Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


Linux “expect” – making things easy

Recently I needed to do some work via pop3 that I just could not find the right tool for. I tried nail, I tried fetchmail, I tried popcheck, etc. But all of them were not quite what I wanted. So I returned to using expect to create a script. Now expect starts what you would call a session, and everything you type during that session is captured, and when the session is done, a file is created. This file will allow you to replay that action again without user interaction. So if you telnet to a router, and check something, expect can help.

Now it has it’s problems. (1) any passwords are stored in the file which is text, (2) the expect “replay” file can normally benefit from some tweaking, since by default it is exactly the original session and you may have time-related data that will cause problems. Reading through it is easy and will help you make it better.

The best way to generate this script is autoexpect. This is part of the expect package and makes life even easier. You type:

“autoexpect -f run-again.exp”

..this will start an expect session and when finished will generate it in the run-again.exp file. Simple.

Expect is a blunt tool – no doubt, but sometimes it can be a life-saver.

Published by erich, on April 12th, 2011 at 2:43 am. Filled under: linux Tags: No Comments

New Post – Passwords, Universal Problem?

Finished a quick post on some password thoughts. Can be found here

Take a look and let me know.

Published by erich, on February 23rd, 2011 at 3:59 am. Filled under: posts,quickNo Comments

Still ranting

I am still thinking on these ideas of what it means to be a security professional. You see I keep getting this message that we need to learn to speak ‘business’. That if the business is not giving us what we need, not implementing our suggestions, that it is our fault for not communicating with them better. Once again I really do respect the people who say this. And I truly believe they are much better infosec professionals then me. But I am still going to call “Bull”.

You see a professional is something like a doctor, or architect, or engineer. Something requiring specialist knowledge. Now when I get sick, I do not blame doctors. When someone in the world dies, I do not blame doctors. If I doctor was directly involved in the death, then maybe. But just because there are doctors does not mean people are going to be healthy.

Unless people listened to doctors. That’s the catch. Doctors give us all lots of good advice. But we still have billion dollar industries around smoking and drinking for example. Because we do not listen to the doctors. Now do doctors beat their heads against a wall? Do they picket the factories? Do they change their educational needs to include better corporate communications or better client persuasion? Wait…. Wait…. No. Because they know that when we get sick we will go to them or we will suffer, and nothing drives human change like suffering. I am sorry to say that, but prove me wrong.

Now some doctors are preferred because they have better bedside manners. But I do not know about you, when I am coughing my lungs out, bedside manner takes a quick backseat to actual competence. Now I believe this was all driven by (a) doctors getting better and having more impact and (b) the big things like the black plague, outbreaks, etc – when we ignorant humans decided we really did not prefer dying to listening to those we called quacks.

So here is my pledge: I pledge to be the best InfoSec person I can be, I will read, I will listen. And IF I have time left over – I will try to learn how to tie a windsor knot and play golf. Because sooner or later, competence will be worth more then polished ass-kissing.

Alrighty then.

Published by erich, on February 18th, 2011 at 3:27 am. Filled under: General,rantNo Comments

The forgotten

First off, this is a rant. If you have a problem with that please leave now.

Right if you still are here, this is a rant that mentions Metallica, so that automagically means it is 100% better.

Anyway, I want to start with the lyrics from a Metallica song – Unforgiven:

With time the child draws in
This whipping boy done wrong
Deprived of all his thoughts
The young man strugggles on and on he’s known
A vow unto his own
That never from this day
His will they’ll take away

What i’ve felt
What i’ve known
Never shined through in what i’ve shown
Never be
Never see
Won’t see what might have been
What i’ve felt
What i’ve known
Never shined through in what i’ve shown
Never free
Never me
So i dub thee UNFORGIVEN

They dedicate their lives
To running all of his
He tries to please then all
This bitter man he is
Throughout his life the same
He’s battled constantly
This fight he cannot win
A tired man they see no longer cares
The old man then prepares
To die regretfully
That old man here is me

 Now to me that is information security in a nutshell. And allow me to be more specific, that is the “good guys”, the “whitehats”, the “defenders”. Simply put, people and companies do NOT care. The bad guys are winning in every way that matters and most that are for fun because being good at it matters to them and those that use them. For the good guys, no-one cares as long as they can get their porn, visit facebook and tick their compliance checklists.

Now if you are still reading you are probably thinking that this all sounds very familiar, that many people say the sky is falling, etc. And I have heard many information security folks say that this is wrong. That we just need to try harder, that we need to do a bit more, stop being so negative, and all the rest of the platitudes. And you know what? Most of those guys are great, they are very bright and mean well. But that does not stop it from being bullshite.

Saying all of that while you earn a great salary, or do not have kids, or are famous, or get to call the shots, or all those other things – then yes, your view of security and mine are very different. IF however you are a wage-slave like me then you do what you need-to to get by, survive and provide for your family. I try to do that to the best of my ability, but I tell you, we will NEVER win.

So to those folks who say I am upset because I lost my fire, or do not care anymore, or I am not trying enough…. tell you what, I challenge you to come spend some time in my shoes. Hell I will even provide a bed and meals. But come spend some time in my life, in my world,  and then see. For me I know I will probably “never shine through in what I’vi shown” in “this fight I cannot win”, but I will try and I know I am realistic and not living in some dream world.

alrighty then….

Published by erich, on January 31st, 2011 at 3:01 pm. Filled under: rantNo Comments

Review

Just finished “An Army of Bots” whitepaper by SecureState. It is a 13 page document (with larg-ish font) which covers off on botnets at a high level. Personally, while I found some areas interesting, just the emotive language and vagueness left me wandering if this is not a mislabelled marketing paper. Do not get me wrong, it never mentions any services, but it just comes across as the type of thing people send to managers before hitting them up with a proposal a few days later.

So, if you know nothing about botnets give it a read. If you know something, try it anyway and let me know if I am wrong.

Published by erich, on January 27th, 2011 at 9:21 pm. Filled under: GeneralNo Comments

some 2011 annual reports

Each year a bunch of companies and places come out with their “reveiw” of the last year. 3 of these are the Cisco, Messagelabs and Sophos Annual Reports. I had a look through them and while I am too lazy to provide the links (google them are if youreally want them then pester me), I will let you know what I thought.

The Sophos report was decent, but for me it came across just a bit too like marketing and pushing services.

The Cisco report however really surprised me by how good it was. Very little giving into the hype of things, lots of detail and well presented. A very good read.

The Messagelabs report is always very detailed with lots of stats. It can be a very narrow audience, but it always covers the subject well. This year I particularly enjoyed the web threats/attacks section.

After reading all 3, you see (1) mobile threats, (2) social network threats and (3) cybercrime for profit are common threads. One thing I saw very little if any mention of was cloud and virtualization, which was surprising. All in all, good reads to keep you up to date and more importantly, lots of soundbites and numbers to use in your upcoming management presentations 😉

Published by erich, on January 21st, 2011 at 7:55 pm. Filled under: GeneralNo Comments

Note to self..

When creating images from whole disks using dd (ie: dd if=/dev/sda of=/mnt/disk/test.img), it really helps to speed things up if you remember to use the bs option (ie: dd if=/dev/sda of/mnt/disk/test.img bs=10240). Unless of course the plan is to wait for days….

Published by erich, on January 19th, 2011 at 3:11 pm. Filled under: forget-me-not,quickNo Comments

Quote

I really liked this sentiment;

Consequences tend to motivate people. Risk acceptance without consequences is not risk acceptance at all.

Address : <http://www.immutablesecurity.com/index.php/2010/06/21/on-acceptance-of-risk/>

To often we talk about risk acceptance as some sort of mythical fairy dust that makes everything alright. But what is actually means is having someone to accept the responsibility if that risk is realized. No consequence = No Risk.

Published by erich, on January 14th, 2011 at 6:12 pm. Filled under: quoteNo Comments

Default boot screen for OSX

If you want to change the default boot screen on OSX, then replace:

/System/Library/CoreServices/DefaultDesktop.jpg

..with the picture you want. You need to sudo through command shell to get it done due to permissions and I would suggest changing the picture owner to root:wheel (chown root:wheel DefaultDesktop.jpg), but it is a fairly simple procedure.

Published by erich, on January 14th, 2011 at 2:49 am. Filled under: osx,quickNo Comments

Controls and Threats

If the last 2 years have taught me anything, it is that controls around IT security are needed. That was a new thing. I mean I always knew that they were needed, but it was always an afterthought. Now those of you who know must not start reaching for the pitchforks and kindling, I am still a great believer in dealing with threats and what is actually happening. I just never knew how to combine the two. Well I was listening to an older interview with Richard Bejtlich (http://taosecurity.blogspot.com/) who I ALWAYS enjoy (great stuff go sign up for his RSS and Twitter and everything else… go on, I’ll wait).

A comment was made that IT security people are always ‘firefighters’, and he said “Great, every company needs firefighters. There was never a town that did not need firefighters. They are always the heroes, go to the fire, save the kids and pets, put it out. But the next stage of maturity is not to replace them but to supplement them with Fire Marshals.”

Those are the chaps who go around and make sure buildings are up to code and that garages do not let fuel, stuff like that. You see the Fire Marshals are ‘controls’ and the Firefighters are the ‘threat-based’. The two are not exclusive but work together to create a much safer environment, I mean even if you had firefighters you do not want to rescued on a monthly basis.

I really thought this was a good way of explaining it, and it is succinct enough to use a quick “elevator-pitch” for management. Catchy and meaningful.

Published by erich, on January 14th, 2011 at 2:19 am. Filled under: GeneralNo Comments