Custom Search

Monthly Archives: August 2009

This really scares me!

0
Posted by Justin on August 29, 2009 – 5:32 am
Filed under security

http://news.cnet.com/8301-13578_3-10320096-38.html?tag=rtcol;inTheNewsNow

I was reading and Found this article above, yes i have been hearing about it early yesterday but just got around to read what all the talk was about. This Bill really scares me, Government ability to turn off the Internet? This is Ridiculous, turning off a major communications to private networks. so before I jump to any conclusion, Lets read the Bill and then criticize them and there socialized dreams.

Ok after reading the 55 page document, I’m a little scared of what they are proposing. first of all there is a lot of spending in the bill for how little it is but i can agree with some of the spending, but not all.

for example i can agree to put an ad campaign to bring people’s Internet security up to date but i cant agree with things like “section 5 C (3) make loans, on a selective, short-term basis, of items of advanced cyber security countermeasures to small businesses with less than 100 employees.” is the US gov a Bank ? oh yeah they are now, i forgot they took over some banks…….ha ha!

or creating a bunch of cyber soldiers under the section 12, so you get a free education and now you have to work for the government under the control of the cyber czar, So who is going to be the balance to this new power to keep it in check, it look like its up for review ever 2 and 4 years, that’s along time in between policy changes when things on the Internet change in an instant. What about section 7?

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.

    (a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals.
    (b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.

So now government wants to control who is employed at these “critical systems” and must be certified and reported to congress, and its Illegal to work there with out that licence? How much wil this cert be can any one get it, or will it be like the civil service test? I make this analogy, that to fix a windows PC you have to be certified By microsoft and any individual fixing it is breaking the law….now i know its a little out there but that is how i see it, This is another example of Government trying to control another part of our lives. Read it carefully….”as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program.” so any system that the president sees as critical will be off limits to those not licenced by the goverment. So what constitutes a Critical system? well your guess is good as mine but let me throw something out there, I work on Credit card processing and network issue for a Major company, will my job become critical because i work with the network that affects credit card processing? will i have to shell out the cash to become certified? or will the all mighty government subsidize it, I really couldn’t tell you but it does make me worry, that they can call anything critical and then regulate who can work there.

next is the Part about IP addressing in the US, now the government will have a say so on who gets what IP addresses and must go through an advisory panel, now that sounds like a great idea from the people that cant even streamline the health care system or the post office of freddie or fannie!! Whats next our local networks?

SEC. 8. REVIEW OF NTIA DOMAIN NAME CONTRACTS.

    (a) IN GENERAL- No action by the Assistant Secretary of Commerce for Communications and Information after the date of enactment of this Act with respect to the renewal or modification of a contract related to the operation of the Internet Assigned Numbers Authority, shall be final until the Advisory Panel–
    • (1) has reviewed the action;
    • (2) considered the commercial and national security implications of the action; and
    • (3) approved the action.
    (b) APPROVAL PROCEDURE- If the Advisory Panel does not approve such an action, it shall immediately notify the Assistant Secretary in writing of the disapproval and the reasons therefor. The Advisory Panel may provide recommendations to the Assistant Secretary in the notice for any modifications the it deems necessary to secure approval of the action.

Ok so section 10 has a great Idea, make the public aware of the impending doom of there PC, LOL, yes it it a great idea to inform people, maybe if people are informed we may make an impact on the botnets that cause most of these attack, WOW personal responsibility thats a novel idea, maybe some one will learn something and prevent there PC from becoming a spam zombie or a DDOS ghoul. Its almost 2010, almost 20 years of PC expierence is out there, i say 20 because before 1990 PCs didn’t really have this kind of power and accessibility to the world, so how come we need to educate the people about cyber security? i really cant rtell you people should have that concept down by now especially with all the viruses, malware, spyware, rogue application out there people really should already have a clue, but i am proven wrong every day……..”i keep getting these pop ups” do you have antivirus or anti spyware program?” ….”no……..? should I?”…………..Errg is about the only thing that comes to mind when dealing with people that should know, I really think people need to start taking personal responsibility for there Cyber actions or lack there of.

SEC. 10. PROMOTING CYBERSECURITY AWARENESS.

    The Secretary of Commerce shall develop and implement a national cybersecurity awareness campaign that–
    • (1) is designed to heighten public awareness of cybersecurity issues and concerns;
    • (2) communicates the Federal Government’s role in securing the Internet and protecting privacy and civil liberties with respect to Internet-related activities; and
    • (3) utilizes public and private sector means of providing information to the public, including public service announcements.

The next 2 sections are just ways to spend more money and make cyber soldiers for the GOV

sec 11 goes on about research and dev

SEC. 12. FEDERAL CYBER SCHOLARSHIP-FOR-SERVICE PROGRAM.

(2) shall require scholarship recipients, as a condition of receiving a scholarship under the program, to agree to serve in the Federal information technology workforce for a period equal to the length of the scholarship following graduation if offered employment in that field by a Federal agency;

now these last few is what really scares me to death, pretty much states that under a cyber security threat, the president can cut your Internet……so what is considered a cybert threat? no one really know according to the bill, so lets say people are upset with the government….sounds familiar?……people go out and protest……Internet gets turned off……hmmm where have i heard that before, oh yeah sounds like Iran to me……….that’s just what could happen if the incumbent leader doesn’t want to give up his power or trying to push through unconstitutional laws or even really unpopular ones.

the whole thing is the Internet is supposed to be the last free realm in the world where every one is just a bunch of 1 and 0′s and you can say almost anything, where minds can exchange ideas and people can sell there goods in the world market with out having to go through a 3rd party, The Internet should never be censored or controlled or limited by anyone.

SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.

(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;

(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;

(11) shall notify the Congress within 48 hours after providing a cyber-related certification of legality to a United States person.

This should make every one upset, because your losing one part of you freedom of speech, after this they will start encroaching on other rights that we are born with. Please call up your representatives and tell them to can this bill before the government take another bite out of your freedom cookie, this should be just as important as the health care debate and needs to be brought to the attention of everyone, Lets Say NO to S.773 Cybersecurity Act of 2009.

The full Bill can be found here

Followup- Work, The Internet, Your Browsing

0
Posted by Justin on August 28, 2009 – 11:47 pm
Filed under OS, security, software

I was looking at dvice.com and stumbled on this from slate, posted about 24 hours before mine, so I’m not the only one that has complaints about draconian IT departments
Check out what they said here

Webmin, next best thing to sliced bread

0
Posted by Justin on August 28, 2009 – 5:40 am
Filed under Linux, software
Tagged as , , , , , ,

I personally hate trying to configure some Applications on linux machines, especially ones that have very cryptic config files,  or there so big it takes you half an hour to get to the bottom, but no more hassle with Webmin as your remote server management solution. I have been using webmin for about 4 months now and I am quite pleased with the program, It is very simple to use no hassle setup of the interface and you can customize and build new modules for new applications or deamons.

ignore the IE i took the picture on my work PC

ignore the IE i took the picture on my work PC

Ignore those high CPU times i was compiling glibc on my server  at the time of this screen shot, but lets get back to what makes it a great tool for me.

The original reason i installed webmin is to beable to configure squid on the fly because of the need to test it from an outside connection but the uses grew as i kept exploring all the options. So after i setup squid i started looking into the apache, dns, dhcpd, and ssh server. So the apache 2 configureation was so easy compared to manuelly setting up the conf file and the enabled and installed sites, and a better understanding on how to configure apache the right way instead of the haphazard way of looking at examples and hopefully getting the config correct, with out creating security holes. I really  couldnt tell you how I got by with out webmin. The ssh, dhcpd, mysql, send mail, samba, where just as easy to setup as apache and squid, i would recomend this to any one doing any kind of server admin or running a dev system that needs monitoring or constant changes and you dont have access to the physical terminal all the time.

There are a few things i didnt like so far, for starters I would like to be able to have a custom side bar with the links that i need only, but i think that can be taken care of with a little bit of editing the source code or creating a them. Next issue i would like changed is a better comand line interface, The one under Others comand shell does what it says it does and executes the command but I wish it emulated a shell better but i guess thats what the ssh login is for. another thing i would change would be the system info page Yes its very minimilistic and gets the info that you need, but i would like a little more info that may be helpful, Like keeping the Uptime on that page , yes i know its there when your system has been up for more than an hour but less than a day, other wise it disapears, I would also like to add how many proccesses are running at that moment and maybe the IP addresses assigned to the network interfaces would be helpul as well. I really couldnt think of any thing after that, but these are jsut cosmetic changes for the most part and the issues wont stop me from using this great tool. I have to thank the fine People at  http://www.webmin.com/index.html for creating and maintaining this fine tool.

Work, The Internet, Your Browsing

0
Posted by Justin on August 26, 2009 – 5:00 am
Filed under General
Tagged as , , , ,

Have you ever had that feeling that someone is standing over your shoulder, while browsing at work?  Or someone sends you a link in your corp mail, you click and you get that wonderful message, “this site has been blocked by <your big brother software> for <some reason that its not related to work>”…… Every time i have gotten a message like that, my brain goes “uh oh” knowing that in some log that it recorded your user name time and the site you were trying to get to!! So you think that this is another mark on your flawless company record…but even worse is it keeps all the sites that you go to regardless if its blocked or not…….So are you getting paranoid now? Well don’t be unless you know what your doing is against company policy like looking at NSFW sites or other social networking sites. But it still bugs me that my Digital Privacy is still being infringed upon……I know that Company’s put in filters and proxy s for extra security to keep out the viruses malware and spam from the internet, But do you really need Draconian laws to help with security? isnt there a better way, maybe Teach your emplyees, good browsing habits, what phising  is  or social engineering, and whats acceptable for work browsing and sample sites…… It may be years before major company realize that there internet policy is failing due to people circumventing there security, which is a Big problem that no one seems to realize, so Let me tell you some interesting ideas to circumvent your employers draconian internet policy……………… There are a few different ways to get by there security, depending on what is in your way. Most company uses a Proxy to allow people to access to the internet which usually have some sort of login, some use a Web filter software added to the proxy to allow you access to a few sites that the company feels you need access to, others use just the filter and some use something called a transparent proxy or gateway that has some sort of filtering software, there may be others ways for security to impede on your web surfing. Now for the Good stuff, how to get around your works web security… Remember I do not Support breaking the law or circumventing critical network security or breaking your company internet usage policy…Basically I take no Responsibility for your actions. Read the Policy and understand it because knowing your rights as an employee is your responsibility not HRs……….This is for informational and educational purposes only!
Read More »

Easy Way for custom kernels

0
Posted by Justin on August 25, 2009 – 11:42 pm
Filed under OS, software
Tagged as , , , , , ,
Borrowed from hackaday,

Borrowed from hackaday,

I am a regular Browser of certain DIY and tech sites just because they always have something interesting, or some new idea or technology that may be useful. Today I found this post, http://hackaday.com/2009/08/25/kernelcheck-kernel-compiler/ and it interested me, a quick and easy way of Downloading patching and compiling the kernel…..I thought ‘WOW’ this is one of those packages that will vanish in a few weeks and it prolly buggy, no good support, and not a big user base with comments from ’01……..so i downloaded it and installed it, it has a few interesting dependencies like qt3 and a few other small libs…..now its installed, i go over the over simplified PDF….fairly easy to use so i go at it…..I was surprised how well it worked right out of the “package”,  I went ahead and updated the kernel info with a click of a button, i know which kernel is installed currently, i know what the current stable dev kernel is,  the current patch and a slew of other info that i really didn’t need… so next i decided i wanted a customized kernel, so i click 0n the custom, chose the current stable dev, with no patches (i didn’t try but you can go back to earlier versions of the Kernel) a few other options i chose as well as manual config, pack into a .deb package, there a bunch of other choices as well… so i did a basic config just to get it to compile my new kernel…..in less than 4 hours my new kernel was ready to be used, so  i loaded it up in the VMbox and took it for a spin, it loaded and worked just as if i had done this manually…..so I am pleased that some one has created a great tool like this to make life a little bit more easy for me….

So is this going to Help those out there that want to customize there system? well a little, it will make the process a little faster and creating a custom kernels you will still need to know what you are doing when configuring it……My over all opinion of this software, I think its great and someone should have come up with this sooner. What i think is needed is some more advanced options for people building kernels for other systems, or cross-compile options, but other wise its a Great Tool with a nice intuitive GUI.

As for support if you run into problems, well i haven’t had to deal with there mailing list but they do have one and it looks like this is an ongoing project for them. I am usually pretty critical of software becuase i have been let down so many times, but this one I really cant complain about, Its just a Great tool for your linux toolbox.

Now just go to there site and check out the program for yourself http://kcheck.sourceforge.net/