I enjoyed Kingpin. It gives real insight to credit card fraud and government “cyber” investigations. This case (the conviction of Max Vision) really symbolizes the movement of hacking prosecutions into a new realm. This new realm is really just plain old crime by other means.
Mark Russinovich is a windows Ninja and he has been for a long time. He is bona fide. This does not mean that he is necessarily able to write a good novel, develop characters, or articulate convincing scenarios about cyber-terrorism. Fortunately, he is able to do all three. Zero Day was fun to read, intense thriller. The technical side of the plot was great. No surprise here, but the larger plot was believable and more than a little scary. This was a good read for both quiet technical and not so technical readers.
When I saw that The Cuckoo’s Egg was on Richard Bejtich’s top ten Infosec books for 2010, I decided to give it a re-read. I had fond memories of the book and I was not disappointed. There are still some good security lessons to be learned from the book. It is a well presented story and a fun read.
http://taosecurity.blogspot.com/2010/12/best-book-bejtlich-read-in-2010.html
All devices need to be sanitized of information before disposed of. I recently acquired a 2950 switch for small project off of ebay.. As expected, the configs were still intact with a treasure trove of information. Yes a treasure trove. The switch was previously at a major corporation, there were two snmp RW strings and the enable password which was cracked in less than 30 seconds.
The latest entry to the Software Vault is a nice little windows program to compute and compare MD5 hashes. I have found myself in the past not checking the md5 hash on a file when I was on a windows box and I would have checked the hash if I was on a Linux box. This is just a nice little program to have.
IPv6 is not enabled by default in Windows XP. To enable see below. no reboot required.
From the command prompt:
ipv6 install
netsh int ipv6 uninstall
IPv6 is installed by default on most new operating systems. See Below. This creates a significant security issue which I will post about at a later date.
Vista, Windows 7, Server 2008, MAC OS SUN, and Red Hat Enterprise Linux 4 and 5
The default interface command erases all commands on the particular interface places the interface in a default state which includes no shutting the interface. Below is the configuration of an interface before and after running the default interface command.
Sales2#show run interface fastEthernet 1/0
Building configuration…
Current configuration : 128 bytes
!
interface FastEthernet1/0
description Dev Lab
ip address 192.168.3.34 255.255.255.0
shutdown
duplex auto
speed auto
end
Sales2(config)#default interface fastEthernet 1/0
Building configuration…
Interface FastEthernet1/0 set to default configuration
Sales2(config)#do show run interface f 1/0
Building configuration…
Current configuration : 83 bytes
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
end
Google has been rolling out this feature over the past few weeks and i got it a couple of days ago. This is another prime example of Google’s low key approach to enhancing their free or low cost cloud based services. I can now do all the things that I was doing with Dropbox in Google Docs. I uploaded a zip file, a picture in jpg format and a windows executable. All uploaded correctly.
I have been exploring different methods of storing non work related docs, files and information in the cloud for easy access. I want to access from multiple locations and from a variety of devices. The best solution so far is google aps, toodledo and drop box. The new iphone app for Drop Box is great. For task management, I am trying Toodledo which is not fully baked but has a very usable iphone app. I have been more successful with it than google tasks or Outlook tasks.
The Great Bay Beacon Endpoint Profiler 2.1.8 has a number of options for backups. Backups are automatically run daily and manual backups can be run from the command line from the web based GUI. The files can be manually downloaded, but the backup files are not be automatically moved to a remote location. Below is a simple shell script that automatically backups the Profilier database and the cron job that schedules the shell script to run daily. The cron job entry is in bold.
$ cat bugs3.sh
time=`date +%Y%m%d_%H%M_%S`
pg_dump | gzip > /home/beacon/backups/beaconbackup-$time.gz
ftp -n -i -v <<EOD
open XXX.XXX.XXX.XXX
user username password
put /home/beacon/backups/beaconbackup-$time.gz /usr/local/backup/Beacon/beaconbackup-$time.gz
EOD
$ cat bugs3.sh
time=`date +%Y%m%d_%H%M_%S`
pg_dump | gzip > /home/beacon/backups/beaconbackup-$time.gz
ftp -n -i -v <<EOD
open 128.249.XXX.XXX
user appliance password
put /home/beacon/backups/beaconbackup-$time.gz /usr/local/backup/Beacon/beaconbackup-$time.gz
EOD
[beacon@Beacon ~]$ crontab -e
*iMAILTO=”"
# Check once a minute for stopped/dead components
*/1 * * * * cd /usr/beacon; /usr/beacon/beacon resurrect
# Perform working file clean up every hour
0 */1 * * * find /usr/beacon/pending -maxdepth 1 -type f -mmin +120 -delete;
0 */1 * * * find /usr/beacon/pending -name *.xml -mmin +120 -delete;
0 */1 * * * find /usr/beacon/working -name *.xml -mmin +120 -delete;
0 */1 * * * find /usr/beacon/working/cca -name *.dump -mmin +120 -delete;
# Perform ongoing maintain every two hours
0 */6 * * * /usr/beacon/sql/vacuum-switch.sh va-all
15,45 * * * * /usr/beacon/sql/vacuum-switch.sh 15min
1,30 * * * * /usr/beacon/sql/vacuum-switch.sh 30min
30 */2 * * * /usr/beacon/sql/vacuum-switch.sh history
# Perform daily DB backups
0 3 * * * /usr/beacon/sql/db_backup.sh
0 4 * * * /home/beacon/bugs3.sh
# For HA maintenance. No-op if not in HA mode
*/1 * * * * /usr/beacon/sql/chk_status_master.sh
# For HA maintenance. No-op if not in HA mode
*/3 * * * * /usr/beacon/sql/check_slon.sh
1,31 * * * * /usr/beacon/sql/check_confirm.sh
