was not disappointed, though a few of the topics were very dry and very granular.  Some of the other attendees I talked to were in agreement that the level of detail tended to get very specific, and thus less relevant to the majority of the people attending.

Still, I learned a lot in many of the briefings, including:

  • Blinded by Flash: Widespread Security Risks Flash Developers Don’t See (presentation here)
  • Dissecting Web Attacks (presentation here)
  • Windows Vista Security Internals (presentation here)

The best presentation I saw this week was by an independent hacker going by the name of Moxie Marlinspike, who’s presentation on New Techniques for Defeating SSL/TLS generated the most buzz amongst the conference attendees and the blogosphere.

Moxie demonstrated a method he devised using a tool he wrote called SSLStrip, which allows one to launch a man-in-the-middle attack on someone attempting to log onto a secure site by taking advantage of “positive feedback” techniques currently employed by modern web browsers, and making someone think they are on a secure web site.  In actuality, they are on your version of the site, and once you have their login credentials captured, you send them on their way without knowing the difference.

Moxie had a 100% success rate of fooling people on the Tor network using this technique, collecting passwords for Paypal, Facebook, and other popular “secure logon” sites.

There were other good briefings, and I met a bunch of cool people.  As I posted on Twitter during the conference, rubbing elbows with the DC securiy elite made me realize how quaint Asheville is. I hope to be able to attend more conferences of this genre, and the opportunity for learning is much greater than sitting in a training room listening to a teach drone on about a single subject.

Posted on

Ubuntu Pocket Guide & Reference – FREE!

It seems Keir Thomas has released a nice little book “Ubuntu Pocket Guide and Reference” which can be purchased for under 10 clams. However, he has also released the PDF version free to the world.

I really like Ubuntu and not just because it’s one of the easiest distros to make everything work (I.E. non-free video drivers etc)…..it truly is a very nice distro in all ways. (especially for the new users)

So if you’re new to Linux and are trying out Ubuntu, head over and grab the free PDF. If you like it….buy it. While Linux kernels are free, we still need to support the guys writing about it. 🙂

Main links of note:

Ubuntu – http://www.ubuntu.com/
Ubuntu Guides – https://help.ubuntu.com/
Ubuntu Community Forums – http://ubuntuforums.org/

HTH.

Posted on

Verizon Wireless Broadband – RHEL 5.x / CentOS 5.x

I’m using the UM175 model so your mileage may vary.

Note: Red Hat officially supports various DELL branded EVDO modems by default in 5.x (see release notes)

Insert the UM175 and make sure the system detects it.

Example:
shell>dmesg
usb 5-1: USB disconnect, address 3
usb 5-1: new full speed USB device using uhci_hcd and address 4
usb 5-1: configuration #1 chosen from 1 choice
cdc_acm 5-1:1.0: ttyACM0: USB ACM device <—— Note the cdc_acm driver was loaded for it and the device is under ttyACM0 (/dev/ttyACM0)

Unfortunately, I couldn’t figure out how to use NetworkManager under RHEL 5.3 (yet) so I reverted back to the standard “network” service instead.

Example: (You DO NOT need to do this if you’re NOT using NetworkManager)
shell> sudo /sbin/service NetworkManager stop
shell> sudo /sbin/chkconfig –level 2345 NetworkManager off
shell> sudo /sbin/chkconfig –level 2345 network on
shell> sudo /sbin/service network start

Then use the “system-config-network” utility (Under – SystemAdministrationNetwork )

1. Select the “Hardware” tab and click “New”

2. Select “Modem” as the hardware type.
Note: The above info from dmesg shows “ttyACM0”, this will NOT be listed in the “Modem Device” selection (at least under mine it wasn’t), so simply erase what’s there and type in “/dev/ttyACM0” (no quotes). I left everything else the same and clicked “OK”.

3. Select the “Devices” tab and click “New” this will start a Wizard.
* Select “Modem” and click Forward.
* Fill in “Phone Number” with “#777” (no quotes)
* Fill in “Provider Name” with whatever (I put Verizon)
* Fill in “Login Name” with “AREACODEYOURWIRELESS#@vzw3g.com” (no quotes)
* Fill in “Password” with “vzw” (no quotes)
* Click Forward and leave the defaults (DNS etc.)

4. Activate your new configuration (this will restart the network controls etc)

You may want/need to set various options under the ppp configuration (like auto start etc).

You should now be able to connect. Until someone posts how to get the NetworkManager working, you may want to create a shortcut of the “Network” applet on your Panel/Desktop. 🙂

Note: There are various ways to skin this cat. I just posted the easiest way I could for the general “Desktop” usage. ;0)

Posted on

Vmware / Vmtools under CentOS 5.x Guests

I’ve seen various posts about people having issues installing/configuring the vmtools package under their CentOS guest.

So here’s my new “Quick Tip”

Inside your CentOS 5.x guest VM
Install/update the kernel source and gcc packages.

sudo yum -y install kernel-devel gcc

Then under the Vmware host application select “VM “Install Vmware Tools” and the “tools” package will be mounted to your host, simply untar the vmware-tools.tar.gz and run the install script inside.

The script will now use your kernel headers and the gcc packages to compile the needed modules.

You can either follow the on screen instructions to unload/load the required modules or simply reboot.

HTH

Posted on

Bellsouth Rejects Email

For two years, I have battled with this issue of Bellsouth.net (and AT&T in general) blocking email from any domain hosted on my web server.  I set up all kinds of security precautions, set up SPF records, and ran all sorts of tests in order to subdue the fears that somehow my server was being used as an open relay for spam.

I was so sure that it was all correct, and was so frustrated that the problem wouldn’t go away.  It only appeared to happen with Bellsouth addresses.

I used the AT&T Unblock request twice, which helped for a short time, but I would soon find email being blocked again and many of my hosted clients complaining.

But today, scouring through the CPanel user forums, I discovered the cause and solution!

I had a hosted client who wanted me to forward all of her email to her Bellsouth account a couple of years ago.  I did this, and then she soon complained that she wasn’t receiving any email. I never stopped to consider the fact that the forward itself was the cause of the problem, and that Bellsouth thought that there was spam being relayed from my server!

So, I have removed that forwarded email account (got her to set up a GMail account), have re-filed a request with Bellsouth to unblock my server, and all should be good again.

I hope this helps someone out there!

Posted on

Cacti on Fedora 10 – Part 1

— Cacti on Fedora 10 —

One thing I’ve noticed about the Ubuntu community, is they have some really great
guides for configuring server packages. However, I like Fedora…….I guess it’s the hat or something.
While there is a Fedora Doc site, it’s lacking guides for most things that are in
the Fedora repos.

I’m planning on joining the Fedora team and submitting such docs in the future. I figured
this would be a great place to test some of my guide ideas.

I’m using a cross between the docs at the cacti site and my own trial and errors.
This will be a multi-part HOWTO. The first write up, will walk you through everything
needed to get cacti up and running on Fedora 10 from scratch.

—————–

0. I’m assuming you have Fedora 10 already installed and ready to go. 🙂

—————–

1. Installing Cacti and all the requirements: (mysql server, apache, etc.)
# You can simply copy and paste. If you’re not in the sudoers file yet, either add yourself or switch to root.

sudo yum install -y mysql mysql-server httpd mod_ssl php php-snmp php-mysql net-snmp net-snmp-utils rrdtool cacti

# Almost everything will be done for you (so no need to follow the Cacti Manual 100%)
# However, it’s good to read and understand where all the core files are.
# So either visit the cacti site or check the docs under /usr/share/doc/cacti-0.8.7b/*

—————–

2. Setup the MySQL server:

# If you’ve just installed the MySQL server, you’ll need to configure the root account & password.
# If you already have a mysql server installed and configured simply skip the “mysql_secure_installation”.

sudo service mysqld start
sudo /usr/bin/mysql_secure_installation (answer all questions as needed/desired)
mysqladmin -u root -p create cacti
sudo mysql -p cacti < /usr/share/doc/cacti-0.8.7b/cacti.sql

# Open the mysql database and configure the cacti user privs/password etc.

mysql -u root -p mysql
mysql>GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'SOME-PASSWORD';
mysql>flush privileges;
mysql>exit

——————

3. Configure the cacti database configuration settings:.

Backup the default config.php (/usr/share/cacti/include/config.php), which actually links to “/etc/cacti/db.php”
Then edit “/etc/cacti/db.php” and specify the database type, name, host, user and password for your Cacti configuration.

sudo vi /etc/cacti/db.php

$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”; <—- created via the cacti.sql script
$database_password = “cacti”; <—- change this to the above ‘SOME-PASSWORD’

—————–

4. Configure Cron to run the poller script:

# Make sure your /etc/cron.d/cacti looks like so. (you’ll need to remove the #)

*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

—————–

5. Start up mysql and apache:

# Start/Restart your MySQL and Apache servers.

sudo service mysqld start
sudo service httpd start

#Point your web browser to:

http://localhost/cacti/ or https://localhost/cacti/

Continue with the installation via the web browser, when you get to the page that locates “rrdtool” etc.
make sure everything is “FOUND” and has the correct path.
IMPORTANT – at the bottom of this same screen change the default “RRDTool Utility version” from 1.x to 1.2.x.
Click “Finish”

Log in the with a username/password of admin. You will be required to change this password immediately.

You can now start creating new devices per the Cacti users guides or poke around and figure it out.

—————–

6. Alter the cacti.conf file for access:

Note: Once you’ve got everything set up the way you want and are ready to access your new Cacti install from
else where, you’ll need edit the /etc/httpd/conf.d/cacti.conf file.
Simply alter the Allow statement as needed.

#
# Cacti: An rrd based graphing tool
#
Alias /cacti /usr/share/cacti
Order Deny,Allow
Deny from all
Allow from 127.0.0.1

—————–

7. Make sure mysqld and httpd are running on boot. 😉

sudo chkconfig httpd on
sudo chkconfig mysqld on

—————–

In part 2, I’ll walk you through examples of configuring various devices.

Take care.

DB

Posted on

Vmware Workstation 6.5 and Linux (host) kernel update woes

Just another “quick tip” from the field.

Starting in Vmware Workstation 6.5 they removed the old (working) vmware-config.pl script.
If for some reason you need to force a reconfig/recompile of the vmmon modules etc.

Then simply run the following as root/sudo

vmware-modconfig --console --install-all

HTH

DB

clicky