Monday, April 27, 2009

More security problems in Windows 7

In spite of the announced increase on security levels, a problem discovered in 2007 in Vista is still causing complications, this time on Windows 7. In 2007, Bruce Schneier points out the problem with the following:
Experts say that the fundamental problem that this highlights is that every stage in Vista's booting process works on blind faith that everything prior to it ran cleanly. The boot kit is therefore able to copy itself into the memory image even before Vista has booted and capture interrupt 13, which operating systems use for read access to sectors of hard drives, among other things.
Interestingly, 2 years after, Windows 7 keep almost the same problems. During HITB (Hack In The Box), wich is a security event, the researchers Vipin Kumar and Nitin Kumar demonstrate here how to gain control of a Windows 7 virtual machine, while during the boot.
It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.

Not only this, but Nitim says that there is nothing to be done, because this is a project problem, where is presumed that during the boot the OS is safe against attacks.
"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said (..)
VBootKit 2.0 is only 3 Kb !!!

Sunday, April 26, 2009

Reinstalling our best tools in Ubuntu 9.04

Finally, Ubuntu 9.04 is right on the way. Since 8.10 version, I have installed lots of tools, and now it is time to install this 9.04 pearl. But, of course I get worried of wasteing some of the tools I was allways making use of. Here I'll show what to do to get all them again.

Levantamento de Software Instalado
I have been using aptitude instead of apt-get for some time, for it is already in the system by the default, in any Debian variant, as Ubuntu is. Besides, aptitude records in log every action. This log file is /var/log/aptitude.log.

Thus, the folowing line will reveal back all tools that have been installed by aptitude, in Ubuntu:
sudo cat /var/log/aptitude | grep "\[INSTALAR\]" |\
cut -d" " -f2 > ~/Desktop/Inst.txt
sudo zcat /var/log/aptitude*gz | grep "\[INSTALAR\]" |\
cut -d" " -f2 >> ~/Desktop/Inst.txt
Consider the "\" by the end of 1st and 3rd lines. It tells BASH that the following line is the continuation of the actual line. Thus I can assure that there are only 2 lines of CLI code. Instead of having them typed, I strongly suggest you to copy and paste them both on BASH CLI.

A file Inst.txt will pop up in the Desktop, and in it a list of the installed files. This is the content of my file:
I removed the dependencies, because they will automatically be installed, but you don't need to.

So, after installing the new Ubuntu version , I will be able to install my stuff with this following line:
aptitude install $(cat ~/Desktop/Inst.txt)
Of course, this only applies to packages installed via aptitude. tar.gz and other ways of installation usually does not apply, because they are not logged by aptitude log file.

Tuesday, April 21, 2009

The top 10 Linux commands on BASH, and more ...

I recognize I am an almost 100% Ubuntu user, either in home or working. But even with all the resources ready to use in a Ubuntu Desktop, and the usability it provides, I am frquently in a CLI (Command Line Interface).

Thus, almost with a new version of Ubuntu, the 9.04, I am searching for all the stuff I have installed in my 8.10, because I will probably reinstall them. Of course, registering this here will help others, and myself.

But, in the warmth of the battle, I questioned myself: what was the command I used the most ? "Googling" the web, I found a post written by MySurface, that shows a soberb pipeline :
history | awk '{CMD[$2]++;count++;}END { for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a;}' | grep -v "./" | \
column -c3 -s " " -t | sort -nr | nl | head -n10
Ok, great and terrible, Godzilla is a tiny and cute gecko, and so on. I assure you, it will not bite you, nor melt your CPU. What it will really do is to show the top ten commands you've issued in BASH. Copy it from here and paste on your console. The result in my root account was:
1 73 14.6% ls
2 37 7.4% ufw
3 37 7.4% cd
4 25 5% iptables
5 23 4.6% aptitude
6 18 3.6% ifconfig
7 14 2.8% man
8 13 2.6% tail
9 13 2.6% du
10 11 2.2% host

That means ls is my most used command: it represents 14.6% of all: it was issued 73 times, in different conditions. This pipeline researched my command history and gave me this results.

I have made a simple modification to see the whole list:
history | awk '{CMD[$2]++;count++;}END { for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a;}' | grep -v "./" | \
column -c3 -s " " -t | sort -nr | nl | less
In this case, press q to finish.


After that, I could see that:
  • To have a better information, I should no use sudo for my administration tasks. Instead, I should login to root ($ sudo su -). Now every command issued by root account will be stored in its history. Guys on Ubuntu does warn that this may be harmful, that's why they provide a so complete sudo resource. So be advised: USE IT WITH CARE! :)
  • Ubuntu default size for History File is 500 lines. I changed this to 1000 lines in ~root/.bashrc, adding the line HISTSIZE=1000 in this file.

Sunday, April 19, 2009

MSN Messenger access Microsoft secretly

At least, most of MSN Messenger does not know that ...

Recently I was called by a friend, to help him in his computer problems. A reasonable desktop box, with Windows XP and ESET anti-virus.

MSN 2009 had been installed, but just was not working. I started ESET firewall, and set him to block data traffic, incoming or outgoing. This way I could watch any MSN access. Unfortunatelly, it did not worked at all, so I started working in some others tries, but left Firewall working in the same way. Searching on Internet, I found this page, with older versions of MSN.

After downloading 8.5, I started removing the 2009 version. Surprisingly, ESET Firewall blocked an access try to the Software Vendor. And more than 3 times !!! I cannot understand this. If I was uninstalling the software, why to contact Microsoft ?

I immediately thought of VLC, as shown in this popup. This just did not happened with MSN. The software did not warned me of this, just did it. this is disgusting. They could at least prompt the user about what was about to be done.

After this bad experience, after breathing deeply, I decided to continue, of course. Having installed 8.5 version, I started it, and I was prompted by a warning of a new version to be installed. Of course, I denied, and ... nothing happened. Twice, 3 times, and nothing happened. That means, get the new verson, it is an order. Or else just does not use it.

Wow! Those guy are really bold!! The computer is owned by the one who bought it, if he wants to use it with an older version, it is his business, not Microsoft business.

Mais uma vez fiquei tremendamente irritado. O computador pertence ao seu dono, ou seja, a quem desembolsou dinheiro para o comprar, e o fornecedor do software se acha no direito de impôr suas decisões sobre qual versão do software o usuário tem que usar. It was his own money!!!

Went for a little (a lotta) water, to cool my hatred. I found some tricks to apply on Register (nothing that easy, as many says) and MSN 2009 (after being re-downloaded) was ready to be used. That's okay, it is a Beta version. It will be fixed.

But, I ask any of you: Why does it must be this way ? please, technical answers, and not those built upon a "I think" basis.