Jump to content

M2G

Moderators
  • Posts

    1838
  • Joined

  • Last visited

  • Days Won

    31

Everything posted by M2G

  1. --[ 1.0 Introduction In this paper I'm going to describe two classes of programming bugs which can sometimes allow a malicious user to modify the execution path of an affected process. Both of these classes of bug work by causing variables to contain unexpected values, and so are not as "direct" as classes which overwrite memory, e.g. buffer overflows or format strings. All the examples given in the paper are in C, so a basic familiarity with C is assumed. A knowledge of how integers are stored in memory is also useful, but not essential. ----[ 1.1 What is an integer? An integer, in the context of computing, is a variable capable of representing a real number with no fractional part. Integers are typically the same size as a pointer on the system they are compiled on (i.e. on a 32 bit system, such as i386, an integer is 32 bits long, on a 64 bit system, such as SPARC, an integer is 64 bits long). Some compilers don't use integers and pointers of the same size however, so for the sake of simplicity all the examples refer to a 32 bit system with 32 bit integers, longs and pointers. Integers, like all variables are just regions of memory. When we talk about integers, we usually represent them in decimal, as that is the numbering system humans are most used to. Computers, being digital, cannot deal with decimal, so internally to the computer integers are stored in binary. Binary is another system of representing numbers which uses only two numerals, 1 and 0, as opposed to the ten numerals used in decimal. As well as binary and decimal, hexadecimal (base sixteen) is often used in computing as it is very easy to convert between binary and hexadecimal. Since it is often necessary to store negative numbers, there needs to be a mechanism to represent negative numbers using only binary. The way this is accomplished is by using the most significant bit (MSB) of a variable to determine the sign: if the MSB is set to 1, the variable is interpreted as negative; if it is set to 0, the variable is positive. This can cause some confusion, as will be explained in the section on signedness bugs, because not all variables are signed, meaning they do not all use the MSB to determine whether they are positive or negative. These variable are known as unsigned and can only be assigned positive values, whereas variables which can be either positive or negative are called unsigned. ----[ 1.2 What is an integer overflow? Since an integer is a fixed size (32 bits for the purposes of this paper), there is a fixed maximum value it can store. When an attempt is made to store a value greater than this maximum value it is known as an integer overflow. The ISO C99 standard says that an integer overflow causes "undefined behaviour", meaning that compilers conforming to the standard may do anything they like from completely ignoring the overflow to aborting the program. Most compilers seem to ignore the overflow, resulting in an unexpected or erroneous result being stored. ----[ 1.3 Why can they be dangerous? Integer overflows cannot be detected after they have happened, so there is not way for an application to tell if a result it has calculated previously is in fact correct. This can get dangerous if the calculation has to do with the size of a buffer or how far into an array to index. Of course most integer overflows are not exploitable because memory is not being directly overwritten, but sometimes they can lead to other classes of bugs, frequently buffer overflows. As well as this, integer overflows can be difficult to spot, so even well audited code can spring surprises. --[ 2.0 Integer overflows So what happens when an integer overflow does happen? ISO C99 has this to say: "A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type." NB: modulo arithmetic involves dividing two numbers and taking the remainder, e.g. 10 modulo 5 = 0 11 modulo 5 = 1 so reducing a large value modulo (MAXINT + 1) can be seen as discarding the portion of the value which cannot fit into an integer and keeping the rest. In C, the modulo operator is a % sign. </NB> This is a bit wordy, so maybe an example will better demonstrate the typical "undefined behaviour": We have two unsigned integers, a and b, both of which are 32 bits long. We assign to a the maximum value a 32 bit integer can hold, and to b we assign 1. We add a and b together and store the result in a third unsigned 32 bit integer called r: a = 0xffffffff b = 0x1 r = a + b Now, since the result of the addition cannot be represented using 32 bits, the result, in accordance with the ISO standard, is reduced modulo 0x100000000. r = (0xffffffff + 0x1) % 0x100000000 r = (0x100000000) % 0x100000000 = 0 Reducing the result using modulo arithmetic basically ensures that only the lowest 32 bits of the result are used, so integer overflows cause the result to be truncated to a size that can be represented by the variable. This is often called a "wrap around", as the result appears to wrap around to 0. ----[ 2.1 Widthness overflows So an integer overflow is the result of attempting to store a value in a variable which is too small to hold it. The simplest example of this can be demonstrated by simply assigning the contents of large variable to a smaller one: /* ex1.c - loss of precision */ #include <stdio.h> int main(void){ int l; short s; char c; l = 0xdeadbeef; s = l; c = l; printf("l = 0x%x (%d bits)\n", l, sizeof(l) * 8); printf("s = 0x%x (%d bits)\n", s, sizeof(s) * 8); printf("c = 0x%x (%d bits)\n", c, sizeof(c) * 8); return 0; } /* EOF */ The output of which looks like this: nova:signed {48} ./ex1 l = 0xdeadbeef (32 bits) s = 0xffffbeef (16 bits) c = 0xffffffef (8 bits) Since each assignment causes the bounds of the values that can be stored in each type to be exceeded, the value is truncated so that it can fit in the variable it is assigned to. It is worth mentioning integer promotion here. When a calculation involving operands of different sizes is performed, the smaller operand is "promoted" to the size of the larger one. The calculation is then performed with these promoted sizes and, if the result is to be stored in the smaller variable, the result is truncated to the smaller size again. For example: int i; short s; s = i; A calculation is being performed with different sized operands here. What happens is that the variable s is promoted to an int (32 bits long), then the contents of i is copied into the new promoted s. After this, the contents of the promoted variable are "demoted" back to 16 bits in order to be saved in s. This demotion can cause the result to be truncated if it is greater than the maximum value s can hold. ------[ 2.1.1 Exploiting Integer overflows are not like most common bug classes. They do not allow direct overwriting of memory or direct execution flow control, but are much more subtle. The root of the problem lies in the fact that there is no way for a process to check the result of a computation after it has happened, so there may be a discrepancy between the stored result and the correct result. Because of this, most integer overflows are not actually exploitable. Even so, in certain cases it is possible to force a crucial variable to contain an erroneous value, and this can lead to problems later in the code. Because of the subtlety of these bugs, there is a huge number of situations in which they can be exploited, so I will not attempt to cover all exploitable conditions. Instead, I will provide examples of some situations which are exploitable, in the hope of inspiring the reader in their own research Example 1: /* width1.c - exploiting a trivial widthness bug */ #include <stdio.h> #include <string.h> int main(int argc, char *argv[]){ unsigned short s; int i; char buf[80]; if(argc < 3){ return -1; } i = atoi(argv[1]); s = i; if(s >= 80){ /* [w1] */ printf("Oh no you don't!\n"); return -1; } printf("s = %d\n", s); memcpy(buf, argv[2], i); buf[i] = '\0'; printf("%s\n", buf); return 0; } While a construct like this would probably never show up in real life code, it serves well as an example. Take a look at the following inputs: nova:signed {100} ./width1 5 hello s = 5 hello nova:signed {101} ./width1 80 hello Oh no you don't! nova:signed {102} ./width1 65536 hello s = 0 Segmentation fault (core dumped) The length argument is taken from the command line and held in the integer i. When this value is transferred into the short integer s, it is truncated if the value is too great to fit into s (i.e. if the value is greater than 65535). Because of this, it is possible to bypass the bounds check at [w1] and overflow the buffer. After this, standard stack smashing techniques can be used to exploit the process. ----[ 2.2 Arithmetic overflows As shown in section 2.0, if an attempt is made to store a value in an integer which is greater than the maximum value the integer can hold, the value will be truncated. If the stored value is the result of an arithmetic operation, any part of the program which later uses the result will run incorrectly as the result of the arithmetic being incorrect. Consider this example demonstrating the wrap around shown earlier: /* ex2.c - an integer overflow */ #include <stdio.h> int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); return 0; } /* EOF */ The output of this program looks like this: nova:signed {4} ./ex2 num is 32 bits long num = 0xffffffff num + 1 = 0x0 Note: The astute reader will have noticed that 0xffffffff is decimal -1, so it appears that we're just doing 1 + (-1) = 0 Whilst this is one way at looking at what's going on, it may cause some confusion since the variable num is unsigned and therefore all arithmetic done on it will be unsigned. As it happens, a lot of signed arithmetic depends on integer overflows, as the following demonstrates (assume both operands are 32 bit variables): -700 + 800 = 100 0xfffffd44 + 0x320 = 0x100000064 Since the result of the addition exceeds the range of the variable, the lowest 32 bits are used as the result. These low 32 bits are 0x64, which is equal to decimal 100. </note> Since an integer is signed by default, an integer overflow can cause a change in signedness which can often have interesting effects on subsequent code. Consider the following example: /* ex3.c - change of signedness */ #include <stdio.h> int main(void){ int l; l = 0x7fffffff; printf("l = %d (0x%x)\n", l, l); printf("l + 1 = %d (0x%x)\n", l + 1 , l + 1); return 0; } /* EOF */ The output of which is: nova:signed {38} ./ex3 l = 2147483647 (0x7fffffff) l + 1 = -2147483648 (0x80000000) Here the integer is initialised with the highest positive value a signed long integer can hold. When it is incremented, the most significant bit (indicating signedness) is set and the integer is interpreted as being negative. Addition is not the only arithmetic operation which can cause an integer to overflow. Almost any operation which changes the value of a variable can cause an overflow, as demonstrated in the following example: /* ex4.c - various arithmetic overflows */ #include <stdio.h> int main(void){ int l, x; l = 0x40000000; printf("l = %d (0x%x)\n", l, l); x = l + 0xc0000000; printf("l + 0xc0000000 = %d (0x%x)\n", x, x); x = l * 0x4; printf("l * 0x4 = %d (0x%x)\n", x, x); x = l - 0xffffffff; printf("l - 0xffffffff = %d (0x%x)\n", x, x); return 0; } /* EOF */ Output: nova:signed {55} ./ex4 l = 1073741824 (0x40000000) l + 0xc0000000 = 0 (0x0) l * 0x4 = 0 (0x0) l - 0xffffffff = 1073741825 (0x40000001) The addition is causing an overflow in exactly the same way as the first example, and so is the multiplication, although it may seem different. In both cases the result of the arithmetic is too great to fit in an integer, so it is reduced as described above. The subtraction is slightly different, as it is causing an underflow rather than an overflow: an attempt is made to store a value lower than the minimum value the integer can hold, causing a wrap around. In this way we are able to force an addition to subtract, a multiplication to divide or a subtraction to add. ------[ 2.2.1 Exploiting One of the most common ways arithmetic overflows can be exploited is when a calculation is made about how large a buffer must be allocated. Often a program must allocate space for an array of objects, so it uses the malloc(3) or calloc(3) routines to reserve the space and calculates how much space is needed by multiplying the number of elements by the size of an object. As has been previously shown, if we are able to control either of these operands (number of elements or object size) we may be able to mis-size the buffer, as the following code fragment shows: int myfunction(int *array, int len){ int *myarray, i; myarray = malloc(len * sizeof(int)); /* [1] */ if(myarray == NULL){ return -1; } for(i = 0; i < len; i++){ /* [2] */ myarray[i] = array[i]; } return myarray; } This seemingly innocent function could bring about the downfall of a system due to its lack of checking of the len parameter. The multiplication at [1] can be made to overflow by supplying a high enough value for len, so we can force the buffer to be any length we choose. By choosing a suitable value for len, we can cause the loop at [2] to write past the end of the myarray buffer, resulting in a heap overflow. This could be leveraged into executing arbitrary code on certain implementations by overwriting malloc control structures, but that is beyond the scope of this article. Another example: int catvars(char *buf1, char *buf2, unsigned int len1, unsigned int len2){ char mybuf[256]; if((len1 + len2) > 256){ /* [3] */ return -1; } memcpy(mybuf, buf1, len1); /* [4] */ memcpy(mybuf + len1, buf2, len2); do_some_stuff(mybuf); return 0; } In this example, the check at [3] can be bypassed by using suitable values for len1 and len2 that will cause the addition to overflow and wrap around to a low number. For example, the following values: len1 = 0x104 len2 = 0xfffffffc when added together would result in a wrap around with a result of 0x100 (decimal 256). This would pass the check at [3], then the memcpy(3)'s at [4] would copy data well past the end of the buffer. --[ 3 Signedness Bugs Signedness bugs occur when an unsigned variable is interpreted as signed, or when a signed variable is interpreted as unsigned. This type of behaviour can happen because internally to the computer, there is no distinction between the way signed and unsigned variables are stored. Recently, several signedness bugs showed up in the FreeBSD and OpenBSD kernels, so there are many examples readily available. ----[ 3.1 What do they look like? Signedness bugs can take a variety of forms, but some of the things to look out for are: * signed integers being used in comparisons * signed integers being used in arithmetic * unsigned integers being compared to signed integers Here is classic example of a signedness bug: int copy_something(char *buf, int len){ char kbuf[800]; if(len > sizeof(kbuf)){ /* [1] */ return -1; } return memcpy(kbuf, buf, len); /* [2] */ } The problem here is that memcpy takes an unsigned int as the len parameter, but the bounds check performed before the memcpy is done using signed integers. By passing a negative value for len, it is possible to pass the check at [1], but then in the call to memcpy at [2], len will be interpeted as a huge unsigned value, causing memory to be overwritten well past the end of the buffer kbuf. Another problem that can stem from signed/unsigned confusion occurs when arithmetic is performed. Consider the following example: int table[800]; int insert_in_table(int val, int pos){ if(pos > sizeof(table) / sizeof(int)){ return -1; } table[pos] = val; return 0; } Since the line table[pos] = val; is equivalent to *(table + (pos * sizeof(int))) = val; we can see that the problem here is that the code does not expect a negative operand for the addition: it expects (table + pos) to be greater than table, so providing a negative value for pos causes a situation which the program does not expect and can therefore not deal with. ------[ 3.1.1 Exploiting This class of bug can be problematic to exploit, due to the fact that signed integers, when interpreted as unsigned, tend to be huge. For example, -1 when represented in hexadecimal is 0xffffffff. When interpreted as unsiged, this becomes the greatest value it is possible to represent in an integer (4,294,967,295), so if this value is passed to mempcpy as the len parameter (for example), memcpy will attempt to copy 4GB of data to the destination buffer. Obviously this is likely to cause a segfault or, if not, to trash a large amount of the stack or heap. Sometimes it is possible to get around this problem by passing a very low value for the source address and hope, but this is not always possible. ----[ 3.2 Signedness bugs caused by integer overflows Sometimes, it is possible to overflow an integer so that it wraps around to a negative number. Since the application is unlikely to expect such a value, it may be possible to trigger a signedness bug as described above. An example of this type of bug could look like this: int get_two_vars(int sock, char *out, int len){ char buf1[512], buf2[512]; unsigned int size1, size2; int size; if(recv(sock, buf1, sizeof(buf1), 0) < 0){ return -1; } if(recv(sock, buf2, sizeof(buf2), 0) < 0){ return -1; } /* packet begins with length information */ memcpy(&size1, buf1, sizeof(int)); memcpy(&size2, buf2, sizeof(int)); size = size1 + size2; /* [1] */ if(size > len){ /* [2] */ return -1; } memcpy(out, buf1, size1); memcpy(out + size1, buf2, size2); return size; } This example shows what can sometimes happen in network daemons, especially when length information is passed as part of the packet (in other words, it is supplied by an untrusted user). The addition at [1], used to check that the data does not exceed the bounds of the output buffer, can be abused by setting size1 and size2 to values that will cause the size variable to wrap around to a negative value. Example values could be: size1 = 0x7fffffff size2 = 0x7fffffff (0x7fffffff + 0x7fffffff = 0xfffffffe (-2)). When this happens, the bounds check at [2] passes, and a lot more of the out buffer can be written to than was intended (in fact, arbitrary memory can be written to, as the (out + size1) dest parameter in the second memcpy call allows us to get to any location in memory). These bugs can be exploited in exactly the same way as regular signedness bugs and have the same problems associated with them - i.e. negative values translate to huge positive values, which can easily cause segfaults. --[ 4 Real world examples There are many real world applications containing integer overflows and signedness bugs, particularly network daemons and, frequently, in operating system kernels. ----[ 4.1 Integer overflows This (non-exploitable) example was taken from a security module for linux. This code runs in the kernel context: int rsbac_acl_sys_group(enum rsbac_acl_group_syscall_type_t call, union rsbac_acl_group_syscall_arg_t arg) { ... switch(call) { case ACLGS_get_group_members: if( (arg.get_group_members.maxnum <= 0) /* [A] */ || !arg.get_group_members.group ) { ... rsbac_uid_t * user_array; rsbac_time_t * ttl_array; user_array = vmalloc(sizeof(*user_array) * arg.get_group_members.maxnum); /* [B] */ if(!user_array) return -RSBAC_ENOMEM; ttl_array = vmalloc(sizeof(*ttl_array) * arg.get_group_members.maxnum); /* [C] */ if(!ttl_array) { vfree(user_array); return -RSBAC_ENOMEM; } err = rsbac_acl_get_group_members(arg.get_group_members.group, user_array, ttl_array, arg.get_group_members.max num); ... } In this example, the bounds checking at [A] is not sufficient to prevent the integer overflows at and [C]. By passing a high enough (i.e. greater than 0xffffffff / 4) value for arg.get_group_members.maxnum, we can cause the multiplications at and [C] to overflow and force the buffers ttl_array and user_array to be smaller than the application expects. Since rsbac_acl_get_group_members copies user controlled data to these buffers, it is possible to write past the end of the user_array and ttl_array buffers. In this case, the application used vmalloc() to allocate the buffers, so an attempt to write past the end of the buffers will simply raise an error, so it cannot be exploited. Even so, it provides an example of what these bugs can look like in real code. Another example of a recent real world integer overflow vulnerability was the problem in the XDR RPC library (discovered by ISS X-Force). In this case, user supplied data was used in the calculation of the size of a dynamically allocated buffer which was filled with user supplied data. The vulnerable code was this: bool_t xdr_array (xdrs, addrp, sizep, maxsize, elsize, elproc) XDR *xdrs; caddr_t *addrp; /* array pointer */ u_int *sizep; /* number of elements */ u_int maxsize; /* max numberof elements */ u_int elsize; /* size in bytes of each element */ xdrproc_t elproc; /* xdr routine to handle each element */ { u_int i; caddr_t target = *addrp; u_int c; /* the actual element count */ bool_t stat = TRUE; u_int nodesize; ... c = *sizep; if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) { return FALSE; } nodesize = c * elsize; /* [1] */ ... *addrp = target = mem_alloc (nodesize); /* [2] */ ... for (i = 0; (i < c) && stat; i++) { stat = (*elproc) (xdrs, target, LASTUNSIGNED); /* [3] */ target += elsize; } As you can see, by supplying large values for elsize and c (sizep), it was possible to cause the multiplication at [1] to overflow and cause nodesize to be much smaller than the application expected. Since nodesize was then used to allocate a buffer at [2], the buffer could be mis-sized leading to a heap overflow at [3]. For more information on this hole, see the CERT advisory listed in the appendix. ----[ 4.2 Signedness bugs Recently, several signedness bugs were brought to light in the freebsd kernel. These allowed large portions of kernel memory to be read by passing negative length paramters to various syscalls. The getpeername(2) function had such a problem and looked like this: static int getpeername1(p, uap, compat) struct proc *p; register struct getpeername_args /* { int fdes; caddr_t asa; int *alen; } */ *uap; int compat; { struct file *fp; register struct socket *so; struct sockaddr *sa; int len, error; ... error = copyin((caddr_t)uap->alen, (caddr_t)&len, sizeof (len)); if (error) { fdrop(fp, p); return (error); } ... len = MIN(len, sa->sa_len); /* [1] */ error = copyout(sa, (caddr_t)uap->asa, (u_int)len); if (error) goto bad; gotnothing: error = copyout((caddr_t)&len, (caddr_t)uap->alen, sizeof (len)); bad: if (sa) FREE(sa, M_SONAME); fdrop(fp, p); return (error); } This is a classic example of a signedness bug - the check at [1] did not take into account the fact that len could be negative, in which case the MIN macro would always return len. When this negative len parameter was passed to copyout, it was interpretted as a huge positive integer which caused copyout to copy up to 4GB of kernel memory to user space. --[ Conclusion Integer overflows can be extremely dangerous, partly because it is impossible to detect them after they have happened. If an integer overflow takes place, the application cannot know that the calculation it has performed is incorrect, and it will continue under the assumption that it is. Even though they can be difficult to exploit, and frequently cannot be exploited at all, they can cause unepected behaviour, which is never a good thing in a secure system. --[ Appendix CERT advisory on the XDR bug: CERT Advisory CA-2002-25 Integer Overflow In XDR Library FreeBSD advisory: Advisory: Boundary checking errors involving signed integers |=[ EOF ]=---------------------------------------------------------------=| Sursa Mai uitati-va pe phrack.com pentru ca aveti de invatat chestii interesante.
  2. http://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf
  3. During a packed-house discussion with students and developers at Aalto University in Helsinki, Finland, Linus Torvalds, the chief architect of the Linux kernel, talked for more than an hour about software, hardware, and all the issues faced by developers today. But there are two seconds that markedly stood out more than anything else. One of the questions posed by someone in the audience was about Nvidia’s lack of compatibility with Linux. “I was expecting that maybe Nvidia would kind of chip in and do something for it, but they said flat out, ‘No. We’re not doing any support … What’s your comments on this?” she asked. Torvalds tried to be diplomatic at first, saying, “”I know exactly what you’re talking about … Nvidia has been one of the worst trouble spots we’ve had with hardware manufacturers.” But then he just let loose, finishing his comments with this great sound byte: “Nvidia has been the single worst company we’ve ever dealth with. So Nvidia, f*** you.” Yeah, he actually said the f-word, and not only that, he also flipped the bird. Want to see this for yourself? You better believe it’s on YouTube. Check out the video below and go to 48:14 to see the entire exchange. Linux architect Linus Torvalds to Nvidia: “F*** You” - SlashGear
  4. M2G

    Salut RST

    Bine ai venit! Uite aici carti: Index of / Nu iti ajunge viata asta sa le citesti pe toate.
  5. Daca vrei sa inveti ceva ai tot forumul la dispozitie. Citeste tutoriale, fa ce vrei tu si nimeni nu are treaba cu tine. Daca ai ceva de impartit poti sa o imparti pe privat cu cei cu care ai probleme. Nu vezi ca te face tot forumul panarama? Sau iti place sa fi tratata asa mai hardcore? Te excita? Bineinteles ca nu ma priveste ce faci pe aici, e treaba ta. Cu toate astea, semnalizezi de zor pe aici si vrei atentie.
  6. Din pura curiozitate te intreb. Ce cauti pe RST?
  7. Web giant says it received more than 1,000 requests from government officials for the removal of content in the past six months, complying with more than half. Google reports it has seen an "alarming" incidence in government requests to censor Internet content in the past six months. The Web giant said it received more than 1,000 requests from governments around the world to remove items such as YouTube videos and search listings. The company, which said it complied with more than half the requests, released a catalog of those requests as part of its bi-annual Global Transparency Report. "Unfortunately, what we've seen over the past couple years has been troubling, and today is no different," Dorothy Chou, Google's senior policy analyst, said in a blog post. "When we started releasing this data, in 2010, we noticed that government agencies from different countries would sometimes ask us to remove political content that our users had posted on our services. We hoped this was an aberration. But now we know it's not." Google said it had received 461 court orders for the removal of 6,989 items, consenting to 68 percent of those orders. It also received 546 informal requests, complying with 46 percent of those requests. The study doesn't reflect censorship activity from countries such as China and Iran, which block content without notifying Google. "Just like every other time, we've been asked to take down political speech," Chou wrote. "It's alarming not only because free expression is at risk, but because some of these requests come from countries you might not suspect -- western democracies not typically associated with censorship." Among the take-down requests was a Polish demand for removal of an article critical of a development agency, a Spanish request for removal of 270 blogs and links to articles critical of the public figures, and a Canadian official's request for removal of a YouTube video of a man urinating on his passport and flushing it down a toilet. All were denied. However, the company said it complied with the majority of requests from Thai authorities for the removal of 149 YouTube videos that allegedly insulted the monarchy, a violation of Thailand law. The Web giant said it also granted U.K. police requests for removal of five YouTube accounts that allegedly promoted terrorism. Google also said it complied with 42 percent of U.S. requests for the removal of 187 pieces of content, most of which were related to harassment. Cam astea sunt tarile care au cerut scoaterea de linkuri din rezultatele google: Government – Google Transparency Report Government – Google Transparency Report Se pare ca Romania nu e printre ele. Copyright removal: Copyright Removal Requests – Google Transparency Report Sursa
  8. Frustrated by their inability to stop sophisticated hacking attacks or use the law to punish their assailants, an increasing number of US companies are taking retaliatory action. Known in the cybersecurity industry as "active defence" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the US or other countries, such as hiring contractors to hack the assailant's own systems. In the past, companies that have been attacked have mostly focused on repairing the damage to their computer networks and shoring them up to prevent future breaches. But as prevention is increasingly difficult in an era when malicious software is widely available on the internet for anyone wanting to cause mischief, security experts say companies are growing more aggressive in going after cybercriminals. "Not only do we put out the fire, but we also look for the arsonist," said Shawn Henry, the former head of cybercrime investigations at the FBI, who in April joined new cybersecurity company CrowdStrike, which aims to provide clients with a menu of active responses. Once a company detects a network breach, rather than expel the intruder immediately, it can waste the hacker's time and resources by appearing to grant access to tempting material that proves impossible to extract. Companies can also allow intruders to make off with bogus files or "beacons" that reveal information about the thieves' own machines, experts say. Henry and CrowdStrike co-founder Dmitri Alperovich do not recommend that companies try to breach their opponent's computers, but they say the private sector does need to fight back more boldly against cyber-espionage. It is commonplace for law firms to have their emails read during negotiations for ventures in China, Alperovich told the Reuters Global Media and Technology Summit. That has given the other side tremendous leverage because they know the Western client company's strategy, including the most they would be willing to pay for a certain stake. But if a company knows its lawyers will be hacked, it can plant false information and get the upper hand. "Deception plays an enormous role," Alperovich said. Revenge attacks Although some strike-backs have occurred quietly in the past, Facebook popularised going on the offensive, said Jeff Moss, founder of the influential Black Hat security conferences and an adviser to the Department of Homeland Security. In January, Facebook named some of the Russian players behind the malicious "Koobface" software that spread through spam on various social networks, earning the gang an estimated $2 million. Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage. "There is no business case for it and no possible positive outcome," said John Pescatore, a National Security Agency and Secret Service veteran who leads research firm Gartner's internet security practice. Nevertheless, the movement shows the deep anger and sense of futility among security professionals, many of whom feel that a bad situation is getting worse, endangering not only their companies but the national economy. "There's nothing you can do" to keep determined and well-financed hackers out, said Rodney Joffe, senior technologist at internet infrastructure company Neustar, and an adviser to the White House on cybersecurity. Joffe recently looked at 168 of the largest 500 US companies by revenue and found evidence in Neustar forensic logs that 162 of them owned machines that at some point had been transmitting data to hackers. Frustration by security professionals is not new. Some privately admitted to rooting for Lulz Security last year during that hacking group's unprecedented spree of public crimes, when it broke into and embarrassed Sony, an FBI affiliate and others with routine hacking techniques. They said the resulting media coverage finally caught the attention of CEOs and legislators, although tougher cybersecurity laws have yet to pass Congress. State-sponsored attacks The security industry's shortcomings were underscored most recently by the discovery of the Flame spying virus in the Middle East. Mikko Hypponen, the well-regarded chief research officer at Finland's F-Secure, told the Reuters Summit his company had a sample of Flame in 2010 and classified it as clean, and later missed another virus called Duqu that was suspected of being backed by Western governments. "These are examples how we are failing" as an industry, Hypponen said. "Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets." Because some national governments are suspected in attacks on private Western companies, it is natural that some of the victims want to join their own governments to fight back. "It's time to have the debate about what the actions would be for the private sector," former NSA director Kenneth Minihan said at the RSA security conference held earlier this year in San Francisco. In April, Department of Homeland Security Secretary Janet Napolitano told the San Jose Mercury News that officials had been contemplating authorising even "proactive" private-entity attacks. Many large security providers no longer preach that keeping the enemy out is paramount. Instead, they adopt the more recent line taken by the Pentagon, which is to assume that hackers have gotten inside and will again. The mainstream advice now is to focus on trying to detect suspicious activity as quickly as possible in order to shut it down. Hitting back with force is only the most colorful of possible responses after that. More common alternatives include deep analysis of what data has been sent out and attempts to learn whether the recipients were competitors, criminals who might try to resell it, or national governments, who might be inclined to share it with local industry. Some experts also say executives should identify their most prized intellectual property and keep it off of networked computers and consider evasive action - such as having 100 versions of a critical digitised blueprint and only one that is genuine, with the right one never identified in emails. "There is a reason that people fly halfway around the world to have a one-hour meeting," Joffe said of intelligence agencies. Sursa
  9. As zice sa inveti C dar mai bine uita-te peste toate. Fa cateva tutoriale chiar daca nu intelegi mare lucru prima data si vezi care iti place mai mult. Daca esti chiar la inceput nu e problema doar de limbaj la tine. Trebuie sa inveti algoritmica. Si pentru asta iti trebuie o carte de structuri de date si algoritmi ca sa poti invata logica unui program. Sa stii cum sa gandesti un program ca mai apoi sa il poti aplica intr-un limbaj de programare. Nu e bine sa te iei dupa ce zice lumea in privinta limbajelor. Experimenteaza si invata cel care te atrage mai mult. Cauta pe net informatii despre diverse limbaje si uita-te pe youtube la clipuri. Poti incepe cu clipurile celor de la "The New Boston" pentru ca te iau cam de la 0 si au tutoriale pentru mai multe limbaje. Dar inca odata, daca nu ai experienta deloc in programare si vrei sa inveti o sa ai nevoie si de o carte buna de structuri de date si algortmi pentru a putea intelege mai bine ce faci acolo si pentru a-ti dezvolta anumite obiceiuri bune de programare. Iti urez bafta si multa rabdare.
  10. Placa de baza are un jumper de reset. Cam pe langa baterie. Scoti acel jumper, alimentezi calculatorul si apesi butonul power. Nu o sa porneasca. Introduci jumperul inapoi si il pornesti iar. Asta ar trebui sa reseteze bios-ul daca zici ca se blocheaza chiar si in bios. Daca nu booteaza nici de pe hdd nici de pe un cd bootabil, verifica placutele ram.
  11. M2G

    java parse help

    Eu am lucrat cu JDOM, cand am avut de a face cu fisiere xml. Iti las mai jos o clasa ca sa intelegi cam cum merge. Nu am commenturi ca a trebuit sa il termin repede si dupa nu ma mai interesat sa le pun. package com.m2g.books.Model; import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.util.List; import java.util.TreeMap; import org.jdom.Document; import org.jdom.Element; import org.jdom.JDOMException; import org.jdom.input.SAXBuilder; import org.jdom.output.Format; import org.jdom.output.XMLOutputter; public class BookParser implements XMLParser{ private TreeMap<String, Object> booksTree; private File xmlFile; private SAXBuilder builder; public BookParser(){ booksTree = new TreeMap<String, Object>(); builder = new SAXBuilder(); xmlFile = new File("src/com/m2g/books/data/books.xml"); } @Override public void parse() { try { Document document = (Document) builder.build(xmlFile); Element rootNode = document.getRootElement(); @SuppressWarnings("rawtypes") List list = rootNode.getChildren("book"); for (int i = 0; i < list.size(); i++) { Element node = (Element) list.get(i); String ISBN = node.getAttributeValue("ISBN"); String Title = node.getChildText("Title"); String Author = node.getChildText("Author"); String Genre = node.getChildText("Genre"); String Price = node.getChildText("Price"); String Quantity = node.getChildText("Quantity"); int price = Integer.parseInt(Price); int qty = Integer.parseInt(Quantity); Book b = new Book(Title, Author, Genre, ISBN, price, qty); booksTree.put(ISBN, ; } } catch (JDOMException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } @Override public TreeMap<String, Object> getElemetsTree() { return booksTree; } @Override public void addElement(Object el) { Book added = (Book) el; try { SAXBuilder builder = new SAXBuilder(); File xmlFile = new File("src/com/m2g/books/data/books.xml"); Document doc = (Document) builder.build(xmlFile); Element rootNode = doc.getRootElement(); String price = Integer.toString(added.getPrice()); String qty = Integer.toString(added.getQty()); Element ISBN = new Element("book").setAttribute("ISBN", added.getIsbn()); Element Title = new Element("Title").setText(added.getTitle()); Element Author = new Element("Author").setText(added.getAuthor()); Element Genre = new Element("Genre").setText(added.getGenre()); Element Price = new Element("Price").setText(price); Element Quantity = new Element("Quantity").setText(qty); ISBN.addContent(Title); ISBN.addContent(Author); ISBN.addContent(Genre); ISBN.addContent(Price); ISBN.addContent(Quantity); rootNode.addContent(ISBN); XMLOutputter xmlOutput = new XMLOutputter(); xmlOutput.setFormat(Format.getPrettyFormat()); xmlOutput.output(doc , new FileWriter("src/com/m2g/books/data/books.xml")); } catch (IOException io) { io.printStackTrace(); } catch (JDOMException e) { e.printStackTrace(); } } @Override public void deleteElement(Object el) { Book toDelete = (Book) el; try { SAXBuilder builder = new SAXBuilder(); File xmlFile = new File("src/com/m2g/books/data/books.xml"); Document doc = (Document) builder.build(xmlFile); Element rootNode = doc.getRootElement(); @SuppressWarnings("rawtypes") List books = rootNode.getChildren("book"); for (int i = 0; i < books.size(); i++) { Element node = (Element) books.get(i); if (toDelete.getIsbn().equals(node.getAttributeValue("ISBN"))) { rootNode.removeContent(node); } } XMLOutputter xmlOutput = new XMLOutputter(); xmlOutput.setFormat(Format.getPrettyFormat()); xmlOutput.output(doc , new FileWriter("src/com/m2g/books/data/books.xml")); booksTree = new TreeMap<String, Object>(); } catch (IOException io) { io.printStackTrace(); } catch (JDOMException e) { e.printStackTrace(); } } @Override public void updateElement(Object el, String oldISBN) { Book toUpdate = (Book) el; try { SAXBuilder builder = new SAXBuilder(); File xmlFile = new File("src/com/m2g/books/data/books.xml"); Document doc = (Document) builder.build(xmlFile); Element rootNode = doc.getRootElement(); @SuppressWarnings("rawtypes") List users = rootNode.getChildren("book"); for (int i = 0; i < users.size(); i++) { Element node = (Element) users.get(i); if (oldISBN.equals(node.getAttributeValue("ISBN"))) { String price = Integer.toString(toUpdate.getPrice()); String qty = Integer.toString(toUpdate.getQty()); node.getChild("Title").setText(toUpdate.getTitle()); node.getChild("Author").setText(toUpdate.getAuthor()); node.getChild("Genre").setText(toUpdate.getGenre()); node.getChild("Price").setText(price); node.getChild("Quantity").setText(qty); node.getAttribute("ISBN").setValue(toUpdate.getIsbn()); } } XMLOutputter xmlOutput = new XMLOutputter(); xmlOutput.setFormat(Format.getPrettyFormat()); xmlOutput.output(doc , new FileWriter("src/com/m2g/books/data/books.xml")); booksTree = new TreeMap<String, Object>(); } catch (IOException io) { io.printStackTrace(); } catch (JDOMException e) { e.printStackTrace(); } } } Aici ai fisierul xml pe care poti sa il folosesti pentru test. <?xml version="1.0" encoding="UTF-8"?> <Library> <book ISBN="0061804193"> <Title>The Cove: A Novel</Title> <Author>Ron Rash</Author> <Genre>Novel</Genre> <Price>51</Price> <Quantity>28</Quantity> </book> <book ISBN="1430272058 "> <Title>Pro WPF in C# 2010: Windows Presentation Foundation in .NET 4</Title> <Author>Matthew MacDonald</Author> <Genre>Technical</Genre> <Price>60</Price> <Quantity>0</Quantity> </book> <book ISBN="12"> <Title>Calico Joe</Title> <Author>John Grisham</Author> <Genre>Novel</Genre> <Price>323</Price> <Quantity>5</Quantity> </book> <book ISBN="0312380828"> <Title>Come Home</Title> <Author>Lisa Scottoline</Author> <Genre>Novel</Genre> <Price>45</Price> <Quantity>15</Quantity> </book> <book ISBN="0596009208 "> <Title>Head First Java, 2nd Edition</Title> <Author>Kathy Sierra</Author> <Genre>Technical</Genre> <Price>58</Price> <Quantity>35</Quantity> </book> </Library> Bun! Uita-te in metoda parse() din acea clasa si vezi ce se intampla. Se ia elementul radacina: Element rootNode = document.getRootElement(); Apoi se creaza o lista cu toti copii acelui root node care au numele/tagul "book": List list = rootNode.getChildren("book"); Se parcurge acea lista si se extrag copii lui book. Faci similar si pentru a intra mai adanc in structura. Nu am timp sa stau sa explic acum dar ruleaza niste exemple si o sa intelegi. Bafta!
  12. Cum ridicam awareness-ul angajatiilor care lucreaza cu date importante(date si informatii care sunt esentiale pentru securitatea unei comanii)? Care sunt cele mai bune moduri de a stabili un canal sigur de comunicare intre doua parti? Cum se poate face distribuirea cheilor din algoritmul RSA astfel incat sistemul sa nu fie vulnerabil unui atac de tipul man in the middle? Daca se folosesc certificate cum se folosesc si de ce? Cum te protejezi cand te conectezi la o retea wireless nesecurizata? Cum si cat de tare sunt corelate informatiile despre tine pe care o entitate X poate sa le analizeze? Cum si ce poate deduce din analiza acestora? Cat de tare e bine sa fii expus? O expunere prea mare face ca un atacator sa isi faca mai usor un profil psihologic al tau si sa isi organizeze mai eficient atacul? Cam asta imi vine acum in minte, daca imi mai vine vre-o idee revin.
  13. Cred ca au schimbat GUI-ul doar pentru a semana mai tare cu metro style din windows 8.
  14. http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf Mirror: FileShare Download iOS_Security_May12.pdf
  15. Exemplele cu bananele si ce mai vezi prin poze sunt doar de demonstratie. E interesant cand poti sa iti desenezi pe o coala de hartie niste butoane si sa le folosesti ca si controller. Poti de asemenea sa iti faci un joystick cu destula imaginatie. Chestia cu acest dispozitiv e ca poti sa il conectezi la ce vrei si sa folosesti acel obiect pentru a controla calculatorul. Uitati-ca la acel video de pe site. Nu ii pot pune embed aici...
  16. Costa 40$. O sa apara prin august. Se poate face preorder. Scrie mare pe site in partea dreapta.
  17. Uitati-va la primul video de la ei de pe site. E super tare dispozitivul. What Can I Make? That's up to you! First, load up a computer program or any webpage. Let's say you load up a piano. Then, instead of using the computer keyboard buttons to play the piano, you can hook up the MaKey MaKey to something fun, like bananas, and the bananas become your piano keys Or let's say you Google for an online Pacman game and draw a joystick with a pencil: Then you can play Pacman by touching the drawing. Or you could load up facebook or gmail and send a message on a custom-made alphabet-soup keyboard: What's MaKey MaKey? MaKey MaKey is an invention kit for the 21st century. Turn everyday objects into touchpads and combine them with the internet. It's a simple Invention Kit for Beginners and Experts doing art, engineering, and everything inbetween: The kit will include everything you see above: MaKey MaKey, Alligator Clips, USB Cable. How Does it Work? Alligator Clip two objects to the MaKey MaKey board. For example, you and an apple When you touch the apple, you make a connection, and MaKey MaKey sends the computer a keyboard message. The computer just thinks MaKey MaKey is a regular keyboard (or mouse). Therefore it works with all programs and webpages, because all programs and webpages take keyboard and mouse input. Make + Key = MaKey MaKey! Who is MaKey MaKey For? Artists, Kids, Educators, Engineers, Designers, Inventors, Makers... Really it is for everyone. Here is a photo of some 8-year-olds using MaKey MaKey in a Maker Space: She invented a "knife-and-log" interface for cutting virtual wood in an online game. We ran a workshop in February 2012 with some professors and grad students who specialize in interaction design. One grad student made this beachball game controller: Another grad student made this working pressure sensitive switch by layering Play-Doh under a spring: The workshop took place at Queen's University during a conference. With MaKey MaKey, kids can start inventing right away, and experts can make working prototypes in minutes instead of days. What materials work with MaKey Makey? Any material that can conduct at least a tiny bit of electricity will work. Here are some materials people have used in our workshops including Ketchup, Pencil Graphite, Finger Paint, Lemons, etc.: Other materials that work great: Plants, Coins, Your Grandma, Silverware, Anything that is Wet, Most Foods, Cats and Dogs, Aluminum Foil, Rain, and hundreds more... Why Are You Creating MaKey MaKey? We believe that everyone is creative, inventive, and imaginative. We believe that everyone can create the future and change the world. So we have dedicated our lives to making easy-to-use invention kits. We believe that the whole world is a construction kit, if we choose to see it that way. We are inspired by the Maker Movement. We want to help people start to think of themselves as Makers and agents of change. When you have the "Maker's Mindset," you know you can change the world. Before we created MaKey MaKey we worked on other creative tools and invention kits such as: Drawdio, Singing Fingers, and Scratch. Have You Prototyped This? Everything in the video is real, running on either the first or the second prototype. Two years ago, we created the first prototype for MaKey MaKey at the San Francisco Exploratorium: Then we built the second prototype from 2011 to 2012, which looks like this: Our third prototype was just made, and looks like this: Right now, we are designing the kit a fourth time. What Does the Back of the Board Look Like? Mai multe vedeti voi pe site-ul lor. E super tare ideea. MaKey MaKey: An Invention Kit for Everyone (Official Site)
  18. The hackers have sure been busy. In less than 10 days, a slew of social media sites, including LinkedIn, Last.fm and eHarmony, have had their security breached and user info leaked. Yet, while the mainstream press devoted copious digital ink to these high-profile incidents, it largely missed another more interesting–and worrisome –hack perpetrated this month. On June 1, the hacktivist group UGNazi hijacked the domain of the notorious imageboard 4chan and redirected visitors to a UGNazi-owned Twitter account. The hackers called 4chan a “playground that allows pedophiles to share their ‘collections’ and the disgusting bronies [fans of the cartoon My Little Pony] to hang out,” but added they had carried out the attack mostly for their own amusement. Juvenile rhetoric and bravado aside, what makes the 4chan hack interesting is how it was done. UGNazi got to 4chan by attacking the site’s host — a company called CloudFlare — and did so by exploiting a flaw in Google’s authentication system. “The attack was the result of a compromise of Google’s account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps,” wrote CloudFlare’s CEO Matthew Prince. Rather than crack Prince’s password, it seems, UGNazi asked Google for an account reset. This is because, should users forget their password, Google gives them the option of having a new one sent to a mobile phone associated with the account. Prince believes the hackers began the recovery process and then tricked (hackers might say “socially engineered”) AT&T’s support staff into giving them access to his voicemail, where the code would have ended up. From there, it was a matter of using Prince’s personal email to recover his Google Apps business account. Technically, the additional security Google puts on business accounts — in the form of two-factor authentication – should have prevented this. When UGNazi hackers logged in, they should have been asked for an additional piece of verification. However, a glitch in Google’s system allowed them to circumvent this as well. “If an administrator account that was configured to send password-reset instructions to a registered secondary email address was successfully recovered, two-step verification would have been disabled in the process,” Google said in a statement. The search giant has since fixed the problem, but it’s a timely reminder of the inverse relationship between convenience and vulnerability. When our devices and programs are all interconnected, we’re only as secure as the weakest link. In Prince’s case, the keys to his business were available to anyone with access to his voicemail. If we’re going to take online security seriously, then we’ll have to think about more than just strong passwords; after all, Prince was using a random string of more than 20 characters. We need to put walls up between the different computers we use and stop relying so heavily on so few companies. We can start by not giving Google our phone number. Sursa
  19. We'll get you past the daunting configuration issues so you can use OpenVPN to provide no-cost, secure networking for your Windows, Mac or Unix/Linux systems. OpenVPN is famously difficult to get up and running, but the truth is that it needn’t be. In this second and concluding OpenVPN article I am going to go through what it takes to get an OpenVPN Ethernet tunnel set up between a laptop computer and an office or home machine acting as an OpenVPN server. Downloading and Installing OpenVPN Before you can get OpenVPN running on any computer you need to download and install it: Windows: Download the OpenVPN GUI installation package from OpenVPN GUI for Windows Red Hat, Fedora, CentOS: Download RPM packages from Index of /openvpn Ubuntu: Download and install OpenVPN using Synaptic Package Manager Mac OS X: Download and install Tunnelblick OpenVPN GUI client installation package from tunnelblick - OpenVPN GUI for Mac OS X - Google Project Hosting Source code: Download source code from Downloads, compile and install it. Creating a Public Key Infrastructure Once you’ve got OpenVPN successfully installed, it’s time to build the public key infrastructure needed for certificate-based authentication. If you don’t know what this means, don’t worry: just follow the instructions. A fuller explanation can be found at HOWTO To get started, you’ll need to use the Easy-RSA PKI suite. On Windows machines you’ll find it at: C:Program FilesOpenVPNeasy-rsa On Linux machines this will probably be installed in an easy-rsa directory machines at /usr/share/doc/packages/opevpn or /usr/share/doc/openvpn-2.0, but it’s a good idea to move this to /etc/openvpn to prevent it getting overwritten by future updates. Generating the Master Certificate Authority (CA) Certificate & Key Windows: From the Start button select cmd, and in the command window type: cd "C:Program FilesOpenVPNeasy-rsa Linux/BSD/UNIX: Open a terminal window and type: cd /etc/openvpn/easy-rsa (assuming you have moved the easy-rsa directory to this location) Then type the following commands, followed by return: Windows: init-config vars clean-all build-ca Linux/BSD/UNIX: ./init-config ./vars ./clean-all ./build-ca The last command will invoke a window which will ask for a series of values. You can press the return key to enter the default values for all of these except the value for Common Name. For this, type: TestVPN Generating the Server and Client Certificates and Keys Then next step is to generate a server certificate and key, again using the Easy-RSA suite. The command for this is: Windows: build-key-server server Linux/BSD/UNIX: ./build-key-server server In the interactive session that follows, simply press Enter to provide the default value each time, until you are asked for a Common Name. For Common Name enter “server” , then continue entering the default values until prompted to sign the certificate. Answer “y” to this question and to the following one to finish. Then generate the certificate and key for your client machine. The process is similar to the one for building the server certificate and key, but this time enter client1 as the common name. If you think you may want to access the OpenVPN server from more than one laptop, repeat the process, replacing client2 or client3 for client1 each time. Windows: build-key client1 Linux/BSD/UNIX: ./build-key client1 Generating Diffie-Hellman Parameters The final step is to generate Diffie-Hellman parameters for key exchange: Windows: build-dh Linux/BSD/UNIX: ./build-dh You’ll find the results of all this work in a subfolder called keys in the easy-rsa folder, and the final task is to move the client key and certificate to your client device. The files in question are client1.key and client1.crt. (If you have created more than one client certificate key and certificate, move the client2.key and client2.crt files to the second machine, and so on.) Windows: place the files in C:WindowsProgram FilesOpenVPNeasy-rsakeys Linux/BSD/Unix: place the files in /etc/openvpn/ Your public key infrastructure is now set up. Creating the OpenVPN Configuration Files When OpenVPN runs it reads a configuration file at c:Program FilesOpenVPNconfig (Windows) or in /etc/openvpn (Linux/BSD/Unix). This text file contains all the information OpenVPN needs to know to make or receive a connection, so it’s crucial that these files are correct. The easiest way to get OpenVPN working in the way we want is to edit the highlighted lines in the following config files to match your network setup, save them as a text file and copy them to the appropriate location. Server configuration file: #server config file start local 192.168.1.15 # Change this address to the IP address of the network card attached to your router. To ensure this does not change you need either to have a static local IP address, or to configure your router to always assign this local IP address to your server. port 1194 # This is the port OpenVPN will run on. Change it to a different port if you prefer proto udp mssfix 1400 push "dhcp-option DNS XXX.XXX.XXX.XXX" # Replace the Xs with the IP address of the DNS server for your network push "dhcp-option DNS YYY.YYY.YYY.YYY" # Replace the Xs with the IP address of the secondary DNS server for your network dev tap ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this location to /etc/openvpn (without quotation marks) for Linux/BSD/Unix systems cert "C:\Program Files\OpenVPN\easy-rsa\keys\server.crt" #change this location to /etc/openvpn for Linux/BSD/Unix systems key "C:\Program Files\OpenVPN\easy-rsa\keys\server.key" #change this location to /etc/openvpn for Linux/BSD/Unix systems dh "C:\Program Files\OpenVPN\easy-rsa\keys\dh1024.pem" #change this location to /etc/openvpn for Linux/BSD/Unix systems server 192.168.10.0 255.255.255.128 # This will be the virtual IP address and subnet of the server’s OpenVPN connection. Change it to something similar like 192.168.11.0 if this subnet is already in use ifconfig-pool-persist ipp.txt push "redirect-gateway def1" keepalive 10 120 cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below (which must be the same as the client) #cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo max-clients 3 # Change the 3 to the number of client keys you have created persist-key persist-tun status openvpn-status.log # user nobody # remove the # at the start of the line for Linux/BSD/Unix systems # group nobody # remove the first # at the start of the line for Linux/BSD/Unix systems verb 1 #config file ends Save this file as server.ovpn, and move it to c:Program FilesOpenVPNconfig (Windows) or /etc/openvpn (Linux/BSD/Unix) What to Do If You Don’t Have a Static Public IP Address OpenVPN clients connect to the OpenVPN server using a public IP address or host name that needs to be entered into the client config file. If your ISP provides your business or home network with a dynamic IP address that changes each time an Internet connection is reset then your client config will no longer work after a reconnection. To get round this you can get a free hostname from DynDNS which automatically points to your dynamic IP address, even when it changes. To get a dynamic host name (such as myhost.dyndns.org) visit Managed DNS | Outsourced DNS | Anycast DNS. Client Configuration File #client config file start client dev tap proto udp remote XXX.XXX.X.XXX 1194 #Change the Xs to the static public IP address of your home or office network. If you do not have a static IP enter you dyndns name (like yourhost.dyndns.org) here. If you changed the port from 1194 to another port number in the server config change the 1194 here to the appropriate port number route 192.168.1.0 255.255.255.0 vpn_gateway 3 #Change this to the IP address scheme and subnet of the local network your server is on. resolv-retry infinite nobind persist-key persist-tun ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this to “/etc/openvpn/ca.crt” on Linux/BSD/Unix systems cert "C:\Program Files\OpenVPN\easy-rsa\keys\client1.crt" # change this to “/etc/openvpn/client1.crt” on Linux/BSD/Unix systems key key "C:\Program Files\OpenVPN\easy-rsa\keys\client1.key" # change this to “/etc/openvpn/client1.key” on Linux/BSD/Unix systems. This key file should be kept secret ns-cert-type server cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below #cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo verb 1 # user nobody # remove the first # at the start of the line for Linux/BSD/Unix systems # group nobody # remove the first # at the start of the line for Linux/BSD/Unix systems # end of client config file Save this configuration file as a text file called client1.ovpn, and save it to c:Program FilesOpenVPNconfig (Windows) or /etc/openvpn (Linux/BSD/Unix) on your client device Setting Up the Router There are a couple of configuration changes that need to be made to the router connected to your server in order for OpenVPN to work properly. Port Forwarding Port forwarding ensures that any traffic sent to your router from the Internet on port 1194 (or the port that OpenVPN is configured to use in the configuration files) is forwarded to the local IP address of your server machine. To ensure this does not change you need either to configure the server machine to have a static local IP address, or to configure the DHCP server in your router to always assign the same local IP address to your server. To configure port forwarding, log on to your router’s configuration page, find the option for port forwarding, and enter the following information: Name: OpenVPN Protocol: UDP Starting Port: 1194 (change this as necessary) End Port: 1194 (change this as necessary) Forward to: 192.168.1.15 (change this to the local IP address of your OpenVPN server) You’ll also the following routing information on your router’s “routing” or “advanced routing” page, to ensure that data can travel between the OpenVPN link and other devices on your home or office network: Route name: OpenVPN Destination LAN IP: 192.168.10.1 (change this to the virtual IP address specified in the server configuration file) Subnet Mask: 255.255.255.252 Default Gateway: 192.168.1.15 (change this to the IP address of your home computer) Running OpenVPN To run OpenVPN, you need to start OpenVPN first on the server, and then on the client. Remember that the client machine needs to be connected to a different network. Starting the server using Windows: Start OpenVPN GUI, then right click on the program’s icon in the system tray, select “server” and then “connect”. Starting the server using OS X: From the Tunnelblick OpenVPN GUI select Connect “server” Starting the server using Linux/BSD/Unix: Start a terminal window, then as root (or using sudo) type: openvpn –-config /etc/openvpn/server.ovpn Repeat the process on the client machine, replacing “client1” for “server” Testing OpenVPN To confirm OpenVPN is working, try pinging another device connected to your LAN using its LAN IP address. You can also open a browser on your client machine, and check your IP address by visiting a site like What's My IP Address? Networking Tools & More If OpenVPN is working correctly the IP address of your server, not your client machine, will be shown. Sursa
  20. Digital certificates lie at the heart of Public Key Infrastructure (PKI) security technologies such as encrypted email, document signing, VPN access, server SSL authentication, and software code signing. Certificates are a vital part of PKI because they provide a means to establish the ownership of an encryption key. If you have someone else's public key, then you can send them an encrypted message that only they can decrypt with their private key. You can also verify someone else's identity by using their public key to decrypt something that could only have been encrypted with their private key. Certificates are typically issued by Certificate Authorities (CAs), which are trusted third parties whose root certificates (containing their public keys) are bundled in all popular web browsers . A certificate issued by a CA states that something is true, and is digitally signed with the CA's private key. Since every browser has the CA's public key, it can use that to verify that the certificate really was issued by the CA in question. Then it simply comes down to a matter of trust: Do you trust the reputation of the CA, and therefore do you believe that what the CA certifies to be true really is true? Established CAs such as VeriSign have good reputations, and for that reason they can charge for the certificates they issue. In fact they charge a range of prices for certificates, based on the length of keys that are employed and the amount of effort they put into verifying that the information they are certifying is correct. For example, a basic VeriSign SSL certificate valid for one year costs $399, while an Extended Validation certificate which requires more extensive fact checks costs $1499 for one year. But if your organization runs a secure web server that's only used by employees, or if you encrypt email sent between employees, or if you use digital certificates to authenticate employees onto the corporate VPN, then there's really no need to pay a CA for certificates at all. That's because you can act as your own CA and issue your own digital certificates for internal corporate use. The benefit to rolling your own certificates is that you can issue as many certificates as you like for free, although you do have to factor in potential CA software licensing fees, plus the cost of the server hardware used to run the software. You'll need to keep your CA private key secure to prevent hackers from using it to issue fraudulent certificates , but this is arguably no riskier than relying on a third party CA to keep its private key secure (as the Diginotar debacle proved). So what happens when a web browser encounters a certificate issued by your company? Normally, it would alert the user that the certificate has not been issued by one of the trusted CAs whose root certificates are bundled with the browser. To avoid this alert, you'll need to equip your employees' browsers with your organization's root certificate, which is easy to do. What you can't do is put your CA root certificate into the browsers of people outside your organization – and that's why certificates issued by your organization are only really useful for internal corporate use. How to issue your organization's own digital certificates There are many packages around for different operating system environments, including OpenSSL (multi-platform) and Keychain Assistant (part of OS X.) (An article on Enterprise Networking Planet explains how to set up your own CA using OpennSSL as part of a VPN implementation.) For the purposes of this guide we will use SimpleAuthority, a GUI -driven application which is available for Linux, Windows and OS X. The software is free for up to 4 users, $50 for up to 50 users, and $860 for 50 or more users. Software that issues certificates needs to be secure, so it is highly recommended you install SimpleAuthority on a dedicated server. Once SimpleAuthority has been installed, the first thing you'll be asked to do before you can issue any certificates is create a new Certificate Authority. Click Yes to create a new CA. Next, fill in the details such as the CA's name (probably the name of your organization) and the expiry date of your CA. Ten years is a good default term. You'll now need to add some entropy into the system by moving your mouse or pressing keys until the software has enough "randomness" to generate the keys for the CA certificate. You'll also be asked for a master password to protect the CA certificate. Be sure to choose a strong password as the CA certificate needs to be highly secure. SimpleAuthority works with the concept of users, to whom certificates are issued. A user can be a person or a server. To enroll a new user and create a certificate, click on the New User icon at the top left hand side of the application, or select File-New User. Then fill in the user's name, select General Purpose (for a person) or SSL Server (for a server) from the Certificate Type drop down box, and add an email address and other information if you wish. Select a validity period (usually 365 days), and click New Certificate at the bottom of the screen. Next, export all your certificates to a folder for distribution to end-users or servers by going to the Tools menu and choosing Export - Latest Certificates. Importing your CA root certificate into users' browsers To avoid presenting users with a warning every time they encounter one of your organization's certificates, you need to import your CA certificate into their browsers. To do this you'll first need to export the CA certificate from Simple Authority by selecting Tools - Export - CA Certificate. The certificate can then be distributed to individual users. To import the CA certificate into Internet Explorer on a user's machine: Select Tools - Internet Options Click the Contents tab, and then Certificates Click the Trusted Root Certification authorities tab, and the Import… button so that the Certificate Import Wizard starts. Next, select the certificate and allow Windows to select the correct certificate store, and click finish. A security warning will appear to alert you that you are about to install a CA certificate. Click Yes to install the certificate anyway. Your CA certificate will now appear in Internet Explorer's Trusted Root Certification Authorities lists: n Mozilla Firefox, you'll need to go to Tools - Options and then click the Advanced and then the Encryption tabs. Then click View Certificates, and finally click Import to select and import your CA certificate. Once your CA root certificate is installed in user browsers, you can then use the certificates you issue just as you would commercially available certificates - but without the associated costs. Sursa
  21. La multi ani omnule! Sa ai parte de tot ce iti doresti. Apropo, cred ca sunt a treia persoana care ti-a zis doar ca nu ai vazut. Uita-te pe un anumit site de socializare.
  22. Video aici: http://blip.tv/play/AYLz_y8C.html?p=1 Download video: http://blip.tv/file/get/Chrisjrn-AndroidTheYearOfLinuxOnThePalmtop795.m4v Here’s my talk from the Hobart TasLUG meeting yesterday (18 April 2012) on the features of Android from the point of view of a Linux user — both from a technical perspective, and issues arising from Android’s unique status as an Open Source OS for cellphones. If you want to download the video, you can download it, or watch it in the embedded format later in this post… Enjoy! Sursa
×
×
  • Create New...