Hacker testifies against Manning.

December 21, 2011 Leave a comment

Lamo testifies against manning

In case you have been hiding under a rock for the last few years, a young Private First Class leaked thousands of classified documents to the popular website wikileaks.

Today CNN reports that a hacker came forward to testifie that Manning had been on a chat forumn, most likely irc which is commonly used on government computers to communicate. They did not release the medium used. The messages were simple in that the hacker was falsely trying to obtain information about the illegal activities of the soldier.

The young man could possibly see the death penalty. The question is “How dumb could this kid be?” My God, this kid copied thousands of classified documents and then went on line to talk about his great accomplishment! Essentially he aconplished nothing. Anyone with a secret clearance can so what he did. It took no skill, yet he thought that he deserved recognition for his accomplishment. The sheer stupidity of this character amazes me.

Amazing feats of programming magic deserve recognition. If this guy had hacked the SIPR from an outside source I’d say wow that’s impressive, treasoness and stupid but something to possibly boast about.

Its very sad that we spend millions possibly billions on defense network security. We hire the most intelligent mathmeticians and programmers in the world to work at the NSA and the Pentagon. Yet it only took one Army PFC and a few CDRs to accomplish the largest security leak in history.

Filed under internet, Security, Tech, Technology, web Tagged with , , , , , ,

Back Track Linux Version 5 on a Toshiba NB205

December 17, 2011 Leave a comment

I recently spent a few hours scanning and cleaning a Windows Vista Toshiba Satellite l505.  This task was painful, slow, and agonizing. After about hour four of svcanning and cleaning using various methods. I decided to sit down with the owner of the infected machine. We spoke about his computing needs. The conversation was brief and a I recieved a verbal snapshot of what sort of operating system my client needed. Usually I don’t advocate Linux for non computer savvy clients but in this case with his love for browsing and downloading torrents, I assumed I could set it up for him and all would be well. I explained the benefits of Linux security, and the lack of virus in the wild for most Linux and BSD kernels. Now I dont want to go around installing linux on everyones computer that I fix, simply because I might be out of a job at that point. Answering questions like do I need an anti virus is all i would be good for. Lets face it I have never had a Linux or BSD question I couldnt find in a forum.

All this talk about security and viruses made me hungry, no really it opens up my next project BackTrack on a Toshiba NB205 for network security and penetration testing. I belive this little netbook will be perfect and Backtrack looks interesting. IF you need an install tutorial I will not be doing one because they already have perfectly good instruction here.

I will be installing via a usb thumb drive, considering my netbook has no cdrom drive. Here goes nothing Ive got the USB…. will post results in the future.

Filed under bsd, firewall, How To, internet, Security, Technology, web

My Ubuntu 11.10 Server: a work in progress.

December 10, 2011 Leave a comment

Up and running again, this time I used Ubuntu 11.10 and this tutorial. I am a little on the fence about ISP Config but the server set up works alright. The hesitation regarding the ISP Config 3 is the documentation costs 5 euros or you must subscribe to sourceforge. I dont ike these types of shady sales tactics. Its like a mechanic replacing your oil for free and then charging you $50.00 for the oil filter. Or like when Cox cable gets you all set up for free HBO but doesn’t tell you that its only free for 90 days, at the end of that 90 days the full price is $45 a month.  This is OK I choose the cheaper more time consuming and difficult route. I choose to just figure it out on my own, with the pay to play documentation.  I will probably have many posts in the future about this learning experience. For now I present just a couple of quick tips. Instead of invoking init.d scripts which have been converted to upstart jobs:

instead of

sudo /etc/init.d/apache2 restart

Use 

sudo service apache2 restart

or sudo service ssh restart

Y

The tutorial for ISPconfig 3 is in depth and very well put together, even if you have very little experience with Linux, you can copy and paste the commands using favorite Terminal Emulator and an ssh connection to the remote host. Also using multiple monitors helps the ease of reading the instructions and the output from the terminal.

There is an initial problem with squirrel mail log in, I have yet to explore the issue, but I will at a further date and I will post.

My Ubuntu server is behind a Smooth wall express firewall “smoothie” which provides the dns and DHCP for my internal lan. Acompanied by a couple of netgear switches, and I have a rock solid LAN, for dirt cheap. I just used an old Compag presario, upgraded the ram to 512 mb, picked up a few nic cards for 4.99 each, because a firewall has to have more than one network interface. Once the hardware was ready I just followed the official installation guide. Installation was simple and painless.You can follow the two hyper links to the installation guides.

First I logged into my smoothie admin portal by typing 192.168.1.1.:81 then I navigate to Services>static dns

Next you just input the ip address of the server you would like to access, then a short memorable name, check enabled and click add

thats it now try it out.

,

static dns entries

Open up your faviorite web browser: type the shortname you chose for me it looks like this

check out the url. This makes things super quick. this only works in your home lan obviously you cannot just go to the internet cafe and access your home vpn with your static dns entry. for that you can use something like no-ip or any other dynamic dns.

This makes it incredibly easy for ssh access or sftp access which I use frequently.

Hope this might help someone out and I will post more about the dynamic dns set up I use at a later date.

* in reguards to the ISPconfig “Copyright © 2011 Falko Timme
All Rights Reserved. “

Filed under bsd, firewall, How To, internet, Security, Tech, Technology, web Tagged with , , , , , , , , , , , , , , , ,

ClearOS Enterprise Version 5.2 for home security: a simple review.

November 13, 2011 2 Comments

ClearOS 5.1 formerly known as Clarkconnect.

I downloaded Clear OS from here and used this page as a reference for the installation. The installation was extremely straight forward. I’ve used ipcop, pfsense, gibraltar, debian. Currently I have been using ClearOS  for the last 10 days, I found about Clear OS linux distribution at this site. If you are interested in using a Linux or BSD distribution for home security, there are many options available. Most options offer similar functionality and a web based user interface from which to administer your firewall. I will not be going over the features of the other firewalls that I mentioned if you would like a comparison look here. If you selected the previous link, you would find that iptables (base of Linux firewalls)  is number one for many reason. For the average user ease of use is important, if you are not to familiar with linux, firewall Lrules, networking then iptables might go right over your head. Don’t get me wrong you should be somewhat familiar with Red hat Linux, networking security, and yum package management to use ClearOS.  So since they are all similar and use iptables (Linux), why am I using ClearOS?

To put it simply it looks good, the webui during install and after located at https://system.clearos.lan:81 is easy to use, and it makes sense. I like the scalability of the install, adding server functionality or keeping it simple for more security. The install process was quick and painless.  Using common Linux names for the interfaces just makes things easy. Other distros implement color branding for interfaces, which just complicates things I think. If you are familiar with eth0 being your default Ethernet connection then why change it, right? It does NAT 1:!, DHCP, DNS. It has it all. Also because it is geared toward the corporate market and has that “enterprise” branding it is well documented. There is a whole host of How to’s out there which is why I didn’t make. It also has server functionality, Dynamic DNS service with domain hosting.

Based on CentOS and Redhat Linux, ClearOS falls under the GNU license.

In my set up the OS is utilized as a gateway, securing my various Linux and Windows clients. I have played around with the flexshare server, web server, smtp server, and others. They all work and are really easy to set up. It also has mysql for database, and uses phpmyadmin ui to administer that. I did some testing and I DO NOT suggest using your primary gateway firewall as a web server… From a security stand point its like an invitation for disaster. It will basically all direct connecting from the web into your lan… be careful.  Luckily Clear OS has a standalone feature allowing the user to deploy the OS as a linux server, which utilizes Apache 2.2, Samba, postfix, and several other well known server apps. Now things are not all good. Also for increased security clearOS implements snort detection and ip blocking which I like. The logging is extensive and very easy to use making trouble shooting a breeze.

The “enterprise” after Clear OS has its downside there are many “updates” available for the installed software. Unfortunately these updates are not free you must purchase them from Clear. Also the domain hosting which only allows you to use the Clear connect dyndns. A domain costs 25$ a year when you can get an identical domain from other providers for half the price. Either way if you are not worried about domain hosting and server functionality then ClearOS may be for you, I am planning on setting up a stand alone ClearOS server behind a ClearOS gateway and firewall.

Filed under bsd, firewall, internet, Security, Tech, Technology, web Tagged with , , , , , , , , ,

Follow

Get every new post delivered to your Inbox.

Join 214 other followers