A real solution to PowerShell SSH Remoting

March 30, 2008 at 11:05 PM | categories: windows, security, microsoft, system administration | View Comments

Can't wait for us to ship PowerShell Remoting? Want remoting to use SSH? Why wait for us? /N software has just announced a beta of their NetCmdlets V2.0 which provides PowerShell remoting over SSH today! They've had this for a while and V2 updates (and improves) the usability of the cmdlets as well as adding a bunch of new and exciting commands. For example, chances are that you won't ever see Microsoft ship the [get/send]-s3 cmdlets but /N software V2 does. :-)

http://blogs.msdn.com/powershell/archive/2008/03/27/powershell-remoting-using-ssh.aspx My blog post from 2006 is currently the #1 Google Result for PowerShell SSH, but finally there is a good solution out there from /N software. It also supports S3. Very cool :)

I went to Canada and all I got was this lousy punch card

February 08, 2007 at 12:36 AM | categories: security, random, humor | View Comments

Canada blows my mind. My Canadian friends tried to explain their magical blinking protected left traffic lights, and I didn't quite get it, but I remember thinking there was some logic behind it. Today, driving in Vancouver, I came across regular blinking green traffic lights. I asked my friend about it and after five minutes of explaining, all I got was to go forward on green, I think. Metric continues to blow my mind, even though I spent some of my formative years in Europe. Google Maps automatically switches to metric if your starting position is in Canada. Nifty. Overall, the most baffling thing I have experienced in Canada is the hotel room key. The hotel is nice, but it has a dated feel to it. At one time, you can imagine that it was all very hi-tech, but parts were just never upgraded. Surprisingly, one of these parts is the hotel room key. While most hotels have chosen to go with magnetic swipe cards, this nameless hotel has kept with punch cards. No kidding. Check it out: Yes, just by posting this image, the key could probably be copied. All I could find about this on the 'Net comes from a 1989 Usenet posting:

There used to be only one kind of Ving card lock. Now there are two kinds, as I discovered to my horror a while back while at a convention. The first and possibly "classic" version is all-mechanical, while the second is optical with an electronic controller. I did a longish article on the mechanical one back when I got to take it apart, which I will send to anyone who asks, and since the time of that writing discovered a few more things about it. I believe this article was sent to this very list years ago...

I love stuff like this. These things were spoken about on a security list in '89 with horror and how they ran across them a while back and discussed them "years ago". Not only do these things seem trivial to copy, but seeing the regular pattern in the holes seems to suggest you could easily reverse engineer the algorithm and make keys for every room in the hotel given the room number. I guess you don't need high security in a country where people say they don't even lock their front doors. Good times.

Solaris Secure by Default Design

July 13, 2006 at 09:04 PM | categories: security, solaris | View Comments

Coming from OpenBSD background, installing Solaris can be an eye opening experience. There are many services enabled and listening to the world; luckily for Sun, most Solaris boxes are running on Sparc. Linux used to do the same thing, up until Red Hat starting to get a reputation for getting owned. Finally, there is some sanity at Sun and the Open Solaris project has some design documents on what they are working toward: Secure by Default Design Specification SBD is available in Nevada build 42 and greater.

Fake Identity Generator

June 22, 2006 at 05:24 PM | categories: security | View Comments

Ever wanted a new identity?

17 Mistakes Microsoft Made in the Xbox Security System

June 21, 2006 at 01:29 PM | categories: security, microsoft | View Comments

The folks at xbox-linux have a great article on the 17 Mistakes Microsoft Made in the Xbox Security System. Following is an excerpt of just one back and forth between hackers and Microsoft Security.

The history of Microsoft's reactions to the font vulnerability is the perfect lesson of how to do it wrong.

1. After MechInstaller had been released, Microsoft fixed the buffer vulnerability in the Dashboard and distributed this new version over the Xbox Live network and shipped it with new Xboxes.
2. For the hackers, this was no major problem: It was possible to downgrade the Dashboard of a new Xbox to the vulnerable version. Just run Linux using a savegame exploit, and "dd" the old image. Some people felt downgrading on new Xboxes was not piracy, because after all, Microsoft upgraded Xbox Live users' hard disks to the new version without asking.
3. As the next step, Microsoft blacklisted the old Dashboard in the new kernel. It was impossible to just "dd" an old Dashboard image onto newer Xboxes.
4. Still no major problem for hackers: The second executable on the hard disk, "xonlinedash", which is used for Xbox Live configuration, had the same bug, so it was possible to copy the old "xonlinedash" and to rename it to "xboxdash" to make it crash because of the faulty fonts.
5. Microsoft consequently blacklisted the vulnerable version of "xonlinedash".
6. Again, no major problem for hackers: All Xbox Live games come with the "dashupdate" application, which adds Xbox Live functionality to the Dashboard for the first Xboxes which came without it. This update application has the same font bug, and it can be run from hard disk. So it is possible to copy the file from any Xbox Live game DVD, rename it to "xboxdash" and let it crash.
7. Microsoft could not blacklist this one. Xbox Live enabled games run the update application every time they start, making sure the Xbox has the Xbox Live functionality. Blacklisting "dashupdate" would break these games.

We won.

Solaris Secure by Default (maybe soon)

June 21, 2006 at 10:27 AM | categories: security, solaris | View Comments

Found the following at http://daemons.net/~matty/blog/?p=456:

SARC case 2004/368 : Secure By Default
BUG/RFE:4875624 *syslogd* turn off UDP listener by default
BUG/RFE:5004374 Ship with remote services disabled by default
BUG/RFE:5016956 By default rpcbind should not listen for remote requests
BUG/RFE:5016975 By default snmpd/dx should not be enabled.
BUG/RFE:5016998 By default inetd should not listen for remote connections.
BUG/RFE:5017041 By default sendmail should not listen for remote connections
BUG/RFE:5046450 Create a greenline profile for Secure by Default installation
BUG/RFE:6267741 RFE: One-touch knob for outbound-only sendmail
BUG/RFE:6414308 syslogd could use some lint soap

Oddly enough, I was just complaining about this myself. :)

Concurrent Port Scanner in Haskell

June 13, 2006 at 11:23 AM | categories: security, programming | View Comments

Tom Moertel wrote a very concise port scanner in Haskell. I have never looked at Haskell in any detail, but this program seems pretty impressive. You wouldn't be able to do a port scanner quite so neatly in most other languages. I guess I'll have to put that on the long stack of things to look into in more someday.