Animals Only a Mother Could Love

Consider being born as a platypus. (actually, ‘hatched’ as a platypus)   And as you come to awareness, it’s oh no, I am a platypus…   There are lots of unfortunate animals that need love too, and here is a small collection for your consideration.

Say hello to the Aye-Aye,  a type of lemur, primates only found on the isle of Madagascar.   It taps on tree-trunks looking for hidden insect grubs.   When it finds one, it chews through the bark and uses its unusually long middle finger to pull out the bug.   Aye-ayes are endangered because of the current burning of their habitat for farmland.

Say hello to the Aye-Aye, a type of lemur, primates only found on the isle of Madagascar.   It taps on tree-trunks looking for hidden insect grubs.   When it finds one, it chews through the bark and uses its unusually long middle finger to pull out the bug.   Aye-ayes are an endangered because of the current burning of their habitat for farmland.

(more…)

HowTo: Xen, for the Everyday Microkernel

~~   Forward   ~~

xen-logoMost people think of Xen as only being applicable to large organizations like Amazon’s AWS, RackSpace and other clouds, and various clustering applications.   Why is Xen such a good model of virtualization, clustering and security?   Because it’s the closest we have for now, to a production microkernel architecture.

~~   The Microkernel Model   ~~

The microkernel operating system model is one which rethinks the very core of the way operating systems work.   With microkernel, very few functions are actually handled by the core kernel in privileged mode, and the kernel itself is simple, compact, and fast.   The minimal functions handled by the microkernel are low-level address space management, thread management, and inter-process communication.   All other OS functions, including device drivers, protocol stacks, file systems, etc, are handled in user space.   If there is a buffer overflow or other vuln in a driver of the microkernel system, the best a cracker could do is get to the non-privileged user that driver is running as, inside the virtual machine it’s running in.

(more…)

About This Bash Bypass Bug

There’s been alot of news in the past couple of days about this Bash bug, some of it hysterically saying that 500 million sites could be impacted.   Well maybe that’s how many sites are running the Bash command-line utility susceptible to the bug, but only a small fraction of those are actually exploitable.   And exploitable is what matters.   This has been an issue with Bash for 20 years, since inception.

First of all, if you’re a Debian user you can relax.   Almost all scripts call /bin/sh, symlinked to /bin/dash, which does not have the vulns.

(more…)

DefCon corollary — Seeking Employment

Back in 1999, DefCon attendees were viewed with great suspicion by employers.   When a manager of the NSA or a big company became known at the conference, he was overrun by attendees trying to give him their resume, but were mostly denied.   Whenever I described any knowledge of hacking methods, the response was always fear.   So I stopped going into detail, even when the job is computer security.   These days though, people (without a record) who know how hacking is done and how to defend against it, are actively recruited.

(more…)

DefCon

DefCon: The good, the bad and ‘the Feds’

defconAh, DefCon, my favorite convention.   I should have gone this year.   It’s a celebration of determination, independence, intellectual accomplishment, and constant learning.

My brother and I went to DefCon in 1999.   I managed to talk my way into the Press Room and got full press credentials with access to special areas   —   I’d hacked the hacker’s conference.   I did have to wait 20 minutes for my brother to get through the regular line though.   I later sold my DefCon press credentials on eBay for $14.   Shoulda kept them.

(more…)

HowTo: Prevent Tracking via the Browser Cache     

Practically speaking, all of today’s browsers use an internal cache, which stores web objects temporarily so that if they are called for repeatedly, they are brought from local cache much faster than if there were a full web access.   Well, there are some tricks to use your cache to track your movements around The Internets, even if you disable or clear cookies and LSO-cookies.

(more…)

An Idea for Solving the Certificate Authority Vuln Problem

~~   Forward   ~~

A while back, Comodo and DigiNotar were compromised, opening any SSL using those certificates to attackers.   Maybe it’s time to acknowledge that the traditional SSL trust model is outmoded.   Every web browser trusts the word of scores of Certificate Authorities, and if any one of those CA’s is compromised by a cracker, government agency, or internal hire, then there is no way to know that your HTTPS connection isn’t being intercepted.   Further, if a CA (GeoTrust for example) has a large market share of SSL certs, browsers can’t then just “un-trust” them, as millions of non-tech users will start getting https errors and won’t know what it means nor what to do.   My ideas cover both the questions of forgery, and of CAs which are effectively too large to fail.

Rather than requiring that a root certificate be signed by a single trusted authority, require multiple and independent trusted signatories.

(more…)

HowTo: ID and Avoid a TBird Bug, and Rake Your Email Client for Other Vulns

~~   Forward   ~~

All of us use a desktop email client to fetch our email, to respond, and to screen out spam.   When you click a link in an email, it will normally come up in your main web browser and take you to that site.   But there’s a way of crafting a link such that when you’re using Mozilla Thunderbird and click on a link, it opens the website in a Thunderbird tab instead of your default web browser.

Why is this a problem?   Because if you have hardened your browser to any reasonable level of security, all those protections are bypassed when the link is opened in a tab of TBird.   I use Iceweasel/Firefox with modifications from the TorBrowser, which include various configuration changes and addons to enhance security and privacy.   For example, addons I use are TorButton, NoScript, RefControl, HTTPS-Everywhere, RequestPolicy, AdBlock Edge, and Element Hiding Helper.   And I browse almost exclusively through TOR.   None of these security mechanisms is emplaced when links are opened in a TBird tab.

(more…)

What Is Going On With eBay?

I’ve been a member and seller on eBay with the same user ID since 1998, and regularly turn to the site when I want to buy or sell just about anything you can mail.   But recently there have been attacks by criminal gangs on user accounts which eBay seems to be unable or unwilling to inhibit.   These gangs take over an innocent user’s account, possibly by tricking them out of their username and password (or possibly through an internal eBay vuln, which I think is more likely), and then use that account to sell non-existent items (and collect the money) and to seek and find more victims.

Many of the compromised accounts have 100% positive feedback, and had prior sold hundreds of items.   One victim who had his account hijacked says he was locked out of his account, and then later billed “around $50” by eBay for seller’s fees on items he had never heard of.   When customers click on a scammer’s listing, they are redirected to a professional, official-looking page which asks them to log in and ‘confirm’ their credit card and bank account details!   The items ostensibly for sale in these compromised listings range from smartphones and TVs to laptops and bicycles.

Users are taken to a fake page like this by XSS.   But notice the URL is not eBay and has the country-code of Ukraine, the worst for scams next to Nigeria!   Usually  though customers will only see the right-hand side of a long string of gibberish and won't notice.

Users are taken to a fake page like this by XSS.   But notice the URL is not eBay and has the country-code of Ukraine, the worst for scams next to Nigeria!   Usually though customers will only see the right-hand side of a long string of gibberish and won’t notice.

(more…)

Re-Roofing With Torch-Down Modified Bitumen

Putting on a new roof is way out of my normal line, but I decided to learn it because I love to learn, and eh, because I wanted to save $4,000.   And anyway, I need the exercise.   I will explain this without shyness of my mistakes and in unvarnished words, so you can learn from my good and bad and do it right yourself the first time.

I own a property in unincorporated Everett, WA with a half-acre of developable land, and a house that was built in 1964.   The roof on the house is the original, and is thus in terrible condition after 50 years;   the tenants recently complained about a leak, so as a temporary measure I covered the area with a tarp.
(Click to enlarge… if you dare)
4. 21 Aug 2016

(more…)

HowTo: Build an Encrypted ZFS Array ~ Part 2 ~ The Array

zfsThis is a continuation of Build an Encrypted ZFS Array – Part 1 – Encryption, although if you do not choose to encrypt, you could pick up here.   This HowTo is Debian-centric.   Caution:   Sometimes command-lines wrap below, because of the width of the page.

~~   Building the Array   ~~

We now have 4 disk drives set up encrypted, and their raw devices reside at /dev/mapper/sdb ~ sde.   We want to assemble these into a ZFS array so they’ll appear as one volume to the system, and with RAID-Z for data integrity.   First a few rules:

(more…)

HowTo: Build an Encrypted ZFS Array ~ Part 1 ~ Encryption

~~   Forward   ~~

zfs

The Zettabyte File System is an advanced filesystem which was developed by Sun Microsystems and is now owned by Oracle, and although it has always been open-source, its CDDL license is incompatible with GPL and so it will not be included in the Linux kernel.   Now that ZFSonLinux is stable though, it is available as a DKMS package.

With this article, we are going to set up a ZFS array of multiple disks, which will be assembled to appear as one volume, for use as /home, or /media/backups, or other functions where massive data storage is required.   In addition each of the disks comprising our array will be encrypted, and the data will be compressed for better storage efficiency and throughput.   Now this may look long, but I am documenting everything and I’ve made every effort to make it easy.

(more…)

Good News for Electric Vehicles

This has nothing to do with Prius, Leaf, or Tesla.   This is about on-the-ground EV enthusiasts’ work.

SEVA

Up until a few years ago, electric motors were lucky to get 40% efficiency.   That is, of 100% of the charge in the battery pack, the motor was only able to use 40% of that energy, the rest being lost to heat, mechanical friction, and the “cogging” effect of newer neodymium-magnet motors.   So for a given range, you needed to include 60% more batteries than you would if efficiency were 100%.

(more…)