Annual Refresh

It seems that every year for the last six years, I refresh the web­site look with a dif­fer­ent theme, and make a renewed attempt to add con­tent. This year is no different.

This year I’m also tak­ing advan­tage of the free Cloud­Flare ser­vice to pro­vide secu­rity pro­tec­tion for the blog, any view­ers, and faster deliv­ery of the site via their CDN net­work. If you’re sus­pected of being infected with mal­ware, cloud­flare will notify you and per­haps require a captcha to access the site. Addi­tion­ally, they pro­vide Web Appli­ca­tion Fire­wall capa­bil­ity that pro­tects from com­mon attacks such as SQLi and XSS.

Some other recent tech­nolo­gies I’m tak­ing a look at include Ama­zon Web Ser­vices EC2 Win­dows 2012 Micro Instance and the cloud offer­ing from Splunk — Splunk Storm

So far the AWS instance seems to be a nice way to try out the lat­est server plat­form with­out hav­ing to obtain a copy of the OS Instal­la­tion mate­r­ial. Pre­vi­ously, this was eas­ily done through a cor­po­rate MSDN account to quickly try it out in a dev envi­ron­ment. My cur­rent posi­tion doesn’t afford me that lux­ury, so it’s nice to see that I can still try it through AWS EC2.

Until next time.

Xorg.conf for nVidia Geforce 9400 — Dual Screen

# Below is a work­ing xorg.conf file from my sys­tem as of the date noted two lines below.
# Posted for per­sonal ref­er­ence.
# nvidia-settings: X con­fig­u­ra­tion file gen­er­ated by nvidia-settings
# nvidia-settings:  ver­sion 1.0  ([email protected])  Tue Nov  4 14:08:09 PST 2008

Sec­tion “Server­Lay­out“

Iden­ti­fier     “DUAL“
Screen      0  “Screen0” 1280 0
Screen      1  “Screen1” LeftOf “Screen0“
Input­De­vice    “Keyboard0” “CoreKey­board“
Input­De­vice    “Mouse0” “Core­Pointer“
End­Sec­tion

Sec­tion “Files“
End­Sec­tion

Sec­tion “Mod­ule“
Load           “dbe“
Load           “extmod“
Load           “type1“
Load           “freetype“
Load           “glx“
End­Sec­tion

Sec­tion “Server­Flags“
Option         “Xin­erama” “1”
End­Sec­tion

Sec­tion “Input­De­vice“

# gen­er­ated from default
Iden­ti­fier     “Mouse0“
Dri­ver         “mouse“
Option         “Pro­to­col” “auto“
Option         “Device” “/dev/psaux“
Option         “Emulate3Buttons” “no“
Option         “ZAx­isMap­ping” “4 5″
End­Sec­tion

Sec­tion “Input­De­vice“

# gen­er­ated from default
Iden­ti­fier     “Keyboard0“
Dri­ver         “kbd“
End­Sec­tion

Sec­tion “Mon­i­tor“
Iden­ti­fier     “Monitor0“
Ven­dor­Name     “Unknown“
Mod­el­Name      “DELL 1703FP“
Horiz­Sync       30.0 — 80.0
VertRe­fresh     56.0 — 76.0
Option         “DPMS“
End­Sec­tion

Sec­tion “Mon­i­tor“
Iden­ti­fier     “Monitor1“
Ven­dor­Name     “Unknown“
Mod­el­Name      “hp L1730“
Horiz­Sync       30.0 — 83.0
VertRe­fresh     56.0 — 76.0
Option         “DPMS“
End­Sec­tion

Sec­tion “Device“
Iden­ti­fier     “Device0“
Dri­ver         “nvidia“
Ven­dor­Name     “NVIDIA Cor­po­ra­tion“
Board­Name      “GeForce 9400 GT“
BusID          “PCI:2:0:0″
Screen          0
End­Sec­tion

Sec­tion “Device“
Iden­ti­fier     “Device1“
Dri­ver         “nvidia“
Ven­dor­Name     “NVIDIA Cor­po­ra­tion“
Board­Name      “GeForce 9400 GT“
BusID          “PCI:2:0:0″
Screen          1
End­Sec­tion

Sec­tion “Screen“
Iden­ti­fier     “Screen0“
Device         “Device0“
Mon­i­tor        “Monitor0“
Default­Depth    24
Option         “Twin­View” “0”
Option         “meta­modes” “DFP-0: nvidia-auto-select +0+0″
Sub­Sec­tion     “Dis­play“
Depth       24
End­Sub­Sec­tion
End­Sec­tion

Sec­tion “Screen“
Iden­ti­fier     “Screen1“
Device         “Device1“
Mon­i­tor        “Monitor1“
Default­Depth    24
Option         “Twin­View” “0”
Option         “meta­modes” “DFP-1: nvidia-auto-select +0+0″
Sub­Sec­tion     “Dis­play“
Depth       24
End­Sub­Sec­tion
EndSection

Bomb #1

My cur­rent class assign­ment con­sists of reverse engi­neer­ing a piece of code writ­ten by the pro­fes­sor. Basi­cally the pro­gram reads in one line from STDIN at a time and checks to see if it’s the right phrase. If it is, that bomb is defused and it con­tin­ues to the next one. If the phrase is incor­rect that the bomb blows up and I’ll have to try again.

Below is my method­ol­ogy for Phase 1.

** Note that as a stu­dent we were given access to the source code of the “shell” pro­gram that calls the other func­tions that actu­ally do the com­pare. So I know that the func­tions are called phase_1() through phase_6(). The func­tion names could also be guessed by using obj­dump –t bomb.exe and look­ing at the func­tion names.

** Also, solutions.txt con­tains a sin­gle line with con­tent: test­ing

$ gdb bomb
(gdb) b phase_1
(gdb) dis­play /i $pc
(gdb) r solutions.txt

That runs the pro­gram until the break­point is hit. Once it’s hit I run disas to dis­play the assem­bly of the cur­rent func­tion. I notice that there is a call to strings_not_equal and fig­ure that the two val­ues pushed onto %esp are likely the argu­ments, and based on the func­tions name, are likely strings. I then use dis­play /a $eax to take a look at the address con­tained in %eax. Finally, I use x /s 0x405040 and x /s 0x404140 to look at the strings located at those addresses. One is the string I passed in, and the other is the win­ing string. I change my solutions.txt file to have the new string in it and test it to val­i­date. It works! Bomb 1 defused!

Bomb - Phase 1

Customizing bash and vim

Post­ing here for my ref­er­ence the next time I need to con­fig­ure my prompt and vim. I cur­rently do all of my school­work on a CLI only linux box and even though I don’t need a GUI, I do enjoy some color dur­ing my ses­sions. The prompt and vim con­fig pro­vide just that. If you’d like to make your own prompt sim­ply replace the quoted char­ac­ters of PS1 with what you would like using this and this as ref­er­ences.

[email protected]: [~]: uname –a
Linux suse 2.6.18.8–0.5-default #1 SMP Fri Jun 22 12:17:53 UTC 2007 i686 athlon i386 GNU/Linux
[email protected]: [~]: tail –n 2 .bashrc
alias ls=‘ls –color’
export PS1=”\[\033[1;33m\]\u\[\033[0m\]@\h: \[\033[36m\][\w]:\[\033[0m\] “
[email protected]: [~]:

This is a fan­tas­tic .vimrc posted by some­one that knows more about vim con­fig­u­ra­tion than I care to. The main thing I enjoy is the fixed back­space key (it actu­ally works), the col­or­ing, and the 4 spaces inserted for a TAB. I also very much appre­ci­ate that the file is thor­oughly com­mented so that any­one who wants to understand/modify it can. I for instance changed his set­ting of 2 spaces per TAB to 4 spaces per TAB. Thanks for the great infor­ma­tion Stripey!

! with Bitwise Operators Only

The screen­shot below is from a home­work assign­ment at school.  It’s basi­cally get­ting us to think out side the box a bit with regards to bit­wise oper­a­tors in C/C++.

Bang!

CISSP: Study Notes — Security Management and Access Control

Secu­rity Management

  • Define com­pul­sory: manda­tory, enforced Ex. Fol­low­ing the secu­rity pol­icy is compulsory.

Access Con­trol

  • Eval­u­at­ing Bio­met­ric Devices
    The key con­cepts for this is mem­o­riza­tion of Type I error, Type II error, and CER. A Type I error is that of false rejec­tion. For exam­ple, Joe should be allowed in the data cen­ter. If Joe scans his retina and is denied access to the data cen­ter is it a false rejec­tion or Type I error. A Type II error is just the oppo­site. If Jill does not have access to the data cen­ter, scans her retina, and access is granted, that is a false accep­tance or Type II error.
  • DAC, MAC, and Secu­rity Labels
    The type of access con­trol sys­tem typ­i­cal com­puter users are accus­tomed to is called a Dis­cre­tionary Access Con­trol sys­tem. This means that a user’s right to read/write/execute an object is based soley on their need-to-know. Data own­ers are able to decide who can access the data via an Access Con­trol List (ACL). Because the mil­i­tary and other gov­ern­ment agen­cies want to con­trol access based both on clas­si­fi­ca­tion and need-to-know, they use the Manda­tory Access Con­trol sys­tem. A Secu­rity Label is an attribute of an object defin­ing it’s clas­si­fi­ca­tion level and need-to-know cat­e­gories. A per­son must have both a clear­ance equal to or greater than the object and have been granted a need-to-know for one or more of the cat­e­gories con­tained in the secu­rity label in order to access the object.
  • Capa­bil­ity Table
    This was a new term for me. Essen­tially a capa­bil­ity table is a list of per­mis­sions that is bound to a sub­ject whereas an ACL is a list of per­mis­sions bound to an object. I’m sure the term is wrong, but I like to think of it as an inverse of an ACL.
  • Traf­fic Analy­sis Attack
    Now to me, this attack is quite a stretch. basi­cally, it says that by watch­ing traf­fic pat­terns peo­ple can dis­cover infor­ma­tion. Now in that sim­ply form, yes, traf­fic mon­i­tor­ing can lead to all types of great infor­ma­tion. My prob­lem is with the book’s exam­ple: “For exam­ple, heavy traf­fic between HR and head­quar­ters could indi­cate an upcom­ing lay­off.” Maybe it’s just me, but that seems like a leap. I’m much more inclined to believe an upcom­ing lay­off could be revealed by look­ing at the email fly­ing by, not so much by the amount of traffic.

Configuring Port Forwarding

I recently acquired a Juniper NetScreen SSG5 and have been play­ing around with it. One task that took some time due to the fact that the mul­ti­ple online resources I found had out dated syn­tax was that of port forwarding.

The Goal

Take port 443 on my pub­lic IP via cable modem and for­ward traf­fic to a SUSE 10.2 vir­tual machine con­nected in bridged mode on my inter­nal net­work on port 22. (i.e. SSH on 443 –> Pub­lic IP –> SSH on 22 –> Pri­vate IP)

The Solu­tion

set inter­face ethernet0/0 vip untrust 21 “SSH” 172.22.102.53 man­ual
set pol­icy id 10 from untrust to trust any vip(ethernet0/0) “HTTPS” per­mit log count

Thoughts

Syn­tax is everything!