security

This is just an old entry that I thought was interesting, and it appears its still relevant. Like a broken record, “economic times are rough”, what better way to boost your revenue than to exploit your customers. What better way to suppress a competitor than to increase a competitors infrastructure costs (with little visibility to boot). I did some repeated lookups this morning and got similar results.

Backdoor Corporate Sabotage With DNS

Another day, another flashback. I don’t know about you but at times I have had some very odd and uncomfortable requests from vendors. It’s not wholly  uncommon for them to want to log into your system to diagnose an issue for themselves. Or perhaps for whatever reason your manager says hey give this random outside person access to some important box. As a SA you get used to extremely odd requests and figure out how to just solve the problem. This flashback outlines what I did the last time I had to let an untrusted (note I had no reason to _not_ trust this person, but then again I also had no reason _to_ trust them) person have elevated privileges on a box of mine.

Automatic session logging and monitoring with GNU screen for the paranoid

In preparation for connecting to (im guessing here) an Exchange server at my new job I am switching from my beloved Mutt to Evolution. The absolute first thing I noticed about Evolution that I disliked was the keybindings for things like deleting messages, replying to messages and creating a new message. After some digging in the UI I could not find any place to change them. Some more sleuthing turned up some XML files down in /usr/share/evolution/$VERSION/ui. (more…)

Have you ever gotten a pdf with one of those annoying passwords? A while back I bought an e-book and it came with a password. Its really annoying especially if I want to read it on a mobile device. Anyway if you are annoyed as much as I am fear no more.

Install qpdf

aptitude install qpdf

Decrypt your pdf

qpdf --password=password --decrypt input.pdf output.pdf

Ever run into a situation where passing the option single to the kernel wasn’t enough to get your root password reset? This is not Debian specific but some distros (including Debian) require that you still enter the root password when booting to single user mode. This is just a quick run through of how to reset your root password without a live cd. (more…)

I mentioned in my last post Shared console sessions that I would have an update to get near same functionality without setuid of the screen binary. Well here it is. Hopefully you are aware of expect and how it can be used to automate interactive programs like telnet. Expect is has many more uses that people are exploiting. Enter kibitz. (more…)

I have had several posts regarding screen. Hopefully you have already realized the greatness of screen. Screen has a great feature that allows screen sessions to be shared. To my knowledge there are two ways to use this feature. First you can connect to a screen multiple times as the same user. Second you can use the multiuser mode of screen. (more…)

I’m not really certain how common corporate sabotage is. Sure there are DOS attacks daily on this or that network or this or that server but what percentage of those are script kiddies and what percentage are well thought out planned attacks designed to cripple a competitor even if only for a short time. Typically DOS attacks are dealt with by Server and Network Admins adding black holes to offending networks. Recently while doing some research I stumbled on what seems to be a neglected DNS attack. One that the target may not become aware of until the next billing cycle or if carried out methodically months. (more…)

Being able to send email manually seems to be a bit of a lost art. It is extremely handy to know how to use telnet to send email for testing procmail filters, and any other part of your mail system. It can also be fun to spoof email to a friend or co-worker. Read on for a quick run down. (more…)

I generally don’t have any issues knowing someone might be snooping on a bit of my traffic. However there are times you may want your traffic to be a bit more private. For example if your boss is a raging tyrant and your looking for a new job, and you know the sky would fall if he found out you emailed or happened to be on Career Builder or for that matter had even the slightest idea of abandoning him. Yes I am recounting something from my past, hey at least its distant past . So if you find yourself in that situation read on for how to use tsocks and ssh as a simple proxy.
(more…)