Unix Linux Hacks And Confs News Spot

Black Hat 2008, Las Vegas

2008-09-21T11:31:00.003+02:00

The Black Hat 2008 briefings in Las Vegas, Nevada, held at the Ceasar's Palace, was great as usual.
Imagine 5.000 or more IT security techies on the same 5.000 square meters for a week or more.
Hehe, well, it is our week a year. You'll see all kinds of profiles attending the briefings. The black t-shirt
with a-cool-binary-image wearing techie, to latex wearing sales and promotion babes. It is sometimes a bit surreal
but very inspirational to visit these kind of convents/conferences, but I and my coworkers really enjoy every minute of it.

The latest greatest discussed vulnerability was of course attack caching nameservers.
Very scary vulnerability indeed. More information and a link to hole article can be found here.

http://www.securiteam.com/exploits/5DP0L15OUY.html

cat /more/blog/posts

2008-09-21T11:19:00.003+02:00

I will be posting a lot more frequent starting today. Been to busy doing other things lately, but
now the inspiration is back. I have played a great deal with 10.4 and 10.5 of Mac OS X to find
out some basic tips and tricks that I can post here.

Mac OS X is as many of you Unix guru's already know, Unix-based, and from the BSD family of the greatest
operating system ever, Unix.

Holidays = Malicious Code

2008-03-24T09:27:00.002+01:00

Since I started monitoring malicious code, there has been one very obvious trend.

After a long holiday break, such as Christmas, Easter or any other holiday, lasting more than a few days, the malware coders are having a global release party of new malicious code for sure.

On the defending side, the system/network administrators and developers might be in for a cold shower while turning back to work, after enjoying some very well earned days of with family and friends. Just to see their web and operating system logs covered in brute force login attempts, traversal web dances, code execution attempts, cookie fungus, DoS coughs etc. The list is of this kind of activities can be made long, but it does of course not necessarily mean a compromised system, but enough to give one a headache. The worst scenario is if you as and admin realize that new exploit has been released in the wild, while you were eating turkey and laying exhausted on the couch watching all those "saved for later" DVD's.

Somehow I wish it was legal to spawn attacks back every-time a bad packet reached my ethernet layer. To bad, most of the attacks are from already compromised boxes or thru wide opened proxies.

Archos 605 WiFi

2008-03-24T09:09:00.003+01:00

Archos is a fine piece of mediaplayer, which runs on a customized linux kernel.

Perfect for use, when you don't want to waste time booting up your lap top on the subway, bus, airplane or whatever transportation you are on. Right now, I use it for study reasons. Very nice to have all loads of books in PDF format, and with the 4.3 inch screen, the reading is a breeze.

The Opera web browser used by Archos is fast and almost flawless. Easy to use and with loads of nice features, such as zoom capabilities, flash and several script languages. Works great on YouTube, as long as you have the neccessary bandwith. Archos has released a SDK, which you cand download from their site, if you are up to writing new appz.

Christmas time, code time?

2007-12-10T13:48:00.001+01:00

The longed for Christmas break is seeing the horizon. If you would have asked me 7 years ago, I would have told you, I would work even harder during the holiday. Now, as a proud family member, I see what it is all about again. The childrens expectations, cooking, cleaning, socializing, seeing friends and of course, eating loads of home cooked food. All-in G-man!! :-)

On the software side, I guess, quite a few new good ideas is brewed during this holiday. Digesting the food, laying in "bob-sledge" position on the sofa, dreaming about new cool tools to write.

Live CD, DVD on USB sticks

2007-12-10T12:47:00.000+01:00

Using Live CD's and DVD's is a often a nice way to test out new Linux distributions.
No need to install, and usually, the kernel supports a wide range of hardware by default.
The only downside as I see it, is that it can take a few minutes to boot up. But compared to what it takes to install, those minutes are very neglictable. I remember downloading and using Knoppix Linux live CD ( http://www.knoppix.net ) as early as 2003, but I guess the first one where sometime around 2001.

Today, there is almost no Linux distrbution that you can not get as a "Live" version on either CD or DVD.

As the price on USB memories are closing in to the price of CD-R's and DVD-R's, I expect to see Linux Magazines and other Linux media bundle Linux distros and software on USB memory sticks, attached to the magazines. Especially since most of the new bios:es supports booting from USB media.

I can imagine to my pile of CD's and DVD's getting replaced by USB memory s ticks and flash drives in the very near future.

Happy hacking!

3g Huawei on a MacBook Pro

2007-10-09T11:30:00.000+02:00

Just wanted recommend you guys that have access to 3g technology, to try out the 3g card from Huawei.
I have used it for a few months now, and it really is uber nice. Always connected, and no worries the cost, as it is flat rate!!! The few tests I have performed with the Huawei 3G/HSDPA/EDGE-modem have been regarding it's possibilities to stay connected, while in a car, or lets say a high speed train. To my big surprise, I actually managed to stay online to surf and play poker on a flawless connection for three long hours, averaging a speed of about 60-70 miles/hour. No more WiFi hot spot hunting or "loaning bandwidth" from an open WiFi net. So If you have access to a 3g net in your area, I would really consider trying it out if I were you. The speed is all very dependant on your signal strength, but the maximum speed is now in theory at 7.2 Mbit. I have managed to get about 3.3 Mbit, downloading from a University FTP site. Well, anyway, check it out.

Back from Black Hat Briefings 2007

2007-08-15T21:04:00.000+02:00

Came back from a sunny and hot as .... Las Vegas. We spent 10 days in the desert this year too.
Black Hat was great this year, as last year, as the year before that etc..

Before the briefings this year, my friends and I agreed upon listening to briefings on topics that
we rarely come in touch with. One of our choices fell on presentation about navigations systems. Two guys from Italy gave a cool and entertaining presentation about "freaking out satellites" by injecting RDS-TMC traffic information signals.

Another interesting speech was Bruce Schneier's "The psychology of Security". Bruce really proved to have good understanding of the human mind.

As almost every year, Black Hat briefings 2007 was worth every penny.

Black Hat Briefings 2007 Las Vegas

2007-06-28T11:24:00.000+02:00

Ah, less than a month left to Black Hat briefings in Las Vegas ( Hotel Caesar's Palace, they've got a nice swimming pool too, hehe ) . This years schedule looks really nice, as usual. Loads of interesting key note speakers. Check out the list of speakers at Black Hat's site.

Besides a cool briefing about next generation of RE ( reverse engineering ), this year, there is two database forensic briefings that look really promising. In my field of work, security auditing databases is one of my favorites. Ah, and I am for sure going to check out Iron Chef Black Hat. :-)

Besides Black Hat, Defcon 15 at Hotel Riviera is on the agenda. Last year I missed the lock picking competition. Hopefully they will have another one this year, and hopefully I get to buy one of the uber lock pick tools set this year.

Don't forget to check out Hacker's on a plane!

Mac OS X Leopard release

2007-06-20T10:20:00.000+02:00

According to www.apple.com, the release date for their new upgraded Mac OS X is set to October.
It sure looks promising, featuring over +300 new innovations. I wonder how we will be able to intergrate the iPhone to this smash looking new desktop. Go and check out the features for yourself. There is quit a few demo's available, and I like Apples new little slogan. Hello Tomorrow.

I will try and have the Leopard as soon as possible, so I can try out this new eye opener, and post some of the interesting stuff here. It will have to wait until October though.

In case you wonder, Mac OS X is based on the Mach kernel, which in turn is derived from BSD's implementation Unix.

Take a Break, play some poker at PokerStars from your Linux desktop

2007-06-14T16:10:00.000+02:00

Or, should I say, where you can use your favorite OS Linux or Mac OS without having to run a vmware installation of Windows.

Take a break from your heavy duties tonight. Sit back, brew yourself a fresh cup of coffee or tea, and join a multi table tournament, with awesome poker action, and now, from your Linux desktop. Yihaa!

You should be able to run PokerStars with a wine installation, ( version 0.9.36 ) under Fedora Core 6 without any problems. Just install the pokerstars.exe file issuing the command:

Download the PokerStars Poker Client from here:

$ wine PokerStarsInstall.exe

Follow the regular Windows like installation instructions, and you should be set.

To install wine on Fedora just run:
# yum install wine

Check under applications, and you will find a a PokerStars icon ( shortcut ) to start the PokerStars client.

PokerStars runs excellent on a Fedora 6 installation, so no more need for virtualization to make use of poker clients. So finally, the best of two worlds, Linux and Poker!, and Yes, well all need a nice break to play some adreanline poker after reading hundreds and thousands of man pages. NOHUP poker!

I will get back on how to install wine and other poker clients on a few different Linux distributions, but for now I will only cover Fedora.

One thing worth to mention. The bonus on PokerStars is in my meaning very easy to collect. Just a few hours of play usually.

Linux poker site support

2007-06-14T16:05:00.000+02:00

On the Ongame ( Pokerooom, Hollywood Poker, Bet24 etc ) network, you can use your firefox browser and the java ( the client is run as an java applet ).

Installing the required java plugin is needed for this to work, and you will of course need to enable java script on the pokerroom website.

Download the Java Runtime Environment from Sun.
Java(TM) SE Runtime Environment 6

The current file is called jre-6-linux-i586.bin
Then run the bourne shell script
$ sh jre-6-linux-i586.bin

To make Firefox use the libjavaplugin you can create a symlink from the extracted jre directory to your Firefox plugin directory.

$ cd .mozilla/plugins
$ ln -s jre1.6.0_01/plugin/i386/ns7/libjavaplugin_oji.so libjavaplugin_oji.so

You will need to restart Firefox to start using the libjavaplugin.

Now you should be set to play at all the Ongame poker sites.

Earths unknown sibling? Greetings 581 c!

2007-04-25T20:36:00.000+02:00

Completely off topic, but this could be the discovery of the millennium.

As I am a huge fan of cosmos, I was very excited to hear about a sighting of what could be a big brother/sister planet to our little planet Tellus. In my mind I have already named it Bellus.

B for bigger, and Bellus from Bella, ( beautiful ).

Wow, there could be life just 20 light years away. How would have thought that?

Check out more about this huge discovery.

http://www.cnn.com/2007/TECH/space/04/25/habitable.planet.ap/index.html

581 c greetings!!

GPS - Bluetooth and Linux

2007-03-10T12:07:00.000+01:00

Today I will probably try and find out how well a GPS receiver works under Linux, and Bluetooth. First update will most likely be available later today.

Minix 3

2007-02-04T15:44:00.000+01:00

In case anyone has missed it, Minix 3 is out. An extremely small OS with a kernel mode code below 4k lines of code. The goal with Minix 3 is to be usable as a serious system on resource-limited and embedded computers and for applications requiring high reliability.
Minix 1 and 2 where mainly intended to be used as teaching tools.

So go the Minix 3 site and download the CD image and have it try, it can be run as a Live CD and it's only 300 Megabytes big in compressed format.

Oracle Critical Patch Update January 2007

2007-01-17T13:10:00.000+01:00

Oracle has released a set of critical patches for multiple security vulnerabilities. (January 2007)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html

The severity of the vulnerabilities ranges from information exposure to system access from remote.

Affected software is:

Oracle Database 10g
Oracle Application Server 10g
Oracle Developer Suite 10g
Oracle E-Business Suite 11i
Oracle Enterprise Manager 10.x
Oracle PeopleSoft Enterprise Tools 8.x
Oracle9i Application Server
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
Oracle9i Developer Suite

Check the Oracle security blog site for more detailed information.
A total of 52 vulnerabilities is addressed in January Critical Patch Update (CPU).
The next four upcoming dates for CPU's are:

17 April 2007
17 July 2007
16 October 2007
15 January 2008

The patches are released on the Tuesday closest to the 15th day of January, April, July and October.

The Python Language

2007-01-16T23:18:00.000+01:00

Even though I am a fan of writing my scripts in Perl (for sys admin tasks etc), I believe I will have to bow and admit that Python is an excellent object-oriented and interactive programming language. The power of the Python language, I believe ( Created and authored by the brilliant mind Guido Van Rossum) is its simplicity and clear syntax. As I am far from a hard core Python coder I will link to a friend of mine who has dedicated his website to this fantastic language.

So if you want to start hacking Python, you might want to check out the code at CVX | code version x. All dedicated to the Python and the fantastic world of Unix. Right now he has a tutorial on creating RPM's in Python.

By the way, besides many Linux distributions, the software engineers at United Space Alliance uses Python for Rapid Application Development.

Excellent ssh brute force attack blocker DenyHosts

2007-01-15T12:06:00.000+01:00

The author behind Denyhosts has written an excellent tool in Python to protect your ssh server from brute force attacks. Annoying ssh attacks that tries to guess a valid username and password to you ssh login. Very common attack vector. If you are running an ssh server that is accessiable from the Internet or actually any location, may it be the LAN or WAN, you should always enforce restrictionsn to your services, and especially login services such as ssh.

It should not matter if you are a linux newbie, the installation of DenyHosts is very smooth.
What is just excellent, is that DenyHosts uses a security featuret that has been around most Unix Linux systems for ages. The tcpwrapper!
(/etc/hosts.deny and /etc/hosts.allow)

After downloading the tarball (DenyHosts-2.6.tar.gz) or rpm.

[salt@localtoast source]$ tar -zxvf DenyHosts-2.6.tar.gz
The output should be similar to this.

DenyHosts-2.6/
DenyHosts-2.6/PKG-INFO
DenyHosts-2.6/denyhosts.py
DenyHosts-2.6/denyhosts.cfg-dist
DenyHosts-2.6/setup.py
DenyHosts-2.6/DenyHosts/
DenyHosts-2.6/DenyHosts/prefs.py
DenyHosts-2.6/DenyHosts/report.py
DenyHosts-2.6/DenyHosts/lockfile.py
DenyHosts-2.6/DenyHosts/__init__.py
DenyHosts-2.6/DenyHosts/plugin.py
DenyHosts-2.6/DenyHosts/denyfileutil.py
DenyHosts-2.6/DenyHosts/deny_hosts.py
DenyHosts-2.6/DenyHosts/regex.py
DenyHosts-2.6/DenyHosts/sync.py
DenyHosts-2.6/DenyHosts/counter.py
DenyHosts-2.6/DenyHosts/old-daemon.py
DenyHosts-2.6/DenyHosts/util.py
DenyHosts-2.6/DenyHosts/daemon.py
DenyHosts-2.6/DenyHosts/python_version.py
DenyHosts-2.6/DenyHosts/allowedhosts.py
DenyHosts-2.6/DenyHosts/filetracker.py
DenyHosts-2.6/DenyHosts/loginattempt.py
DenyHosts-2.6/DenyHosts/restricted.py
DenyHosts-2.6/DenyHosts/purgecounter.py
DenyHosts-2.6/DenyHosts/version.py
DenyHosts-2.6/DenyHosts/constants.py
DenyHosts-2.6/CHANGELOG.txt
DenyHosts-2.6/LICENSE.txt
DenyHosts-2.6/daemon-control-dist
DenyHosts-2.6/plugins/
DenyHosts-2.6/plugins/README.contrib
DenyHosts-2.6/plugins/shorewall_allow.sh
DenyHosts-2.6/plugins/shorewall_deny.sh
DenyHosts-2.6/plugins/test_deny.py
DenyHosts-2.6/scripts/
DenyHosts-2.6/scripts/restricted_from_invalid.py
DenyHosts-2.6/scripts/restricted_from_passwd.py
DenyHosts-2.6/README.txt
DenyHosts-2.6/MANIFEST.in

[salt@localtoast source]$ cd DenyHosts-2.6
(change directory to the uncompressed python source of DenyHosts)
[salt@localhost DenyHosts-2.6]$ more README.txt
(read the README.txt file for DenyHosts. This should be mandatory for every installation. It will save you so much time!)
Ok, you have read the README.txt, peaked somewhat on the Python code.
Now you will have to switch to the root user aka the super-users.
[salt@localtoast source]$ su -
You will need to cd back to the source directory of DenyHosts as user root.
[root@localtoast DenyHosts-2.6]#

Edit the files descibed in the README.txt file. If necessary. Red Hat and Fedora users should be able to run the default configuration. Make sure the is moved or copied to /usr/share/denyhosts/

Fire up and test DenyHosts with
[root@localtoast DenyHosts-2.6]# daemon-control start
starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg

# tail /var/log/denyhosts (monitor denyhosts)

To verify that DenyHost is running as process, you can check with your ps commands.

[root@localtoast DenyHosts-2.6]# ps lax | grep deny
1 0 3826 1 16 0 9600 2808 - S ? 0:00 python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg

The same goes to verify that process is not running.

[root@localhost DenyHosts-2.6]# daemon-control stop
sent DenyHosts SIGTERM

The author has made it simple to have DenyHosts started by the run control scripts.
Read his README.txt for more information.

Use # chkconfig --add denyhosts and it will start at boot.

Verify with # chkonfig denyhosts --list
If your are running a server or system that has the ssh port 22/tcp, 22/udp reachable, start DenyHosts and tail your /etc/hosts.deny file and enjoy the attacks gettings smacked. :-)

# tail -f /etc/hosts.deny

Good work DenyHosts author!

Playing mp3 files on a Linux system

2007-01-12T21:52:00.000+01:00

Due to patent issues, many of the Linux distributions does not support mp3 files out of the box.
This is old news, but if you want to support for playing mp3 files, you can simply download xmms-mp3 for the xmms player, or use the excellent mplayer (movie player) from http://www3.mplayerhq.hu. The mplayer is movie player but it can use several kinds of codecs, and is usable from the command line for playing mp3 fles etc.

Make sure you download the Windows Codec Binaries and add them to your /usr/lib/codecs or what ever directory that fits your Linux system. You will need to be root user if you choose the /usr directory.

mp3 support to xmms for Fedora or Red Hat.
# yum install xmms-mp3

Command line syntax for playing mp3 files with xmms or mplayer

$ xmms file.mp3
$ mplayer file.mp3

Three Linux Modules Commands

2007-01-12T21:38:00.000+01:00

Sometimes, you need to load some sort of support to your Linux kernel. Instead of having to compile every time you want to add or remove some hardware support to the kernel for example, you can use loadable modules instead. Here a three of the most common Linux modules commands. The are pretty straightforward to use. If you run into any problems, consult the man page for the command.

# man lsmod (etc..)

lsmod - program to show the status of modules in the Linux Kernel
rmmod - simple program to remove a module from the Linux Kernel
modprobe - program to add and remove modules from the Linux Kernel
See /etc/modprobe.conf

More advanced Unix Hacks

2007-01-11T21:43:00.000+01:00

I will be posting some more non basic Unix and Linux hacks here soon. This blog was created to give all new to Unix or Linux some help on the way, and give some answers and solutions to common beginner problems, like networking, editing files, starting and stopping services, basic firewall scripts, file permissions and other known pitfalls. This is not a new idea of a blog in anyway, and certainly not the best one out there, but I felt the urge to try and help rookies out. I know to many who got fed up after trying to use a Unix or Linux system for a short while, and never got the chance to experience the true beauty of total control over an operating system.
Often because they never knew how to troubleshoot their system. This is what I try to avoid by posting some hopefully easy to grab solutions here.

So, besides the more basic hacks, there will be posts that requires some more advanced knowledge about Unix or Linux. Hopefully, my posts will be understandable by less experienced users too.

Apple iPhone sees the world

2007-01-11T15:17:00.000+01:00

Apple is releasing it's new master piece, the Apple iPhone. iPhone is combining three products to become on revolutionary mobile phone. Desktop-class email, web browsing, maps and searching. A Widescreen iPod that uses touch controls on a large multi-touch display.

According to Apple's website, the iPhone will run the Safari web browser, including a built in Google and Yahoo search. It will also be fully multi-tasking, so you can download files like music from iTunes while writing a message or browsing the web. Besides this, the iPhone will support audiobooks, videos, TV shows, and movies — on a beautiful 3.5-inch widescreen display. It also lets you sync your content from the iTunes library on your PC or Mac.

Sense About Science

2007-01-11T11:08:00.000+01:00

This is just a great site about Science. If you don't know what to believe, go to Sense About Science and have the correct answers to your question. Sense About Science is promoting good Science and evidence for the public. Thanks for a new good web site to frequent! Get your knowledge confirmed or corrected now.

Sense About Science Web Site

Xbox 360 Hacked to run Linux?

2007-01-09T14:53:00.000+01:00

The PPC powered Xbox 360 has supposedly been cracked by Anonymous to run Linux as the Operating System of choice. I can not verify that this actually works, but judging by the video this could be possibly be true. Check it out for yourself. The demonstration was showed at the 23rd Chaos Communication Congress by anonymous.

http://www.youtube.com/watch?v=4AGAohJuovY

Some Xbox 360 hardware specifications.

Custom IBM PowerPC-based CPU
• Three symmetrical cores running at 3.2 GHz each
• Two hardware threads per core; six hardware threads total
• VMX-128 vector unit per core; three total
• 128 VMX-128 registers per hardware thread
• 1 MB L2 cache

CPU Game Math Performance
• 9 billion dot product operations per second

Custom ATI Graphics Processor
• 500MHz processor
• 10 MB of embedded DRAM
• 48-way parallel floating-point dynamically scheduled shader pipelines
• Unified shader architecture

Polygon Performance
• 500 million triangles per second

Pixel Fill Rate
• 16 gigasamples per second fill rate using 4x MSAA

Shader Performance
• 48 billion shader operations per second

Memory
• 512 MB of GDDR3 RAM
• 700 MHz of DDR
• Unified memory architecture

Memory Bandwidth • 22.4 GB/s memory interface bus bandwidth
• 256 GB/s memory bandwidth to EDRAM
• 21.6 GB/s front-side bus

Overall System Floating-Point Performance
• 1 teraflop

Storage
• Detachable and upgradeable 20GB hard drive
• 12x dual-layer DVD-ROM
• Memory Unit support starting at 64 MB

Xbox 360 Console Includes 20GB Hard Drive

XGL Demo and howto's

2007-01-08T15:58:00.000+01:00

Nice demonstration of Kubuntu running XGL.
Xgl is an X server architecture designed to take advantage of modern graphics cards via their OpenGL drivers, layered on top of OpenGL via glitz. It supports hardware acceleration of all X, OpenGL and XVideo applications and graphical effects by a compositing window manager such as Compiz or Beryl. There is lots of good howto's for setting up XGL on your Linux box, so I will not try to write my own. Here is a bunch of links to some of the most popular distributions.

Fedora http://fedoraxgl.tuxfamily.org/index.php?title=Installation_en
Novell (SuSE) http://www.novell.com/coolsolutions/feature/17174.html
Ubuntu https://help.ubuntu.com/community/CompositeManager/Xgl
Gentoo http://gentoo-wiki.com/HOWTO_XGL
Debian Etch http://sonique54.free.fr/xgl/xgl.htm

Check out on of many XGL demo's from Youtube.

Supported hardware

* Intel
All intel graphics chips need the newest packages of Xgl and compiz for running flawlessly.
o i915, i945
Accelerated XVideo is broken on these cards. See Troubleshooting.
o compiz --replace will most likely crash the Xserver due to a long standing DRI bug.
* NVidia
All NVIDIA cards need the proprietary driver for running Xgl. Currently you will need to uninstall and reinstall the xgl rpm after installing the proprietary NVidia driver.
o GeForce 4xxx series
XVideo is not accelerated on these cards.
o GeForce FX 5xxx series, Quadro FX series
Accelerated XVideo is hitting a slow path on these cards, it is under investigation.
o GeForce 6xxx series
o GeForce 7xxx series (GeForce 7600 = not all effects are available but mostly working)
* ATI
o Mobility Radeon 9700 SE: Xgl running with proprietary fglrx driver 8.23
o Radeon X300: Xgl running with proprietary fglrx driver 8.23
o Firegl 5200 and 5250 (T60p): Xgl running with proprietary fglrx driver 8.32 and Xorg 7.2