Our University is currently on a short 10 day holiday. I have been using the undergraduate labs to do testing of patch managment products and get some real world experience in setting it all up. I left them at about 2am this morning and walked into them again at 12pm this afternoon.
On doing so I couldn't find my pen or some of my ghost boot disks. I got up and looked around where I noticed that two of the machines have been trashed. The one screen is on the floor, the mice and keyboards have been ripped from their wires and the one mouse has been tramped on. There are bots of wire all over the place and a few overturned chairs.
It doesn't look like a theft as the computers were far too broken to have been a failed theft. It could be because some students who are here for the Vac have been inconvienienced by my work, but there are other labs available on campus.
Hopefully with a combination of the cctv cameras, the building's access control logs and some good 'ol fingerprinting we can catch whoever did this. It makes me mad that people can be so destructive.
UPDATE 1: We found a pair of keys complete with dallas chip. This allowed us to identify who the keys belonged to. We are not sure they keys belong to the vandal so we are hoping to find login attempts for his student number in the event logs.
Continue reading "Linux SSH Jail with pam_chroot"
Good quotation:
'It seems that everyone is so completely numbed by Microsoft smooth and systematic release of security patches, that the new mantra for feeling OK when it comes to Internet security is simply: "SP2 and automatic updates, with a sprinkle of good anti-virus, anti-spyware and a slice of anti-malware software tools is all (!) you need to keep Internet threats at bay".'
1An idealised defense strategy using layered defense in depth, where each layer corresponds to a layer on the onion.
2Two of my fellow researchers are working towards this goal. Russell Cloran is looking into trust issues on the semantic web, while Yusuf Motara, is looking at in-kernel, cryptographic verification of binaries. We need more of this kind of work.
Well I just finished the interview. I think it went alright, but not amazing. I have decided that telephone interviews just aren't nice. You get no visial feedback so you get this impression that the interviewer never smiles, which is not true as I recall a laugh or two. I also get this urge to crack jokes all the time (a lot like I do in real life) but most are just innapropriate so I end up not cracking any. The interviewer was friendly and I enjoyed him.
Anyway onto the interview. What they are doing sounds awesome and like something I would really enjoy. The environment, technologies and their use all sound right up my alley.
Continue reading "The Amazon Interview"
Summary below.
Continue reading "Symantec Biannual Internet Security Threat Report"
Our netblock and particularly my blog have had several run ins with texas hold'em and their online poker spam. Time for some vigilante justice by linking to the Wikipedia entry on online poker. Luckily serendipity's spam blocking plugin is very effective. Some have claimed this to be unethical, however I have some counters:
Continue reading "Online Poker Googlebomb"
Earlier today I was contacted by an IRC dork. After playing along for a bit I decided to up the stakes and lowered my IQ. What follows are some of the funniest conversations I have had for a while. I have titled it:
The Lone Ha><or vs. the Evil #freebsd oper Overlords, persistence is its own reward
Continue reading "Dork baiting on IRC"
Continue reading "AIDS testing"
The ever clever Mr Schneier has an article up on why two-factor authentication isn't good enough for a remote log-on. He argues that attackers are shifting their attacks to use fake-bank-frontends which just pass the user's credentials to the real bank, or Trojans which piggy back on the user's session.
Recently there have been several developments that back up his idea. The ISC has been dealing with this and trying to get the banks to shut down, the unicode attack helps etc.
However, currently most internet banking in South Africa relies on a clickable javascript keypad to fool keyloggers (except FNB). Oldskool NetBus can let me defeat that. Not to mention how easy it can be to fool SSL (when was the last time you checked the certificate eh?).
So, while I agree with Mr Schneier, I think it needs to be rephrased. This is another layer in the onion and we need to start looking for more layers.
