After Hours

General discussion

Locked

In my own words...

By Justin Fielding ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Stolen VA Laptop has been recovered

by Nathank In reply to Stolen VA Laptop has been ...

So in complete honesty, this is the best thing that could have
happened, saved quite a few people their jobs and quite a few people
their identities. However, this discovery is a complete false
sense of relief. <br /><br />On June 28th, the government learned that
they had 45 days to implement a new policy on their laptop security.
The government has been so lax with their laptop security these days
that leads me to believe that this is not the last incident we will
hear about with the government. We need to improve our data security,
specifically laptop security or else our identities will be in even
worse shape.<br /><br /><a href="http://www.essentialsecurity.com/howitworks_laptop.htm">http://www.essentialsecurity.com/howitworks_laptop.htm</a>

Collapse -

Data on stolen VA Laptop not accessed?

by Justin Fielding In reply to In my own words...

<p>After forensic analysis of the previously stolen VA Laptop,
the <a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2006/06/29/national/w085423D04.DTL">FBI
claimed</a> it has ?determined that the data base remains intact and has not
been accessed since it was stolen?.  This
is a very interesting statement; questions of how the FBI would be able to
determine this have started to be asked. 
While reading an article on Slashdot I found this<a href="http://blog.zonelabs.com/blog/2006/06/forensics_looki.html"> interesting
discussion </a>of the possible steps which the FBI would have taken to analyse
the Laptop and data.</p>

<p> </p>

<ol><li>Physical
examination ? Checking the casing for fingerprints, screws for signs of
use and even the hard disk for signs of removal (fingerprints).</li><li>Digital
examination ? This would focus on the file access times (a-times), if
these were dated after the laptop was stolen, the data has been accessed.</li></ol>

<p> </p>

<p>The problem is, neither of these method can be called
reliable.  If the Laptop was stolen by
professional fraudsters, specifically for the purpose of identity theft, they
would be well prepared.  Physical
examination can easily be cheated, latex gloves and plastic screwdrivers being
the tools of choice.  However, there is a
method of stealing the data without opening up the computer, or even booting
from the hard disk (therefore meaning a-times will not be altered at all)?by
simply booting from a Linux live CD like Knoppix, the internal hard disk can be
mounted as read only and then an exact copy made to either a removable disk or
network share.  The duplicate disk could
then be used to access information and the Laptop returned to the
authorities.  </p>


<p>The first thing the FBI will do is make a 1:1 duplicate of
the disk so that investigative work does not have any effect on the
original.  I really don?t know why they
think a professional data thief would do any different.</p>

Collapse -

Data on stolen VA Laptop not accessed?

by Dr Dij In reply to Data on stolen VA Laptop ...

<p>right on!   I think this was bluster by the FBI to help white-wash the theft.</p>
<p>(oh, it's OK, since we got it back!&nbsp  yeah, right.</p>
<p> </p>

Collapse -

Data on stolen VA Laptop not accessed?

by mroonie In reply to Data on stolen VA Laptop ...

The government is obviously missing the point!  They are trying to distract us by making us feel better about the fact that the laptop was recovered and oh look!  No data is missing either!  But what the real issue is here isn't whether or not the laptop got recovered or whether the data was misused (although this would be the best ending to the story).  The issue is that the government and users of any form of digital technology, need to educate and protect themselves so that if these breeches happen again (which they will) we can feel safe knowing our information is protected.<br /><br />http://www.essentialsecurity.com/products.htm<br /><br /><br />Instead of examining the damage after the fact, why don't we be more proactive and try to prevent the damage from happening.

Collapse -

Applying patches in OpenBSD

by Justin Fielding In reply to In my own words...

<p>Last week I looked out how we should keep ourselves informed
of any new patches for OpenBSD, and how to find the correct patch files once
they are released. This week, we?ll get straight into the application of these
patches.</p>

<p>The full-source archives should be downloaded to /usr/src
directory and the contents extracted; having the source installed is, of course,
a prerequisite of any patch application:<br /> </p>

<p># wget <a href="ftp://ftp.openbsd.org/pub/OpenBSD/3.9/src.tar.gz">ftp://ftp.openbsd.org/pub/OpenBSD/3.9/src.tar.gz</a></p>

<p># wget <a href="ftp://ftp.openbsd.org/pub/OpenBSD/3.9/sys.tar.gz">ftp://ftp.openbsd.org/pub/OpenBSD/3.9/sys.tar.gz</a></p>

<p># tar -xzf src.tar.gz</p>

<p># tar -xzf sys.tar.gz</p>


<p>And let?s get the patches:</p>


<p># cd /root</p>

<p># wget <a href="ftp://ftp.mirrorservice.org/pub/OpenBSD/patches/3.6.tar.gz">ftp://ftp.mirrorservice.org/pub/OpenBSD/patches/3.6.tar.gz</a></p>

<p># tar ?xzf 3.6.tar.gz</p>


<p>Applying the patches may seem daunting, but it is actually
very simple. Each patch file contains concise instructions of what must be done
to apply it?an example:</p>


<p><a href="ftp://ftp.mirrorservice.org/pub/OpenBSD/patches/3.6/common/005_isakmpd.patch">ftp://ftp.mirrorservice.org/pub/OpenBSD/patches/3.6/common/005_isakmpd.patch</a></p>


<p>This patch is for OpenBSD 3.6 and addresses a reliability
issue where ISAKMPD may have problems communicating with other key exchange
implementations. If we look into the file:</p>


<p># cd 3.6/common</p>

<p># head 005_isakmpd.patch</p>


<p>Apply by doing:</p>

<p>        cd /usr/src</p><p>        patch -p0 < 005_isakmpd.patch</p>

<p>Then rebuild and install isakmpd:</p>

<p>        cd sbin/isakmpd</p><p>        make obj</p><p>        make depend</p><p>        make</p><p>        make install</p>

<p>Let?s follow those instructions and make the patch:</p>

<p># patch ?p0 < /root/3.6/common/005_isakmpd.patch</p><p>|Index: sbin/isakmpd/nat_traversal.c</p><p>|===================================================================</p><p>|RCS file: /cvs/openbsd/src/sbin/isakmpd/nat_traversal.c,v</p><p>|retrieving revision 1.7</p><p>|diff -u -p -r1.7 nat_traversal.c</p><p>|--- sbin/isakmpd/nat_traversal.c       8 Aug 2004 19:11:06 -0000       1.7</p><p>|+++ sbin/isakmpd/nat_traversal.c       18 Nov 2004 18:25:35 -0000</p><p>--------------------------</p><p>Patching file sbin/isakmpd/nat_traversal.c using Plan A...</p><p>Hunk #1 succeeded at 58.</p><p>Hunk #2 succeeded at 232.</p><p>Hunk #3 succeeded at 241.</p><p>Hunk #4 succeeded at 254.</p><p>Hunk #5 succeeded at 304.</p><p>Done</p><p># cd sbin/isakmpd</p><p># make obj && make depend && make</p>

<p>Check that everything looks okay, and then install with the
final command:</p>

<p># make install</p>


<p>You can see that, in fact, the patching process couldn?t be
more self-explanatory. The only thing to notice here is that if you don?t keep
patches directly in the /usr/src directory, then the patch reference will have
to be changed to reflect its location. After the ?make install? command the
processes will need to be restarted; this can either be done with a reboot, or
by killing/restarting the running instance.<br /><br />Best practice, of course, suggests that patches are not
applied directly to a production machine?in fact, a great number of
administrators would not even leave source on a production box. Instead,
compile the updated binaries (as described above) on a development machine and
then once compiled and tested, they can be copied over to the production
system. The output from ?make install? will show you which binaries and files
have been replaced, thus telling you which files to copy across. I personally
use a VMWare-hosted virtual machine to compile patches/updates. </p>


After the initial few patches this becomes a fairly
trivial process and there really is no excuse for not keeping up to date with
?security? tagged releases. I hope this has been useful for anyone who wasn?t
quite sure how to apply patches to their system. If there are any experienced
users who have tips or advice on keeping things up to date, please leave a
comment.

Collapse -

Google warns over net neutrality

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">Google has fired off a warning shot following
reforms in communications legislation passed by the US Senate. The legislation has stirred quite a commotion
across the internet as it poses many threats to the current model of the
Internet. There is concern that
telecommunications companies will use the legislation to try to ?muscle in on
the internet?, it has also raised concerns that the neutrality of the internet
will be compromised as the data of personal bloggers and smaller organisations
which cannot afford the premium data services will be smothered by large
corporations with money to burn.</p>


<p class="MsoNormal"><a href="http://www.theinquirer.net/default.aspx?article=32831">The Inquirer
reports</a> ?A spokesman said it would not hesitate to file anti-trust
complaints if Internet-providing telcos abuse powers that could come from <st1:place w:st="on"><st1:country-region w:st="on">U.S.</st1:country-region></st1:place>
legislators in further reforms - some of which, Google argues, could threaten
'Net Neutrality'.?</p>

Collapse -

Google warns over net neutrality

by jmgarvin In reply to Google warns over net neu ...

<p>Will Google actually gain leverage in Congress?  I hope so!  This anti-net neutrality "plan" is just a way to let the telcos make big $$$ for doing nothing to actually improve service.</p>

Collapse -

Sophos recommends Mac for security

by Justin Fielding In reply to In my own words...

<p><a href="http://news.bbc.co.uk/1/hi/technology/5150508.stm">Sophos
security has recommended</a> that users concerned about security should
consider moving to Mac.. The top 10 malicious software applications are all
targeted at Windows machines, none of which are capable of infecting a machine
running Mac OS X. </p>


<p>It is generally accepted that the reason for this is that
the majority of computers around the globe run Windows; therefore targeting
Windows machines is more profitable for creators of Malware. </p>

<p>Sophos say ?It seems likely that Macs will continue to be
the safer place for computer users for some time to come?, however Brian
Gammage of Gartner does not agree, saying ?If you have smaller walls, you
attract less graffiti... There is nothing architecturally safer about Macs. If
everyone moved to them then the situation would change overnight".</p>


<p>Both opinions are well founded, indeed if everybody switched
to Macs overnight then we may well see malicious software developers shift
their focus, but the reality is most users in the foreseeable future will stick
with Windows, therefore Macs will still offer a safer alternative for the few.</p>

Collapse -

Sophos recommends Mac for security

by yobtaf In reply to Sophos recommends Mac for ...

This just isn't worth commenting on.

Collapse -

Sophos recommends Mac for security

by IT-Slave In reply to Sophos recommends Mac for ...

<br />Undoubtedly there will be an upsurge of viruses written for MAC if a major shift happened.  Windows has a very large target on it's butt and that's due to market share.  I think MAC is making a big come back and if they lowered their prices a bit, solidified their security and gave as many hardware options as a PC they would start making a very large gain on the PC market.  I own both PC's and MACs, I like the MAC for it's stability, but hate it for the lack of software, once that changes I may make a switch over to them as a main machine, but the price margin is killing me.  Offering customers customization of the parts included may help out there.  Nice thing is that if you ever go to sell it you can generally get back some of your investment.  MAC has a very good chance that if they can think through the security end of things and prevent problems in the code ahead of time they'll win big.<br />

Related Discussions

Related Forums