Suramya's Blog : Welcome to my crazy life…

November 2, 2007

Identify what files are being used by a given process/TCP connection

Filed under: Computer Security,Knowledgebase,Tech Related — Suramya @ 11:54 AM

In linux if you want to know what files are being used, all you have to do is run the lsof command which shows a list of all open files and the processes that opened them. So if you want to figure out what program is using that insane amount of RAM you can run lsof and grep by the process ID to find it.

In windows however there is no such command so we have to use alternative methods. If you are trying to identify a TCP connection you can try running “netstat -bv” (Without the quotes). It will give you the executable behind process, something like:

TCP fury:2433 imap.perfora.net:imap ESTABLISHED 2724
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
C:\Program Files\Mozilla Thunderbird\nspr4.dll
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\kernel32.dll
[thunderbird.exe]

For Windows XP and 2000 systems you can also download Fport, which is a free tool that will show you what programs on your system are opening which ports.

Hope this helps.

– Suramya

October 19, 2007

List of sites where you can get Information Security related news

Filed under: Computer Security,Interesting Sites,Knowledgebase,Tech Related — Suramya @ 12:40 PM

Here’s a small list of sites that security related news/resources:

This list is not a comprehensive list. I may add more sites as and when I find them.

– Suramya

How to find out who deleted a particular file

Filed under: Computer Security,Knowledgebase,Tech Related — Suramya @ 11:35 AM

If you want to know who deleted a particular file in Windows 2003 all you need to do is enable auditing the folder you want to keep track of. Just right click on the folder, go to “sharing and security”, then “security” tab, at the bottom click on “advanced”. Select the auditing tab, click add, select the group or users to track, then pick what actions you want to track.

To track file deletion you would enable:

Create files/Write data Success/Fail
Create folders / append data Success/Fail
Delete Subfolders/Files Success/Fail
Delete Suceess/Fail

Once thats done Windows will log all the information in the security event log.

– Suramya

October 11, 2007

UK Police Can Now Demand Encryption Keys

Filed under: Computer Security,News/Articles,Tech Related — Suramya @ 12:18 PM

Under a new law that went into effect this month, it is now a crime to refuse to turn a decryption key over to the police. So lets say you have an encrypted file on your computer and you are traveling through UK, if the cops feel like it they can force you to hand over the decryption key. If you don’t comply you face a 5 year sentence in jail if the investigation relates to terrorism or national security, or up to two years in jail in other cases.

But what they don’t seem to have considered is that sometimes people do forget passwords and keys. Back in 2003 I went through a phase where I started encrypted all my data backups (MySQL database dumps etc) using PGP for a couple of months, which was all well and good. Then I had to upgrade my OS so I formated my computer managing to loose the decryption key which was stored in my PGP keyring. I do have a physical copy of the key but thats sitting in one of the boxes in storage. So if I went to UK and they asked me for the key I can’t give it to them because I really don’t have it. But if I tell them that I will end up in jail for 2 years if the judge refuses to believe me.

So I think I am staying away from UK for the time being.

Thanks to Schneier on Security for the news.

More information available at The Register

– Suramya

October 3, 2007

Automatic session logging/monitoring with GNU screen

Filed under: Computer Security,Computer Tips,Security Tutorials,Tech Related — Suramya @ 11:10 PM

Found this good article on how to setup screen on Linux/Unix so that it automatically logs all activity made in the session. Screen is a utility that I use very often on my Linux box. Basically its a program that you start and it attaches to a specific console and if you ever get disconnected you don’t loose your work/position, all you have to do is log back in and reconnect to that screen. You can also connect to a system via ssh/telnet and start a program then disconnect from ssh then move to another location and reconnect to server and join the same session from there. I use it all the time when compiling stuff or downloading large files.

The main issue I had with screen was that it would only keep 20-30 lines in the history so if you wanted to scroll up to read the previous logs you couldn’t. Now this article explains how to set up logging so that you can do that. For the impatient here’s how you do it:

I wanted to automattically launch a screen session when somone logged in so if I happened to be on the server I could monitor them in real time. I also wanted a log of the session in case I wanted to look over it later or if I was not able to monitor the session live.

I ended up adding the following to my .bashrc

# — if $STARTED_SCREEN is set, don’t try it again, to avoid looping
# if screen fails for some reason.
if [[ “$PS1″ && “${STARTED_SCREEN:-No}” = No && “${SSH_TTY:-No}” != No ]]; then
STARTED_SCREEN=1 ; export STARTED_SCREEN
if [ -d $HOME/log/screen-logs ]; then
sleep 1
screen -RR && exit 0
# normally, execution of this rc script ends here…
echo “Screen failed! continuing with normal bash startup”
else
mkdir -p $HOME/log/screen-logs
fi
# [end of auto-screen snippet]

and add the following to your .screenrc

# support color X terminals
termcap xterm ‘XT:AF=E[3%dm:AB=E[4%dm:AX’
terminfo xterm ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX’
termcapinfo xterm ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX:hs:ts=E]2;:fs=07:ds=E]2;screen07′
termcap xtermc ‘XT:AF=E[3%dm:AB=E[4%dm:AX’
terminfo xtermc ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX’
termcapinfo xtermc ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX:hs:ts=E]2;:fs=07:ds=E]2;screen07′

# detach on hangup
autodetach on
# no startup msg
startup_message off
# always use a login shell
shell -$SHELL

# auto-log
logfile $HOME/log/screen-logs/%Y%m%d-%n.log
deflog on

Keep in mind that this is not a very secure setup. Anyone with any technical knowledge can edit the logs as they are located in the user’s home directory and are editable by them. So don’t rely on it extensively to keep a system secure.

Complete article is available here: Automatic session logging and monitoring with GNU screen for the paranoid.

Thanks,
Suramya

August 8, 2007

Secure Websites Using SSL And Certificates

Filed under: Knowledgebase,Linux/Unix Related,Security Tutorials,Tech Related — Suramya @ 5:11 PM

The following website has a good How-To on how you can Secure Websites Using SSL And Certificates on a system running Apache, Bind and OpenSSL.

– Suramya

March 23, 2007

Programs that detect/monitor File alteration

Filed under: Knowledgebase,Security Tools,Tech Related — Suramya @ 5:56 PM

The following is a list of programs that detect/monitor file changes on both *nix/Windows:

Good article on how to do a File Integrity Assesment and how to securely use AIDE.

– Suramya

October 25, 2006

SSLBridge AJAX based samba and windows shares

Filed under: Computer Security,Linux/Unix Related,Tech Related — Suramya @ 11:26 PM

Interesting concept. Haven’t tired it out but it looks promising.

SSLBridge is an AJAX and DHTML enhanced web application for viewing and accessing shared files and folders in a network. SSLBridge uses Samba and an SSL connection to create a VPN tunnel into a corporate network. Basically a Samba web client.

Check it out: Here

Thanks to nixCraft for the link.

– Suramya

July 31, 2006

ScatterChat: A secure instant messaging client.

Filed under: Computer Security,My Thoughts,Security Tools,Tech Related — Suramya @ 5:15 PM

Now this is a cool software. It allows a user to encrypt all communications using end-to-end encryption and routing based on Tor (Tor Overview)

The program is a ‘friendly’ fork of the Gaim project. In case you are wondering what a fork is, a project fork or branch happens when a developer (or a group of them) takes a copy of source code from one software package and starts to independently develop a new package.

The software itself is pretty cool, but its likely to come under heavy fire from various govt and ‘spy’ agencies because the design of the software makes it really hard for anyone to eavesdrop on anyone. They will claim that this will allow terrorists and child pornographers to communicate anonymously.

It might be used by a terrorist but then so can a car (used as a getaway vehicle), a cell phone (used as a communication tool), watch (to sync timed attacks)… does this mean all of them should be banned as well? Any technology developed can be used for good as well as bad purposes.. starting with fire all the way upto a nuclear reaction… now that the genie is out of the bottle you can’t stuff it back in.

I think it will be useful for all sorts of people including:

Spies, to let them communicate with the home office, report anonymously
Corporate whistle blowers: they can report wrongs/broken laws without getting into trouble
People behind the great firewall of china, where you can be arrested for disagreeing with the government.

Check out the software: ScatterChat

Thanks to Schneier on Security for the link.

– Suramya

PS: I haven’t tried the software yet so don’t know how stable it is. Though I will be installing it shortly so will let you know how it goes.

March 9, 2006

New Biometrics scanner released

Filed under: Computer Hardware,Computer Security,Tech Related — Suramya @ 11:01 PM

This is an interesting new biometrics scanner that uses the layout of the veins in the user’s palm to authenticate them. Apparently its more reliable than fingerprints and safer. Couldn’t find any pricing information but I bet they are expensive right now. Hopefully the price will go down a lot so that I can afford to get one to play with.

Synopsis:

Fujitsu Computer Products of America, Inc. on Wednesday announced the global launch of its PalmSecure biometric authentication system. The contactless system identifies users by examining the layout of the veins in the palms of their hands.

The PalmSecure device uses a near-infrared beam, similar to that used by television remote controls, to map the layout of veins carrying oxygen-depleted blood back to the heart. According to Joel Hagberg, vice president of marketing and business development for Fujitsu, those vein patterns are unique in every person — even more so than fingerprints or DNA.

Complete Story: For security, Fujitsu talks to the hand – Computerworld

Thanks,
Suramya

« Newer PostsOlder Posts »

Powered by WordPress