Blog - Everything within Reason

tagged

Website,

social rejects,

virus in

Website

Tuesday

May202008

CiscoVPN Error 51 Annoyance

Tuesday, May 20, 2008 at 14:28

The CiscoVPN client (v4.9.01.0100) for Apple OSX throws an error every once in a while. Mainly when I just rebooted, or when I was forced to quit some hanging application (which also occurs on Macs). The error is:

Error 51: Unable to communicate with the VPN subsystem

Somehow, the VPN software looses contact with the network adapter (wired AND wireless). After this there are two things you can do;

Reboot
or restart the Cisco VPN Service manually.

The first is kinda obvious (it's almost a MS Windows strategy :)). The second one is done via the Terminal (Finder -> Applications -> Utilities -> Terminal). Just type the following command (followed by your password);

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

The thing I don't understand is; Why hasn't Cisco incorporated this in the VPN client?

IF (Error 51 == TRUE)
DO CiscoVPN.restart

It seems that this 'bug' is present since the release of the Mac OSX version of the software.

Willem |

tagged

Cisco,

VPN in

Tuesday

May202008

OpenSSH Vulnerabilities

Tuesday, May 20, 2008 at 9:53

It seems that public key authentication isn't as save as you might have thought. That is if you're using a Debian based OpenSSH solution. This package can be found in many Linux distributions like;

Debian (duh ;) )
Ubuntu
Kubuntu
etc.

The problem is that the random number generator (which is of vital importance in generating key-pairs) isn't as random as you might think. It seems that there are only about 30.000 combinations in this specific generator. This leaves the door wide open for brute-force attacks.

So, the first you must do is update your OpenSSH software, and generate new keypairs for all devices / users which might have keys which were generated with the vulnerable OpenSSH software. Softwarepackages depending on OpenSSH are;

OpenVPN
DNSSEC
OpenSSH
Certificates used in TLS connections
etc.

More info on the subject can be found here [1, 2, 3].

Willem |

tagged

Debian,

OpenSSH,

PKI,

vulnerability in

Linux,

News,

Thursday

Mar202008

OSX Update Galore

Thursday, March 20, 2008 at 19:15

There are lot's of people who complain about the updates on the Windows platform, but Apple tries to compete I guess. In the last 3 days there was a big security update, Safari 3.1 (both Windows and OSX), Time machine and Airport Updates, and now a Camera RAW update for OSX 10.5.2. Thankfully no problems on my side with the updates. Looking for other updates from Apple? Just go here.

Willem |

Monday

Mar032008

TrueCrypt Cross-Platform??

Monday, March 3, 2008 at 19:47

Since I have an iMac with OSX 10.5 (Leopard), I use TimeMachine for my backups. This works great actually. But I also need an off-site backup of some sort. Just in case the house burns down or that some f*cker decides to steal my hardware. So I bought an external Freecom 160GB USB2 drive (USB powered) for my off-site backups. I encrypted the entire harddisk with TrueCrypt 5.0 on my iMac, and copied the data I needed to preserve. After that I wanted to access the data from my work laptop (Windows XP SP2 with TrueCrypt v5.0)..... This didn't work. TrueCrypt didn't recognize the password, or the encrypted disk (AES / SHA-256 full disk encryption). I tried to access the data on my Mac and everything worked, so there's no data corruption of some sort. Eventually, I recreated the encrypted drive on my Windows XP laptop (lost the backup in the process). This time the disk would mount, and could also be read/mounted by my Mac. So, I guess that TrueCrypt is Cross-platform, but with the current version (v5.0a) you need to make sure to create the volume on Windows if you also want to mount it on OSX. I reported this through their bug-reporting tool to the developers. No idea if there are similar problems with Linux. UPDATE: Pretty soon they released v5.0a, and today v5.1 was released. So development goes on :-)

Willem |

Wednesday

Jan162008

TrueCrypt v5.0 Coming Soon

Wednesday, January 16, 2008 at 14:56

The TrueCrypt developers have scheduled the release of v5.0 for ~~Januari~~ Februari 2008. This release will also have Mac OSX version. Now we're getting somewhere. Finally, true cross-platform (Windows, Linux, and OSX) encryption, and it's completely free.

TrueCrypt 5.0 Release scheduled for: January 2008

Windows system partition encryption with pre-boot authentication

Mac OS X version

GUI for Linux versions of TrueCrypt

Parallelized and pipelined read/write

and more.

The following features are planned to be implemented in future versions:

Support for external authentication modules (cryptographic tokens)

'Raw' CD/DVD volumes

TrueCrypt API

and more.

Willem |

Thursday

Dec202007

PGP v9.7 released

Thursday, December 20, 2007 at 20:46

The release of the beta PGP v9.7 a couple of weeks ago, made me kinda curious if I had to pay for the new update. I bought v9.0 officially, and every update 'swallowed' my old license info. And what happend today, when I installed the newly released full version of PGP 9.7 Desktop... It swallowed my old license. B.t.w. the original purchase was for the Windows version of PGP, but the license also works on the OSX version of the software (it always did). So it's not necessary to buy a new license when you switch platforms. There is a downside though; It's not possible to download a full version for the license holders. You need to download the 30-day trail version. And you'll only get it when using a valid e-mail address. In the old days they had some restriction on how many times (and in what time frame) you used an e-mail address. Major bummer: the sign and encrypt buttons are no longer available in the Apple mail.app. So you need to use the builtin PGP proxy. So basically, there is no way of manipulating single messages (other than using the clipboard). There is no need for me to sign every mail I send, nor is there the necessity of encrypting every mail I send to a certain person.

Willem |

Wednesday

Nov142007

PGP Public Beta v9.7 Released

Wednesday, November 14, 2007 at 22:54

Since the upgrade to OSX Leopard, I've not been able to use PGP, since it simple won't work. Yesterday I received an e-mail that the public beta of PGP 9.7 has been released (for Windows and OSX). This one does work on Leopard (until December this year though), so I guess that I need to BUY myself yet another version of PGP. I found one 'bug' in the meantime; I seem to be missing the encrypt and sign buttons in the OSX Mail app. Or I might be missing something? I don't want to use the PGP service which signs or encrypts everything. I want to sign and/or encrypt when I want to, and not when an app tells me to.

Willem |

Friday

Nov022007

Oh Yeah, We Got a 'Trojan'

Friday, November 2, 2007 at 21:16

Every once in a lifetime, a virus/trojan or wahtever for Mac OSX raises it's 'ugly' head. And now we got a Trojan. Infection occurs through porn websites :-P, and it promises a codec with which you can view the x-rated content on the website(s). I guess that there's a sex-starved market out there. As you might have guesed, the trojan isn't exactly what it promises to be. It modifies your DNS settings, which are almost undetectable (for regular users). The result is that you might get rerouted to other sites than you originally intended. Since 'they' control the DNS, you might be typing your usernames and passwords for eBay on a site that's not really eBay. There are way of detecting and removig the darn thing.

Willem |

Security

Saturday

Oct132007

ISP's Blocking Childporn on the Internet (part 2)

Saturday, October 13, 2007 at 22:27

Oke, it seems that UPC has already implemented the so-called child pornography filter. There's no fancy filtering software. They are using their own DNS servers to re-route traffic. This means that when your using other DNS servers (e.g. openDNS), a modified hosts file, or just browse to the filtered server based on the IP address you'll be just fine. As I've mentioned before; with casual browsing you won't end up on child porn websites. Only if you want to find it you'll probably end up getting it. So a awefully simple DNS protection won't stop the real perverts. It's just another false sense of safety.

Willem |