Unix / Linux / Nix – Gingercatsoftware

June 21, 2023June 21, 2023

One ring – not a good idea!

There was a fairly famous post once about how Sys Admins are lazy by nature and that automating things is a good habit to have – thus supporting the lazy label. But have we got too lazy, and is that laziness creating environments that are vulnerable?

The reason for this post is that over the last few years I’ve been reading about systems that are designed to “Run the whole network”, “Manage all users and applications”. The problem is, when these systems go wrong you have a huge clean up job – lets look at a couple of examples.

SolarWinds Hack
This was what is know as a “supply chain breach” it is effectively where the software is hacked at the the source level “in other words at the SolarWinds development space” and that compramised software is distributed in good faith buy the company. This created a situation where one piece of software, which gave some users “God” access to the network and all the machines, and all the users. Was compromised (More than 30,000 public and private organisations)! You can read about it in detail on this page.

One of the problems is this attitude of “Single sign on”, one place to do everything. It’s a lovely concept isn’t it? It means that one machine can control all the services and all the users and all the groups and all the network and… well you get the picture. It means that you can have less staff, less skill sets to train and you know just be lazy.

But lets look at the NotPetya attack. If you want to have a few nightmares read up about what happened to the international company that had 150 domain controllers compromised, and the insane amount of money it took to clear this up. It’s one of the few times where slow internet probably saved a multinational company billions.

As someone who is interested in IT security and sysadmin, I keep coming back to the responsibility of an inquisitive person who knows the network, the machines and what they are all up to.

Ai, automation, constant monitoring, automated alerts etc are all importnat and on one level mind blowing. But we still need human intelligence and awareness. How much space is on that server? What is the network throughput on a day to day basis? Has there been a change? If so – go investigate it! NOW

Related links

Notpetya
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

SolarWinds

https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know

November 7, 2022November 7, 2022

20.82.177.193 I hate you!

So this has to be a record, a machine with the ip addres 20.82.177.193 attempted to access my wordpress install

Get this

81,391 times today!

Stay safe in the interweb people!

October 6, 2022

A musical Pi

So I’ve had this Raspberry pi habit for a number of years now. For those of you who don’t know, a raspberry pi is a very useful little computer that can be used for projects and learning. At the time of writing (oct 2022) they have sold over 40 million pi and have been in production for about 10 years.

They have over time updated the computer – at first it was single core, now evolved to a quad core, improved ethernet and usb specifications. I don’t yet have a raspberry pi 4 (the most recent version) but people say it can just about do as a replacement desktop / laptop computer.

In short it’s a heck of a lot of computing power for very little outlay (although at the time of writing they are in short supply and the price has gone up a bit). A couple have even been sent up into space and reside at the iss.

People do all sorts of things with their pi and the web site that you’re probably reading this from has been hosted from a Raspberry pi for over 4 years. It’s incredibly low cost hosting (it works for the machine less than $10 per year) I use Debian as the operating system and it runs a full LAMP stack. It has never locked up due to load (although admittedly I don’t get a monolithic amount of traffic) but it serves well and protects things and currently has over 1400 items in it’s firewall and hums along just fine.

I’ve wanted a media player for a while now and considering I have a spare pi I created this!

It’s a Raspberry pi with a DAC hat (Digital Audio Converter) mounted on a hunk of perspex that was given to me about 10 years ago. The default sound output from the PI is not great (although functional) so I spent about $40 to purchase the iqaudio DAC and the difference in quality of sound is amazing especially at low volume (which is great because I live in a unit and I hate people that sodcast).

Mounting was a bit of a debacle – I wanted brass feet (who doesn’t like a bit of brass bling) and in the end just used super glue to hold the device on to the perspex (thanks to this product being open source I could get a template that made placement and positioning fairly straight forward).

The next step is what to do with regards software. The problem is there is so much to try! I’m using cli based access, vnc access, stand alone apps and also looked at total media centre based installs – because the PI runs form cheap micro SD cards it’s not that difficult to build a complete re image of the machine and move data about.

In short, if you want an affordable way to learn about computers and build your own stuff you can’t go wrong with a Raspberry Pi!

(authors note, I know cable management needs work!)

Pegasus spyware and MVT

So just for the heck of it I installed MVT (Mobile Verification Toolkit) the other day, which is a piece of software released by Amnesty international to check if you have Pegasus spyware installed on your phone.

If you haven’t read about it Pegasus spyware is some nasty stuff (It’s developed by the Israeli cyberarms firm NSO Group). It seems it was installed on Jamal Khashoggi’s phone (you know that chap who was assassinated by agents of the Saudi government at the Saudi consulate in Istanbul, Turkey). Also today I read that Sheikh Mohammed used spyware on Princess Haya and five associates in an unlawful abuse of power.

In short this Pegasus spyware is so bad, they recommend that if it’s installed on your phone you should get rid of / destroy the phone. Apparently even erasing the phone from scratch has no effect!

The detection software it’s self is command line interface based (So not for the average user) and it took a bit of mucking about to get it to run. Using a debian linux machine from scratch it took an hour or 2 to get the dependencies and settings on the phone sorted so that the computer could fossick about the phone for any trace of the nasty.

Although it’s satisfying to be able to do this – the need to do more to protect your devices sprang to mind – a quick glance thru some of the documentation came up a number of urls a few of which I’ll list.

free247downloads[.]com
urlpush[.]net
get1tn0w.free247downloads[.]com
infospress[.]com
https://d38j2563clgblt.cloudfront[.]net
https://2far1v4lv8.get1tn0w.free247downloads[.]com

There is more in this document that you might like to grep thru.
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/.

Be warned The [.] should be removed to find the current related ip address. Do this with care, and only use command line interface related commands, do not open any of the above in a browser!

Which brings up the issue of if your running your own network and routers. I’d slap some acl’s on these darn things and the related ip address, as it will give you a little more protection against possible infection.

In addition to this, is that this software seems to use a lot of url redirects. So if your concerned this article on how to stop redirects may be worth reading.

https://www.techadvisor.com/how-to/internet/how-block-webpage-redirects-3690103/

Stay safe people. It seems that the Internet is still the wild wild west.

You can find the mvt software here.
https://github.com/mvt-project/mvt