Posts Tagged ‘Security’

Springtime Hack

Sunday, March 9th, 2008

I could easily mark this as the worst morning in as far back as I can remember. Without the first cup of coffee I sat down to scan our servers like I do everyday, just looking for anything out of the ordinary, like services that failed to run. For the most part it is a ten minute job that rarely varies day to day. This morning was an exception.

Nearly every nightly job failed. Worse than that there was an hour and ten minute hole in the logs, 0155 to 0305 was completely unaccounted. I scanned every log from authentication to our application logs and every single one of them showed this hole but checking our external monitoring service showed that we had zero downtime. What the hell happened?

A cold hand of desperation and fear gripped my stomach leaving me dizzy. I ran chkrootkit but came up clean so I mentally prepared myself to rebuild the server and possibly be eviscerated by my bosses. How would I explain this? How could I protect us from it happening again, that is if I still have my job?

Sitting helpless I realized, “Spring Ahead”.

Tags: , , , ,
Posted in Sysadmin | 4 Comments »

(Worthless Sysadmin + Microsoft)^ Crap Police Work = Jail Time

Thursday, January 11th, 2007

The Norwich Bulletin reports that a substitute teacher has been found guilty in Norwich porn case and with her sentencing looming in March she could face upwards of 40 years in jail but there is a twist to the story.

When the facts of the case are laid out it looks to be a blizzard of incompetence ranging from the school’s IT staff, shoddy forensic police work, questionable judicial proceedings, and a the ribbon that ties it all together is one of Redmond’s flagship products. SunbeltBLOG worries about the notion of doing actual hard time for a spyware infection. A frightening though indeed.

Reading the articles I find myself question the capabilities of the police investigators and their apparent lack of understanding of how spyware operates. From another Norwich Bulletin article:

Norwich Police Det. Mark Lounsbury, who investigates computer crimes, said there was evidence that someone had directly accessed several sexually-oriented sites by clicking on a link.

Ok. Prove that to me. Do you have photographic or video evidence? Because guess what Det. Lounsbury, popup generators are designed to act like a human click-through and this is not to mention that there are no means to differentiate between a bot click or a human click. Now you might say, “But she had to install the software, therefore she must have visited those sites!” Wrong again. Nearly all Microsoft OSes log in as root by default and one of the charming aspects of this is that it allows for the surreptitious installation of software. In other words using Internet Explorer as root will allow sites to install software without your knowledge or consent, wonderful technologies like ActiveX facilitate this activity. The defense’s examination of the facts pointed to a hairstyling website as the source of the infection.

All this begs the question of what the lazy ass Norwich school IT staff was up to before, during, and after this incident. If I were Amero I would be giving serious consideration to a civil suit against the town and possibly the state. It is their responsibility to secure the PCs and the network, not the teachers, and you can scream all you want that she should have unplugged the PC but the fact still remains that shitty IT staff plus a crap OS is a disaster waiting to happen. Should she do time for the incompetence of others?

My $0.02 in closing: Don’t trust the cops and get yourself a secure OS.

Tags: , , ,
Posted in Editorial | 3 Comments »

eWeek asks “Is the Botnet Battle Already Lost?”

Saturday, October 21st, 2006

You might but I never get tired of this rant…

In a slightly sensational article, Ryan Naraine tackles the issue of botnets with regards to the what, how, and why and while he takes the approach that ISPs need to tackle the issue head on the real reason botnets are an issue is tucked away in his closing paragraphs.

…the large percentage of computer users running Windows versions without up-to-date patches, creates an environment that’s ripe for abuse.

B-I-N-G-O, Ryan. That is the problem, not the ISPs and not the security firms. The fact that the most popular OS is easy to exploit finds itself coupled with the average user who knows little to nothing about basic security practices is a recipe for disaster. the onus falls on the shoulders of Microsoft for these problems, for allowing its OSes to run as root, and worse for allowing its partners to write software that requires the user to run as root is a grievous transgression.

In all honesty, I cannot fully expect that my mother-in-law with limited computing experience can fully understand more than the basic computer safety practices, it is akin to expecting me to understand all of the physics and engineering involved in flying every time I travel. As I rely on the pilots and mechanics to ensure my safety as much as she relies on her software providers to ensure that she sold a safe product. She has enough presence of mind not to click on “security alert” pop ups and she knows the importance of staying patched and keeping anti-virus up-to-date, all of which goes a long way in securing the PC, but she does not how to troubleshoot spyware and malware issues and any amount of time spent online running as root will ensure that you will encounter infections of some sort. If you think otherwise you are either a liar or deluded.

So what is the average user to do? Not much until the market shifts towards OSes built with security first and ease of use second or until the government steps in and requires that Microsoft adhere to good security practices much like they require other manufactures not to sell a dangerous product. Like cars, imagine if they had recalls on OSes? Class action suits? However, it is unlikely as there is no real tangible cost to the user beyond frustration with a sluggish computer but that irritation bleeds away as they grow used to it. “This is just how my computer runs,” is the oft heard excuse and the average user does not know any better. No matter how you might explain to them why they should choose a different OS purchases are made with dollars in mind and with what they are most familiar with so the weakest OS will win for today and I’m going to continue advocating that people use a different system each and everytime they ask me.

Tags: , ,
Posted in Editorial | Comments Off

Google Code Will Snarf Your Backups!

Friday, October 6th, 2006

Some of your db passwords are belong to us,” reports Death By Comet.  The issue at hand is that Google Code will expose passwords stored in config files, such as wp-config.php and mt-db-pass.cgi, potentially resulting in headaches for site administrators.  Thankfully, the solution is just plain common sense: Don’t store your backups on your production server.  File that under: Sherlock, No Shit.  Anyway, don’t get caught with your pants around your ankles and move your backups to a secure location.

Tags: , ,
Posted in Site | Comments Off