Sid Sidberry Reads

Well this is certainly news to me. But seriously the lowest level secure network in the U.S. can tunnel over regular internet with no loss of security and we still don’t have Internet elections?

From: http://en.wikipedia.org/wiki/Estonian_parliamentary_election,_2007

In 2007 Estonia held its and the world’s first national Internet election. Voting was available from February 26 to 28.[2] A total of 30,275 citizens (3.4%) used Internet voting.[3]

Electronic voting in Estonia began in October 2005 local elections when Estonia became the first country to have legally binding general elections using the Internet as a means of casting the vote and was declared a success by the Estonian election officials.

Check It Out:
Estonian parliamentary election, 2007 – Wikipedia, the free encyclopedia

It’s the holidays and everyone is all about giving, why not give to the honeypot project?

we all have a few domains we’ll never use for mail, why not put them to use killing spammers? Well not the death kinda killing, but you get the point…

From: http://www.projecthoneypot.org/manage_mx_entries.php#donate

In order for us to create honey pot addresses that spammers cannot tell from real addresses we need as many donated domains as possible. You can help us by donating an MX entry for a domain you control. You may setup your donation such that it will not affect existing mail or web traffic coming to your site. For more information, please see our FAQ.

Check It Out:
Project Honey Pot

A few months ago I decided to try and build a web application in a way that supported how the application actually worked. The biggest hurdle was trying to keep 3nf and still retain the original goal. Needless to say that was a major exercise in futility, the big idea was lost and we ended up just doing it the normal way.

I’ve been looking at things like hypertable, but have no need for it. Enter couchdb.

Instead of your typical db structure data is stored as a document (or object for us oop minded). Documentation is still growing, but the project was adopted by apache, and regardless of how you feel about apache that should for the project.

After a few days of research my main question is how best do you implement it? I’d love to use this for my gray network project, but I’m thinking I may still be in the discovery phase with couchdb when it launches

Anyways whats your take on how best to implement couch db? I’m still researching security, performance, etc, but I think couchdb is definitely in my future

Ok I’m kinda confused are they trying to replace java, or activex, both…?

From: http://google-code-updates.blogspot.com/2008/12/native-client-technology-for-running.html

Modern PCs can execute billions of instructions per second, but today’s web applications can access only a small fraction of this computational power. If web developers could use all of this power, just imagine the rich, dynamic experiences they could create. At Google we’re always trying to make the web a better platform. That’s why we’re working on Native Client, a technology that aims to give web developers access to the full power of the client’s CPU while maintaining the browser neutrality, OS portability and safety that people expect from web applications. Today, we’re sharing our technology with the research and security communities in the hopes that they will help us make this technology more useful and more secure.

Check It Out:
Google Code Blog: Native Client: A Technology for Running Native Code on the Web

If you don’t know: I’m anti Mac. I love ipod, tempted by iphone, but my main issue is with the mac os and pretty much anyone I know that has switched. I’ll admit some of the newer laptops are oh so shiny, tiny, and have made me drool on occasion. Anyways more on my anti mac crusade: Apple is advising users to install anti virus software. Oh yeah freebsd users are still safe

We are all notoriously snobbish when it comes to not installing anti-virus software, but largely because we all know that malware is essentially non-existent when it comes to the Mac. Yes, yes, there’s the occasional scare, but seriously: when was the last time that you noticed an actual piece of malware on the Mac of someone you know that actually did any harm? Yeah, exactly.

Nevertheless, the Washington Post’s Brian Krebs noticed a November 21 technical note published on the Apple website that reads:

Apple encourages the widespread use of multiple anti-virus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.

Of course, Apple has long-touted the fact that Macs just, simply don’t get viruses. Remember this ad?

Apple says users should install anti-virus software | MacUser | Macworld

Came across this today while looking into fail to ban. This is a pretty good overview of applications you can use to secure your server. The directions are for ubuntu, but source packages and alts are just a google away of course.

Quick ‘n Dirty Security and Visibility

1. Introduction
2. Firewall
2.1 FireHOL
2.2 ufw
3. Intrusion Prevention
3.1 Fail2Ban
3.2 sshdfilter
4. Intrusion Detection
4.1 chkrootkit
4.2 rkhunter
5. Log Monitoring
5.1 LogWatch and Dropbear
6. Security Update Notification

Introduction

This article describes some of the tools and utilities I use to better secure and monitor my servers. Simply following the article below does not get you a secure box, you also need to ensure any services you have running are correctly configured and you should disable, or better yet remove, any services or software you do not require.

Quickn Dirty Security and Visibility

So after years of partial frameworks, and various concepts, I’ve finally started my framework.

First off there is NO windows support. I’m sure that’s not the best way to go, but I can’t think of one reason to host a php app on windows. As noted windows isn’t supported, but I’m working on a linux installer that will handle installation of third party apps, that the framework allows you to use.

I was hoping to use the framework in its current form on a project, but due to deadline concerns its only used partially. I’m hoping to setup a test server for security testing, so if you like expoliting stay tuned.

So here’s an overview of whats done:

• automatic cleaning of all GET / POST / COOKIE data.
• extremely extendable
• OOP (of course)
• database sessions
• geo locations
• user system
• html purifier integration
• session hijacking prevention
• xss / sql injection protection (still being worked on / 60-70%)
• caching system
• made to scale
• media conversion

There is still much to be done before I release a beta, but thought I’d get try and get some feedback. This framework is a combination of a few of my previous concepts / framework ideas:

1. bacon – security features are all taken from the bacon framework concept, the encryption features are not fully integrated yet
2. color – old framework idea from my joop media days
3. evo – framework concept for virtual worlds

The main goal of this framework is to have a simple framework that doesn’t force you to things this way or that way. Something that gives you the basic and a base to work from.

right now the only draw backs I see with the system are the number of db queries used (caching system also handles db caching), and right now it’s speed isn’t we’re i want it.

If you have any ideas of features to add in, let me know.

Anyways I’ll hopefully have a beta ready in a few months.

today one of the projects I work on tracked a user repeatedly trying to get contact information from our younger members, actually only our younger female members. We’re kid friendly so always watch out for certain types of communcation.

After repeat bans we then did an ip ban, because he keep coming back to try and contact more users. To me that seems like a red flag, so after a bit of googling and reverse lookups I contacted verison as they would know whether this was some hopeless kid or an actual threat.

The first number listed is a voicemail telling you were to email, the next number agreed with me and put me through to the non voicemail number for verisons online security team.

Their security team turned out to be something that sounded like a call center in some country, their response? call the police. WTF?! No offense but I’m bring this to your attention, because you have the account information and can confirm if this is an action item as soon as I’m off the line and you look at the account… right?

30 minutes later I get a call back from the call center saying: “Hi you just called called, now what type of child pornography does this user have?”. How me trying to simply pass on a possible threat goes to me reporting child porn I have no idea.

after 20 minutes of explaining again the situation the call center employee finally understood why I was calling, and submitted a request to check out the account because of what happened on that site.

This took about 1 1/2 hours and 4 calls – Holy Crap! It really takes an hour and a half + 4 phone calls to submit a BOLO. There has to be an easier way to simply pass on information like this to isp’s.

There seriously needs to be a better way for admins to notify isps when one of their users is aggressively displaying strong indications of being a child predator. Or at least some form of SOP.

I propose they do the following:

1. Admin contacts ISP, tells them situation. (2-5 minutes)
2. Verify the admin is actually an admin of the site mentioned via email ( 3 – 7 minutes )
3. Verify the site is active and general content of site. Already done
4. Verify the ip (30 seconds)
5. Verify household / age of user
6. Notify whoever needs to be notified and request documentation if needed
7. Send follow up thanks for the heads up email

Maybe I’m to used to SALUTE’s, BOLO’s, etc. But it seems like common sense to make it easy for the people who run these sites to be able to report activities like this. Maybe I’m the only one that thinks that.

Anyways his ip’s blocked and the iprange as a whole is getting extra careful watching.

elsid out – I got deadlines to hit.

just a quick tip for anyone using .inc files via apache.

add the following to your apache configuration to prevent viewing of .inc files via the web. This will not prevent php from including the files locally

<FilesMatch "\.inc$">
Deny From All
</FilesMatch>

There ya go, now feel free to use .inc files as much as you’d like. Also an fyi – I recommend using .php instead of .inc, security wise a few configuration changes will make both extensions about the same. Mainly it’s for developers. Some developer tools treat .inc differently than .php. So to keep it easier for the developer .php is recommended, but not required.

elsid out

Bacon 100%

Bacon is my pet project right now. the goal is to make a php 4 / 5 compatible plug and play security system. So the process would go something like: install bacon, develop your app, send me feedback

Its kind of a big undertaking for me, because I hate being limited. So I want to offer as much freedom for development as possible. So far i have the base portion of the user system, encryption system, caching system, and general threat avoidance system. Yes I’ve barely been sleeping this week

If anyone even reads my blog for more than a quick how to: I’d love feedback on what would be to limiting.