Here’s a small list of sites that security related news/resources:
This list is not a comprehensive list. I may add more sites as and when I find them.
– Suramya
If you want to know who deleted a particular file in Windows 2003 all you need to do is enable auditing the folder you want to keep track of. Just right click on the folder, go to “sharing and security”, then “security” tab, at the bottom click on “advanced”. Select the auditing tab, click add, select the group or users to track, then pick what actions you want to track.
To track file deletion you would enable:
Create files/Write data Success/Fail
Create folders / append data Success/Fail
Delete Subfolders/Files Success/Fail
Delete Suceess/Fail
Once thats done Windows will log all the information in the security event log.
– Suramya
Found this while reading a comic. (It was one of the Friendly Neighborhood Spider-Man comics. Don’t remember the issue). I think it fits the blog with the amount of comments I get here so sharing it with you 🙂
So you agree?
– Suramya
When you are really angry with someone try sitting down and talking with them. It helps. See the example below…
– Suramya
A little while ago the iPhone was released with a lot of fanfare for a very limited audience located in the US who would agree to be locked in an AT&T contract for two years. Almost as soon as it was released hackers everywhere starting taking it apart to get it to work with other carriers. After a lot of trial and error a method was found that didn’t require taking the phone apart and a lot of people installed it. If I had an iPhone I would have installed it, just so that I could use *MY* phone as and when I wanted to.
Then Apple went ahead and released a patch that turned the hacked iPhones (and a lot of unhacked ones) into bricks or very expensive paperwieghts. It may be legal for them to do this because of the User Agreement that people signed when they bought the phone but it sure isn’t ethical. They are now under a bunch of lawsuits because of this and if the courts agree it was wrong of them to brick the iPhones then and only then can the users expect to be reimbursed.
iPhoneSIMFree, the first company that offered an unlocking tool, has released a paid upgrade that resolves the issue and unlocks the iPhone once again but even this is a hack which uses a buffer overflow bug in Safari to run the fix. This lets the users use their iPhones but users of the fix should beware that at any time Apple might fix this issue and include the fix in the next mandatory patch that they push out, converting the phones into expensive paperweights once again…
Now, you might ask how does open source come into the picture? Well, if the iPhone OS was open source this would have never happened. Anyone and everyone would have the right to install whatever Apps they wanted and use it wherever they want.
This risk is there in any closed system. Whats stopping Microsoft from deciding that your data needs to be tracked and installing a patch on your system that lets them do just that? Infact a few weeks ago they installed an updated version of the Windows Update Service on computers that had the updates disabled. What is to stop them for doing it again and how many more of these backdoors are there?
In an Open OS like Linux or Open Solaris, a lot of people look at the code and at some time or other every line of the code has been looked at. This makes it a lot harder to hide backdoors in the OS itself (not impossible. Just very hard), which is not the case with Windows and iPhones. You have to do it the hard way and reverse engineer the system (which is against the law BTW)
Google is rumored to be working on an Open Source OS for the Phones, even Nokia and Samsung are working on an Open Mobile OS. So open systems are the way to go.
If you are looking for alternatives to the iPhone check out this article from Tech republic where they list out the top 10 alternatives to the iPhone. I am drooling over the Nokia N99 (16 GB of internal memory, a 3.2-inch screen, a 9-way joystick control, GPS, WLAN, and a 7.2-megapixel camera that lets you shoot DVD quality movies) right now. That will probably be my next phone. There are a couple of Linux phones out there too but most are still in the development stage… Lets see when they come out.
Well this is all for now. Will post more later.
– Suramya
“How should I know if it works? That’s what beta testers are for. I only coded it”
– Linus Torvalds
Source: Ten Funny Quotes By Linus Torvalds
– Suramya
Under a new law that went into effect this month, it is now a crime to refuse to turn a decryption key over to the police. So lets say you have an encrypted file on your computer and you are traveling through UK, if the cops feel like it they can force you to hand over the decryption key. If you don’t comply you face a 5 year sentence in jail if the investigation relates to terrorism or national security, or up to two years in jail in other cases.
But what they don’t seem to have considered is that sometimes people do forget passwords and keys. Back in 2003 I went through a phase where I started encrypted all my data backups (MySQL database dumps etc) using PGP for a couple of months, which was all well and good. Then I had to upgrade my OS so I formated my computer managing to loose the decryption key which was stored in my PGP keyring. I do have a physical copy of the key but thats sitting in one of the boxes in storage. So if I went to UK and they asked me for the key I can’t give it to them because I really don’t have it. But if I tell them that I will end up in jail for 2 years if the judge refuses to believe me.
So I think I am staying away from UK for the time being.
Thanks to Schneier on Security for the news.
More information available at The Register
– Suramya
Vinit and Surabhi were in town the past few days and they brought their Wii with them to play with and I tried it out for the first time. Its a cool system and its fun actually swinging the controller instead of pressing a button to swing a bat. But (Yeah there’s always a but) I don’t think I will be buying one. I played with it for about 1/2 hour in the past 3 days and I think I have had enough.
This could be an effect of the games that they had which were really kiddish, so that could be a reason. But overall I don’t think so ’cause I am not a very big gaming fan; the only games I like playing a lot are Warcraft II, and Diablo (both of them) and Decent II. Doom , Duke 3d and Halo were good for wasting a little time and other than Warcraft & Diablo I haven’t spent a lot of time playing games.
So I am not going to be buying a Wii.
– Suramya
Burma in Brief
The people of the Southeast Asian country of Burma are locked in one of the world’s great freedom struggles. The country’s military rulers, the State Peace and Development Council, have run the country with an iron fist for the past 15 years, after they assumed power from a 26-year socialist dictatorship. In 1988, students, professionals, and others launched a nationwide uprising aimed at bringing an end to authoritarian rule during which millions of people courageously marched on the streets, calling for freedom and democracy.
The military responded by gunning down thousands of demonstrators and imprisoning thousands more in one of Southeast Asia’s most bloody episodes in recent history. The leader of the demonstrations, Min Ko Naing (pronounced Min Ko Nine), has been held behind bars ever since, where approximately 1,400 political prisoners remain. The most recognizable face of Burma, 1991 Nobel Peace Prize recipient Daw Aung San Suu Kyi (pronounced Daw Aung Sawn Sue Chee), has been in and out of house arrest and prison since 1988. Presently, she is held under house arrest.
Worried that they could not hold on to power in 1988, the ruling generals announced they would hold a democratic election. Aung San Suu Kyi and many allies formed a political party, which they named the National League for Democracy (NLD). The party went on to win the election in a landslide victory in 1990, garnering an astounding 82% of the seats in parliament, even though many pro-democracy leaders were already imprisoned. Tragically, instead of permitting the electoral winners to assume office, the regime has maintained its grip on power ever since.
In 1996, students again organized major protests on the streets of Rangoon, with thousands conducting sit-down demonstrations at key traffic intersections. The regime responded again by force, brutally beating them with batons and water canons, and arresting hundreds. This time, a videographer managed to capture some of the events on camera, which were then shown on CNN and other news stations.
In May 2003, Burma again made international headlines when Aung San Suu Kyi, just released from house arrest a year earlier, was traveling on a speaking tour near Mandalay, Burma’s second largest city. During her tour, approximately 600 members of her caravan were brutally attacked by the political arm of the regime, the Union Solidarity and Development Association. Up to 100 supporters were brutally beaten to death with blunt clubs, bamboo sticks, and spears, while Aung San Suu Kyi narrowly escaped assassination. She was held in prison and is now under total house arrest.
At the same time, many of Burma’s ethnic groups, including the Karen, Shan, and others, have been waging armed freedom struggles against the regime, some for up to 50 years. The regime, intent on dominating the entire country, has responded with brutal force — raping, slaughtering, or forcibly displacing millions of ethnic peoples. Reports of some of the world’s most horrific human rights abuses have been documented by governments and credible organizations in Burma’s ethnic regions, yet these peoples never give up the struggle to protect their homelands and way of life.
(Source for the text: Campaign for Burma)
Sign the Petition here:
– Suramya
Found this good article on how to setup screen on Linux/Unix so that it automatically logs all activity made in the session. Screen is a utility that I use very often on my Linux box. Basically its a program that you start and it attaches to a specific console and if you ever get disconnected you don’t loose your work/position, all you have to do is log back in and reconnect to that screen. You can also connect to a system via ssh/telnet and start a program then disconnect from ssh then move to another location and reconnect to server and join the same session from there. I use it all the time when compiling stuff or downloading large files.
The main issue I had with screen was that it would only keep 20-30 lines in the history so if you wanted to scroll up to read the previous logs you couldn’t. Now this article explains how to set up logging so that you can do that. For the impatient here’s how you do it:
I wanted to automattically launch a screen session when somone logged in so if I happened to be on the server I could monitor them in real time. I also wanted a log of the session in case I wanted to look over it later or if I was not able to monitor the session live.
I ended up adding the following to my .bashrc
# — if $STARTED_SCREEN is set, don’t try it again, to avoid looping
# if screen fails for some reason.
if [[ “$PS1″ && “${STARTED_SCREEN:-No}†= No && “${SSH_TTY:-No}†!= No ]]; then
STARTED_SCREEN=1 ; export STARTED_SCREEN
if [ -d $HOME/log/screen-logs ]; then
sleep 1
screen -RR && exit 0
# normally, execution of this rc script ends here…
echo “Screen failed! continuing with normal bash startupâ€
else
mkdir -p $HOME/log/screen-logs
fi
# [end of auto-screen snippet]
and add the following to your .screenrc
# support color X terminals
termcap xterm ‘XT:AF=E[3%dm:AB=E[4%dm:AX’
terminfo xterm ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX’
termcapinfo xterm ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX:hs:ts=E]2;:fs=07:ds=E]2;screen07′
termcap xtermc ‘XT:AF=E[3%dm:AB=E[4%dm:AX’
terminfo xtermc ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX’
termcapinfo xtermc ‘XT:AF=E[3%p1%dm:AB=E[4%p1%dm:AX:hs:ts=E]2;:fs=07:ds=E]2;screen07′# detach on hangup
autodetach on
# no startup msg
startup_message off
# always use a login shell
shell -$SHELL# auto-log
logfile $HOME/log/screen-logs/%Y%m%d-%n.log
deflog on
Keep in mind that this is not a very secure setup. Anyone with any technical knowledge can edit the logs as they are located in the user’s home directory and are editable by them. So don’t rely on it extensively to keep a system secure.
Complete article is available here: Automatic session logging and monitoring with GNU screen for the paranoid.
Thanks,
Suramya
Powered by WordPress