At the time of this writing Secunia PSI was on version 1.5.0.2.

First, lets get Secunia PSI downloaded. Head on over to Secuina.com and look for the download button.

After downloading head over to where ever you saved it to, and double-click to run. NOTE: Windows may ask is you want to run the program, click yes!

Now follow the instructions. Images below will help guide you through the process.

Select a language.

Click Next

I accept the terms of the License Agreement (Don’t forget to read it!)

Select Personal Use, unless you are using it for business purposes.

More reading

Tell it where to install

Once done, click finish

It will ask if you want to run it. Say yes.

Once it starts you may see message saying “Please wait while network connectivity is verified.” Have no fear, this is normal. As soon as the program can see the servers it will continue. If you have a software firewall installed you may need to allow Secunia PSI access to the Internet.

Now onto usage!

After the program scans it will come up with a list like this. This image is a good scenario (of a bad situation), you may get one just like it or worse. If the insecure program is listed as a Microsoft product it should be dealt with by using Windows Update. I did not include how to do this because it varies from XP, Vista, and 7.

Here I’m going to update Adobe Flash Player 10.x. I click on the Blue down arrow, I get a dialog box to download the new software.

Save the file (remember where you save it to!)

Then run it! Just follow the steps for each program. In this case there were many listings for Adobe Flash Player. You only need to download it once and run it once. Once you scan again it will show them all fixed up. (FYI: The reason it lists many copies is because Flash Player is installed in several places due to different web browsers)

After you do this a few times and run windows update you can manually start the scan again. Once you are set you will see something like this.

You are set! Look at you! You have already mastered this awesome utility!

By default Secunia PSI is set to run at system startup. This may not be best if you are on a laptop, or have a very slow computer. If Secunia PSI is running you will see a little icon in the bottom left corner of your screen. It looks a little like this.

Questions?

Normally when you open an SSH connection you are presented with a password request. The down side to using passwords is that if your not paying attention you can be hit with a brute force or dictionary attack. Because you allow passwords to be used there is a chance of someone gaining access. With keys only you have nothing to fear from these types of attacks.

Here is how it works. Normally you enter a password. With keys all you need to do is form the SSH connection and the keys transmit automatically. Once the keys are paired you are connected with a shell. There are two different ways of performing key pairs. The first way is just the key. No need for a passphrase. The other is a passphrased key. I will talk about both.

First is the “no passphrase key.” In this example you will create a key, upload it to the host, then every time you connect you will not be asked for a password or passphrase. Keep in mind that by doing this there are risks involved. More on that later.

To make a “no passphrase key” you need to generate a key pair. The simplest way of doing this is:

ssh-keygen -t rsa

When it asks you for the password just hit enter. You will get an output of something like this.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
52:b8:d4:fd:d3:f6:ef:46:d1:90:42:de:e2:94:f4:09 user@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|           .E  . |
|       o . o.=o. |
|      o o . =.+..|
|     . o   + o ..|
|      o S   + o .|
|       .     o ..|
|               ..|
|                o|
|               oo|
+-----------------+

NOTE: These are test keys I generated, they won’t work after today.
This created two files. “id_rsa” and “id_rsa.pub”

Take the id_rsa.pub file and upload it to the remote system. There are several ways of doing this. You can use scp, or if you are already connected you can copy and paste the contents of the file in pico, nano, vi, vim, what ever your favorite editor it. Be sure if you use the copy and paste method you keep the entire key in one line!

For scp type:

scp id_rsa.pub <user>@<remote host>:/.ssh/

This will upload the pub file to the remote host. Once uploaded, login then navigate to ~/.ssh (your user’s home directory then to .ssh). Once there look for a file called “authorized_keys” and cat the contents of the pub file to it. If the file already exists type:

cat id_rsa.pub >> authorized_keys

If the file doesn’t exist use only one (1) “>”

For the copy and past method, cat the id_rsa.pub file to display the output. Select it. Login to the remote host. Open authorized_keys in an editor of your choice. Then paste the copied key. Make sure it stays all on one line! If you don’t it will not work. Save the file.

Once one of these two steps for implementing the key file has been completed you are good to go! You can delete the .pub file if you desire.

Now, onto part 2!

Here is where we generate passphrase keys. It’s basically the same task. When you generate a key put in a passphrase! Remember the passphrase. It is very important. Now when you login you will be prompted to enter you passphrase. This will unlock the key to be used for the connection. It should be different from your normal password.

Now, a few more little notes I want to talk about.

The problem with no passphrase keys: With out the need for a key is someone gains access to your system (like a laptop) they can gain access to any system you authorized that laptop to connect to. With passphrased keys you must type in a passphrase to authorize the key.

If you have problems make sure your ssh config is set to allow keys! Refer to your distro’s help files for more information. In the config you can also disallow passwords all together. The only way to login would be with the use the keys. The down side is if you lose your local key. If you do this method, ensure you have a backup plan. Like another computer with access keys. In Slackware Linux the lines to look for are in /etc/ssh/sshd_config

PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no

Note that it becomes a pain if you generate multiple keys for multiple machines. There are ways of doing it, but it adds longer lines to your ssh commands. You can use the same .pub file on any other remote machine you wish to connect to. I don’t know for sure if it would be considered bad practice to do so, but I don’t see what problems would truly arise.

What’s the true benefit to this instead of saving time typing a password? Security. If an attacker can’t use a password (since many users passwords are weak) it would essentially eliminate their ability to gain SSH access. What do you think if the likelihood of the attacker to guess your key. Look at id_rsa. It’s a pretty big key to guess.

In my example I’m working on a “sandbox” from home. The folders I work in have files with more than one owner. This becomes a nightmare even when I ssh in. Some might think an NFS share would be better. Unfortunately with NFS you are stuck with the current file permissions. With Samba those file permissions are given to you. That may sound a bit confusing, so let me try to clear it up a bit. Let us say there is only one file in the Samba share. User “ender” has ownership of the file. I can’t alter it. When I login with Samba the file appears to be owned by me not “ender”. Now I can do my work and when I log out the file is still owned by “ender”… wow, I don’t think I did a good job there either. Lets just say that when in comes to file permissions, Samba is the way to go.

But I need to work over ssh? Only port 22 is open from the outside. No problem!

We simply need to create a ssh tunnel. For this we already know we need to connect to port 139 on “sandbox”, and we need a local port to connect to. I would say just make it 139 also. Unfortunately for me I’m also running Samba on my local machine, and I can’t do that. So any non used port will do. How about 1139?

ssh user@remotehost -L 1139:localhost:139

Simple as that. That will connect port 1139 on your local machine to 139 of the remote host. The “localhost” actually refers to the remote host. It’s saying connect 1139 to my local machine to the remote host’s “localhost” port 139. If you are actually connecting to a windows box on that network you can “bounce” off the linux host to the windows. For more information you can refer to a previous post: Secure VNC for free for more information.

Now comes the fun part. You have 1139 on your local machine tied to 139 on the server. Now to mount the share as a local disk.

As root we mount the share.

mount -t cifs //sandbox/www /mnt/sandbox/ -o username=<username>,password=<password>,ip=127.0.0.1,port=1139,uid=<your local UID>,gid=<your local GID>,file_mode=0770,dir_mode=0770

Fill in your Samba share’s username and password, then your local machine’s UID and GID. To find the UID and GID type:

cat /etc/passwd | grep <your local username>
cat /etc/group | grep users

This assumes your regular user is part of the “users” group.
It will show 2 numbers. UID is most likely 500 or 1000, and GID is likely to be 100.

After filling in the blanks hit enter and your set! This will use the local port 1139 through the ssh connection to 139 on the server. It may seem a little slow at first, but that may be from the old server I’m connecting to.

If you want to store the info in fstab try:

//sandbox/www    /mnt/sandbox     cifs        noauto,rw,username=<username>,password=<password>,ip=127.0.0.1,port=1139,uid=<UID>,gid=<GID>,file_mode=0770,dir_mode=0770          0   0

Now for some reason I can’t quite get this to work, but others seem to have no problem with it. You can add the mount line above into your /etc/fstab file so a regular user can mount. I did this, but it doesn’t work for me. I get an error saying “only ROOT can mount this”. If you get this error try:

chmod +s /usr/sbin/mount.cifs
chmod +s /usr/sbin/umount.cifs

Like I said, it didn’t work for me, however after creating the ssh tunnel I simply open a new terminal window, su to root and then type “mount //sandbox/www” and it works fine.

Also, the reason I don’t background the ssh connection is because if it drops you may run into some problems with trying to mount it again (or umount even). I had this problem and it gave me a head ache to try to fix it without just rebooting. I’m sure I could have forced an umount.cifs, but I didn’t try (actually I didn’t realize it was actually still mounted). When logging in I recommend running a command that continuously sends data like “top”. That will help prevent the connection from being lost. If the connection is lost you must umount the share, reform the ssh tunnel, and try again.

NOTE: If you are connecting to a share on a Windows 7 box you must open 2 ports, 139 and 443 (or so I’m told). To do this open up a few terminal windows and create two separate connections. After that I do not know as I have never tried.

EDIT NOTE: I wrote this some time ago and just now got around to posting it. I hope everything works fine for you as the mount works fine for me (except under fstab for some reason). Don’t forget that by typing the command into the shell it will be stored in your history. If the password is sensitive I would recommend clearing out your history after mounting the share.

ShopSavvy and Compare Everywhere use the phone’s camera to scan barecodes! It’s pretty cool. I have both simply because they both have their own different databases. For example, what I like to do is go to at my local super store and see what movies I would like. I always cringe when I see an older movie for $25 or more. That’s when I scan the barcode. Now I can see where to go to get the better deal. Keep in mind that the local portions don’t do very well all the time. This is by no fault of the program or it’s writers. It’s just the way things are.

Below are screen caps from both programs. Thinking back when I did those shots, I don’t know why I didn’t check the same product to see how the results differ.

First up, ShopSavvy. (Click on the picture to see the full size!)
Picture Index:
1. Main Screen.
2. Scan the Barcode. See the Use Keyboard button. You can type in what you want to find!
3. It found the book just fine.
4. Two different local businesses were found.
5. And a local map showing where to go.
1  2  3  4  5

Now I forgot to take a picture, but ShopSavvy will take you to the website where you can see more on the product and if you really want to you could buy it right away. That part is the same as the other programs.

Ok, so ShopSavvy is pretty cool. Now check out these pictures for Compare Everywhere:
Picture Index:
1. Main Screen
2. Scan the Barcode
3. Get your local and online store options.
4. Just a scroll down from picture 3.
5. Lets check these guys.
6. Opened the browser and took me right there.
1  2  3  4  5  6  

Not to bad so far right? Now I want to talk about SnapTell. If my memory serves me well, this app was originally written for the iphone, but it’s the same thing in the end. The difference here is that you take a picture of the movie, book, or what ever, and SnapTell tries the find you a match. As you will see in the pictures below, I took an alright picture of the book and SnapTell still figured it out very quickly.

Picture Index:
1. The picture I took (This is an awesome book).
2. The results.
3. Took me right to the website I wanted.
1  2  3

As you can see, all three of these programs are very cool. I use them quite often. Did you find an app like these and really like it? Let me know so I can share the information.

It’s an interesting thing isn’t it? Why is it that we as admins and security experts and never seem to keep computers clean? Even the most skilled professionals can’t keep a computer clean. Well, it’s not our fault. There are so many security issues out there, and to be very blunt, the bad guys are always one step ahead of the security experts. Sometimes the good guys get a patch out (or publish the exploit) before the bad guys get a chance to exploit the security hole.

Unfortunately even when the good guys find the security hole before the bad guys there is the problem of getting the OS patched before someone becomes a victim. For example, a short time ago there was an ActiveX Draw exploit that affected millions of Windows PCs. Basically the bad guys somehow gained access to Google’s Adsence archive (and several other advertiser’s archives) and “infected” roughly 20% of the ads in the archive. I’m unsure of how the exploit functioned. I have heard everything from nothing to allowing someone to gain full control of your computer. Now, lets say for example that you visit a site, any site. You usually have two ads. One along the top and one down the side. So with one page view you have seen two ads. You click on something, new page, four ads have now been seen. You click again, six ads. Now you have reached the mark. There is a high probability you just saw one of the exploited ads. Whether you like it or not what you see in your web browser is also stored locally on your computer. No one was at fault with this (excluding the bad guys). Microsoft put out a patch after about a week of the exploit being known and Google fixed the hole allowing the bad guys to gain access to the Adsence servers. The problem now? Actually, two problems. One, some people are still making ads that are infected and trying to get them onto your computer. Two, there are still millions of computers that have not been updated.

There are always problems like this. I never like to blame any company directly unless they know of the issue but don’t bother fixing it. Other examples include more advanced techniques. You can gain access to a computer by sending certain information to it causing a hole to open temporarily.

The $1000 question is how do we keep out computer clean. Everyone has their own ways, but we came up with just a few basics. So if you run Windows try these out: Run FireFox instead of Internet Explore. Within FireFox get the extensions Adblock Plus and NoScript. Make sure you have a good Virus Scanner and it’s up to date. Turn on Automatic Windows Updates and keep your Windows up to date. Get anti-spyware programs like Adaware (the free one is fine for me) and Spybot: Search and Destroy. Make sure you have a firewall even if it’s the one built into Windows XP (or later), and lastly, be sure your not connected directly to the internet. Most ISPs will provide you with a modem or router, make sure you have a router even if it has the modem built in! It adds just that slight bit of extra protection.

Granted, those are just a few of the things you can do to keep your computer clean. I always recommend talking to an expert when wanting to try new software. If you feel your computer may not be clean find a “hole in the wall” style computer shop. Those are often the better choice compared to the larger companies. Ask questions to the shopkeep. Will they charge you even if they don’t fix the problem? Do they guarantee their work for at least 30 days? Will they wipe your computer’s hard drive or remove personal files without asking? Will they look at your personal files or web history? The best repair shops will answer honestly and quickly. Hesitation is a bad sign.

Lastly for all your Windows users out there. Get a program called Secunia PSI. It is free for home users. This program will check almost every piece of software on your computer and see if there is an update for it. It works very well. For example a few weeks ago Adobe was consistently updating their Flash Player because of several security holes. Secunia PSI found the version I was running was insecure and provided me with a link to directly download and install the updated version! I must say it has been one of the best security programs I have seen for some time.

P.S. Just a note about NoScript. It can be hard for some users to get accustom to using it, and if you unblock the wrong script you will get infected.

The next day I was at my parents house and while waiting for other family members to arrive I went to check my e-mail using my Mother’s computer that I keep clean… very clean. I found that exact couponprinter.exe program on her computer. I didn’t think much of it at the time. I did my thing including backups and cleaning as I do when ever I see my family. It turns out that the very next week I was back. I checked on my mom’s computer. She said the only time it was used was to check on her e-mail. I found more spyware. I thought that was pretty interesting.

To test I removed all the spyware and rebooted. It was back. I then decided to remove the couponprinter.exe program she installed just as a test. I rebooted and nothing. The computer was clean. Now why I didn’t write down what I found I will never know. Just a lapse in judgment. Just to double check when I got back home I downloaded the installer on my Linux machine and uploaded the file to jotti’s virus scanner. Only one program reported it bad. Dr Web reported it as Adware.Coupons.34. Check it out Here. I’m pretty sure I saw more than just the one when I ran Spybot: Search & Destroy.

So, as much as I hate to say it (for possible legal issues), I would recommend NOT installing this program. Screw the free burger. I don’t want it anymore.

If you installed the program I highly recommend removing it and use free programs like Adaware and Spybot: Search & Destroy to remove any traces the coupon printer program installed. These programs are available for windows users. If your on a mac I’m not sure. I don’t have a mac nor did I test the mac version (if any) of the program to see if there was anything bad.

function getElementsByClass(searchClass, domNode, tagName) {
     if (domNode == null) domNode = document;
     if (tagName == null) tagName = '*';
     var el = new Array();
     var tags = domNode.getElementsByTagName(tagName);
     var tcl = " "+searchClass+" ";
     for(i=0,j=0; i<tags.length; i++) {
          var test = " " + tags[i].className + " ";
          if (test.indexOf(tcl) != -1)
               el[j++] = tags[i];
          }
     return el;
}
 
var hidden = false;
function toggle_hideme1() {
     hidden = !hidden;
     var newDisplay;
     if(hidden) {
          newDisplay = 'block';
     }
     else
     {
          newDisplay = 'none';
     }
     var showfirst = getElementsByClass("div_class_name", null, "div");
     for(var i = 0; i < showfirst.length; i++) {
          showfirst[i].style.display = newDisplay;
     }
}
 
var hiddenb = false;
function toggle_hideme2() {
     hiddenb = !hiddenb;
     var newDisplay;
     if(hiddenb)
     {
          newDisplay = 'block';
     }
     else
     {
          newDisplay = 'none';
     }
     var showsecond = getElementsByClass("div_class_name", null, "div");
     for(var k = 0; k < showsecond.length; k++) {
          showsecond[k].style.display = newDisplay;
     }
}

For the variables ‘showfirst’ and ‘showsecond’ you can call them what ever you want, just make sure they stay the same in only one function, not two. Be sure to change ‘div_class_name’ to a custom name for each field.

Also, these are setup to be hidden first, you can change that by swapping the ‘newDisplay = ‘ lines.

For the HTML code we are going to use check boxes. We need two boxes each with names that call the function.

<input type="checkbox" name="showone" id="showone" value="showone" onClick="toggle_hideme1('showone');"><br />
<input type="checkbox" name="showtwo" id="showtwo" value="showtwo" onClick="toggle_hideme2('showtwo');"><br />

If you want the boxes checked to start first swap the ‘newDisplay =’ lines, and use this.

<input type="checkbox" name="showone" id="showone" value="showone" onClick="toggle_hideme1('showone');" CHECKED><br />

As in my previous post you need to put what ever will be shown or hidden in a div class tag.

<div class="div_class_name" style="display: none;">

The style hides everything in the class until the box is checked.

That will start the boxed checked, when you un-check it the data in all div classes with that name will hide (remember the ‘div_class_name’? that’s what we are working with).

I wrote this up in just a couple minutes, so I truly help it makes scene. You can check out an example of how it works here.

This was my 4th year attending Defcon (all in a row!) and was by far the best year. I’m going to try putting everything in chronological order, lets see how well I do.

It all started shortly after arriving at the Riviera Hotel and Casino in Las Vegas on Thursday, July 30th. We has just gotten to our room and started relaxing after the crappy plane ride when we realized that it was time to prepare for the Toxic BBQ. Having a good friend that lives in Vegas is very handy at times like these. After going to Walmart to pick up the items everyone forgets (Thanks again for paying for everything Spyder) like: Water, Ice, Napkins, Paper Plates, and Plastic Silverware, we arrived at Sunset Park. Everyone was very grateful to us for bringing ice and water. Many were dehydrated and were happy for cold clean water. We all had a great time, good food, good friends. We even ran into Winn and his daughter Ashley (maker of Hackers Are People Too). When it was time to go we piled back into the truck (with about 9 or so people in the back that needed a ride) and went back to the Riviera. It was pretty quiet after that. We all thought it would be a good idea to take it easy so we could get up early for the fun.

Friday morning was just like any other… except having to stand in line for a few hours to try and exchange our paper badges for real ones. A special thanks there goes to my buddie Mikey for getting in line early. I don’t want to go into too much detail on the days, mostly the events and special occasions.

This year I was fortunate enough to meet Johnny Long who was there to do a talk about his charity work in Uganda. If you don’t know about it goto johnny.ihackstuff.com and help out! The next day (after winning a little extra cash in the casino) I got a book called “Stealing the Network: The Complete Series Collector’s Edition” and got it signed my Johnny Long and Ryan Russell, but unfortunately Timothy Mullen wasn’t there. A special thanks goes to Ryan Russell, I can’t wait to read the book, and thank you Johnny Long for also signing my book.

I was to talk a little bit about Hacker Jeopardy. As usual Winn was awesome, and Gmark did a great job this year. As Spyder said in his post, Bansee is no longer Vynl Vanna. She always did a great job, she will be missed. The questions this year were kinda lame, Spyder and I talked to Winn about it and gave a few suggestions (they were all Spyder’s ideas), lets see if they use them next year.

Moxie’s talk about SSL was a real eye opener. Spyder has been blogging about it for quite some time, but seeing it in the presentation was a real eye opener. It’s true, security is an illusion. Scary thought, but it’s true, I have seen it with my own eyes.

Adam Savage from Mythbusters did a talk, I missed it. I wanted to see it. After the talk he was signing autographs. I found out from defcon’s twitter feed. The instant it was posted I got it on my phone and rushed to the War Room. I got there a few minutes late and a Goon kept me out of the line. If I had a beer for him he probably would have let me in, but I don’t drink beer so I was out of luck.

I was fortunate enough (also thanks to Spyder) to meet Keven (DJ Shadowvex) and talk with him for a bit. I enjoy his music and always look forward to next year’s disk. I also meet up with a few of his friends, but I’m bad with names. Sorry guys!

Over all this year was a great year and I look forward to going back next year. I think I have started to get myself known to some of the best people at Defcon and I know they will recognize me next year and I can’t wait to see them again. Special thanks to Spyder. If it wasn’t for you I’m not sure I would have made it since I couldn’t afford a room by myself. Special thanks to Mikey. You are an awesome friend. I couldn’t ask for a better one. You know how to get around town and even help me win a few extra bucks on the video poker machine. Thank you for picking us up and dropping us off at the airport, and for the ride to and from the Toxic BBQ. Thanks for everything! I feel very fortunate that I have good friends and good times. By the end I didn’t want to leave Vegas since I was having such a great time, but all good things must some to and end. So I went home and took a nap.

What was your Defcon 17 experience like? Did you meet me? Who did you meet? What fun things did you do? I was to hear all about it.