Sudo and Su Considered Harmful, Sudo/Su Bruteforce Utility


Aug 10, 2010

Sudo and Su Bruteforce 0.1 [sig]

INTRODUCTION

Two years ago I noticed that su and sudo both contain a fatal flaw: administrator passwords. Administrator passwords have found themselves at the core of our security. OpenSSH does not allow root to login by default because on rare occasion administrator passwords can be bruteforced. Nearly all Linux and BSD systems recognize this. Some system administrators still don't recognize this due to business constraints. Users that have insecure passwords can be bruteforced if an attacker knows their name. The common system of first letter and last name or handle as the username gives an attacker a good list of users to bruteforce. How many administrators use the username jsmith? How many administrators use the username admin? Su and sudo may be considered harmful if we consider that usernames can be learned and that passwords can be bruteforced.

Removing the password component, we can compare sudo and su to the Windows Vista and Windows 7 administrator access security model: give a user administrator access when they ask for it. This person must be designated as an administrator by the original owner of the system. This seems obvious and tautological but we have yet to introduce an attacker with two different methods of attack.

Read more »

Strange


Jun 3, 2010

*nix have some strange concepts. This will be a brief blog because I have little to say. In the grep manual, I found a reference to an obscure option:

       -Z, --null
              Output  a  zero  byte  (the  ASCII  NUL  character) instead of the character that normally
              follows a file name.  For example, grep -lZ outputs a  zero  byte  after  each  file  name
              instead  of  the  usual  newline.   This  option makes the output unambiguous, even in the
              presence of file names containing unusual characters like newlines.  This  option  can  be
              used  with commands like find -print0, perl -0, sort -z, and xargs -0 to process arbitrary
              file names, even those that contain newline characters.

Did you read that? It's saying that you can have a newline in a filename, so I tested that out:

jvoss@localhost ~ $ touch 'blah
> yak
> dah'
jvoss@localhost ~ $ ls
Desktop                           j0anna1.crt           regdev
asos2l.txt                        j0anna1a.crt          src
blah?yak?dah                      j0anna1a1.crt         stage3-amd64-20090611.tar.bz2
emerge_kate1.txt                  libusb-1.0.8.tar.bz2  suzy_make.conf
emerge_kdebase-runtime-meta1.txt  lin2632.cfg           suzy_world.txt
emerge_kdebase-startkde1.txt      lin2632a.cfg          time1.py
emerge_konsole1.txt               media                 use1.txt
iwlist1.txt                       necessary.txt         wmii+ixp-3.9-2.tbz
iwlwifi-5000-ucode-8.24.2.12      portage-2010a.tgz     wpa_lev1.conf
iwlwifi-5000-ucode-8.24.2.12.gz   recent                xness.txt

See that blah?yak?dah file there? It's replacing newlines with ? because it doesn't want to display something else. That's probably very smart. Tab completion however, shows a completely different story:

Read more »

Japanese Spam Analysis (or Artificially Intelligent Teaching by Statistics)


Sept 25, 2008

Japanese AI version 0.1 [sig]

Japanese spam is a good indicator of text in Japanese language. It is also very good tool for understanding common Japanese speech. Most spam is designed to trick the recipient into e-mail or visiting a site. Unlike English spam, most Japanese spam is extremely well-written, targeted at the net savvy and quite well-educated Japanese audience. Also, since spam filters in Japan can pick out words much quicker (since Japan uses Kanji), spammers are using higher quality spam generators.

Read more »

Reverse Engineering Binary Kernel Drivers


Written Oct 8 - 26, 2008
Research Done Apr 27 - May 25, 2008

Reverse Engineering 1 version 0.1 [sig]

Linux Kernel drivers are very important this year and will continue to be in the coming years. Multiple kernel driver projects are underway and multiple methods are being used to develop them. As a software developer and hacker, I find that reverse engineering is one of the most important methods in writing kernel drivers for devices that currently lack open source drivers. Whether the method is snooping in on communication, brute forcing data, or analysis of driver state, reverse engineering tactics are employed. In this essay I will be reverse engineering a binary kernel driver, which is protected under copyright law as a fair use of copyrighted material. If you feel that I am violating your copyright during the production of this, please feel free to contact me and I will be glad to discuss this. Note however on the other hand that currently several Linux copyright holders consider binary blobs to be violations of their GPL copyright. These issues are connected and yet immaterial at this point. Let's just write the code.

Read more »

« previous next »