Auren Hoffman discusses James Currier’s idea of the inherent Black Hat Tax built into most web-based businesses.

Interesting concept.

Related, no doubt, to the upcoming CPLUG CTF event at Messiah College, Patrick has a post about penetration testing with Python. The two main tools he mentions are Scapy and Inline Egg, both of which are quite cool.

At the last CPLUG meeting, Patrick mentioned that he was hoping to plan a capture the flag (CTF) event sometime in the near future. Although this time there will be no DoS attacks allowed and there will only be one target box, so you shouldn’t have to worry about player vs. player attacks… hopefully. :)

Well, it looks like things are starting to take shape! After an initial post on the mailing list, he has about 13-15 people signed up. The date/time are still TBD, but I know that I’ll be there no matter when it is.

Sounds like fun!

Simon Willison (source of many good links) mentions ezPyCrypto and gives a quick overview of how it works.

Nate pointed out a link to Ranum’s Six Dumbest Ideas in Computer Security from 2005. Might be worth checking out.

I saw Marcus Ranum present at the CPLUG Security Conference back in March 2005, and he was definitely one of the most entertaining speakers of the day… if not necessarily the most informative. Either way, he was wildly popular with those in attendance.

Secure Shell (SSH) is everywhere.

Since it’s inception in 1995, SSH has become the most widespread remote login protocol for Linux boxes, with some estimates saying that there were at least 2 million SSH users at the end of 2000. Gone are the days of telnet sending your data in plaintext over untrusted networks. Now you can type with a reasonable amount of confidence that your data is encrypted and secure.

But, as Uncle Ben said, with great power comes great responsibility!

By its very nature, an improperly configured ssh daemon can be a network liability rather than a asset. If you have a Linux box that is accessible via the Internet, it pays to know what you are doing.

Therefore, here are five things you can do to lock down your server and make ssh more secure…

(more…)

Well this is interesting…

root@metis:~ # python Python 2.3.4 (#1, Nov 6 2005, 22:06:26) [GCC 3.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more... >>>

Apparently IPCop ships with Python 2.3 installed. Why?

While looking through some firewall/router logs tonight, I noticed that on 08/28/2006 IPCop handed out an IP address via DHCP to a MAC that I didn’t recognize.

Here’s the info from the log:

IP Address: 192.168.2.198 MAC Address: 00:12:17:9b:26:86 Hostname: ncs-5pxom5jlr51 Lease Expires: 28/08/2006 00:20:07

For what it’s worth, a lookup on that MAC shows it’s a Cisco-Linksys NIC.

So while I’m not absolutely certain that someone cracked my WEP key, I’m pretty sure they did. Otherwise IPCop would not have handed out the address.

Now, I do have MAC filtering turned on and my wireless network is segregated on its own “Blue” subnet. So as far as I can tell, the person wasn’t able to actually do anything while connected. That theory seems to be supported by the associated traffic, connection, and proxy logs. And since I was on vacation last week, there was absolutely no traffic on that network anyway.

Probably not as much fun as they were hoping for.

So I asked some of the IRC regulars what they would recommend as a follow-up when your WEP key is broken…

(more…)

There are times when you want to connect to the Internet through unknown and/or insecure networks such as the local Panera or other WiFi hotspot. If you aren’t careful, you might make it all too easy for someone to sniff your connection using Ettercap.

One of the best ways to secure your connection is to use a VPN, but that isn’t always practical. So here’s a way to securely connect to the net using only an SSH client and a remote box that you control/trust.

Requirements:

1. PuTTY* loaded on your local machine
2. Remote host running OpenSSH (e.g. Linux box at home)
3. Firefox (obviously)
4. Gaim for all your IM needs

Just follow these steps…

(more…)

A while back I wrote about securing sshd with DenyHosts, a Python script by Phil Schwartz. Since that time, I know quite a few people who have started using it on their servers and are quite happy with it. It’s a slick little script.

Now DenyHosts 2.3 is out, and it looks like a lot has changed from when I tried it back in the 1.1.2 days. Most interesting (to me) is the new statistics site that is up. Really cool stuff.

If you run a server with port 22/tcp open, you might want to check this one out.

Update: Looks like the latest version in Portage is 2.2.