Empathy and MSN

I’ve had some problems recently (the last couple of weeks) with Empathy on Ubuntu 10.04. All my MSN accounts just started giving my an “Authentication Failed”.

After checking with pidgin, which I use for other accounts, that my credentials were still working I found a post in the Ubuntu Forums that gave me a good solution:

$ sudo aptitude remove telepathy-butterfly
— Make sure you have telepathy-haze installed, if not
$ sudo aptitude install telepathy-haze
— Delete the accounts and recreate them with the new plugin

I’m not sure why this happened, but at least it’s working again.
Hope this helps someone else out there.

ooimpress and .pps files

I’ve been working with Ubuntu lately at the day job and the Open Office setup is different than on Fedora.  One special case is the opening of .pps files, which per default go into “presentation mode” which I normally hate to see (it just takes to long to see what you really what to see in the presentation.

This is a workaround I found around in the Web:
Create ~/bin/ooimpress-edit or if you want to use it system wide /usr/local/bin/ooimpress-edit; and add the following code into it

#!/bin/bash
ooimpress -n “$*”
exit

Use it when ever you think you need it.  I set it up as default behaviour in the browser.

Enjoy

Lucid Lynx and Constantine multiboot

As most of you know I’m a Fedora user, well started out some time ago as a Redhat user until they decided to have to spins: Redhat (stable for the enterprise) and Fedora (bleeding edge for the community). Back to the point, my main distro is Fedora but I like to give other distributions a spin to find the pros and cons.

I decided to install the new and shiny Ubuntu 10.04 “Lucid Lynx”, but there is no way I want to affect my main partitions!! Why should I this is Linux after all, it can boot from a secondary partition I can even put the bootloader at the beginning of the partition to make it totally independent!! Having done that already with Backtrack 4, Ubuntu 9.10 (karmic) and CentOS 5.x it should be as easy as 1 – 2 – 3 (Or simple as… got Jackson 5 ringing in my ear right now).

So the solution I had in mind was just to add a new partition with parted, install there and add the following lines to the /etc/grub.conf in my Fedora partition:

title Ubuntu 9.10 (Karmic)
rootnoverify (hd0,6)
chainloader +1

The problem is that Ubuntu 10.04 ships with grub-2 (technically speaking 1.98) and it just doesn’t work the same way. After a couple of re-installs and hours later I came out with this blog with a really detailed review of the distribution and with the solution I needed:

title Ubuntu 10.04 (Lucid Lynx)
root (hd0,4)
kernel /boot/grub/core.img
savedefault
boot

Just to make sure your a attacking the right error, this is was I was getting: Error 13 invalid or unsupported executable format

Enjoy

Ubuntu Firefox: This address is restricted

I got the weirdest of errors today trying to open a web page on port 6000: ThisAddress-is-restricted

After reading for a while I found out that de Mozilla Foundation built in this protection for “Cross-Protocol” scripting attack with a form of Port Banning.

To overide this protection use one of the following steps:

  • In the user’s profile directory the all.js, add the following line at the end of the file user_pref("network.security.ports.banned.override", "1-65535");
  • In the defaults/pref/ sub-directory of the installation directory (multi-user systems) add the following line at the end of the file user_pref("network.security.ports.banned.override","1-65535");
  • Open a new window, in the address type: about:config and add a new entry of the type string with this name network.security.ports.banned.override and value 1-65535.

If you want to set free only one port change the range for that port o list of ports.

US Access to SWIFT data

Im not a Terrorist

This is a topic that caught my eye a while ago and just found out it’s still an open issue.

According to their website:

SWIFT is the Society for Worldwide Interbank Financial Telecommunication, a member-owned cooperative through which the financial world conducts its business operations with speed, certainty and confidence. Over 8,300 banking organisations, securities institutions and corporate customers in more than 208 countries trust us every day to exchange millions of standardised financial messages.

So basically it’s the organization that manages the API’s and systems that make international banking work smoothly.

This Belgium based organization had it’s major databases in the US until an article in the NY Times aired that the CIA under the Bush administration had been data mining the database to find links to terrorism, after Europe protested the database was move to Holland.  So the issue now is that the US intelligence agencies want to keep having unlimited access to spy on EU Citizens using the usual terrorism joker card.

I think this is a big issue and should be handled a such.  There are some open questions I have to this deal:
What does a US or in fact any intelligence agency have to do with our financial records without a warrant?
Is every person in the world considered a potential terrorist?
Were are rights, are privacy?
While we’re at it:  How long is this data retained?  How is it guarded? Who makes sure it’s correctly discarded?

Benjamin Franklin summed this up better than I can ever try to:

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety

IT-SA

So the last couple of days I was at the IT-SA a new security fair in Nürnberg (Germany).  This is / was the first edition but it is a attempt to make a security oriented fair out of the security section of the Systems in München which should take place 21-24th October 2009.

On Tuesday I was really disapointed with the fair, because I was expecting a conference RSA style.  But after taking the right perspective I think it was good,  most of the big players in the security field were there:  AV companies, the big firewall companies and of course your share of UTM and service providers.  They organized a speaking trend in each of the 2 exibition halls: a technical and a managment.  Most of the talks were short and white paper like and they had the usual “hacking live” talks that serve as “eye openers”.  They are fun to see but people should know that the pentesting or crackers job is normally not that easy, they don’t know exactlly what you are going to do in order to install a Trojan or what drivers you have install in oder to escalate privileges.

Today the BSI had it’s own embebed conference (3. BSI Grundschutztag) in the event.  The talks where OK, they presented the new changes that can be expected it in the next version of the IT-Grundschutz Katalog and their standards.

OWAP hat their share yesturday, I didn’t get the chance to attend but if someone got to go I would appreciate a link to the slides and/or the content of the sessions.

VMware not working smoothly on Fedora 11

failed

I just tested the latest version of VMware Workstation for Linux on my Fedora 11 box and there are a couple of things that just bothered me.  The big picture is that it’s not working smoothly:

The problems started on install time, in order to be able to install the rpm I had to uninstall gcc! (Thanks to Tusheto for the idea ).  Then I could work as usual with your virtual machines until I tried to turn them off:  it hung forever, I gave it 5 min. before having to kill window.  The files stayed locked thanks to the vmtray that is not shown in GNOME, so if happen to have you VM’s in a external drive there is no way to cleanly unplugg it without killing the residual process.

Afer so many years working with VMware on Linux I really expected more.  Rating F

Ran my tests on Fedora 11, kernel: 2.6.30.5-43.fc11.i686.PAE, and VMware-Workstation-6.5.3-185404.i386

Creating passwords with bash + perl

I had a couple of scripts working in the back end of an application to create users and set the passwords. So instead of reinventing the wheel I used the ?trusty? useradd.

Until recently one could pass the users password in clear text as a parameter. I assume that someone thought about all the passwords that word saved in history files and decided to change it. The problem is that the used the same parameter but now it expected the password to be encrypted, so it basically stopped working but didn’t generate errors.

After some debugging and some man reading the problem was nailed down, but now I had to generate and encrypt the password. I looked and tried many solutions but the best I could find was the crypt library and decided to access is through perl.  What I liked the most about the solution is that I could use all the same native algorithms that the system has installed.

So lets cut the chase, here are the 5 lines of code needed to get the job done:

salt=$(/usr/bin/mkpasswd -l 8 -s 0)
parameter=”print crypt(config,”\$1\$$salt”)”
encrypted=$(perl -e “$parameter”)
/usr/sbin/useradd -p $encrypted <user>

To create a good salt I used the mkpasswd utility that comes with the expect package (yum install expect).  In this case the $1 is not a variable, but the way of telling crypt to use MD5.

Other valid values for the Glibc crypt are:

ID Method
1 MD5
2a Blowfish (not in mainline glibc; added in some Linux distributions)
5 SHA-256 (since glibc 2.7)
6 SHA-512 (since glibc 2.7)

For more information http://www.kernel.org/doc/man-pages/online/pages/man3/crypt.3.html or simply: man crypt

Have fun

3 strikes

I’ve following and ranting on the music and video industries and their 3 strike strategy for a while now. This is an attempt to maintain the status quo in a business that hast to evolve to meet the market (their users) need.

I believe that the way Audio and Video rights are managed should be changed and a new model has to be built.  I’m not good with economy or an MBA,  but I am a user that really hates some of the limitations that are still built into a contents users life.

Let me put an example with the access to English spoken TV in Europe.  There is a great source for it in the UK, there you have access to SKY, BBC and other cable or pay TV services.  If I want to access those services from Germany, you can’t.  You can’t purchase the services, at least not legally (one can only purchase the services with a billing address in the UK).  With today’s interconnected world, these are the type of things that send people to look for alternative ways to access those contents.  So in a way the excessive controls are sending people to go to and find alternative ways to acces the contents that they can’t access or purchase through traditional channels.

I like the approach taken by Amazon in the US where you can by your favorite content and have instant access to whatch it through streaming, you can download it a specific number of times (4 if I remember correctly) in different formats: HD, MPEG or a smaller version for your IPOD.

I’m just glad that at least for now the 3 strike law in France was suspended.   And hope that  new cross European solutions see the light, because being able to whatch TV in your own language definitly helps people to feel at home away form home.

Photo credit: “And You’re Outta There!” originally uploaded by Chad Horwedel

ISECOM TtT

I managed to get a few days away from the day job to attend the ISECOM Train the Trainer event in Barcelona (27-29 May) and it was really a great experience.  Being that the event was for the certified or to be certified trainer crowd it was pretty intense and at the end of the last day my brain was jello.

Jello Brain

Jello Brain

It was great to finally meet Pete Herzog, who I had the pleasure of working with before on the Hacking Expossed book.  I also got time to meet some of other European trainers, and it’s a good batch  😉

I got to take the OPSA and OPST exams, the results should be due any time now.  I really liked the format of both cert exams: hands on!  For the OPST you have to shoot at a couple of live test systems to complete the results you need, and for the OPSA there is a little theory on the OSSTM, some shooting to be done but most of all analysis (hence the A in OPSA).  I fried my brain on the last question, I didn’t notice at the begining that it was a packet dump that needed to be analyzed.  So after 8 hours of class the 2.5h I took to complete the exam were the last effort.

For those of you who have no idea of what I’m talking about, you can find information on the OSSTM at http://www.isecom.org/

Prev123455Next