CanSecWest Pwn2Own contest results

This is one I have been watching. The CanSecWest security conference featured a Pwn2Own contest, in which a set of fully patched laptops, one running OSX Leopard, another running Windows Vista and a third running a patched version of Ubuntu Gutsy Gibbon.

Day 2 saw the takedown of the OSX machine with a Safari bug, which was previously unknown. Today, the final day of the contest, the Vista box was compromised with an unknown Flash exploit. Another term for an unknown exploit is a zero-day.

Zero-day exploits are almost indefensible. This is why I preach the sermon of defense in depth. Always have defenses in place that allow you to detect intrusions, and these defenses be layered. This gives you options to thwart the attack, even if it is only to start by pulling the ethernet cable.

As for the competition, I am somewhat surprised that the OSX box, which is Unix/BSD based fell first. However, it was an application-based attack versus a core OS level compromise…

Does this make Linux invincible? Absolutely not. It does say something about closed-source versus open source  development, but there are also vulnerabilities in open source software, but there are more eyes available to look at it. We should never let our guard down, even running open source.

Audacity workaround

I found a workaround for Audacity to allow me to use it. The problem was that once started, it would not play back (or presumably record) audio. It would give errors such as

Expression ‘ret’ failed in ’src/hostapi/alsa/pa_linux_alsa.c’, line: 1034
Expression ‘AlsaOpen( hostApi, parameters, streamDir, &pcm )’ failed in ’src/hostapi/alsa/pa_linux_alsa.c’, line: 1066

I tried every combination of input and output devices available, and none worked. Hitting google, I found that killing jackd was the workaround, because jack and audacity apparently don’t play together nicely. This is on a Debian/sid system with audacity 1.3.4-1.2, in case anyone is having similar problems.

I have the theme completed, and will probably start recording in the next day or two. I had hoped to have the first episode out by the end of March, but now it looks like the first week or so of April. I have a lot on my plate right now, including a job change.

Incredibly busy

Jimmy pointed out that it has been over a week since I made a post. Sorry about that…I have been (in the universal podcaster’s chorus) incredibly busy. I got defiant rebuilt, though it is still having issues (it locked up on me last night for apparently absolutely no reason other than age).

The other problem I am having is with audacity. This is apparently a common problem among Debian and Ubuntu users. I am running sid, which ships with the audacity-1.3.4-1.2 package, and for the life of me, I can’t get it to make sounds. Most of the output settings cause an error about not being able to connect with ALSA, but if I go to OSS and select /dev/dsp1, it seems to play, but no sound. I think it could be perhaps a problem with jack.

So I am looking for a solution to this problem, as well as looking at other packages. Including qtractor, which GitarMan from the LLL IRC channel turned me on to yesterday.

I’ll get this thing off the ground, even if I have to get out and push!

I have also been playing with network monitors. I have a couple of vmware machines that I am using for NMS testing. I have thus far played with Zenoss, OpenNMS, and am currently installing Pandora FMS. I have the server and [web] console installed, and am working on some issues I have with the agent, for instance, it wants to run as root and have a passwordless ssh key on each client to communicate with the server, so I am modifying the agent to run as a non-privileged user (e.g. pandora), since most of the checks don’t require root privs to work.

I do like one thing about Pandora. There are no binaries. Everything is written in Perl or Bash. The same team also wrote a security auditing tool called Babel, and I am going to be playing with that as well once Pandora is all set up. I may package both for Debian (and possibly Ubuntu).

Forward progress on defiant

I was in Manassas yesterday and stopped by a PC shop. They had internal removable hard drive enclosures with an LCD display and internal fan. I bought two of them.

Got a chance to swap the current drive into the new enclosure, and it actually dropped the temperature of the drive from 35 degC to 20 degC. However, while the errors have dropped from 58 yesterday to 10 today, I believe the damage is already done. So tonight when I get home, I’ll start the rebuild.

The firewall is standing up pretty well as well. Haven’t had any problems with it at all.

Hardware setbacks

Well, its been a heckofa week. I found the problem on defiant, my workstation and recording station for the podcast. /dev/hda is dying a slow and agonizing death. I have a replacement drive, however this weekend was chock full of activities. Saturday was spent with a friend of mine pulling the carbs off of the bike, finding and fixing the bent choke linkage, and getting her running. There are still carb balance issues, but she is running better.

Sunday was my youngest’s 18th birthday, and she wanted to go to the Melting Pot, which was a great experience but expensive.

So currently, I am backing the information off of defiant, and will hopefully be able to get the to the task of rebuilding in the next day or so.

As if that is not bad enough, crazyhorse, my firewall, finally gave up the ghost. I found I had no vpn access to my home network from work, and thought it was a problem with Comcast. However, I got home and checked it, and the drive light was on solid, the CDROM drive was flashing and the power supply was hot. So I spent friday night pressing the SPARC I have been building out into service…Until 2am saturday.

Once I get defiant back up and running, I plan to get some recording done.

New logo, new theme music…

I made a change to the logo, after I got a new one. I would like to thank Dave Hartmann for the logo as well as Chris Naish and the CrossView band as well as Jono Bacon for the use of their music for my bumpers. I’m still working with the music to cut them up into usable pieces for the podcast.

New firewall

I’m building a new firewall box. It is an Ultra Sparc Ultra 5 that I inherited. It has a 333MHz UltraSparc IIi processor with 384MB of RAM and a 26GB drive.

This will replace my current box, which is a PII/233. I’ve built a minimal Debian installation, then added the tools I need, such as snort, tripwire, iptables and other tools.

And with every device you put on your network, make sure you scan it before you bring it online.