Bend in the Weather

I recently read an interesting page entitled '80 of the Best Linux Security Applications'.

Whilst the page looks like a typical 'Digg top 10 list page' (aka Digg-Whoring) it does indeed list some good tools.

It did remind me of the great little tool Nikto; a very handy webserver security scanner.

Nikto does quite a good job of automating and detecting various web-server misconfigurations, as well as known vulnerabilities in web applications.

It's well worth running over your own host just to ensure there is nothing there that the script kiddies will find and play with.

One thing you will notice is that many public web-servers leave the TRACE method open by default. This isn't a bad thing when developing... but probably best avoided on a public web server. (Trace is defined in RFC2616).

Many people write that the way to disable it is via the following snippet of code:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* [F]

Whilst this does indeed remove some of the TRACE methods, it doesn't remove all instances.

The preferred way to actually stop it comes from a recently added directive to your httpd.conf.
The EnableTrace directive was added in Apache 1.3.34, 2.0.55 and 2.2.x).

So basically using the following block will disable the trace method:

EnableTrace off

For those using Apache on a public IP address, it's recommended to disable the TRACE method.

If you require more information on how to harden Apache, I would recommend you take a read through the book 'Hardening Apache'. The author Tony Mobily is actually a fellow Aussie!
He's probably best known as the founder and Editor of the Free Software Magazine.

I recently blogged about a vulnerability that effected VMware's desktop products. In particular, it was in relation to shared folders, that could under certain conditions expose the host machine that the Virtual Machine ran on.

It seems that the wide-spread coverage the vulnerability generated and the release of Proof of Concept code, was enough to get VMware to get around to releasing updates.

Versions of both VMware Player (Version 2.0.3), VMware ACE (Version 2.0.3) and VMware WorkStation (Version 6.03) were released on 14^th March 2008 (Build: 8004).

If you are using any of these products and utilise the "Shared Folders" feature you are highly recommended to upgrade.

The release also doesn't just fix vulnerabilities in shared-folders, but also updates the versions of OpenSSL and libpng used on each of the products to avoid known issues.

So even those not using the Shared Folders option, it's a worthy upgrade.

Whilst I can't say the release was timely, at least it finally got patched.
I doubt this would have been the case if these products were available as OSS.

Update: Vmware Server didn't escape from the vulnerabilities either. A new version (1.05) is available as well.

It appears VMware has known about a critical bug in their desktop virtualisation software for some time, but have yet to release an update.

This includes all their desktop products; but not their server products (ESX, Server).

Core Security has released Proof of Concept code after they claim to have been trying to get VMWare to acknowledge the problem for around 4 months.  Their press release gives more background information.

VMware has now at least acknowledged the problem. 

To date, the fix is disable shared folders where guests are not trusted.

To be honest, I'd be more concerned if it effected the Server and ESX products (likely to have many more untrusted guests), though having said that, you can expect malware/trojan/virus writers will add this to their bag of tricks to try.

I would recommend disabling shared folders and relying on network file transfers in the interim (ie: sftp, scp, ftp to the host).

We all see it...whether we like to or not.
Those silly adult related content across many sites and things we don't want our little kiddies to see.
Content classified 'R' and voilent/cruel acts could also be put into this category.

At first impressions the current 3-month trial for mandatory Internet filters being undertaken in Tasmania appears to be a good thing.  Scratch the surface though and it's as sinister as the adult content you're attempting to stop.


Why do I say that?  Isn't protecting our children something we should do?  Most certainly!  Then just what is the problem then?

Read further of what is being proposed.  Not only are they looking at filtering the web traffic you view but also intercepting each and every Email message you send/receive.

Yup -- buried deep in the trial and not something widely published is the fact that every Email you send/recieve will be intercepted, read and potentially blocked. 
I'm not sure about you...  but whilst I don't make bombs, plan terrorist take-overs or think of mass killings.... I do enjoy my privacy.  This will certainly be taken away.

I will be sending all personal Email if it becomes effective Australia-wide via PGP.  For those that want to Email me, you'll need to have appropriate PGP software.   For Windows -- you'll find some here for free.  PGP basically encrypts your Email so it can't be read by middle-men.. such as this filter.  It can only be read by the person sending and the person receiving it.

The very liberal Anti-Terrorist laws are already inplace to tap 'communications'.  And email is one other form.   It's likely to slide under the guise of Internet filtering and backed legally by these Anti-Terrorist laws.  Sly but effective.  Our government already monitors SMS messages and telephone calls and has been wanting Email tapping for years.  It appears they well may get it. 

Many groups have spoken out about the filtering and I suspect until wider attention is brought to the issue it will go largely unnoticed.  Groups such as ALIA and EFA are commencing campaigns against it.  Individuals are also taking up the challenge. (Reference 1, Reference 2)

What's worse.. the group given the task Internet Sheriff Technology.  EFA has already reviewed their performance and it's less than flattering!

We've gotten here by the phrase: "93% of parents back tough Net porn laws" based on a Newspoll..  Notce it refers to laws not censorship! The phrase is misleading... people aren't asking for censorship but laws to procesute those that undertake it.
Unfortunately it's this same catch phrase that Tasmanian pollies and both Federal political parties have pinned to their chest.   You can bet your bottom dollar it's the same conclusion that Internet Sheriff are pushing down the state and federal goverments throat.  Interestingly enough they have forgotten about the poll that shows 92% oppose government censorship of the Internet! 

"Fewer than 8% of Australian Internet users believe there should be government censorship of the Internet.
60% think that parents alone should take responsibility.
And 30% don't think that anyone should censor the Net."

It's becoming a political question now.. with Labour pushing their policy and it appears the Liberal party are following suit..  Read on what the EFA think of Labours policy.

Let's remind our Senator Coonan of the statement she made in Dec 2004:

"The government did consider mandatory filtering some years ago and reviewed this recently... It found, on closer examination, that mandatory filtering would be highly problematic. It would have the potential to simply choke the Internet and drive up costs unacceptably for consumers and small businesses without necessarily solving the problems of offensive content.
... simple filters are easily outsmarted by merchants of offensive content and that the kind of complex technologies needed to analyse every single item being downloaded were not considered feasible in our review. The review also estimated that the cost of this sort of filtering would be $45 million a year to begin with, falling to more than $33 million a year on an ongoing basis. The biggest issue - it is not so much the money - is that such an expensive scheme would not necessarily solve the problem and small to medium ISPs would simply be driven out of business for little or no benefit. What does work is greater information and parental supervision, and those are the kind of programs that the government is promoting with the $30 million"

And that's the point.     Parents shouldn't be dumping their children down on the PC connected to the Internet unsupervised.  You wouldn't allow your child full control of your Pay-TV and then blame the operator that your child watched the Adult channel.  Why do it with the Internet?

The policy reeks of censorship and for a nation that will freely critise China for such a policy (and they have implemented the same policy -- stating the same reasons!)  Such a proposal for Australia is not new -- take a look at the timeline of such proposals.  Even the Human Rights Watch has picked up the draconian laws our governments are wanting to pass.

Interestingly enough the problem not only occurs in Australia (the blatent porn and inappropriate material).   In the US their are dedicated Christian ISPs that offer as an option block software.  It is run on the end computer ensuring the performance of the network isn't taken down by server-side processing.
Crosswayisp is one such ISP in the US.

Read their comments on why they don't use server-side filtering:

"We are often asked: why don't you provide server side filtering, I thought that is what Christian ISP services do? The short answer is that we believe in individual responsibility. For to long parents have allowed the television to be their surrogate parent, trusting those who promised to be responsible and police themselves. We know what the result of that has been. As a result, our Christian ISP promotes individual responsibility and parental control by providing PC-side filtering. We do not believe Christians should abandon their responsibility to monitor themselves or their children when using the Internet. No filtering system, either client side or PC side, is 100 percent effective. This lures parents who depend on server side filtering into a false sense of security and endangers children as a result."

Client side filtering (running it on your own computer) is much more affective and gives control back to the parent.  If allows you to bypass it when needed.

Most of these software products use keywords to block content.  It breaks down when:

• Looking up medical phrases or medical research that refers to parts of the body.
• You need to visit Sussex Inletin in NSW, MiddleSex University, etc.
  
• Security research into terrorism, voilence  and  other 'blocked content' such as domestic voilence.
• Try to read many family and health related sites -- including government sites are often blocked.  This includes Mens and Womens Health sites.
  
• Study of items like Anthrax, Plague and other bio-hazards.
• Study of computer security research into viruses, worms and trojans.
  

Sure -- these are all potential items you don't want your children reading... but using a client side filter will allow you to control what can and can't be viewed and when.  Placing the control of these aspects into the hands of a government agency or a commercial entity serves to censor your online experience and the information available to you.

I suggest you all read up on the topic and become involved....as the loss of civil liberties may become a way of life.


For those of you looking at protecting your children... look at installing an  internet filter.  You may also purchase Internet filter software if you like.  A review of such software is here. If you wish to hear from parent using software.... take a read of product reviews here. I would recommend looking at something like NOAMI or WE-Blocker if you want a free product.  The beauty of these software products is they run at your end putting you in control.

Microsoft has released their upgraded product for their popular and useful AntiSpyware product.

Like MS AntiSpyware -- Windows Defender is free. 
So if you used the first, it's time to upgrade to Windows Defender. 



Some of the interesting points about the upgrade:

• Better User Interface - Making it easier to use and navigate
  
• Improved Detection and Removal of Spyware due to a new engine.
• Real-time protection has been improved.
• Can protect all users on the system... not just the one who installed it.
• Can be installed without Admin privileges... making life much easier for many.
• Supports 64-bit Windows XP x64 machines.
• Automatically downloads the latest definitions so you are always current.
  

You can read more from the Windows Defender website.

The Australian Federal Government wants to snoop on their citizens.

According to recent reports, it appears the government wants to be able to undertake line-taps, read Email and SMS messages of innocent people.

Should you be worried?   Very much!

These laws are passing today - and are unlikely to raise a whimper.  It will be interesting to see how much mainstream coverage it will generate.

The Greens and Democrats will oppose the bill, however nothing has been heard on the Labour front.

So what exactly does the bill provide both the AFP and ASIO?

• Ability to read SMS messages
• Ability to place a tap on a telephone line
• Ability to read Email messages
• AFP can 'monitor' for up to 45 days.
• ASIO can 'monitor' for up to 3 months
  

So this you would imagine would be for organised crime or hardened criminals under a close watch?     Not at all....  basically any innocent person who might lead them to a suspect.

Notice the word 'might'?   I might win the lottery, I might be the next prime minister.  
All AFP and ASIO officers need to do is 'judge shop' until they get one judge that is soft on ordering such warrents and they are home.

Australia already has the highest rate of line-taps in the world.  We even spy on our citizens much more than the US (who are always under constant attack for such breach of civil liberties).  The figure is staggering....  as we spy on our citizens upto 26 times more than the US!

I'm sick of everything falling under the 'terrorist' label to allow such agencies the free reign the so greedily want.   What's worse is our pollies fall for it hook, line and sinker.

I don't like the idea of terrorists any more than the next bloke, though I do believe that a person is innocent until proven guilty.    The threat from terrorists has always been here -- it's no less or greater since 9/11 -- no matter what the US and Australian governments beat their chest about.

These groups also work in code and hidden messages...   so such laws don't provide any asistance anyway.
Whilst you can do little about line taps, and SMS reading (unless you use take on your own coded message format! )  you can actually do something about your Email being read.

PGP (Pretty Good Privacy) encrypts Email you send, allowing it only to be read by the intended person.  You can download free PGP programs that automate the process and can encrypt your Email from within Outlook at other similar Email clients.

I recommend you all look seriously at using such tools.

What a day!
I headed down to Geelong first up to pickup our new coffee machine. Pauline stayed home as we were expecting the delivery of John's (her brother) replacement machine to turn up, and she was going to build it.

So off I headed... on a very nice, extremely hot and windy day!

I Emailed the buyer late last night to say I was coming tomorrow (hence Friday) but as he didn't read it til Friday morning he understood it as Saturday!


I just rang Pauline to tell her it was a no-go after knocking on the door 3-4 times (in case they were out the back) when they pulled up in the car! I managed to pickup the item as a result.

I dropped by my folks on the way home just to say howdy. Didn't stay too long as I needed to get cracking on John's new machine.

By the time I arrived home, Pauline was putting the finishing touches to the machine.

It was over to me to install the OS, drivers and patches.

I tried our original version of XP with John's CD-Key... no go.. couldn't find the SATA hard-disk. No drama... put them on a USBKey and read them. Windows picks up the drivers lists them, but can't install them (for some brain-dead reason they need to be on Drive A:).
The problem was... we didn't have a floppy drive in the machine.

After many hours of trying various options.. even Slip-streaming Windows XP Service Pack 2 into the CD... we still couldn't get it going. (More of SlipStreaming tomorrow!)

Pauline scrounged around and found a spare floppy drive.. so we stuck that in. That's when the fun began... sometimes we would see the drivers to select, then they would refuse to install, sometimes we couldn't see them at all. After several hours of mucking around... we ditched that floppy drive and stuck in another.
Worked first go! Seems the first floppy drive was faulty.

It took about some 4 hours.. but I was finally able to start the Windows install.

Lesson: Always have a floppy in a machine... no matter how little you use it. It's bound to be required when you don't have one.

The good thing is that I had Service Pack 2 on the install CD.. which saved me installing that seperately.
I added Office 2003 to the build and then applied the Office 2003 Service Pack 2 Updates to the Office build (I had them on CD).

Now... Windows Update... It seems our newly build machine needed some 39 critical updates for Windows and 4 for Office!

I got a bit smart then... instead of just downloading them... I took note of their KnowledgeBase numbers and downloaded the lot from the Microsoft Download site.

This will mean in future when I build another machine, I can just use these instead of wading through Windows Update and chewing up my valuable download quota!

Some 250MB worth of updates later and it's fully patched!

I've now burnt a DVD-RW with all the updates one needs to bring a SP2 machine upto a fully patched state as of 20/01/2006.

Now... to learn to automate applying them directly after SP2 and it should really cut down the time to deploy a machine. (I know with some of the automation tasks for admins this is possible... just never needed to do it!)

John's machine is now ready and raring to go! I think we'll probably drop it over on Sunday for him if he's free.

As for the coffee machine, it comes with a coffee grinder so we can bu real beans and grind them. Pauline's still playing, but we've had a few coffees already and it's quite good! It's much quieter than our last machine, though it seems to take a little longer to heat the water. All in all it was really cheap and ensures Pauline's able to make her froth again (our frother was broken on the old one... and they wanted $60 to look at it).
It's worked out not much dearer buying a new one.. that includes a coffee grinder. Talk about a throw-away society!

It's been a week since my last blog entry!

Since that time I've been enjoying the rest. I haven't started looking at present for another role but will commence with that as of tomorrow.
I'm not too concerned, as it's traditionally a quiet month and December was very hectic so it's likely that February will also do well.

The role at Coles-Myer didn't eventuate... though that's not such a bad thing.

What have I been doing in the interim? Well enjoying life... have watched some of the cricket, and much of the tennis (for those that don't know the Australian Tennis Open is on in Melbourne ... so it means we get to watch it in prime-time.

I've also been doing some work on my brother-in-law's notebook to ready it for Internet use (It didn't have any patches and have never stepped near the Internet). Why?! His desktop has died so we ordered him a new one, so his notebook (normally used for tuning his cars) was rushed into commission.

A day and a half later it was right to go! That's what happens when you have numerous updates, service packs and the like to go on a PII-300 running WinXP!

Not much else to report... will be doing some website coding for some new stuff released later this month. More news as it comes along.

It seems my recent post on blog-spammers didn't hit the mark.

I'm getting hit daily by hundreds of spam messages in my blog, via either the comments or the track-back system.

Well... two can play at that game!

I've been manually removing the comments, though it takes copious amounts of time. Luckily I've set-up the blog that it actually filters most of them so they are never visible... and as such their spamming has no direct result.

I've moved up a gear and am getting ruthless with these spammers. Unfortunately, most of the time it's via 'spam bots' on peoples computers who are infected with a worm or trojan.
I don't have much sympathy for these people (no matter how clueless they are on a computer... the media informs us just how often viruses and spam is transferred), also almost everyone knows someone that is their 'local tech guru' that can help eliminate such things.

A decent anti-virus program (like Avast! Home Edition) as well as tools like Spyware Blaster, Spyware Guard, SpyBot - Search & Destroy, Microsoft AntiSpyware, and Ad-aware are all free tools that help clean out and stop such rot.

Unfortunately until their is a crackdown, these bots and those that use them will still flourish.

I've implemented a restriction system now on the types of words you can enter in the comment system... to stop such crap landing here.

The following words are now 'banned':
"poker", "casino", "holdem", "blackjack", "slots", "propecia", "sonata", "ambien", "adipex", "roulette"

Just to give you an idea of the problem... here is a list of 'users' that posted in the last 48 hours:

online poker
texas holdem
cheap propecia
online roulette
video poker
online slots
texas holdem
blackjack
online casino
party poker
texas holdem poker
free online poker
online poker
texas holdem poker
online poker
online texas holdem
texas holdem poker
slots
sonata
ambien
adipex

As you can see .... they're not your average user!

Just to show you how wide-spread the problem is... here is the list of IPs that these so called users come from. You will see the name of the I.P. in brackets for those that are resolvable.

24.39.145.214 ( rrcs-24-39-145-214.nyc.biz.rr.com )
58.141.243.36
58.224.82.190
61.110.98.33
61.152.145.44
61.219.11.99 ( 61-219-11-99.HINET-IP.hinet.net )
63.70.3.47 ( host47.nokia-boston.com )
66.90.15.61 ( node.smartcityon-line.com )
66.190.103.187 ( 66-190-103-187.static.sprn.tx.charter.com )
69.53.50.159 ( host50-159.dissent.birch.net )
69.93.230.202 ( oslo.dnstraffic.net )
80.58.2.46 ( 80-58-2-46.proxycache.rima-tde.net )
80.58.50.174 ( 80-58-50-174.proxycache.rima-tde.net )
80.105.84.250 ( host250-84.pool80105.interbusiness.it )
80.237.140.233 ( proxy77.net )
81.208.15.24 ( 81-208-15-24.ip.fastwebnet.it )
81.7.90.72 ( adsl-81-7-90-72.takas.lt )
81.174.156.69 ( gltproductions.plus.com )
85.64.53.57 ( 85-64-53-57.barak-online.net )
85.255.115.250
142.176.157.242
150.165.111.250 ( s-info216.nsc.ufpb.br )
163.17.147.254
168.209.97.34 ( netcache1-ctn.is.co.za )
193.171.32.4
193.251.149.11 ( www.socatel.cf )
193.253.112.158 ( AStDenis-105-1-3-158.w193-253.abo.wanadoo.fr )
195.175.37.8
195.175.37.9
195.243.149.2 ( mail.greennet-isp.com )
200.21.21.93
200.30.79.126 ( ce7305-or-mde.orbitel.net.co )
200.206.233.184 (200-206-233-184.dsl.telesp.net.br )
202.72.167.27 ( dsl-202-72-167-27.wa.westnet.com.au )
202.88.129.254
203.160.1.38
203.162.27.195
203.162.27.196
203.162.27.197
203.162.27.198
203.162.27.199
203.162.27.200
203.167.27.7
203.247.156.16
209.200.11.* ( amhotlist.com )
210.211.219.44 ( 210.211.219.44.bb-dynamic.vsnl.net.in )
210.212.204.36
212.49.85.94
212.179.198.80 ( bzq-198-80.red.bezeqint.net )
216.223.54.225 ( mail.xbsolutions.com )
217.34.39.126 ( host217-34-39-126.in-addr.btopenworld.com )
218.55.164.243
218.94.128.70
218.189.216.226
219.93.174.108 ( BRF-CE09-G2-0.tm.net.my )
219.126.90.104 ( i1090104.icntv.ne.jp )
221.203.145.9

Whilst publishing the IPs some wil claim I'm 'breaking' their privacy. Not at all, an IP is an 'address', just like your street address. It's not private, and in fact whenever you surf the web or use anything with TCP/IP you actually freely give it out (that's how the other end knows where to send you the data).

I've published this rather small list (believe me... it's only 48 hours worth!) in the slight hope that some of those users or admins of these networks will notice and get these machines cleaned.

For those interested on learning how to stop the flood of nuisance blog-spam drop me a comment and I'm happy to post further details.