September 2011
1 post
1 tag
Doing Passwords Right
A student once told me, in all seriousness, that his password of “password” was secure because:
It’s a double bluff. No-one would believe I’m stupid enough to use that as a password
Yeah, right.
The trouble is that passwords are hard. One password is easy, two ok but most of us need tens, if not hundreds, of passwords for all our different services. Work password,...
August 2011
2 posts
Sophos
I’ve finally read the details in Travis Ormandy’s Sophail report. Oh dear. Sophos’ response is a classic.
Tavis has questioned the performance of Sophos buffer overflow protection and made other statements questioning the quality of Sophos protection. Naturally Sophos is committed to continually improving performance and protection and regularly participates in independent...
"Wicked Problems"
Over on Charlie Stross’ blog guest author Karl Schroeder introduces the concept of “wicked problems”. I recommend spending the time to read the whole article and the links in its first paragraph.
It’s not a concept I’d come across before:
But often, in the human sphere, there are what’re called “wicked” problems. In 1973, Horst Rittel and Melvin...
July 2011
1 post
Installing Big Apps on Galaxy S Froyo
Just in case anyone else gets this issue. The Samsung Galaxy S with Froyo can’t download apps bigger than 30Mb from the Market as /cache is only 30Mb.
Here’s the fix: get z4root, root phone, then use z4mod to change type of /data from rfs to ext2 (aka Lag Fix). You’ll want to do these anyway if you haven’t already lag fixed the phone.
Then in a terminal window:
mkdir...
May 2011
1 post
2 tags
So, this here wedding thingy
There was a wedding last week and it seems that lots and lots and lots of our users wanted to watch it…..
The graph below shows streaming video traffic for the last week. The time scale is a little confusing, but the low point of the traffic corresponds to the small hours of the morning.
Remember, this is on a 1Gb link. Since there is other traffic on the link, it’s fair to say...
March 2011
1 post
2 tags
Links for 2011-03-21
iostat on Linux
February 2011
4 posts
Debian/Ubuntu two factor auth with Google
Following the excellent guide from MNX Solution I’ve got two-factor auth working on my desktop.
There’s a couple of things I thought worth noting that aren’t mentioned there.
1) You’ll need the pam headers installed and they aren’t by default.
$ sudo apt-get install libpam0g-dev
Then follow the instructions as given.
2) When you edit /etc/ssh/sshd_config...
1 tag
Through a glass, darkly
There’s been plenty written on t’interwebs about the HBGary/Anonymous hack: ArsTechnica have the best write up on how it was done plus, using the hacked emails for details, some of the gory details on how HBGary wrote custom rootkits/backdoors for various US three-letter orgs. If you haven’t read the details of how it was done, do so. It’s both sophisticated (rainbow...
2 tags
Links for 2011-02-16
How debuggers work: Interesting series from Eli Bendersky on how debuggers work on Linux
1 tag
Google User Group write-up
Yesterday I went to Google User Group 2011 meetup in Loughborough. I was just about to start copying my notes in a more coherent form from yesterday, but Chris Sexton beat me to it
Instead, here’s a dump of my notes in a pretty unstructed format. I’ve removed anything that Chris has already covered so you’ll want to read that blog as well.
General
Google CloudConnect for MS...
January 2011
1 post
2 tags
Links for 2011-01-13
Graph viz in the browser
September 2010
12 posts
2 tags
Links for 2010-09-29
Forgot administrator password? The Sticky Keys trick - 4sysops
2 tags
Links for 2010-09-22
SCADA worm a ‘nation state search-and-destroy weapon’ The Register: Now this is interesting. Possibly the first use of a worm in this way? I’m sure there’s been other direct hacking done, but not worms. At least, not that have been noticed :)
2 tags
Links for 2010-09-21
Twitter Mouseover Security Flaw Affecting Thousands of Users [WARNING]: Mouse over attacks are cool
2 tags
Links for 2010-09-17
Akamai: Why our IPv6 upgrade is harder than Google’s: Some very interesting quotes in there. “Address exhaustation is real”
2 tags
Protecting Yourself from Facebook Places →
I’m shocked, shocked I tell you, by how hard Facebook make it to find all the options. Ok, no I’m not. It’s just par for the course, but I was surprised to find that I’d missed the option that lets friend’s applications read your location. Graham Cluley has an excellent step-by-step guide to getting it right.
2 tags
Links for 2010-09-16
How Can the Large Hadron Collider Withstand One Petabyte of Data aSecond?: Interesting article from High Scalability on the data management issues of the LHC
Understanding the HDCP Master Key Leak | Freedom to Tinker: Ed Felten with a clear write-up of the implications of the HDCP key leak
2 tags
Links for 2010-09-14
Claimed HDCP master key leak could be fatal to DRM scheme: Now this is interesting. Is it the real master key? If it is, that’s a really bad leak
1 tag
Disk encryption attacks explained
Following on from my last rant about the TechMesh event I went to recently, I’m finally getting round to writing up an explanation of the BitLocker decryption attack demoed there as “scary software from Russia that can decrypt your drive and an attack which Microsoft needs to fix RIGHT NOW” (I paraphrase).
The demo is a good one, and really impressive to see in action. Given...
2 tags
Links for 2010-09-13
‘Padding Oracle’ Crypto Attack Affects Millions of ASP.NET Apps | threatpost: A very cool attack against ASP.Net encryption. Note that this is Oracle in the Delphic sense, not the DB vendor sensor
Schneier on Security: Kenzero: “Kenzero is a Japanese Trojan that collects and publishes users’ porn surfing habits, and then blackmails them to remove the...
2 tags
Links for 2010-09-09
EC2 and Ubuntu - Alestic.com: Ubuntu and Debian AMIs for Amazon EC2
2 tags
Links for 2010-09-08
hstack’s puppet at master - GitHub: Puppet recipies for hadoop
Hadoop/HBase automated deployment using Puppet at hstack
2 tags
Links for 2010-09-07
Advertisers get hands stuck inside HTML5 database cookie jar
August 2010
8 posts
2 tags
Links for 2010-08-26
Corporate Identity Theft Used to Obtain Code Signing Certificate - F-Secure Weblog : News from the Lab: Interesting. A certificate used to sign malware wasn’t stolen but was generated by the malware authors using a stolen company ID
Pentagon confirms attack breached classified network: Infected USB stick lauches attack “by foreign power”
1 tag
"If you haven't upgraded from XP/Server 2003, I...
I’ve just got back from a TechMesh event, and feel the need to rant. The speaker gave this quote (from memory):
If you are still running Windows XP or Server 2003, upgrade. Just do it. We could walk into your network in, oh, two minutes. Upgrade
If only life was that simple. Move to Windows 7 and all my problems will be over? Sign me up. Or, to be less unfair to the speaker, unless I...
2 tags
Links for 2010-08-25
Metasploit: Better, Faster, Stronger: DLLHijackAuditKit v2
Rustock botnet responsible for 40% of spam - Computerworld: Also of interest that Rustock has stopped sending TLS encrypted email. The gain wasn’t worth it it seems
2 tags
Links for 2010-08-24
How I Learned to Stop Worrying and Love Using a Lot of Disk Space toScale
2 tags
Links for 2010-08-23
[Dailydave] X11 -> Root? (Qubes square rooted): A rant from Brad Spengler about Qubes
1 tag
Stages of an IT Project as a River
My colleague Alistair Knock(@aknock) came up with the characterisation of an IT Project below after a recent discussion about enterprise collaboration software, which I reproduce here with permission.
Stages of a IT project as a river
- spring: random optimistic thoughts circulate online, IM, watercooler, pub. The words ‘wouldn’t it be nice if’ are repeated over and over...
2 tags
Links for 2010-08-03
Update and Clarification of Analysis of Mobile Applications at Blackhat 2010: Looks like the Android Wallpaper apps were over-zealous rather than actually malicious
RIM Helps Russia, China Monitor BlackBerry Users E-mails The Firewall - Forbes.com: More on RIM. Looks like they may help China and Russia monitor their traffic. Not exactly real proof though
2 tags
A commentry on the Florêncio and Herley password...
A few weeks ago, Bruce Schneier linked to two new papers on password policies. I’ve now got round to reading the first of theese, by Florêncio and Herley from Microsoft Research and I’m not convinced.
Before we start, one quick clarification. The paper limits itself to talking about plain passwords and not 2-factor auth (2FA) etc., so we need to consider it in that context.
...
July 2010
23 posts
2 tags
Links for 2010-07-29
Android wallpaper app that steals your data was downloaded by millions | VentureBeat: That’s an impressive number of downloads for first gen mobile malware.
Facebook | A Dismal Guide to Concurrency: Read this and all the links.
Scaling Facebook to 500 Million Users and Beyond | Facebook
Using botnets to do SIP scanning: Sip scanning #2
Targeting VoIP: Increase in SIP Connections on UDP...
2 tags
Links for 2010-07-28
CoffeeScript: A nicer javascript.
2 tags
Links for 2010-07-27
Return of the Facebook Snatchers: Nice torrent of all Facebook user’s names, courtesy of Facebook’s directory.
2 tags
Links for 2010-07-26
The social impact of surveillance in schools - University of Hull: Interesting press release for a sociological study on surveillance in schools
Updates: TCPView v3.0, Autoruns v10.02, ProcDump v1.81, Disk2vhd v1.61 - Sysinternals Site Discussion: Updates to some of hte most useful SysInternals tools (via @sansisc)
Unpatched shortcut vuln exploited by mainstream malware: It was only a matter of...
2 tags
Links for 2010-07-22
New ‘Kraken’ GSM-cracking software is released: That noise you hear is the sound of a thousand dodgy PIs working out when they could start using this.
Petabytes on a budget: How to build cheap cloud storage | Backblaze Blog: Totally offtopic, but very cool
Apple the new world leader in software insecurity: Not what the fanboys say :) The article is fair however - mentioning that 3rd...
2 tags
Links for 2010-07-21
panGloss: When does information not want to be free?: Interesting notes on copyright and FOI requests
Microsoft gives Adobe Reader a Protected Mode: “Worlds most exploited software” now maybe less exploitable.
New beta of Microsoft Security Essentials released with network protection: I’m finding it harder and harder to recommend users who want free a/v user anything else.
2 tags
Links for 2010-07-20
TrueCrypt 7.0 released: Looks good.
Attack and Defense Labs: Shell of the Future Reverse Web Shell Handler for XSS Exploitation: “the browser equivalent of a reverse command shell, instead of a command prompt from which you type in commands, you get to browse the victims HTTP/HTTPS session from your browse”
SCADA Systems Hard-Coded Password Circulated Online for Years: More on the...
3 tags
"A hidden world, growing beyond control"
Excellent couple of articles from the Washington Post on the post 9/11 growth in the “national security” industry. I’d love to see some similar stuff from the UK, but I’m sure it’s pretty similar here just on a smaller scale.
The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so...
2 tags
Links for 2010-07-19
[Dailydave] Your trusted computing base is not what you think it is! :>: “Here are some trojans signed by a key from realtek, supposably. How cool is that! You
have to assume the signing key was at least as protected as their source code, right?”
New metasploit gui: Looks nice.
2 tags
Links for 2010-07-17
Firefox joins Microsoft in uncool kids class: “If Google can abstract away the need for a fat desktop operating system, Microsoft is toast, no matter its professed belief in self-cannibalization. Microsoft chief operating officer Kevin Turner this past week paid lip service to the cloud, but urged the company’s partners to focus on the “triple” play of Windows, Office, and...
1 tag
2 tags
Links for 2010-07-15
Droid X actually self-destructs if you try to mod it: So stupid, it hurts
why executives are the easiest social engineering targets: Yup.
An interesting DNSSEC amplification: “This leads to a combinatorial explosion of sorts, where a query for a single host name (test.example.com for example) in a simple configuration (two example.com name servers) leads to 844 separate...
2 tags
Links for 2010-07-14
Beware of cold call scammers pushing rogue antivirus: Yet another thing to watch out for.
1 tag
"Assume you're hacked"
In one of the comments to post on password ageing I promised another post on the pros and cons of managed desktops. That’s still being written, but in the meantime I came across Security Rule No. 1 - Assume you’re hacked, which contains this:
The best way to prevent hacking is to lock down workstations and servers and to allow only pre-approved software run on them. Most IT ...
2 tags
Links for 2010-07-08
The New Distribution of The 3-Tiered Architecture Changes Everything: From F5’s DevCentral. Nice short article on how new model web apps where the client runs the presentation layer changes things at the network and security level
Security and Networking - Meterpreter Scripts: Many metasploit scripts
the windows auth model is broken
Tenable Network Security: Oracle Patch Auditing: Nessus...
A funny bug
Without anyone noticing, Python has been running with the SSL handbrake on for ten years. Guido van Rossum set a debug flag which caused Python to pause for one second each time the SSL_read() function was called when SSL was first introduced. The development team has now removed the brake from the subversion repositories for Python 3.2, 3.1, 2.7 and 2.6.
(from h-online. The bug report is...
2 tags
Password ageing: how long should a password last?
It’s that audit time of year again, and password ageing comes up again. Across the sector there’s a wide variety of policies ranging from never expire to every 90 days and can’t reuse the last 20+.
So, is there any evidence for doing this?
If Mathematics is only concerned with three numbers (0, 1 and infinity) and computing with two (0 and 1) then maybe the place to start is...
2 tags
Links for 2010-07-07
Metasploit Unleashed - Mastering the Framework: How did I miss this? Superb tutorial on Metasploit
Steal Our Wireless But Hide Your Porn, PervSincerely, The Girls Downstairs: :)
A third of UK employees use a personal device for work purposes: Only a third?
Botnet viruses invade smartphones: It’s the way of the future I tell you
Why Arduino Is a Hit With Hardware Hackers: Totally...
3 tags
On software updates
In the middle of a very interesting post on free software packaging I saw these rather interesting stats:
Take, for example, modern web browsers like Firefox and Chromium. Arguably the most vital application for users, the browser is coming under increasing pressure to keep up with the breakneck pace of innovation on the web. The next wave of real-time collaboration and multimedia...