Network topology/building a router

From: Dan Lyke 
------------------------------------------------------
Okay, that latest "Running Doom on a Canon Printer" exploit has me
thinking a little bit more about network security.

I've started running UFW on my Linux servers, which is awesome, but I
think what I'd really like is something that lets me do that on my
network generally:

* the printer doesn't get any traffic other than 631 (IPP) and maybe
80 and 443, and doesn't get to open connections except in response to
connects from those addresses.

* the webcam in the shop only gets inbound connections on port 80.

* some warning when other devices do things outside of their security
profiles. And even for the printer, it's one thing to apply those
rules, but I should be able to see what it's trying and optionally
allow it to do things like updates.

Any suggestions on where to start?

Dan

Anyone heard of this botnet expoit for linux?

From: Rod-Lists 
------------------------------------------------------
"Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals.

The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. 

Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet.

A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot."

http://www.net-security.org/secworld.php?id=17322

Protecting password files (was: Name Cheap under attack)

From: Dan Lyke 
------------------------------------------------------
On Mon, 1 Sep 2014 21:41:13 -0400 (EDT)
Rod-Lists  wrote:
> http://community.namecheap.com/blog/2014/09/01/urgent-security-warning-may-affect-internet-users/

So I'm a Namecheap user, and, I'm slightly embarrassed to say, my
Namecheap password was one I've used on a few other sites (it's a
mid-tier password).

Obviously, I instantly went and changed it to something that came from
"pwgen 32".

Buuuuutttt... I have three password strategies:

1. A few I remember. Obviously this is not something I can use
   everywhere.

2. A few machines have a "passwords.txt" file in their documents
   directory.

3. I also have shared Firefox password storage.

#3 is awesome, except that  Firefox has broken this at least once, so I
always feel like that if I lose my laptop drive I could lose
everything, *and* I don't actually know how secure things are.

#2 is great if I were smart enough to put that file in git, and *then*
if I actually trusted that the machine I stored the git repos on wasn't
ever going to get compromised.

I'm unwilling to use a third party service for this because the cloud
is another name for "on someone else's computers at the whims of
someone else's security policies", ie: the most nebulous bits of #3.

So: What's the right way to put a passphrase on that passwords.txt
that'll go into a git repo? Something so that I can update it from
multiple places, diffs and merges are all handled reasonably, it's
backed up in multiple places, but I'm not exposing my on-line life on
exposed hosts?

Dan

Name Cheap under attack

From: Rod-Lists 
------------------------------------------------------
http://community.namecheap.com/blog/2014/09/01/urgent-security-warning-may-affect-internet-users/

Netflix open sources internal threat monitoring tools

From: Rod-Lists 
------------------------------------------------------
I was wondering any of y'all heard of these tools or tried them?

http://www.networkworld.com/article/2599461/security/netflix-open-sources-internal-threat-monitoring-tools.html

Fwd: [PhreakNIC] CTF

From: Jon Nyx 
------------------------------------------------------
FYI

PS - "Keith" is this guy:

Keith Watson
Information Security Manager, College of Computing
Georgia Tech, Atlanta GA
http://www.cc.gatech.edu/~krwatson

Part of his day job is taking large botnets away from organized crime
outfits, studying them, and then disassembling them. We're very lucky
to have him helping with our con.

Dru Myers
Nashville2600 President, PhreakNIC founder and con chair, 1997-2001 & 2014


---------- Forwarded message ----------
From: Keith
Date: Tue, Aug 26, 2014 at 8:48 AM
Subject: [PhreakNIC] CTF
To: phreaknic@googlegroups.com


I've talked to GTRI (the people who put on the Hungry Hungry Hackers
CTF) and it looks like a go. I will have more info in the next week or
so.

H3 was this last weekend, it went great (8/22 & 8/23)
http://www.hungryhungryhackers.org/

We noticed at past events that people would leave the CTF after only a
few hours. We asked around and found that people want to compete but
are overwhelmed and don't know where to start.

This year we had two tracks, competition and educational. The
educational track had multiple speakers that did walk-throughs of
tools and how to solve some basic challenges. It went very well and
after the end of the educational track a bunch of them joined the
competition.

The CTF is Jeopardy style with about 60 challenges. In addition we had
ten stations setup with a FPGA hardware flags and a car hacking
station setup with CAN buss flags.

Craig Smith of TheiaLabs set up the car hacking station and was on
hand for the entire event. It was a combination CAN buss/WiFi hack.
Craid was alos handing out copies of the Car hacker's Handbook. You
can download the PDF here:

http://opengarages.org/handbook/

A lock picking challenge was also part of the CTF.

Once we do our post CTF debrief we'll start solidifying the PhreakNIC CTF.

Let me know of anything you would like to see in the CTF.

keith

--
You received this message because you are subscribed to the Google
Groups "PhreakNIC" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to phreaknic+unsubscribe@googlegroups.com.
To post to this group, send email to phreaknic@googlegroups.com.
Visit this group at http://groups.google.com/group/phreaknic.
To view this discussion on the web visit
https://groups.google.com/d/msgid/phreaknic/7ba33013-fc4b-460c-9742-6fb1a7703dd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Somewhat OT: ISSA meeting coming up

From: Mark Quering 
------------------------------------------------------
Hey all


For those of you who are security inclined (who isn't) the third quarterly
meeting of the local chapter of ISSA is coming up.

Info: http://chattanooga.issa.org/?p=1
Register: http://conta.cc/1pNTngS


-- 

Thanks;
Mark Quering

up:time
simply reliable technology
423.320.2744

building packages

From: Christopher Rimondi 
------------------------------------------------------
This question is probably 50% based on circumstance and 50% on personal
preference but I wanted to get opinions from people who have built OS
packages; debs, rpms, whatever.

What do you usually include in the package? Upstart scripts, user/group
creation, post install scripts? Other logic?

As a general philosophy: Less is more or more is more?

Thanks,

Chris

-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

Anyone want to start a ps2 connector based computer company?

From: Rod-Lists 
------------------------------------------------------
or maybe comtronix and serial mice?
Why the Security of USB Is Fundamentally Broken
http://www.wired.com/2014/07/usb-security/

Ed, you and I could be rich! ;)

Oh boy... We *ARE* criminals!!!

From: kitepilot@kitepilot.com
------------------------------------------------------
Linux Lands on NSA Watch List
http://www.eweek.com/security/linux-lands-on-nsa-watch-list.html

Fwd: Linux Journal: Awesome Tech Magazine or Extremist Forum?

From: Jonathan Calloway 
------------------------------------------------------


Begin forwarded message:

> From: Linux Journal 
> Subject: Linux Journal: Awesome Tech Magazine or Extremist Forum?
> Date: July 8, 2014 at 8:00:46 AM EDT
> To: jonathancalloway@epbfi.com
> Reply-To: Linux Journal =

>=20
> Linux Journal: Awesome Tech Magazine or Extremist Forum?
> =20
>=20
> NSA: Linux Journal is an "extremist forum" and its readers get flagged =
for extra surveillance
> by Kyle Rankin
> A new story published on the German site Tagesschau and followed up by =
BoingBoing and DasErste.de has uncovered some shocking details about who =
the NSA targets for surveillance including visitors to Linux Journal =
itself.
>=20
> While it has been revealed before that the NSA captures just about all =
Internet traffic for a short time, the Tagesschau story provides new =
details about how the NSA's XKEYSCORE program decides which traffic to =
keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, =
and the article reveals that Web searches for Tor and Tails--software =
I've covered here in Linux Journal that helps to protect a user's =
anonymity and privacy on the Internet--are among the selectors that will =
flag you as "extremist" and targeted for further surveillance. If you =
just consider how many Linux Journal readers have read our Tor and Tails =
coverage in the magazine, that alone would flag quite a few innocent =
people as extremist.
>=20
> While that is troubling in itself, even more troubling to readers on =
this site is that linuxjournal.com has been flagged as a selector! =
DasErste.de has published the relevant XKEYSCORE source code, and if you =
look closely at the rule definitions, you will see =
linuxjournal.com/content/linux* listed alongside Tails and Tor. =
According to an article on DasErste.de, the NSA considers Linux Journal =
an "extremist forum". This means that merely looking for any Linux =
content on Linux Journal, not just content about anonymizing software or =
encryption, is considered suspicious and means your Internet traffic may =
be stored indefinitely.
>=20
> One of the biggest questions these new revelations raise is why. Up =
until this point, I would imagine most Linux Journal readers had =
considered the NSA revelations as troubling but figured the NSA would =
never be interested in them personally. Now we know that just visiting =
this site makes you a target. While we may never know for sure what it =
is about Linux Journal in particular, the Boing Boing article speculates =
that it might be to separate out people on the Internet who know how to =
be private from those who don't so it can capture communications from =
everyone with privacy know-how. If that's true, it seems to go much =
further to target anyone with Linux know-how.
>=20
> It's bad news to all of us who use and read about Linux on a daily =
basis, but fortunately we aren't completely helpless. Earlier in the =
year I started a series on security, privacy and anonymity in my Hack =
and / column that included articles on how to use the Tor browser bundle =
and Tails. With either piece of software in place, you can browse Linux =
Journal (and the rest of the Internet) in private.
>=20
> Read this and other privacy-related stories at LinuxJournal.com.
>=20
> A Bundle of Tor
> Tails above the Rest: the Installation
> Tails above the Rest, Part II
> Are you an extremist?
> Dolphins in the NSA Dragnet
> Are you an extremist?
> Get the T-Shirt!
> Get the T-Shirt by itself or take advantage of our special (and =
temporary) offer and get a 1-year subscription with your shirt for just =
$10 more!
>=20
>=20
>=20
>  Follow us on Twitter | Like us on Facebook
> Copyright =A9 2013 Linux Journal, All rights reserved.
> Our mailing address is:
> Linux Journal
> 2121 Sage Road, Ste 395
> Houston, TX 77056
>  If you do not wish to receive further e-mails regarding Linux Journal =
products, please visit: =
http://linuxjournalservices.com/portal/unsubscribe/?V77Dxgls%2FB0Xo8NsY%2B=
qzRuMrEAEQbeqSA.=20
> =20
>=20

hiring

From: Christopher Rimondi 
------------------------------------------------------
We are hiring if you know anyone who fits this:

http://newton.newtonsoftware.com/career/JobIntroduction.action?clientId=8aa00506326e915601326f65b82e1fcb&id=8a32181446937e290146afb8652b3b14&source=%200

Ping me off list.

-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com

OpenVPN on pfSense problems

From: David White 
------------------------------------------------------
So I sent the following email to the pfSense list a few minutes ago, but I
also thought I'd post the question here... I'm having trouble getting
OpenVPN working on pfSense (I think I'm cursed with OpenVPN - I've never
had a successful deployment of it, either stand-alone on CentOS or in
pfSense!)

I'm not sure if the problem is on the server or on the client. I tend to
think that the problem is on the client's side.

Here's the email I sent:

I'm having trouble connecting my Windows 7 OpenVPN client to the pfSense
2.1.4 server. I have tried two different types of ciphers (BF-CBC and
AES-256-CBC).

This is a fresh 2.1.4 install with the server's settings generated using
the Wizard. I'm including my local config file. As you can see, I'm trying
to connect via username / password and not via SSL certificate.

*dev tun*
*persist-tun*
*cipher BF-CBC*
*auth SHA1*
*tls-client*
*client*
*resolv-retry infinite*
*remote 204.93.122.117 1194 udp*
*lport 0*
*auth-user-pass*
*ca C:\nnh-vpn.crt*
*comp-lzo*

It seems that the client is hitting the server, but for some reason, my
client isn't successfully connecting. Here's the last 50 entries in the
OpenVPN server's log (see end of this email).

I'm having trouble tracking down the log files on the client machine, so
perhaps this email should go to OpenVPN folks and not pfSense. But I'm
wondering if anyone on this list has any suggestions.

Thanks,
David

Jun 30 23:29:19openvpn[98461]: /sbin/ifconfig ovpns1 10.1.5.1 10.1.5.2 mtu
1500 netmask 255.255.255.255 upJun 30 23:29:19openvpn[98461]:
/usr/local/sbin/ovpn-linkup ovpns1 1500 1558 10.1.5.1 10.1.5.2 initJun 30
23:29:19openvpn[99566]: UDPv4 link local (bound): [AF

Home Automation and more

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pretend you are designing your dream home (or perhaps are remodeling
and have all the walls torn down and have to run new electrical
service anyway), what would you put in?

Audio/Video/Network/Automation/Alarm/Security/Camera/Paging

Rack full of Linux servers/VMs goes without saying, so we're on-topic.
:)  I've already decided on multiple CAT-6A pulls through-out the
house.  I have been impressed enough with Unifi that I will be using
their wireless, controlled by a Debian VM.  I know some of you have
some awesome ideas.  Feel free to unicast if you don't want to share
on the public forum, but I would enjoy hearing those ideas.

Regards,

dtb
- -- 
"Some things in life can never be fully appreciated nor understood
unless experienced firsthand. Some things in networking can never be
fully understood by someone who neither builds commercial networking
equipment nor runs an operational network." RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTojgDAAoJEMP+wtEOVbcdKCIH/jbyfkqz4mqDxMPo2PakWvDz
ZhVFMYxRQiCOYFR8FvBrzerGOJmsQD49o4gpQPr0iEvP8tW8HJZwX8q20yiuIN0s
DQtUc1bhMUJ5s6WKhSjhIwi2V1n/xGg/xSo1cTgcQC4459aUUw+vqeygoyJSZ4Cu
m1Wcgs2dEDHfDv0EYJQfAIri8lyCRRjhtL/j3GW68r4ZBRj5eHOI4Dk4gPKLwaB+
1OSaQs45Q4msTCwqk9woQSP0wATa3924DTZKa2qeFTyIeR6/KTDGzv80YffIcKMc
HD7H4UKMiMcoxG5rkThVUzMo/PoMBHgDPK2nnhAFrmlp4+pgTnhbxJBWLGGSUi8=
=0fTq
-----END PGP SIGNATURE-----

Keren Elazari: Hackers: the Internet's immune system

From: David White 
------------------------------------------------------
I just watched this.

Not all hackers and security researchers break the law, but I found this
video fascinating, and it raises a lot of good points.

https://www.youtube.com/watch?v=erCAp

I'm baaaaaaack!

From: Ed King 
------------------------------------------------------
Got bumped off the list back in mid May due to "too many bounces".    Been checking chugalug.org webpage occasionally for any job announcements or hardware sells/freebies ;-)

I stayed unsubbed for awhile (and missed Hack-a-nooga too) because I needed to focus on our latest and biggest client rollout, which went "live" on 6/2/2014.    To "save money" we switched hardware platforms a few weeks before rollout (went from $800 kids-toy netbooks to $300 Dell Venue tablets), but the software platform stayed the same (albeit with some custom mods for the new client):    lamp stack (linux/apache/php/mysql) on qemu.    Why are we running in a vm/emulator?  Well its a long story but a previous 3rd party vendor wrote our field software.  This 3rd party vendor required Windows netbooks.  Their software was slow and flakey (as you'd expect from dot-net) so we ditched them and rewrote the field software in-house (like we wanted to do in the first place, and we did it in less than half the time, and still had more features and flexibility!).    But... we couldn't just throw out twenty $800 netbooks, so we leveraged that hardware "investment"
 by using qemu to run our lampp stack, thinking that it would also be portable if we ever moved to android (does anyone know of a qemu package for android that doesn't SUCK?)

Back-end:   For "security" this client did not want their data on the same server as our other clients, so I set up a new Debian server just for them.  HTTPS and automated sftp file transfers. 

Well now that this new client is up 'n running, I figured it was time for me to re-sub, so...  I'm back.  This new client is our biggest client to-date, and has doubled the amount of inspectors in the field (and doubled the data collection too...  thank goodness we solved that mysql lock problem we used to have).   Things are running smoothly!   I dare say that the support calls have somehow decreased (oh great, now I've jinxed us).    

Props to our little I.T. team:    Danny "dj" Smith Jada "coldfish" Case, and Master Ed :)









To use PGP, or not to use PGP...

From: David White 
------------------------------------------------------
I'm working on a presentation I'll give next month at a conference geared
towards folks working for smaller Christian / missionary-focused nonprofits
on "Introduction to Security."

Some of the folks who attend my presentation will probably be a 1-man shop
with very little general IT knowledge, and others will probably know oodles
more than I about security and information systems.

Anyway... I installed OpenPGP into Thunderbird a few months ago, although
I've rarely (if ever) used it to sign or encrypt legitimate messages,
partly due to the fact that almost no one that I email uses PGP or have
ever heard of it.

Recently, I've been doing some research into how useful it actually is, and
whether or not it is actually secure.

My findings so far is that the current version of PGP is very secure.

Indeed, according to Wikipedia, there is no known method to breaking PGP
encryption: http://en.wikipedia.org/wiki/Pretty

Linux Kernel Patches over 4-Year-Old Bug

From: David White 
------------------------------------------------------
This looks a bit serious:
http://arstechnica.com/security/2014/05/linux-gets-fix-for-code-execution-flaw-that-went-unpatched-since-2009/

-- 
David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Nonprofit Organizations Worldwide
http://developcents.com
423-693-4234

Open Source Security Initiative

From: David White 
------------------------------------------------------
This looks promising. Sounds like the Open Source Foundation is behind it /
heading it up, which I greatly prefer over a Google- or Facebook- led
initiative or some initiative led by a combination of large tech firms.

http://www.infosecurity-magazine.com/view/38120/google-facebook-microsoft-and-other-tech-giants-to-fund-open-source-security-initiative

Thoughts on Cloudflare?

From: Rod 
------------------------------------------------------
Just wondering what y'all thought of it's services.
Heard it was a good dynamic dns among other things.
But the CDN, Optimizer, and security options look interesting.

-- 
The unregulated free market is like Yog-Sothoth, a mythical being whose  
followers make bloody sacrifice to hasten its arrival to this world.

http://snowdenandthefuture.info/documents.html

Using Opera's mail client: http://www.opera.com/mail/