Samba and Windows 7

Windows 7 has upgraded security.  This will effectively cause trouble in making connections to legacy apps (ie. Windows XP supported).  One of them is Samba on Unix.

Fortunately, there’s a solution to this:

  1. Open Control Panel.
  2. Choose Administrative Tools.
  3. Click Local Security Policy.
  4. Under Local Policies and Security Options:
    1. Change Network security: LAN Manager Authentication Level to “Send LM & NTLM responses”
    2. Change Minimum Session Security for NTLM SSP to disable “Require 128-bit encryption” into “No Minimum Security”.

Illustrations below:

Future of Mobile Data Networks

Selection of SmartphonesAnything can be communicated via the Internet.  It readily connects everyone to emails, web, television, and voice.  It is where mobile computing’s future lies. The mobile industry seems to be shifting focus to Everything-Over-IP.

Traditionally, a mobile phone is used to communicate voice conversations.   The question now is who needs mobile voice?  Texting has becoming a popular way of doing things in Asia and Europe.  North America is catching up.  Then there’s the popularity of Facebook and Twitter, where Internet connection is required for status updates.  It’s becoming more than just a 1-to-1 communication.  It’s a broadcast of information.

To make Internet capable mobile devices, first the portable technologies have to converge.  Laptops have to be small enough for maximum portability.  Cell phones must be powerful enough to run like computers.  There are plenty of companies like Apple, Toshiba, Dell, and Nokia who are trying to close that gap.

It’s no surprise Apple announced the iPad.  They’re touting it as a reading device, but people know it can be much more.  Its main communication devices are WiFi and 3G.  No voice capability.  However, Apple has also recently allowed VoIP over the 3G network, so apps like Fring or Skype can provide voice calling.  Similarly, AT&T now allows Slingbox, TV anywhere, to go over 3G network to iPhone users (eventually the iPad).  So Apple’s strategy is definitely IP based communication.  Other companies will (or have already) follow suit.

This may sound familiar.  In 1998, there was much hype for Voice-Over-IP (VoIP) in the Telecom industry.  Huge investments were made to lay down fiber optics infrastructure for faster data transfers.  It took a while for that investment to bear fruit, and it looks like the consumers are finally starting to see the benefits.

Interestingly enough, wireless Internet connectivity it not widely available.  But that’s changing, thanks to innovation in wireless technology, such as WiMax or LTE.  It will reach the rural areas where Internet access is scarce.  Also, the price needs to go down in order to make it economically feasible.  Maybe the government should step in?

The direction is to get everyone connected.  Mobile Internet can finally become an integral part of the way people do business and go about their personal lives.  It’s the future of communication – on everyone’s hand.

The Importance of Page Loading Time

run_blur

Customers are very fickle when checking out a company’s web site.  Unless they’re desperate, a person browsing a site tend to go quickly from one page to another.  Their attention span is short.  Their time is valuable.  They don’t want to spend too much time waiting for a web page to load.

Companies have spent a substantial amount of money to improve page loading times.  Improvements include upgrading internet connectivity, buying faster computers, reducing web applications RAM usage footprint, or investing on a content delivery network.

What other important reasons to improve web performance?

  • Increase in traffic due to natural business growth, or advertising campaigns.
  • Snappy response times are required when using the latest web browser tools, such as AJAX.
  • Google is planning to rank web pages by their load times.
  • Increase use of videos using embedded Flash, and future HTML5.

There is a cheaper way to improve web site performance: Optimize Content.  It means reducing the use of heavy graphics, Flash files, or client side Javascripts.  It also means reducing HTML and CSS file sizes.  It may seem contradictory, but ultimately, content dictates page loading times and can improve the web browsing experience.

Operating System and Web Apps Hacking

A lot can be learned from a hacker (albeit a convicted hacker).  Here are some of his thoughts on OS and web application security:

Securing a system:

I keep my services to a minimum, and I keep them updated. On my Linux box I use custom kernel hardening patches to make memory corruption bugs pretty hard to exploit. OpenSSH is firewalled and only accepts a connection from your ip if you visit a custom port-knocking page on my webserver. Basically the only service listening is apache, without PHP.

On my desktop and laptop I don’t have any services listening at all.

Public computers:

… I try to avoid public computers. If I really have to log in from an untrusted terminal I use otp authentication.

Modern website’s security:

Not very secure. SQL-injections are everywhere.

Discovering SQL injections vulnerabilities:

I don’t know of any specific papers, SQL injection is such a simple concept so you can pick it up in a matter of hours. The best method of finding them manually is to simply insert ‘ and ” union select(..” at random in parameters and see if things break.

Local source disclosure vulnerabilities:

Yes, sure. You can do a lot with config.php + phpMyAdmin.

What to do in a hacked machine:

1) Find a custom admin interface.

2) Get read access to a db from an SQL-injection.

3) Find tables corresponding to the custom admin interface.

4) Crack the admin password.

5) Log in and upload a new picture, containing PHP.

6) Exploit buggy custom cron-scripts that delete directories in /tmp once a day.

7) Wait for exploit to trigger..

8 ) Infect a binary on an NFS-share.

9) Wait for someone to use the binary..

10) Enjoy access to the main servers.

Something like that 😉

Operating System:

Personally I use Linux. I don’t consider Linux especially secure, just look at the number of local kernel root vulns found in the last year. I do however know that this is because there are so many people auditing Linux every day. I’d rather use an OS that has a few serious public vulns each year than one where the vulns are still there but aren’t found.

If you make a new operating system, how long it takes for someone to exploit vulnerabilities depend on how secure your code is and how much someone would want to exploit it. A local root vulnerability in QNX isn’t as “popular” as one in Linux, so more people are looking at Linux.

Tools used:

Exploits, network scanners, rootkits, google (perhaps the best network scanner).

And a voice recorder. They are essential when hacking banks.

More security holes:

Yes, I’ve written exploits for most types of bugs. Buffer overflows, format strings, int overflows. I have discovered some holes myself. Nowadays the most popular thing to audit is webapps. The age of remote root holes in popular ftpds is gone.

Government computers:

Personally I think that there are government agencies in the US, China, Russia etc. that have already backdoored each other to hell and back.

Stopping a hacker from coming in:

In short, if you have a network that is connected to the internet and someone wants to get in, they will eventually get in. If you are running the latest versions of all possible software you might think you are safe. But what if someone comes along with a 0day, or someone hacks the home computer of one of your administrators?

Tracing a hacker:

I got too comfortable with my setup and thought I was untraceable. It turns out that, given enough incentive, some people will analyze router logs from all over the world for months until they find you.

PHP:

Make sure whatever PHP software you are using is always up to date. PHP stuff has a tendency to be written very poorly. Install some custom hardening patches like Grsec.

… I’m a big fan of Python. It’s much easier to write insecure software in PHP than in Python.

Security Industry:

I think has become less about knowledge and innovation and more about hype. Extreme hype. Everyone wants to make money off their name. Bugs become a commodity that is sold to companies that charge subscription fees for advance notice, etc..

Personally I am a blackhat. I loathe the cesspool of inflated egos that is the computer security industry. Therefore, I would never ever advise them to become “whitehats”. As for a more rewarding way to use their skill and curiosity, I can’t think of a good answer. Hacking into computers is simply the most rewarding experience I have ever had. I don’t see it as a problem if you are hacking big companies or governments for the sake of adventure, you are not out to hurt people.

Just make sure not to make money from your hacking, be it selling out to the security industry or selling botnet-stuff to russians. Both will destroy your passion.

Sysadmins:

I understand that ultimately some admin will have to take care of cleaning up after the breach, but it’s a part of their job. If one of the main reasons not to hack is that some administrator, whose job it is to maintain the servers, has to do his job.. I just don’t see that as a very compelling reason not to hack.

Hacking:

The incentive was the thrill of breaking into something that could sometimes have taken over a month of preparation. Looking at information that you weren’t supposed to be looking at. I suppose it’s the same feeling you get when solving any complex problem. It’s better than sex. I mostly worked alone, and I was not hired for anything.

Operating System hacking preference:

I almost exclusively hacked *NIX machines. Mostly Linux and Solaris, but also a lot of IRIX/HP-(S)UX/AIX. I would however definitely say that it is easier to hack a Windows PC, given their history of remote “root” vulnerabilities in default services.

OpenBSD is not secure at all. At least they changed the text on their front page to “Only two remote holes in the default install, in a heck of a long time!”. There’s a reason Theo DeRaadt has been hacked a number of times, his ego is enormously inflated. OpenBSD is 10 years behind grsec for example.

The most important part is the anti-exploitation techniques like ASLR, PIE, etc. What I meant to say was that GRsec has always been in the forefront when it comes to those. GRSec, RBAC and SELinux also have MAC capabilities but these are extremely rarely used correctly and to their full extent, since they are so hard to configure right.