Forgot your password?
typodupeerror

Comment: Re:vandalism, nothing more? (Score 2, Interesting) 170

by azrider (#33805026) Attached to: Cryptome Hacked; All Files Deleted
And for those who don't want to read the book, he used whatever dot matrix printers he had available. Remote syslog to a machine with WORM media works too.

If you can't afford such writers, mount /var/log (or /var/adm depending on your system) on a remote with a different authentication with the directories as 500(-r-x------) and files as 300(--wx------) with a specific user for whichever syslog variant you use. Then chattr -i on the remote system so that the directory is immutable. On the remote system (if using rolling logs) don't forget to change the logrotate (or other appropriate cron configuration files)

Works every time for system security stuff.

You can tailor the logs for as much or as little as you need. Until the cracker can compromise your remote logging system (which should have different root passwords, no sudo/ssh credentials and no other rot access than the physical console), everything is recorded. Once it is cracked, you will know when it happened, because without the proper credentials on the logging system nothing can be erased.

Tripwire/dnotify/inotify are your friends if you take the time to learn them and if you take the time to set them up properly.

Comment: Re:vandalism, nothing more? (Score 1) 170

by azrider (#33804936) Attached to: Cryptome Hacked; All Files Deleted

The slash and burn technique serves to cover up all sources of incriminating evidence, and better yet, hides the true motivation of the attacker unless they actually take the time to leave a message behind. You are not likely to find a trail of breadcrumbs laying around if their intent was business rather than pleasure.

Oh, really? See The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (by Clifford Stoll).

Comment: For this particular problem, RTFAFGS (Score 1) 170

by azrider (#33804664) Attached to: DC Suspends Tests of Online Voting System

Web-based clients are insecure simply because you don't have physical control over them. You don't control the network, the routers, or the client machine. Give me (or some malware author) the client machine, and who cares what you signed on the server or how?

These are military personnel voting (absentee) from overseas. I can guarantee you that I can control the originating network, the terminating network and the client machine.

And by the way, the system extends to 150 million clients running every kind of hardware, software, and configuration imaginable, maybe 25% of which are infected with malware, and to which we have no access and over which we have no control.

See above. If the machines which are eligible to be used to cast the vote are not under some sort of control, there is no way of doing this. However, the number of machines can easily be limited to the command and control structure, which makes this facet of the problem trivial.

If you are talking about people being to vote from home, I heartily agree with Bruce Schneier that the problem may well be intractable, not for reasons of malware, but for the impossibility of testing every potential configuration.

If you limit the problem to the overseas (or otherwise deployed) military, where the time between the absentee ballot becoming available and the last available date to return it, the problem becomes manageable, simply because the change management process for the available terminals can be controlled. Hell, simply send (under cover) a live cd with the software on it to each deployed service member. Now, no malware, no unknown configuration (at least what matters) and enhanced security.

BTW, see my post below.

Comment: According to the articles... (Score 1) 170

by azrider (#33804558) Attached to: DC Suspends Tests of Online Voting System

The "web site was hacked".

Who in their right mind uses a web served application for something such as this?

This calls for a secured, encrypted application, with a protocol that maintains it's own data security.

It can be done. I built one for the government in 2001:

  • No remote login
  • No ports open except for the three being used for the protocol:
    • Incoming request for software
    • Outgoing Datalink
    • Incoming Datalink
  • Special protocol used for the communication
  • End to end encryption (with AES-CBC signing on all packets except the software download link)
  • Active firewall and IPDS

On a server with one side connected to a classified network (here it would be the counting facility) and one connected to an unclassified network (here it would be the Internet). Gee, it took me and another guy less than 2 weeks from design to active testing.

You would need physical access to the server in order to compromise the end to end system.

Total cost of the demonstration system (excluding our ~60 hours total development) was less than $2000 in 2001. Imagine what we could do with modern equipment.

Comment: Re:Bad GUI and no CLI: way too common (Score 1) 617

by azrider (#33802786) Attached to: Take This GUI and Shove It

Cisco's GUI stuff doesn't really generate any scripts, but the commands it creates are the same things you'd type into a CLI. And the resulting configuration is just as human-readable (barring any weird naming conventions) as one built using the CLI. I've actually learned an awful lot about the Cisco CLI by using their GUI.

Actually, Cisco's GUI stuff does generate the scripts and then stores the necessary commands in the config file.

Where it falls down completely is that none of them (IOS, ASA, CatOS or PIX) are capable of making all configuration choices. Take a moderately complicated config (split-tunnel VPN) and none of them can create it from the GUI. However, at least it does not overwrite and manual changes.

Comment: Re:I still think it's really dumb (Score 1) 483

by azrider (#33698460) Attached to: Why Warriors, Not Geeks, Run US Cyber Command Posts

I can understand about military situations being distinctly different from civilian ones. But this seems really dumb. What you want is people who can see patterns in stuff happening that nobody else would notice. You want human intrusion detection.

What you want is people whose training and experience says this smells wrong to me. Those are somewhat common among the higher echelon. What you really want is someone who will stand up to their decision.

The most dangerous cyber attacks are very subtle. I think talent and familiarity with the technical details are much more important than the ability to make quick decisions under intense pressure.

The two are not mutually exclusive. I can (and have and will) make the quick decision (regardless of the pressure) because those that sit above me do not want to second guess my decisions (ask any current or former military about what REMF means). My decision is for me to justify, and I had better be prepared to do so at any time.

The ability to make decisions under a lot of pressure can be an important skill,

Agreed

but spotting things that are subtly off, in my experience, requires intimate familiarity with the environment.

Agreed

A person's technical experience has a much greater correlation with that familiarity than combat experience.

FALSE. My technical expertise determines whether I can identify the threat. My technical (and OPERATIONS RESEARCH) expertise determines whether I can respond to the threat. My experience with the environment determines how I respond to the threat.

Ignore any of the three and see what you get.

Comment: Re:Less protection for free speech? (Score 1) 383

by azrider (#33623008) Attached to: In Canada, Criminal Libel Charges Laid For Criticizing Police

As the first reply said, is there a citation for that supposed ruling?

You would be more credible if you responded with something that actually backed up your assertion.

Instead, you provided a strawman argument:

The relevant Supreme Court cases (CITATIONS NOT PROVIDED) dealt with the race riots of the 60s and early 70s. During these riots certain black men and white men said things to one another, and were sued for issuing death threats (CITATIONS NOT PROVIDED). The SCOTUS (sic) reviewed the cases upon appeal and determined that "during the course of political protests, speech can become heated" but is nevertheless protected by the First Amendment. The men were let go without punishment.

Without CITATIONS as to the exact situation that was at issue, you are saying that all assault convictions should be voided on the basis of free speech.

I don't know about you, but if someone comes to me and says something to the effect of "I intend to do you bodily harm", I will call the paramedics or the morgue, whichever is appropriate.

Comment: Re:Why not just merge with Fedora or Ubuntu (Score 1) 206

by azrider (#33621914) Attached to: Developers Fork Mandriva Linux, Creating Mageia

Fedora's way too experimental compared to Mandriva. There's no reason for MDV to merge with Fedora as Mandriva has always been a lot more stable and conservative as compared to Fedora.

That is because Fedora is to RHEL as other distributions "testing" is to "stable". On Red Hat style distributions, if you want stability (without the support costs), you use CentOS or Scientific Linux. If you want to be bleeding edge (like I do on my personal system), you use the latest version of Fedora (I am not so "bleeding edge" as to use the beta - Fedora 13 with custom kernels works just fine :-]).

Fedora and stable?, use Fedora 12 or one of the LTS versions of any of the distributions. I started my distribution experience with Red Hat and will stay with it.

Comment: Re:Name (Score 1) 206

by azrider (#33621610) Attached to: Developers Fork Mandriva Linux, Creating Mageia

"Why not just grab a copy of The GNU Image Processor from the web to get the intern working on some of these images you want?"

Better yet, why not refer to it's correct name: The GNU Image Manipulation Program.

About GIMP Introduction to GIMP
GIMP is an acronym for GNU Image Manipulation Program. It is a freely distributed program for such tasks as photo retouching, image composition and image authoring.
It has many capabilities. It can be used as a simple paint program, an expert quality photo retouching program, an online batch processing system, a mass production image renderer, an image format converter, etc.
GIMP is expandable and extensible. It is designed to be augmented with plug-ins and extensions to do just about anything. The advanced scripting interface allows everything from the simplest task to the most complex image manipulation procedures to be easily scripted.
GIMP is written and developed under X11 on UNIX platforms. But basically the same code also runs on MS Windows and Mac OS X.

From the GIMP website: http://www.gimp.org/about/introduction.html

Comment: Re:Less protection for free speech? (Score 1) 383

by azrider (#33620026) Attached to: In Canada, Criminal Libel Charges Laid For Criticizing Police

Very few. The Supreme Court of the US has even ruled that death threats are protected speech, unless the issuer of the threat is carrying a gun or knife. But simply walking up to someone (say a KKK guy) and saying, "I hate racist mother fuckers and I'm going to kill you" is protected speech if said person is unarmed.

As the first reply said, is there a citation for that supposed ruling?

The definition of assault is the threat coupled with the present ability to do bodily harm. That is in no way protected speech in any state in the USA.

Comment: Re:unsaved documents (Score 1) 404

by azrider (#33443520) Attached to: Microsoft Patents OS Shutdown

This is one of the most annoying things about computers. If I want to shut it down, shut it down!

When the IBM 303X/308X/309X processors were the state of the art, the power switch was labeled Power Off Request . This initiated a microcode and control processor sequence to start saving critical system information to disk (unfortunately not the OS information itself).

The only way to really shut the system down right now (with no guarantees that it would come back up in anything approaching a reasonable time frame) was the Emergency Power Off switches on each cabinet.

Unfortunately for the customer, this method required a visit from the CE in order to recover (you can't use this method and then say "I don't know what happened" - it's obvious and billable).

Comment: History Revised (Score 1) 377

by azrider (#33402700) Attached to: .Net On Android Is Safe, Says Microsoft

OS/2: Originally Microsoft developed Windows NT as OS/2 - a microkernel which was OS/2 on the front backward compatible with DOS and Windows, and switched to Windows, only after IBM started to show less and less interest in coding, and more interest in their process.
(http://en.wikipedia.org/wiki/Windows_NT)

Perhaps you should rely less on Wikipedia and more on actual history. IBM did not believe that the desktop would take off, and so partnered with a company that wound up (deliberately) stabbing them in the back.

OS/2 was a superior product, but did not have the marketing strength (within IBM) to push it. Microsoft is a marketing giant, not a coding giant. How else can you explain a bug that showed up in IE4 (fixed within 24 hours), again in IE5 (same bug, same fix - after IE4 fix was released - same timeframe also), again in IE6 (you get the point).

Think someone did not say hey, I've seen this one before?

You've been Berkeley'ed!

Working...