Huge list of security Tools

Datamation has a huge list of security and privacy tools up on their website. I already know many of the tools on the list, use some of them daily and would wholeheartedly recommend then. The following is a list of tools I would check out and maybe add to my arsenal in the future:

1. Web of Trust (WOT) – Firefox add-on ranking the trustworthiness of websites.
2. SafeCache – Protection for browsing history.
3. PasswordMaker – Password safe
4. Diaspora – I think this needs no introduction, I’ve been meaning to play with this sometime, but its not really what I would call a “security tool”.

What is Vert.x?

Vert.x has gotten a lot of press recently, following the main developer’s move from VMware to RedHat and VMware’s subsequent attempt to gain control over the project.

While the news story is interesting and has implications with regards to open source project governance, I found myself also being interested in what the technology actually does. That wasn’t covered in the news at all.

As if turns out, Vert.x as an event-driven asynchronous network application development platform written in Java. It seems somewhat similar to Python’s Twisted library and Ruby’s Event Machine.

The one thing that sets Vert.x apart from other similar libraries, is that while being written in Java, Vert,x actually targets a whole slew of languages that can run on top of the JVM including Ruby, Python and Javascript. With Vert.x it seems not only can one write an application using a wide choice of languages, but also mix and match languages within the same application.

With projects like JRuby and Jython the JVM is becoming a universal language runtime, not unlike Microsoft’s CLR, but wit much wider portability and reach, this may have some interesting implications in the future.

Intense PC – Tiny intensely powered PC

With its tiny dimensions, high-powered hardware spec, low power consumption and Linux Mint installed out of the factory, the Intense PC or its branded sibling, the Mint Box, might very well be the next computer I buy. The manufacturer operating out of Israel makes this practically a no-brainer.

About the only gripe I have about this device is that it contains no battery. Next to modern phones, laptops and tablets, the PC’s “habit” of shutting down at the slightest power interruption makes it seem as anachronistic as an 80s double cassette boom-box.

d0x3d: An Open Source Board Game about Network Security

I believe that ignorance about information security and privacy is one of the ills of our modern information-based society and the reason behind many failed policy decisions. With that in mind , I’m always interested in ideas such as this board game that can assist in teaching security concepts to the masses.

Unfortunately I think this game isn’t quite up to task. It is played from the point of view of hackers attacking a corporate network, as such, it seems more suitable for teaching security professionals then the general public. I’d rather see a game played from the point of view of network admins or home users looking to protect their privacy, in order to inform the general public about the dangers they face every day without even knowing.

Another shortcoming of this game, in my opinion, is that it has cards representing various network devices such as firewalls, access points and SSO servers, that seem to represent all of them as equal and interchangeable, without taking into consideration their role and utility in the security and general network context. In the real world, compromising a printer has very different impact then compromising the organizations central directory server.

Quick list of server deployment/life cycle management systems

I’ve recently decided to take the time and look into the various open-source systems for server deployment and life cycle management. As the amount of servers in the data-center grows, as well the the demands for quicker response to rapidly changing IT needs in the organization, performing manual server installation, or even using a manually configured Kickstart server simply doesn’t cut it.

The following is a list of server deployment and life cycle management systems I could find on the Internet, and what I could learn from reading the documentation available on their websites. (more…)

Looking of an open source Acronis replacement

I’ve been bothered for a while about the fact that was the system disk in one of my home computers to fail, I would find myself forced to go through a long a tedious re-installation process.

Given that I have the disk-space to spare, I’ve been looking for an Acronis-like tool I could use to back up my computers, Clonezilla seems to be the leading option, but it seems to lack the ability to perform online backups.

Resources for writing Firefox Plugins

I’ve got a evil plan to write a Firefox/Thunderbird plug-in to store passwords in the GnomeKeyring or some other desktop-wide place instead of the build-in Password Manager.

My particular itch to scratch here is that I’m tired of having to type my master password every time I open up Firefox or Thunderbird. Thunderbird in particular has a bug where I have to type the password multiple times.

Another Idea that I have is to wrote some kind of a desktop service that will automatically go to various sites like Facebook and WordPress and automatically change my password while storing an updated copy in the keyring.

So here are several useful resources to help me accomplish the task:

• The XUL School Tutorial – A sea of information about how to write old-style Mozilla plug-ins.
• The Mozilla Addon Builder and SDK – The new way to write Mozilla add-ons, this may or may not be a sufficient API for my needs.
• The Mozilla Password Manager source code – I need to read this to understand how to tap into it.

Running Fedora’s liveusb-creator on Ubuntu

One of the things I find most annoying about Linux distributions is that when it comes to distribution-oriented tools, they tend to make other distributions feel like second-class citizens even when compared to Windows. One such example is the Ubuntu One service which had a Windows client released recently and will soon see a Mac client while it is yet to be unsupported on any other distro besides Ubuntu. Another such, albeit smaller, example is the Fedora liveusb-creator tool.

The Fedora liveusb-creator tool is used when one wants to install Fedora while using a USB stick rather then a CD-ROM. While Ubuntu does include a comparable tool called “Startup Disk Creator”, that tool only supports creation of bootable USB sticks for Debian-derivative distributions.

Installation of the  liveusb-creator tool is of course extremely easy on Fedora where it is accessible directly from the distribution’s repositories, the tool’s website also provides a Windows installer, but when it comes to other distributions the site resorts to providing a source archive without even including instructions as to what packages might be needed to run it.

Fortunately for users of other distributions, the Fedora liveusb-creator tool is written in Python, therefore running it on other distributions is a rather simple task, following are 3 simple steps required to use the liveusb-creator on Ubuntu, similar steps may apply to other Debian-derived distributions as well.

(more…)

Configuring Aviem PRO2100 UPS on Debian 6.0 (Stable/Squeeze)

The Aviem PRO2100 is a SOHO Line-Interactive Uninterruptible Power Supply (UPS) unit that sells at a very compelling price/performance point. The PRO2100 is a 1000VA unit that sells at a price which is only slightly above that of other manufacturers` 650VA units, whereas comparable strength units typically sell for twice as much. What this means is that you can use if to power two computers for the price typically paid to power one.

That being said, the Aviem`s weak point is it`s Linux support (I cannot vouch for Windows support since I did not attempt to connect it to a Windows machine). While The UPS does ship with a CD that includes Linux software, it suffers from several shortcomings that are unfortunately all too common even for enterprise-level Linux supporting hardware:

1. The CD only contains precompiled 32bit X86 binaries without any source code or any pointers to where the source code may be found.
2. No pointers are given as to where updated software versions be be found, what seems to be the product name, “PowerD”, also doesn’t yield anything useful in a Google search.
3. The software relies on an installation shell-script rather being packaged for use with the system`s package manager (E.g. RPM or DPKG) or at least something like Autopackage. The installation script also seems to assume all Linux systems are roughly built and behave like RedHat and would generally make a mess of your system regardless of the distribution (For example, the script tries to place binaries in “/etc” and set insecure file permissions such as “777″).

This particular software CD has another strange problem to it as the included “Readme.txt” file seems to be completely unreadable gibberish as well as resist being converted to anything readable with “iconv”.

All in all the software on the CD has a very strong abandon-ware feel to it and it is nothing I would be willing to install on my systems.

(more…)

Cobbler “Advanced Networking” not quite up to task

System administrators that deploy tools such as RHEL’s Kickstart are typically concerned with rapidly deploying large numbers or servers, therefore it is quite unfortunate that Kickstart has only very basic network configuration support. What it means is that sysadmins have had to resort to manually configuring IP addresses and NIC Bonding for each and every installed server.

Cobbelr’s Advanced Networking feature seems to suggest a solution for this problem. It seem to me, however, that the approach taken is impractical for large organizations. Cobbler’s approach is to have the sysadmin use the Cobbler command line tool feed in the configuration for each and every NIC on the new server, prior to server installation and based on NIC MAC addresses.

This approach is impractical because the last thing a sysadmin faced with installing dozens of servers wants to to is to boot each and every server with one tool or another in order to check what the MAC addresses are, might as well manually configure the servers once they are already installed with a operating system…

The approach we’ve taken in my organization was to develop our own internal tool that automatically performs network configuration based on detecting where the various NICs are connected to by pinging well-known IP addresses. This approach has an additional benefit in that it can be used to quickly reconfigure the server when faulty NICs or motherboards are replaced (E.g. when the MAC addresses change).