The Slamlander

I’ve been spending the last two weeks trying to build a new working applications server. Yes, it’s an enhanced WIMP environment (enhanced by the addition of Cygwin).

After a scratch install of Win2K Advanced Server SP5, I installed the MySQL 5.0.45 windows binary with no problems. I even used the MySQL admin GUI, from my workstation, to create new schemas. Then I go to install PHP5.2.3 and 815417267f76f6f460a4a61f9db75fdb%3Ca%20href%3D%20%22http%3A%2F%2Fbugs.php.net%2Fbug.php%3Fid%3D42480%26thanks%3D2%22%3Eeverything%20grinds%20to%20a%20complete%20halt%3C%2Fa%3E.%20That%20was%20last%20week%20Wednesday.%20Since%20then%2C%20I%27ve%20been%20tinkering%20my%20way%20out%20of%20this%20corner.%0A%0AWell%2C%20I%20get%20PHP5.1.4%20to%20work%20again%20and%20it%20still%20won%27t%20talk%20to%20MySQL%205.0.45%20so%20I%27ll%20have%20to%20go%20back%20down%20to%20MySQL%205.0.19.%20What%20a%20bummer%21%20I%20really%20want%20to%20do%20some%20stuff%20with%20advanced%20Database%20triggers.%20Time%20to%20rip%20them%20both%20out%20and%20go%20back%20to%20last%20year%27s%20working%20configuration.%0A%0AIt%27s%20a%20shame%20because%20the%20current%20MySQL%20fixes%20a%20LOT%20of%20problems%20and%20I%20was%20looking%20forward%20to%20playing%20with%20it.%20However%2C%20that%20can%27t%20be%20done%20until%20PHP%20gets%20their%20shit%20in%20the%20same%20bag.%20These%20sorts%20of%20issues%20is%20why%20I%20have%20taken%20to%20calling%20OpenSource%20products%20%22Tinker336d5ebc5436534e61d16e63ddfca327ware%22.%0A%3C%2Fpre%3E0fbd1776e1ad22c59a7080d35c7fd4db

It looks like a bunch of spammers now have gmail accounts. I am seriously considering blocking the entire gmail.com domain.

My smallest server is a K6-3/200. It is also my A/D Primary Domain Controller. Normally, it works pretty good since this isn’t a large network. What I’m doing now is bringing up a second server for applications services. While doing this, I logged into the Primary to do some maintenance. The CPU usage was well over 90% and it wasn’t anywhere near the swapper. Using Process Explorer, in Terminal Server, I figured out that SSHD was using the majority of the time. Eh? I didn’t have a SSH session up, what gives?

It turns out that I'd opened a port 22 pinhole route a few months ago and forgot to close it again. Some wyrm found it and was hammering the box with a dictionary attack. I closed the port and CPU usage went back down to expected values.

I guess that we are no longer allowed to run SSHD on port 22, if at all. I'm having the same problem with my secure web server. My problem there is that I have to keep it on the port it's using because other folks need to find it.

I am rapidly getting to the point at where crackers/hackers, crack authors, wyrm and virus writers, and crack tool authors, had better stay out of my reach. We need to pass laws that place all of the aforementioned in the depths of the deepest dungeon that we can find. I would surely love to bash their skulls in for all the down-time and frustration that they've caused me over the years.

This was triggered by Hamster and WiFi cracks and more …

First off, remember this name and company; Robert Graham (CEO 815417267f76f6f460a4a61f9db75fdb%3Ca%20href%3D%22http%3A%2F%2Fwww.erratasec.com%2F%22%3E%3Cfont%20color%3D%22%23003399%22%3EErrata%20Security%3C%2Ffont%3E%3C%2Fa%3E%29.%20He%27%27s%20not%20a%20nice%20guy%20%28self336d5ebc5436534e61d16e63ddfca327centered%20and%20greedy%29%20and%20ethically%20challenged%20as%20well.%20He%20actually%20sells%20a%20solution%20for%20this%20problem%20he%20creates.%20No%2C%20the%20solution%20isn%27t%20comprehensive%20%28I%27ll%20get%20into%20why%20later%20on%29%20but%20he%20wants%20to%20profit%20from%20escalating%20this%20problem%20%28profiting%20from%20our%20misery%29.%20He%20well%20deserves%20our%20scorn.%20Yes%2C%20that%27s%20a%20value336d5ebc5436534e61d16e63ddfca327judgment%20and%2C%20in%20my%20opinion%2C%20this%20guy%20is%20the%20worst%20of%20Net.Scum%21%0A%0A%3Cimg%20style%3D%22WIDTH%3A%20214px%3B%20HEIGHT%3A%20217px%22%20height%3D%22261%22%20alt%3D%20%22Robert%20Graham%22%20src%3D%20%22http%3A%2F%2Fpics.livejournal.com%2Fslamlander%2Fpic%2F0001789s%22%20width%3D%20%22259%22%20%2F%3E%0A%0AI%27ll%20let%20y%27all%20read%20the%20links%20for%20what%20this%20is%20all%20about%20in%20detail.%20Suffice%20it%20to%20say%20here%20that%20this%20man%20is%20indirectly%20responsible%20for%20security%20breaches%20at%20many%20web336d5ebc5436534e61d16e63ddfca327mail%20sites.%20Oh%20and%20everything%20that%20applies%20to%20Webmail%20also%20applies%20to%20LiveJournal.Yes%2C%20this%20effects%20all%20of%20us.%3C%2Fp%3E%20%3Col%3E%20%3Cli%3EThere%20is%20NO%20justification%20for%20cracking%20someone%20else%27%20systems%20without%20permissions%20of%20EVERYONE%20involved.%3C%2Fli%3E%20%3Cli%3EThere%20is%20NO%20justification%20for%20showing%20someone%20else%20how%20to%20do%20it.%3C%2Fli%3E%20%3Cli%3EReleasing%20such%20tools%20%28Ferret%20and%20Hamster%29%2C%20to%20the%20general%20public%2C%20borders%20on%20the%20criminally%20irresponsible.%3C%2Fli%3E%20%3Cli%3EDoing%20so%20to%20create%20business%20for%20your%20own%20firm%2C%20should%20be%20a%20crime%20but%2C%20sadly%2C%20it%20isn%27t.%3C%2Fli%3E%20%3C%2Fol%3E%20%3Ch2%3EDetails%20%28Danger%3AGeek%20talk%20ahead%29%3A%3C%2Fh2%3E%20%3Cp%3EWiFi%20Hot%20Spot%20operators%20are%20facing%20a%20challenge%2C%20a%20real%20Hot%20Spot%20%28HS%29%20lets%20people%20access%20the%20Internet%20from%20the%20Hot%20Spot.%20In%20essence%2C%20the%20Hot%20Spot%20operator%20is%20an%20ISP%20but%20they%20rent%20access%20by%20the%20hour%20or%20day.%20The%20simplest%20means%20to%20do%20this%20is%20by%20MAC%20address%20control%20lists%2C%20on%20a%20RADIUS%20server.%0A%0AWhile%20there%20are%20about%20three%20ways%20to%20perform%20security%2C%20the%20HS%20operator%20has%20only%20one%2C%20shared336d5ebc5436534e61d16e63ddfca327key%20security%20%28WEP%2C%20WPA336d5ebc5436534e61d16e63ddfca327PSK%2C%20WPA336d5ebc5436534e61d16e63ddfca327PSK2%29.%20This%20involves%20encryption%20using%20shared%20keys.%20While%20this%20is%20acceptable%20for%20a%20company%20that%20has%20a%20fixed%20and%20seldom%20changing%20herd%20of%20network%20users%2C%20an%20HS%20that%20has%20customers%20coming%20and%20going%20all%20day%20long%20has%20a%20problem%20with%20key%20issuance%20and%20management.%20Likewise%2C%20the%20HS%20customers%20would%20have%20to%20have%20a%20set%20of%20keys%20for%20each%20HS%20they%20go%20to%2C%20and%20maintain%20them%20as%20they%20change.%20WEP%20can%27t%20be%20managed%20via%20RADIUS%20either.%20The%20same%20goes%20for%20WPA2336d5ebc5436534e61d16e63ddfca327PSK%20and%20WPA336d5ebc5436534e61d16e63ddfca327PSK%2C%20which%20all%20use%20shared%20keys.%20Note%20that%20if%20the%20intruder%20also%20has%20the%20shared%20key%20%28they%20are%20also%20a%20HS%20customer%29%20then%20the%20HS%27s%20encryption%20isn%27t%20secure%20anyway.%20It%27s%20no%20small%20wonder%20that%20most%20HS%27s%20consciously%20turn%20encryption%20off.%0A%0AThe%20only%20real%20answer%20is%20to%20use%20SSL%20security%20on%20the%20Webmail%20server%20and%20the%20Hot%20Spot%20has%20absolutely%20zero%20control%20over%20that.%20What%20dear%20friend%20Robert%20does%2C%20is%20to%20break%20everyone%27s%20mail%20security%20needlessly%2C%20for%20his%20own%20private%20gain.%20He%20even%20delivers%20the%20tools%20for%20it.%20This%20guy%27s%20worse%20than%20most%20hackers.%0A%0AYes%2C%20I%20run%20my%20own%20mail%20servers%20with%20my%20own%20Webmail%20server%20and%20it%20has%20SSL%20capability.%20I%20also%20use%20direct%20access%20via%20my%20own%20VPN%2C%20which%20completely%20defeats%20these%20tools%2C%20regardless%20of%20which%20Hot%20Spot%20I%20use.%20I%27m%20not%20at%20risk%20but%2C%20these%20poor%20innocent%20Hot%20Spot%20operators%20are%20now%20going%20to%20catch%20a%20load%20of%20useless%20grief%20from%20clueless%20clients%20everywhere.%0A%0AStarting%20next%20year%2C%20the%20city%20of%20Nyon%2C%20CH%2C%20is%20planning%20to%20have%20free%20WiFi%20throughout%20the%20entire%20town.%0A%0A%3C%2Fpre%3E0fbd1776e1ad22c59a7080d35c7fd4db

In a recent rash of high profile cracks, on the UN and the Pentagon, the UK is completely inept in its response. At least, they bothered making a response.

<blockquote>The Lords Science and Technology Committee said the internet was now "the playground of criminals".</blockquote> No shit Sherlock, who gave you a clue? When crackers can rustle up enough zombies (millions) to take a security startup off line and out of business then we have issues of serious scale. Each one of those zombies represents a crime in most jurisdictions, since taking over someone else' property is a crime of theft. Some countries have specific new legislation against computer crime(US).
<blockquote>"You can't just rely on individuals to take responsibility for their own security. They will always be out-foxed by the bad guys."</blockquote> Too true but; It is definitely possible to locate a zombie, once identified it can be seized, once seized, you are now on the inside of the botnet and the botnet can be traced from the inside. This lets you track down the perpetrators. Yes, this takes time and resources. The problem is that once you catch them, they often only get 6-8 weeks and are not liable for the damages that they've caused, including the investigation required to locate them, in most jurisdictions. This is why the worst ones are in Russia.

<blockquote>"And they're not the sad hacker in their back room - this is organized crime."</blockquote> It is well known that amongst the criminal mindset, deterrence works. Start making them do the time and they'll stop doing the crime. We should never, ever, have adopted a soft touch for systems crackers. I was saying this back in 1980; Crack a System, rot in jail, and never be allowed to see a computer again.

Not doing that, gives us the results we see today.

On News about the Summary Judgment, SCO Group is down 75% and Novell is up 3.5%, as of now!

It could get worse for SCO.

*plays taps*

salegamine had last week off and we thought that a little trip, just the two of us, would be nice. Coincidently, Frantour was making offers for a rail holiday. train+hotel+Boat excursion for 159CHF, per person, destination Stresa, IT.

We booked the trip last Tuesday and were on the train to Lausanne at 0900 Saturday. In Lausanne, we transfered to the CIS-Alpino, which goes through the Alps into Italy. Stresa isn't far from Milan, which was the alternate destination. Of the two, I prefer Stresa; The lake is huge, the wind is nice, and the weather was wonderful.

The Boat excursion was around the three islands; Isola Bella, Isola Pescatore, and Isola Madre, as shown on the googlemap. Isola Pescatore is a fishing village cum tourist trap, while the other two islands are palaces that once belonged to the Borromeo clan, which includes the Medici Popes. One of them was even canonized as Saint Charles.

Looking at the Palazo Borromeo, on Isola Bella, <lj user="salegamine"> was amused that the Borromeo family motto was <i><b>Humilitas</b></i>. The architecture was Early Rennisence impressive. These guys were far from humble.

On the people side, we ran into amazing numbers of Dutch tourists and almost no Brits.</lj>