Related link: http://news.com.com/Gates+dishes+out+security+promises/2100-7349_3-5250003.html?…

As quoted in this article, Bill Gates was recently heard saying: “computer systems must become more secure and must be at least as reliable as essential infrastructure services like electricity and water.” Good idea, especially the “at least” part :-) Now, what is the main factor standing between Windows and such noble security goal? Its the “people who trying to send out malicious code!” Read this fun article looking for other amazingly silly things such as this!

I am sure this is a dead horse that is periodically brought out for a whipping, but, is there actually a business demand out there for security certifications, or is the demand (which certainly does exist) fuelled by the ISC2 and other organizations interested in furthering their own existance?

As a consultant, I am in the process of getting my CISSP, which will take my certification count to four….. none of which I ever seen any real benefit from.

So, I’m wondering whether anyone actually gets any use out of these… other than possibly in getting a job over someone with equivalent experience without one?

Recently, I have had a few machines suffer from weird behavior, and while the machines run virus scanners, some of the users don’t have it set to automatically download new definitions. I wanted to make sure that no viruses were hiding in the background or trying to evade detection. This is where Knoppix comes in.

First, with the Knoppix disc, the OS that might possibly be infected is completely powered down, so anything that might have been running in memory is gone. Second I’m booting into a completely different OS, so I don’t have to worry about the infection somehow running accidentally under Linux. Third, Knoppix and the virus scanner in it is free, so I can burn many copies of it and scan multiple machines at once.

So, how to scan them? Knoppix does not include the virus scanner as part of its CD by default, but it is an option in the live software installer. So, I run the live software installer from the Knoppix menu, and install f-prot. Once f-prot is installed, a new icon appears on the desktop for your newly installed programs. I run the front-end to f-prot and check the option to download the latest definitions.

Once the definitions are updated, clicking another option will let me choose drives that Knoppix has detected for f-prot to scan. This process does take some time, but hey, Knoppix has web browsers and tons of games to help me pass the time while the scan is finishing. Once it’s done, I get a nice long report of each file it scanned and which ones are infected with a virus, then I can decide to go through and delete those manually, or move them somewhere safe, or whatever I want to do. You could also run f-prot from the command line and tell it to attempt to repair or delete the infection itself.

Since Knoppix can share directories over the network with samba, you could also have other virus scanners on known clean machines scan the share if you were really paranoid.

One handy thing about using Knoppix for this, is that you can also go to that relative’s/friend’s computer that doesn’t have any virus protection and seems to always get infected with the latest viruses (you know the one), and you can safely clean the system up.

Related link: http://www.entmag.com/news/article.asp?EditorialsID=6275

This fun article looks at Microsoft choices in the anti-virus space based on their acquisition of a small anti-virus vendor last year. It provides a pretty interesting analysis of bundled free anti-virus vs extra-cost solution.

Just before I was about to post the blog entry,
this came up. So, it might not only be anti-virus, but also “Microsoft Intrusion Prevention for Solaris 1.0″ and “Microsoft Security Management 1.0″ as well as “MS Client Security 1.0: We Break It - We Sell You a Fix for $49.95″ :-)

Related link: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss407_art803,00.html

Lots of people came to think that anti-virus technology (being one of the oldest commercial security solutions) has essentially converged to a common feature set and “commoditized”. Thus, it doesn’t really matter anymore what antiviral solution you run, you’d get about the same level of protection.

Ed Skoudis’s latest study reveals that the above it glaringly not true: “Strikingly, the capabilities and reliability of the [anti-virus] products varied greatly… We discovered that not all AV products are equal, and many don’t provide the protection you think they do.” Read up this fun piece to get the details and (likely) be surprised!

Related link: http://www.securityfocus.com/columnists/249

This fun piece suggests that “It’s time to tell our users, our clients, our associates, our families, and our friends to abandon Internet Explorer”. While we can argue about the literary features of the article, I doubt anybody will seriously believe that enough users will stop using IE and will migrate to Firefox. Or am I wrong?

Related link: http://www.securityfocus.com/archive/1/366191

I subscribe to bugtraq among other mailing lists, and this week I noticed an interesting post about DRM software included on the new Beastie Boys CD. Apparently part of the autorun process on the CD is to silently install a copy protection system on Windows and Mac–a system that apparently includes a uninstaller for Windows, but not MacOS.

I mostly listen to punk, but I have a nostalgic place in my heart for the Beastie Boys dating back to License to Ill. I actually picked up this CD this week (pretty good IMO if a bit too “why can’t we all just get along” at some points), and personally had no problem ripping it to MP3 for my archos av340 under Linux.

Other sites have reported apparently that this DRM software install is common practice for all EMI CDs except for those in the UK and US (so my disc doesn’t have this “feature”), and that the Beastie Boys didn’t want DRM on the disc but couldn’t overrule EMI’s policy.

This is tough, because I suppose one could respond with the kind of “consumer outrage” that would call for everyone to not buy the CD until EMI takes off the DRM (but then I don’t know that most people here in the US would go to bat for such a cause especially since the DRM doesn’t affect them directly), but that sort of thing would end up punishing the Beastie Boys, who other than signing with the label probably don’t have much say in EMI’s policies. But then again, the buck can be passed so far that noone ends up being at fault.

Personally, I think we as consumers give media distributors too much leeway when it comes to installing extra software like this on our systems. If some 13 year old kid did the same thing, he of course would be tracked down and thrown in jail for causing some umpteen million dollars of damage.

I guess the fine line between a Trojan Horse and “spyware” or other piggy-back software, is whether the writer of the software has corporate backing.

Is there anything we should do to combat this? Or is DRM on CDs just an inevitability, with this case being a quick kludge until full DRM on all music becomes a reality?

Is it my imagination, or has the rest of the world caught up, and figured out that having a security programme in place is a good thing when developing applications? Or (heaven forbid), actually training developers in developing securely before an application is 90% finished?

I have met with quite a few organizations in corporate America over the last several months, and there seems to me to be a movement amongst a lot of very large organizations to seriously consider doing something about this. As far as I’m concerned I think it’s a good thing, provided efforts actually end up in some practical solution.

Any comments, war stories, programmes gone wrong?

So, let me start by saying I’m not really a big blogger. This is actually my first blog, and I don’t follow blogs much. Heck, I haven’t ever even kept a journal.

That said, it’s probably about time I gave it a whirl, and see what happens when I publish my thoughts somewhere on a regular basis.

I should probably talk a bit about myself. I’m 24 years old, married, and currently work as a systems administrator for a publisher in the North Bay (no not O’Reilly). I work on a cross-platform Windows, Mac, and Linux network, with Windows and Mac workstations, and (Debian) Linux handling all the serving.

At home I run Debian on my desktop, server, and laptop, and in my free time I mostly do what I do at work–work with Linux. As far as musical tastes go, I mostly like punk rock, so in my playlists you would see things like Rancid, Pennywise, The Clash, that sort of thing. I like aggressive inline skating and have done it since my teens, but I haven’t really had time in the past year to do it much, so I’m sure I’m a bit rusty. I am however, fortunate enough to live close enough to my job that I can skate to work.

I suppose my plans for this blog are to post little interesting tips and tricks I come across day-to-day, and possibly comment on interesting news stories (and maybe the occaisional rant). I really get into interesting Perl one-liners and regular expressions and other interesting quick hacks, so I might post any of those that I come across as well. We’ll see how it goes.

Related link: http://lists.immunitysec.com/pipermail/dailydave/2004-June/000630.html

In his always insightful manner, Dave Aitel said this on his mailing list yesterday: “Blackhats find more holes before 9 AM than most whitehats do all day.” No matter what the context was, I think this wisdom is often forgotten by many “doing security” for a living. Thus, I am posting this entry to remind folks about it…

One of the things that really impressed me when I was researching and writing BSD Hacks is how resourceful and imaginative open source users really are. To be honest, it was hard to limit the book to 100 hacks–there’s just so many useful ideas out there.

You can imagine how pleased I was to receive an email the other day from Patrick Tracanelli, one of the developers of the FreeBSD LiveCD Project (http://livecd.sourceforge.net. The email contained a dialog script, his “hack” of hack #82 from BSD Hacks. This particular hack demonstrates how to reap the benefits of the ports collection without having to install the entire ports tree.

I was excited for two reasons. One, here was a reader who had taken the spirit of the book to heart: to use the hacks as fuel to your own imagination to solve a particular problem using the tools you happen to have at hand. Second, I had wanted to include at least one hack on dialog, an extremely useful and easy way to add menus to a basic shell script. However, in the end, there just wasn’t room in the book for a dialog hack.

With Patrick’s permission, I’ve included his script. If you have a FreeBSD system without the ports collection, try using it to download the required skeletons needed to install a particular port. If you’ve already installed the ports collection, you can still try it as it will do its work in a temporary directory. I hope you enjoy the script as much as I do!

*****

#!/bin/sh -
#
# Patrick Tracanelli
#
# June 2004 - early Beta (or Alfa?) lines
#
# (Written while listening to Revoltz - banda da Mari)
#
#set -ex

set_anoncvsrvr() {

if [ -e $1 ]; then

# ANONCVSRVR=”anoncvs.br.freebsd.org”
# (BRazil / Unicamp - Universidade de Campinas)
#
ANONCVSRVR=”anoncvs.at.freebsd.org”
# (AusTria / Wirtschaftsuniversitaet Wien, ZID. Vienna)
#
# ANONCVSRVR=”anoncvs.jp.freebsd.org”
# (Japan / GCTR-FREEBSD - Global Center IPv6 FreeBSD)
#
# ANONCVSRVR=”anoncvs.de.freebsd.org”
# (Germany / Technische Universitaet Muenchen)
#
# ANONCVSRVR=”anoncvs2.de.freebsd.org”
# (Germany / University of KaiserslauternKaiserslautern)
#
# ANONCVSRVR=”anoncvs.freebsd.org”
# (US, California / FreeBSD Project)

else
ANONCVSRVR=$1
fi

}

checkuid() {
if [ `id -u` -ne 0 ]; then
message 5 “Sorry, you should be root!”
exit 0;
fi
}

get_defs() {
CTRLDIR=”/var/tmp/ports.tempcontrol”

set_anoncvsrvr
export CVSROOT=:pserver:anoncvs:anoncvs@${ANONCVSRVR}/home/ncvs

if [ -r ${CTRLDIR}/PORTSB ]; then
PORTSB=”`cat ${CTRLDIR}/PORTSB`”
else
first_run_msg
defportsb
fi
}

save_defs() {
case $1 in
“portsb”)
echo ${PORTSB} > ${CTRLDIR}/PORTSB
;;
esac
}

defportsb() {
if [ -r ~/.cvspass ]; then
message 5 “=> Backing up ~/.cvspass to ~/.cvspass_”
mv -v ~/.cvspass ~/.cvspass_
message 5 “=> Touching an empty ~/.cvspass”
touch ~/.cvspass
fi
if [ -w /usr/ports ]; then
message 5 “=> /usr/ports exists, won’t mess there…”
mkdir -p /usr/local/tmp_ports
PORTSB=”/usr/local/tmp_ports”
message 5 “=> /usr/local/tmp_ports/ports will be our temporary working tree.”
else
message 5 “=> /usr/ports does not exists, will be our temporary working tree.”
PORTSB=”/usr”
fi
mkdir -p ${CTRLDIR}
save_defs portsb
}

cvs_login() {
export CVSROOT=:pserver:anoncvs:anoncvs@${ANONCVSRVR}/home/ncvs

if [ -r ${CTRLDIR}/cvs_loggedin ]; then
message 5 “Already logged into ${ANONCVSRVR}.”
else
cvs login
echo ${ANONCVSRVR} > ${CTRLDIR}/cvs_loggedin
fi
}

cvs_logout() {
cvs logout
rm -f ${CTRLDIR}/cvs_loggedin
message 5 “Logged out from ${ANONCVSRVR} CVS Server”
}

cvs_co_base() {
cvs_login
cd ${PORTSB}
cvs co -A -P -l ports/Mk
cvs co -A -P -l ports/Templates
cvs co -A -P -l ports/INDEX
message 5 “checkout of ports/Mk, ports/Templates and ports/INDEX is done!”
}

def_categories() {
# should ONLY be called by def_smallindex()
TMPLISTING=”`mktemp -t portskel`”
cat ${PORTSB}/ports/INDEX | awk -F “|” ‘{print $7}’ | cut -d ” ” -f 1 > ${TMPLISTING}
cat ${TMPLISTING} | uniq > ${CTRLDIR}/CATEGORIES
rm -f ${TMPLISTING}
# from now on, we dont need INDEX more…
rm -f ${PORTSB}/ports/INDEX
}

def_smallindex() {
if [ -r ${PORTSB}/ports/INDEX ]; then
cat ${PORTSB}/ports/INDEX | awk -F “|” ‘{print $2}’ | \
awk -F “/” ‘{print $4″/”$5}’ > ${CTRLDIR}/INDEX
def_categories
message 6 “Both ${CTRLDIR}/INDEX and ${CTRLDIR}/CATEGORIES were hopefully generated.”
else
message 8 “${PORTSB}/ports/INDEX was not found! We need this file
once, to generate our smaller ports INDEX definition and find out
what are the most recent available categories. I suggest you to
CVS checkout the basic required files again (menu’s option #2).”
fi
}

cvs_co_desired_portskel() {
cd ${PORTSB}
cvs co -A -P -l ports/$1
get_depends $1

}

get_depends() {
cd ${PORTSB}/ports/$1
PORTDEP=`cat Makefile | grep “LIB_DEPENDS” | awk -F “/” ‘{print $2″/”$3″/”}’ | grep -v “//”`
for dep in ${PORTDEP}; do
message 5 “=> $1 depends on $dep, lets get it…”
cvs_co_desired_portskel $dep 2>&1 >> /tmp/log.log
done
}

select_port_bycat() {
CATEGORY=$1
CHOICE=`mktemp -t portskel`
# PORTS=`cat /var/tmp/ports.tempcontrol/INDEX | grep “${CATEGORY}/” | awk -F “/” ‘{print $1″/”$2″ <="}'`
PORTS=`cat /var/tmp/ports.tempcontrol/INDEX | grep "${CATEGORY}/" | awk -F "/" '{print $2" <="}'`

dialog --menu "Under ${CATEGORY}/ category, choose the port you want skeleleton for." \
20 70 13 ${PORTS} 2> ${CHOICE}

if [ -r `cat ${CHOICE}` ]; then
select_category
else
CHOICE=`cat ${CHOICE}`
cvs_co_desired_portskel ${CATEGORY}/${CHOICE}
hopefully_done_msg
cvs_logout
exit 0;
fi
}

select_category() {
CHOICE=`mktemp -t portskel`
CATEGORIES=`cat ${CTRLDIR}/CATEGORIES | awk ‘{print $1″ <="}'`

dialog --menu "Select the ports category." \
20 35 13 ${CATEGORIES} 2> ${CHOICE} && select_port_bycat `cat ${CHOICE}`

rm -f ${CHOICE}
}

hopefully_done_msg() {
MSGF=”`mktemp -t portskel`”

cat >> ${MSGF} << EOF
Ports skeleton for ${CATEGORY}/${CHOICE} and all its dependencies
were hopefully retrieved. Now you should manually:

cd ${PORTSB}/ports/${CATEGORY}/${CHOICE}

read Makefile file to figure out all available compiling-time
options and:

make WITH_DESIRED_OPTIONS_READ_ON_MAKEFILE=yes install clean

And if disk space is a big big issue and you can't temporarily use
the space necessary by distfiles/, you may issue:

make distclean

This tool does not intend to install things for you, only retrieve
the necessary skeleton trees that allows you to use the amazing
FreeBSD Ports Collection without spending all ~500MB disk space
used by the complete ports collection skel.

If you do not use to set compile-time options nor modify CFLAGS,
you may also consider using pkg_add(1) with the -r switch.

Thank you for using this tool.
Hope it worked as you expected.
EOF
dialog --title "[ Skeleton retrieval done! ]" \
--textbox ${MSGF} 15 70
rm -f ${MSGF}
}

first_run_msg() {
MSG="It is the first time you are running this program!
\nWe need to set some default values that will be used
until the end of your ports skeleton retrieval, or 'til
you explicitly choose to update/redefine those values.
\nMost of the data we define here, will be used for the
next times you run this program. Press OK to go on."
dialog --title "First time run! Time to define defaults." --msgbox "${MSG}" 12 59
}

message() {
dialog --title "Please note:" --msgbox "$2" $1 70
}

go_retrieve() {
if [ -r ${CTRLDIR}/CATEGORIES ]; then
select_category
else
cvs_co_base
def_smallindex
go_retrieve # thats why we are here...
fi
}

main_menu() {
checkuid
get_defs

CHOICE="`mktemp -t portskel`"
dialog --menu "Ports Skeleton Retrieval Tool (June 2004)" 19 50 12 \
R "Retrieve a skeleton for a port." \
2 "CVS checkout the basic required files." \
3 "Create a smaller INDEX & CATEGORIES." \
4 "Delete defaults and exit." \
5 "Delete everything and exit." \
6 "Logout from CVS" \
Q "Quit" 2> ${CHOICE}
OP=”`cat ${CHOICE}`”
rm -f ${CHOICE}

case ${OP} in
R)
go_retrieve
main_menu
;;
2)
cvs_co_base
main_menu
;;
3)
def_smallindex
main_menu
;;
Q)
cvs_logout
message 5 “bye bye!”
exit 0;
;;
4)
rm -rf ${CTRLDIR}
message 5 “${CTRLDIR} was removed!”
cvs_logout
exit 0;
;;
5)
rm -rf ${CTRLDIR}
rm -rf ${PORTSB}
rm -f /tmp/portskel.*
message 5 “Both ${CTRLDIR} and ${PORTSB} removed!”
cvs_logout
exit 0;
;;
6)
cvs_logout
main_menu
;;
*)
main_menu
;;

esac
}

####################################
main_menu

Have you hacked a BSD Hack? If so, drop me a line or post it for the benefit of other users.