Last week on Wednesday my family became incomplete.  Our dog, Muirna, passed away from an unknown illness.  It has been hard and it hurts, but we have begun the slow healing process.  She will always be remembered for all the cute little things she added to our daily lives.  We miss you, Muirna, your pack misses you.

Ok, so I’ve had my new Eee PC 1000 for several days and am loving it.  But, I did find a few really glaring security issues.  So with a lot of research I’ve come up with a basic list of must do’s for any new Eee PC owner.

  1. Shutdown Samba and Portmap – These services are on by default and there are known security issues with the version of Samba that comes with the EeePC.  Here is how to make sure they are stopped and don’t come back on.  Be warned, if you do this you will not be able to share files with others from your computer, though you can access files on other computers:
    • First start up a terminal window by pressing Ctrl + Alt + T
    • Next issue the following commands:
    • sudo invoke-rc.d samba stop
    • sudo update-rc.d -f samba remove
    • sudo update-rc.d samba stop 20 0 1 2 3 4 5 6 .
    • sudo invoke-rc.d portmap stop
    • sudo update-rc.d -f portmap remove
    • sudo update-rc.d portmap stop 20 0 1 2 3 4 5 6.
    • Next edit the services file using the following commands:
    • sudo vim /usr/sbin/services.sh
    • Press the “i” key to begin edit mode
    • find the line:
      start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
      and comment it out like:
      #start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
    • find the line:
      /usr/sbin/invoke-rc.d samba start
      and comment it out like:
      #/usr/sbin/invoke-rc.d samba start
    • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
  2. There is a webserver that runs on the EeePC any time you launch the anti-virus icon under settings.  It by default hides the content from the internet, but the webserver is still listening on the internet port.  To force the webserver to ONLY listen to your local machine (and not advertise to the rest of the world) do the following.
    • You need to edit the following file using the commands:
    • sudo vim /usr/lib/esets/webi/nginx/conf/nginx.conf
    • find the http {} section,  then the server {} section and
    • Press the “i” key to begin edit mode
    • change “listen 20032;” to “listen localhost:20032;”
    • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
    • Reboot the computer as there is no clean way to stop the service.

Ok, so now the why part.

The EeePC (including my brand new one) ships with a old version of samba enabled to start on boot by default that has a known remote attack that can grant root priveleges.  That is VERY bad:

http://risesecurity.org/blog/entry/6/

Also the webserver that runs when you start up the anti-virus program on the EeePC is the legacy stable branch (one entire version behind current stable) and several revisions of that behind the current legacy stable revision:

http://nginx.net/CHANGES-0.5

The EeePc runs version 0.5.33 from November of 2007.  You’ll notice in the change log several fixed segfaults and other bugs, some of which could lead to security issues.  It’s best not to take chances and make sure it doesn’t report to non-localhost requests.

I just posted my review of my new EeePC 1000. This is the Linux version with the 10″ screen and 40GB worth of solid state drive. So far I like it, hardware is great, software is good, security sucks.

Go here to get the details.

Well it’s coming up, LinuxWorld Conference and Expo is only three weeks away.  I had the opportunity again to chair the Security Track, and though it was a rough year getting the session together (This is the first time since I’ve volunteered at LinuxWorld that it conflicted with BlackHat Las Vegas, perfect timing for the security track 😛 ) I think it’s a pretty well rounded track.

I’ve finished getting all my travel arrangements together and looking forward to San Francisco (nothing against Vegas, but I love the local food in San Francisco!).

If you haven’t done it yet, and are still interested in joing the fun out in San Francisco here is a code to get 20% off registration for LinuxWorld packages: PRC20 It’s a “Friend’s of the Program Committee” Special.  Here’s the link to the show:

I’ve been watching this for a while now, and took note of a recent ruling in a US court which said you have no expectations of privacy at the border when returning from international travel. This means that when you are returning from an international flight to the US you are not on US ground when you land, and you miss out on many of your constitutional protections, apparently. Border agents can take ALL your electronic devices and make copies of the data, they can compel you to login to your computer, they can request encryption keys, they can do all of this with out having a reason for suspicion. All those emails, love letters, family pictures, they can all become goverment property just because they feel like it. There are no formal rules regulating it either yet.

If you don’t think this is a problem, I suggest you invite the police to come into your home and search through all your records, all your receipts, all your drawers, everything. I’m sure they can find some little law somewhere you broke (got an illegal radar detector? Didn’t pay USE tax on those internet purchases? Maybe a bad cop finds some intimate photos of you and the wife and decides to earn some money on the side by blackmailing you, or just enjoy them personally), cross your fingers.

Right now there is little to NOTHING you can do about it. And this hasn’t received much attention from mainstream press yet, which is sad. It’s all done in the name of protecting against terrorist and child molesters, and it will likely help neither of those causes. What it does mean are your corporate secrets on those company laptops are now the Government’s. All those personal moments in email and photos are now the Government’s. Your new idea you haven’t gotten patented yet that was going to let you break into the big time? Yeah, gov’t has it now.

If you worry at all about this (which you should if you travel internationally) you should write your representatives. They could at least have the common courtesy of setting some regulations and limitations on it. Oh, and yes other Governments can do this too. Flying into the UK? Yes they can search you just the same. Think twice about your laptop, smartphone, pda, they hold a LOT of information.

Here is a good article talking about how you might be able to do to protect your “Intellectual Property” (I hate that term, but at least I’m using it for good, kinda). Schneier on Security

Busy once more trying to finalize the Security Track for LinuxWorld San Francisco. Will be hard to top some of the speakers from last year, but I’ve got some very interesting topics this year. I just always forget how hard it is to coordinate all the different speakers’ times and communication.

Last year I actually missed out on attending LinuxWorld as I was on baby watch (the little one was due any day around that time), but looking forward to making it this year!

When I was young (i.e., all the way through college) I played assorted pen and paper RPGs. It started with the first D&D red box set, quickly followed by AD&D, AD&D 2nd Addition, Marvel Comics, CyberPunk, MechWarriors, WarHammer 40k, and assorted other table top and pen and paper role playing games. I loved them, my friends loved them, and it gave us a chance to create explore and work our minds. I know I wouldn’t be who I am today without my chance at playing these games.

So, it’s very sad to learn that one of the creators of the original D&D and really one of the fathers off all modern RPG systems has passed away. Gary Gygax, co creator of D&D, passed away yesterday. Thank you for everything you’ve given us Gary!

More information here

Dungeons and Dragons co-creator Gary Gygax dies.

Just ran across this interesting news bit:

“Verizon Wireless Says ‘Bring Your Own’ Device”

Very interesting, but after reading it, all it really sounds like is a slightly refined version of what GSM networks are all about. I have for the past 3 years brought my own device (in my case an Unlocked Treo) to AT&Ts network. I bought phone and data plans independent of the device (which admittedly kinda stretches the boundaries of some of AT&Ts policy, they have an idea of what plans I should have, which is different from what I think I need and have).

It will be interesting to find out what the eventual details will be, is it just going to be a SIM card for CDMA networks? Or will it be something more?

Have to wait and see I guess.

I run several servers, all of which run linux, OpenSSH, and Apache HTTPD. Some run VSftpd as well (legacy requirements). They all are attacked by brute force hacking attempts daily, yes daily. Every day I go through my logs and see the 10’s of thousands of attempted break in attacks. It’s annoying, it tends to make the log files very long to look through. Even my parsed and abstracted log reports are forced into long lists of attacking IP addresses and attempted usernames. Here is an example from just today on ONE server:

Failed SSH logins: 2971

Failed FTP logins: 18,415

Faild SMTP logins: 1656

And this is not a server hosting super popular websites or mirrors. This is just a no name server hosting a couple of websites. In the past I used to contact the owners of the IP addresses these came from, but it became tedious and difficult. They’re often internet providers dynamic IPs of clients, which the ISP tends to not care they are attacking my server (most likely, they are trojaned anyways).

All these attempted attacks do is waste resources. They waste my bandwidth, processing, and storage (the log files).

Just me deciding to put into writing one of my daily annoyances.

Well, I decided about a month ago that the old Treo 650 was getting old and needed a little refresh, I generally keep my PDAs for about 3 years before upgrading, and that’s about how long it’s been. Unfortunately, there wasn’t really anything compelling to upgrade to. None of the new Treo’s out provide much improvement over my current 650 on GSM networks. The iPhone is cool and all, but the lack of third party apps and no 3G network, really doesn’t make it a compelling upgrade to my old 650 (I can do already do just about everything the iPhone can do, just not in as cool a way). With no sight of the Linux based palms and a 3G iPhone or Blackberry, wasn’t sure what to do.

Well, decided for now I’d just do a minor upgrade when I found a real good deal on a used but practically new Treo 680. It gives me a slightly smaller and lighter form factor, no antenna stub, more onboard ram, and better bluetooth than the Treo 650. Minor improvements, but enough hopefully to hold out till Palm, Apple, or Blackberry put out something compelling.

Oh and for the record, I’m not very impressed with any of the Windows or Symbian based smartphones out currently. The few Symbian phones that look cool are only available overseas and lack the US frequencies I need.

So I have a little more breathing room to wait for the smartphone of my dreams, and keep dreaming…

« Previous PageNext Page »

Copyright © 2015 · All Rights Reserved · Cafaro's Ramblings