Tuesday, August 26, 2008
ipfw and OSSIM
Saw in the CVS update mailing list that my ipfw plugin for OSSIM is now generally available.
Tuesday, August 19, 2008
OpenVAS released
I just read that OpenVAS (http://www.openvas.org), a well-organised fork of Nessus has been released to the world. What really warms my heart is that I see familiar names from the Kolab (http://www.kolab.org) are behind the fork.
This is combination with Alienvault's (http://www.alienvault.com) sponsored development of free (announcement) OpenVAS/Nessus plugins makes the whole arena quite exciting to watch again.
Friday, July 11, 2008
Is FOSS secure by default?
Unfortunately a lot of people equate a lack of software vulnerabilities with security. Here in South Africa we are trying to help institutions to make good choices around FOSS (Fee and Open Source Software) and security looking at policies, procedures, standards and guidelines and how they apply to FOSS.
If you think tha FOSS is secure by default please read the following article which highlights one reason why we cannot just trust without knowing and understanding:
Thursday, May 01, 2008
Mac OSX Hints double whammy
Good day for me today :-)
Mac OSX Hints have published two of my Mac hints! Quite pleased with that!
http://www.macosxhints.com/article.php?story=20080427091554310
and
http://www.macosxhints.com/article.php?story=20080427091327509
Mac OSX Hints have published two of my Mac hints! Quite pleased with that!
http://www.macosxhints.com/article.php?story=20080427091554310
and
http://www.macosxhints.com/article.php?story=20080427091327509
Wednesday, April 23, 2008
Getting Alex to read you to sleep (Make your own Audiobooks on a Mac)
I have recently undertaken some training in which I have to cover a massive amount of material. Being the natural procrastinator that I am I immediately went on the prowl for better books, better methods and all other sorts of periphery that doesn't actually count as studying.
One of these projects was to convert the text versions of my study guides to audio so that I could listen to the text in the car while I drive (an ideal time to study). The process was actually surprisingly simple.
Here is a procedure to convert PDFs to Audio books.
1) Open the document in Preview.
2) Command + A (Select All), Command + C (Copy).
3) Open a new document in TextEdit.
4) Paste the contents into the new document (Command + V)
5) Convert the document to Text (Format -> Make plain text)
6) Save the file to a .txt document. For this example we use rawfile.txt
At this stage you might want to do some cleanup. I use a little Perl Script listed below. You might want to do some Regular Expression hacking do clean up the document from things like Footers, Headers or Page Numbers.
convert.pl
7) Save convert.pl to the file system. And make it executable:
8) Clean up the text document:
9) Open the file cleanfile.txt in TextEdit (you might have to choose the UTF-8 type)
10) Fire up Automator and create a Custom script with two actions.
Select an appropriate target directory and filename. I highly recommend choosing the voice Alex
11) Make sure your cleanfile.txt document in TextEdit is selected.
12) Go back into Automator and hit Play.
13) Sit back and relax while Leopard converts your text to an Audio file.
From there you can import the audio file into iTunes, convert it to Mp3 if you want and sync it to your iPod to take the book on the road.
Guess I should start studying now...
One of these projects was to convert the text versions of my study guides to audio so that I could listen to the text in the car while I drive (an ideal time to study). The process was actually surprisingly simple.
Here is a procedure to convert PDFs to Audio books.
1) Open the document in Preview.
2) Command + A (Select All), Command + C (Copy).
3) Open a new document in TextEdit.
4) Paste the contents into the new document (Command + V)
5) Convert the document to Text (Format -> Make plain text)
6) Save the file to a .txt document. For this example we use rawfile.txt
At this stage you might want to do some cleanup. I use a little Perl Script listed below. You might want to do some Regular Expression hacking do clean up the document from things like Footers, Headers or Page Numbers.
convert.pl
#!/opt/local/bin/perl
while (<>) {
s/^\d+\/.*$//; #Remove page numbers
s/^\d*.$//;
s/Chapter \d+: [\s\w]+//;
#Remove image and figure references
s/^Figure \d+.*/;
#Remove - continuations from end on lines.
if (s/-.$//) {
chomp;
}
print;
}
7) Save convert.pl to the file system. And make it executable:
$chmod u+x convert.pl
8) Clean up the text document:
$cat rawfile.txt | ./convert.pl > cleanfile.txt
9) Open the file cleanfile.txt in TextEdit (you might have to choose the UTF-8 type)
10) Fire up Automator and create a Custom script with two actions.
- Text -> Get Contents of TextEdit Document
- Music -> Text to AudioFile
Select an appropriate target directory and filename. I highly recommend choosing the voice Alex
11) Make sure your cleanfile.txt document in TextEdit is selected.
12) Go back into Automator and hit Play.
13) Sit back and relax while Leopard converts your text to an Audio file.
From there you can import the audio file into iTunes, convert it to Mp3 if you want and sync it to your iPod to take the book on the road.
Guess I should start studying now...
I'll do some home work while I listen to my fresh Audiobook :-)
Twittered
For all my thousands (not!) of followers, I am also available on Twitter now. Just have a look at the side-pane for more information.
Wednesday, April 09, 2008
Getting Things Done with Leopard
Stumbled across this post about how to setup a GTD system with Applications that ship with Leopard. Go check it out: http://dennisbest.org/simple_leopard_gtd
I personally use OmniFocus and have found it to be a great productivity booster.
Time to test Firefox 3 on the Mac
If you have not yet grabbed Firefox 3 Beta 5 from Mozilla (http://www.mozilla.com/en-US/firefox/all-beta.html) you should try it now. Up until Beta 4 plug-ins were pretty broken. I am happy to see that my Nopassword, Del.ico.us, Passwordmaker and other plugins work properly now.
Wednesday, February 27, 2008
Protecting a Macbook (Pro) against harddrive encryption loophole
In the last couple of days a lot of attention has been given to the paper "Lest We Remember: Cold Boot Attacks on Encryption Keys". The attack outlines how laptop disk encryption is vulnerable due to the properties of RAM and its retention of the encryption keys. Its a pretty sophisticated attack and one can assume that the kind of subject that will perpetrate this attack is pretty serious about getting to your data. (Think organised crime or overzealous immigration police).
The consensus seems to be that the best way to defeat this attack would be to "hibernate" your machine or shut it down completely when travelling about. Macs unfortunately have this concept of "Safe Sleep". Through this default process a hibernation file gets created but the machine is put into low/power or "sleep" mode first (fully vulnerable to this attack).
All is not lost however - as shown in this blog post on Macworld you can set the mac to hibernate by default.
This is of course a bit of a pain and your Macbook will not resume normal operation as fast as normal.
I have set my Macbook Pro to only hibernate using the following command from a Terminal window:
$sudo pmset -a hibernatemode 5
Please note that this applies to my machine as I use the "Secure Virtual Memory" setting in the Security Preference pane. Other readers might need to use the value 1. Please refer to the blog posting mentioned a little earlier.
One other method would of course be to keep the status quo hibernation settings.
1) Safe Sleep your Macbook as normal.
2) Wait for the machine to indicate that it has successfully entered Safe Sleep (the little white light on the lid button will slowly pulsate on and off)
3) Then remove the battery.
By removing the battery you will kill the "sleep" mode and the Mac will resume from its hibernate file. That should get rid of any encryption keys in memory with the added advantage that while you are in a "safe area" or not travelling you have super fast resumes from sleep.
The consensus seems to be that the best way to defeat this attack would be to "hibernate" your machine or shut it down completely when travelling about. Macs unfortunately have this concept of "Safe Sleep". Through this default process a hibernation file gets created but the machine is put into low/power or "sleep" mode first (fully vulnerable to this attack).
All is not lost however - as shown in this blog post on Macworld you can set the mac to hibernate by default.
This is of course a bit of a pain and your Macbook will not resume normal operation as fast as normal.
I have set my Macbook Pro to only hibernate using the following command from a Terminal window:
$sudo pmset -a hibernatemode 5
Please note that this applies to my machine as I use the "Secure Virtual Memory" setting in the Security Preference pane. Other readers might need to use the value 1. Please refer to the blog posting mentioned a little earlier.
One other method would of course be to keep the status quo hibernation settings.
1) Safe Sleep your Macbook as normal.
2) Wait for the machine to indicate that it has successfully entered Safe Sleep (the little white light on the lid button will slowly pulsate on and off)
3) Then remove the battery.
By removing the battery you will kill the "sleep" mode and the Mac will resume from its hibernate file. That should get rid of any encryption keys in memory with the added advantage that while you are in a "safe area" or not travelling you have super fast resumes from sleep.
Thursday, February 14, 2008
FOSS and Security experience in South Africa? Who are you?
Dear Lazyweb,
The company that I work for, Exponant, is currently looking for skills in Information Security and FOSS (Free and Open Source Software).
If you are an experienced professional in the above areas I would love to hear from you.
On the security side we are looking for senior engineers and architects.
On the FOSS side we are looking for individuals with experience with FOSS in the enterprise.
We are based in Centurion, South Africa and most our demand is from clients in Pretoria.
The company that I work for, Exponant, is currently looking for skills in Information Security and FOSS (Free and Open Source Software).
If you are an experienced professional in the above areas I would love to hear from you.
On the security side we are looking for senior engineers and architects.
On the FOSS side we are looking for individuals with experience with FOSS in the enterprise.
We are based in Centurion, South Africa and most our demand is from clients in Pretoria.
Friday, February 01, 2008
Microsoft and Yahoo!
Wow! By far the biggest news of the year is that Microsoft has put in a bid to buy Yahoo!
Amazing news on so many levels, Yahoo! has been languishing for years and neither Microsoft or Yahoo! have been able to really respond to Google's dominance in the search market. This hot on the heals of Google's missed earnings...
Amazing news on so many levels, Yahoo! has been languishing for years and neither Microsoft or Yahoo! have been able to really respond to Google's dominance in the search market. This hot on the heals of Google's missed earnings...
Monday, January 28, 2008
Open Season for Open Source
Nokia has acquired Trolltech. This hot on the heals of Sun's acquisition of MySQL. It truly is an exciting time and really gratifying for those of us that have been saying for years that Open Source Software is viable and that it makes sense to businesses.
I've always had a soft spot for KDE and Trolltech and it really seems like a great opportunity for them to truly become serious players. Webkit has already demonstrated over and over that KDE is build on top of solid technology. An interesting intersection of KDE -> Trolltech -> Nokia and Apple...
I've always had a soft spot for KDE and Trolltech and it really seems like a great opportunity for them to truly become serious players. Webkit has already demonstrated over and over that KDE is build on top of solid technology. An interesting intersection of KDE -> Trolltech -> Nokia and Apple...
Wednesday, January 16, 2008
Want to share your Wi-Fi like Bruce Scheier? Here's how (and no, its not by leaving it open).
I have been giving Bruce Schneier's article about leaving his wireless network open a lot of thought lately. Although I agree that its great to help out your neighbours there are just too many risks to leaving your Wi-Fi open. Paul from Pauldotcom raises very good points to which I wholeheartedly agree. Why risk leaving it open? It is analogous to leaving your sugar on the curb in-case a neighbour might run out. Obviously you could end up without any sugar at all and perhaps even in the worst case end up with something other than sugar in your food. The world can be a strange place.
In South Africa we routinely have people asking for help at our homes, they come in all shapes and sizes and I normally eyeball them and unless they really seem like bad apples I normally help out with a little food or money. I use my gut to judge the character of the individual.
Now, if I wanted to I could just always leave some money and food on the curb or in a publicly accessible place, but I'm afraid that that system might get very easily abused and leave the souls who really need my help with no help at all.
Ok, so what about Wi-Fi? I think that open wireless network are just silly, due to abuse, threat and possible liability. However, I do agree with Bruce that its nice and neighbourly to share. "Sharing is caring".
My proposal?
Set your SSID of your Wireless router to something that indicates your willingness to share, for example: "22 1st street for access" or "Text 5551000 for access" or even "Contact B. Schneier for access". Be creative as there is a limitation to how many characters your SSID can be.
In the case of a neighbourhood one can assume that your friends will be able to track you down and phone you for a password, you might prefer "authenticating" or making a "gut call" on all people you let in, but you can still broadcast your willingness to do so - while keeping your Wireless router encrypted with WPA encryption and a good password that you can change after a reasonable amount of time or when you feel that your goodwill is being abused.
This seems to me to be a "best of both worlds" solution. What do you think?
In South Africa we routinely have people asking for help at our homes, they come in all shapes and sizes and I normally eyeball them and unless they really seem like bad apples I normally help out with a little food or money. I use my gut to judge the character of the individual.
Now, if I wanted to I could just always leave some money and food on the curb or in a publicly accessible place, but I'm afraid that that system might get very easily abused and leave the souls who really need my help with no help at all.
Ok, so what about Wi-Fi? I think that open wireless network are just silly, due to abuse, threat and possible liability. However, I do agree with Bruce that its nice and neighbourly to share. "Sharing is caring".
My proposal?
Set your SSID of your Wireless router to something that indicates your willingness to share, for example: "22 1st street for access" or "Text 5551000 for access" or even "Contact B. Schneier for access". Be creative as there is a limitation to how many characters your SSID can be.
In the case of a neighbourhood one can assume that your friends will be able to track you down and phone you for a password, you might prefer "authenticating" or making a "gut call" on all people you let in, but you can still broadcast your willingness to do so - while keeping your Wireless router encrypted with WPA encryption and a good password that you can change after a reasonable amount of time or when you feel that your goodwill is being abused.
This seems to me to be a "best of both worlds" solution. What do you think?
Friday, January 11, 2008
Steal This Wi-Fi
A very interesting, thought provoking, article by Bruce Schneier.
Security is all about tradeoffs, you can choose never to participate in dangerous activities like flying or driving a motorcar but most of us choose to assume the risk.
Security is all about tradeoffs, you can choose never to participate in dangerous activities like flying or driving a motorcar but most of us choose to assume the risk.
Thursday, January 10, 2008
Mac OSS roundup
Thanks for KMF for some of these.
Looking for OSS software for Mac OS X?
Here is a list of very useful Open Source Software/Free Software directories for the Mac. I have used a couple of these with great success. There inevitably is some duplication, so be warned.
Here they are:
Looking for OSS software for Mac OS X?
Here is a list of very useful Open Source Software/Free Software directories for the Mac. I have used a couple of these with great success. There inevitably is some duplication, so be warned.
Here they are:
- Open Source Mac (http://www.opensourcemac.org/)
- FreeSMUG (http://www.freesmug.org/)
- iUseThis (http://osx.iusethis.com/search?q=open+source)
- CocoaDev (http://www.cocoadev.com/index.pl?CocoaOpen)
- AjaxFlakes Top 100 Best (http://www.ajaxflakes.com/open-source/top-100-best-open-source-mac-software)
- The mother ship (http://www.apple.com/opensource/)
- MacPorts (http://www.macports.org/)
- Fink (http://www.finkproject.org/)
Apple Address Book and Microsoft Exchange (LDAP)
I had a short discussion this afternoon with a fellow Mac fanatic (KMF) discussing the problem we both share and that is: Accessing Microsoft Exchange from Mac OS X.
There are three elements that you would mostly be interested in: email, calendar and contacts. This quick howto deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).
Step 1: Determine the default naming context (base dn) for the search
- Fire up Terminal and issue an ldapsearch to determine the default naming context:
$ldapsearch -h your.exchange.server -x -b '' -s base '(objectclass=*)' 'namingContexts'
- Search for the lines beginning with "namingContexts":
namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com
The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (btw - this will work on other LDAP servers too), ie. DC=mycompany,DC=com.
Step 2: Configure Address Book to query the server
- Fire up Address Book and go to the Preferences (Command + ,). Select the LDAP tab.
- Hit the "+" to add a new server.
- In the "Server" field complete the hostname of your Exchange server or Active Directory domain controller in the case of larger companies.
- In the "Search Base" use the information that you retrieved from "ldapsearch" earlier. It will be in the format DC=company,DC=com.
- Choose "Simple" authentication.
- "User Name" should be your normal Windows logon.
- "Password" again, your Windows password.
Step 3: Searching your Global Address list.
- Address Book will automatically query the server whenever you search for a name.
This will also happen whenever you type new addresses into Mail.app when composing emails.
Hope this helps!
There are three elements that you would mostly be interested in: email, calendar and contacts. This quick howto deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).
Step 1: Determine the default naming context (base dn) for the search
- Fire up Terminal and issue an ldapsearch to determine the default naming context:
$ldapsearch -h your.exchange.server -x -b '' -s base '(objectclass=*)' 'namingContexts'
- Search for the lines beginning with "namingContexts":
namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com
The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (btw - this will work on other LDAP servers too), ie. DC=mycompany,DC=com.
Step 2: Configure Address Book to query the server
- Fire up Address Book and go to the Preferences (Command + ,). Select the LDAP tab.
- Hit the "+" to add a new server.
- In the "Server" field complete the hostname of your Exchange server or Active Directory domain controller in the case of larger companies.- In the "Search Base" use the information that you retrieved from "ldapsearch" earlier. It will be in the format DC=company,DC=com.
- Choose "Simple" authentication.
- "User Name" should be your normal Windows logon.
- "Password" again, your Windows password.
Step 3: Searching your Global Address list.
- Address Book will automatically query the server whenever you search for a name.
This will also happen whenever you type new addresses into Mail.app when composing emails.
Hope this helps!
Thursday, January 03, 2008
w00t
I am very pleased to report that some feedback I sent was featured on the Security Now! podcast.
There are some podcasts that I make a genuine effort to keep up with and a lot of those come from Leo Laporte's brilliant TWiT network.
Just search the shownotes of show 124 for "Stephan Buys" to read my suggestion regarding private browsing by manually managing cookies in Firefox, alternatively listen to the audio also provided through the link or subscribe to the show using iTunes.
There are some podcasts that I make a genuine effort to keep up with and a lot of those come from Leo Laporte's brilliant TWiT network.
Just search the shownotes of show 124 for "Stephan Buys" to read my suggestion regarding private browsing by manually managing cookies in Firefox, alternatively listen to the audio also provided through the link or subscribe to the show using iTunes.
Thursday, December 20, 2007
Mac OS X Open Source and Security
Previously I blogged about my regularly used Open Source applications on the Mac. Today I am dealing with some applications that deal with security on the Mac. In my career I wear two hats, one of Open Source advocate/developer/consultant and then also a security consultant hat.
I also have a keen interest in keeping my Mac secure when using it from day to day - thus the tools I am about to discuss deal with "personal" security (local firewall for example) as well as "network" security.
Lets get started.
I also have a keen interest in keeping my Mac secure when using it from day to day - thus the tools I am about to discuss deal with "personal" security (local firewall for example) as well as "network" security.
Lets get started.
- MacGPG (http://macgpg.sourceforge.net/)
- The Free Software implementation of PGP. I specifically use the GPGMail plug-in for Apple Mail.app to allow me to send and receive encrypted email as well as sign emails and verify email signatures.
- sshfs (http://code.google.com/p/macfuse/)
- A FUSE pluggable filesystem for the Mac that allows it to mount drives on other Unix or Linux hosts using ssh. This might not be a specific security related app but it does allow for extra security when sharing across a network - the links are encrypted and safe from snooping.
- Waterroof (http://www.hanynet.com/waterroof/)
- A personal firewall manager that exposes the underlying, powerful, ipfw firewall of Mac OS X. There were a couple of scares with the Leopard firewall's default behavior when it first ship and it led me to look for more information on the topic. Waterroof allows a user to truly fine-tune the firewall. A handy wizard also allows novice users to set up a very secure default policy.
- MacPorts Apps (http://www.macports.org/)
- Some applications are best served using macports. To install the following app download and install macports and then issue: "sudo port install appname"
- nmap (http://insecure.org/nmap/)
- nmap is the de-facto standard when it comes to port scanning. You can use nmap to learn a lot about hosts, networks and services.
- wireshark (http://www.wireshark.org/)
- wireshark is a packet sniffer with a lot of advanced capabilities. Packet captures can be analyzed to a great level of detail. It also produces traffic flow and usage reports on the traffic that it captures. If you need find out what is going on on your network you need Wireshark.
Wednesday, December 19, 2007
Mac OS X Open Source Roundup
As we approach the end of the year, here is a list of really usefull Open Source utilities and applications that I use regularly on my Mac.
I run Mac OS X 10.5 (Leopard), but most of the applications should work on Tiger (10.4) as well.
I run Mac OS X 10.5 (Leopard), but most of the applications should work on Tiger (10.4) as well.
- Freemind (http://freemind.sourceforge.net/)
- Indispensable mind-mapping application written in Java. I have been using Freemind for years on Linux, Windows and of course now on the Mac as well. Truly useful with some real advanced functions and scripting capabilities.
- Vienna (http://www.opencommunity.co.uk/vienna2.php)
- An Open Source RSS feed reader. Vienna is a part of my daily routine in which I track a couple of hundred feeds. Once you get to know it you will love it even more - some clever keyboard shortcuts really create a lot of efficiency.
- Firefox (http://www.mozilla.com/en-US/firefox/)
- Firefox is the standard web browser for millions of Windows, Linux and Mac users out there. I prefer Firefox as opposed to Camino on the Mac as I really depend on some plug-ins for my daily security and privacy needs (I'll blog more about this again soon).
- Adium (http://www.adiumx.com/)
- Due to its massive multi-protocol nature (supports over 10 different IM providers) Adium was a no-brainer when it came to Instant Messaging on the Mac. I have never tried iChat or any alternatives mostly as Adium did such a stellar job out of the box. Growl integration makes it even more powerful - I like the ability to do specific actions when certain contacts come online. It also offers the ability to "bundle" accounts from multiple networks into one account for those contact who like myself are on various networks.
- Colloquy (http://colloquy.info/)
- The gents behind Adium also recommend Colloquy for IRC (internet relay chat). My usage of IRC varies depending on project and job focus but I have started to learn the nuances of the program and have grown to love it. I'm not crazy about its default behavior but after a little bit of tweaking it really turned out to be a powerful tool.
- Quicksilver (http://www.blacktree.com/projects/quicksilver.html)
- What can one say about Quicksilver? It has changed the way I interact with my computer and probably would be one of the functions I cant live without. The ability to "act without doing" as the developers call it creates the most amazing productivity gains. I am not a Quicksilver ninja yet but the limited ways that I use it in has made life so much easier... Thinking of an app? Three keystrokes and you're there.
Wednesday, November 28, 2007
How to FLOSS
In my never ending quest to discover good up-to-date resources about Open Source Software I stumbled across the following.
The guide can be found at http://guide.conecta.it/.
"This guide (developed in the context of the FLOSSMETRICS and OpenTTT projects) present a set of guidelines and suggestions for the adoption of open source software within SMEs, using a ladder model that will guide companies from the initial selection and adoption of FLOSS within the IT infrastructure up to the creation of suitable business models based on open source software."The guide seems to be pretty comprehensive and could serve as a valuable resource for persons wanting to familiarise themselves with FLOSS.
The guide can be found at http://guide.conecta.it/.
Subscribe to:
Posts (Atom)