Here is the recap of what went on on the SecurityTwits feed last week.


{ 0 comments }


{ 0 comments }

On a cold cold, frigid, icy, low-temperature, freezing...okay...too much.

One day last winter, Rafal Los, @wh1t3rabbit, Kenneth Johnson, @patories, and I were going to have dinner together. As is often the case with Raf, that means we did a podcast first :)

We had a nice chat about software testing, QA, who should do it, and other ramblings. Go ahead and give it a listen.

MicroCast 04 - Kevin Riggins & Kenneth Johnson - QA + Security Software Testing

As always, comments are welcome below.

-Kevin

{ 0 comments }

Here's what went on around here for the last few days.

Tweets are in ascending date order except for answers to questions which are still in ascending date order, but immediately following the original question.


{ 0 comments }


{ 0 comments }


{ 0 comments }


{ 0 comments }

I have been involved with the Society of Information Risk Analysts from almost the very beginning. I think Jay, Chris, and Alex had the idea and I jumped on board a few days later. It is a fantastic organization that has a very active and lively mail list.

The home page for SIRA is here. "Membership" is free and mainly consists of signing up for the mail list and requesting an account on the website.

Anyhoo. We are having our very first conference. It will be the day before Secure360, i.e. May 7th, and it is going to be a day of awesomeness for those who live and breathe risk analysis and risk management or for those who want to know more.

Go here for more details: SIRACon

Feel free to contact me with questions or post them in the comments.

-Kevin

{ 1 comment }

For some time, there has been a bug in the cryptroot script that makes it odd when you enter your passphrase. Some, including me, have also found it kind of annoying that you have to press the F8 key to get to the console to enter your passphrase.

I have updated the how-to with the fix for the cryptroot bug and with instructions on how to remove the splash screen and boot straight to console mode.

Many thanks for James and Greg for figuring out how to so this.

Included below are the instructions which were added to the blog post. These steps can also be taken to correct an already built Backtrack USB drive. Simply boot the drive and follow the instructions below.

-Kevin

Fixing the Passphrase Entry Bug

When we boot our USB drive, it will appear to be stuck on the splash screen. What is actually happening is that the system is waiting on us to enter our luks password. We have two choices for doing so.

The first is to just type it in when we see the splash screen. This works as long as we have waited long enough for the system to be ready for us. However, it's kind of hard to tell what's going on.

The second option is to press the F8 key which takes us to the console. There we will see the system waiting for us to enter our passphrase and this is where this odd bug shows up.

Initially, it will look like 4 characters have already been entered. They haven't been, but that's what it looks like. Then, every type we press a key, it will reprint the line asking us to enter our passphrase. It is actually taking the input correctly, but, man, it's annoying :)

We can fix that. Greg M and James had a conversation in the comments about this topic and found the resources needed to fix it. James was kind enough to send me the changes that need to be made.

As mentioned, the problem is with the cryptroot script. This script is the script that requests our passphrase and mounts the encrypted volume. Kind of important stuff.

Greg and James used a patch file found in this post in the Backtrack Linux forums. Below I have included the actual changes to be made. Alternatively, you can use a patch file. The commands to perform the patch are as follows. BTW - that's a zero in the patch command.

Warning: You can make your system unbootable if the cryptroot script gets corrupted.

cd ~

wget http://www.infosecramblings.com/cryptroot.patch

patch -u /usr/share/initramfs-tools/scripts/local-top/cryptroot ./cryptroot-patch

If you prefer to do it the manual way, open the file /usr/share/initramfs-tools/scripts/local-top/cryptroot in your favorite editor. Go to line 275. You should see the following:

# Try to get a satisfactory password $crypttries times
 	count=0
 	while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Add the following line right after 'count=0'

echo "Unlocking the disk $cryptsource ($crypttarget)"

The section should now look like this:

count=0
echo "Unlocking the disk $cryptsource ($crypttarget)"
while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Next, skip down to line 291 and you'll see a the following:

if [ -z "$cryptkeyscript" ]; then
    cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

Replace the middle line, the one that starts with cryptkey, with:

cryptkey="Enter passphrase: "

so that it now looks like this:

if [ -z "$cryptkeyscript" ]; then
    cryptkey="Enter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

That's it. Save the file and we are ready to rebuild initrd. To do that, execute the following command.

update-initramfs -u

Now, if having to press the F8 key at boot bugs you, you can change the boot sequence to go directly to the console.

Warning: You can make your system unbootable playing around in here :)

To make the system boot to the console, edit the /boot/grub/grub.cfg file, search for the word 'splash', without the quotes, and delete the word  splash and only that word. The line will end up looking like this:

linux /vmliunx-3.2.6 root=/dev/mapper/vg-root ro text vga=791

If all goes well, you are now ready to cross your fingers and reboot.

{ 0 comments }

Guess or Know?

by kriggins on March 7, 2012

in Uncategorized

Stanford, and other colleges, have started offering some courses online for free. You can see one such portal here. I have started one and a couple others are starting soon. Very good stuff.

Anywho, Several of us were talking on Twitter this morning about a couple of them and the following exchange occurred.

That got me to thinking a little bit about guessing and keeping quiet.

How often in our efforts as security professionals do we guess we know something and don't ask a question?

How often do we assume somebody else knows something and don't offer a comment or provide information?

I know that I have been guilty of both on more occasions than I can count and will be guilty of both many more times in the future.

However, I'm going to work on getting better. Like my tweet above says, it's better to know than to guess.

Which brings up another point. Please folks, don't get offended or snotty when somebody tells you something you already know. That's just rude, particularly, when they have your best interests in mind.

What do you think?

-Kevin

{ 3 comments }