HOEI

Apple announced this week an advanced preview of some new features that will appear on iPhone 3.0.  These “new” features include the ability to search your iPhone as well as cut-copy-and-paste.  These features which have been found standard on many other PDAs for years will arrive on iPhone later this year.

It is simply amazing how well iPhone has done while missing some very simply features.  Marketing is a powerful tool and the Apple guys have it figured out. There are and have been PDAs on the market for years that do most of the things iPhone advertises plus simple things like cut/paste across applications, searching, sending/receiving SMS (with pictures).

I have been an avid Palm user for years.  I started on the Handspring Visor Deluxe about ten years ago and have progressed through the Treo 650 and 700p in recent years.  Today I use a Palm Centro and love it.  Cut-and-Paste has been a stand a feature on Palm products for years, long before iPhone was conceived.  Palm has also for years offered as standard features many of the cool things iPhone offers like phone, sync with Exchange, camera, video, MP3 player, games, SMS, plus access to a ton of custom applications.

While I will admit that the built-in wifi feature is on iPhone is neat, it seems to breed illegal wifi use.  I know that some people see the use of open wifi as a murky subject, but it is not.  If you do not have permission from the wifi access point owner then you are stealing.  The iPhone is to open wifi as a slim jim or lock pick are to a car doors.   Just because you carry something in your pocket that makes it easy to get in does not mean you have the legal right to do so.  Yes, you can do the same thing with a wifi enabled laptop, but the iPhone makes it way more convenient.  Enough of that soapbox.

The bottom line is that the folks at Apple are the masters of selling an Eskimo and ice cube. In other words, they have mastered the art of selling people something they don’t necessarily “need”, but will certainly help make them more cool.

The MakeUseOf.com domain seems to have been hijacked over the weekend.   The guys over at MakeUseOf.com have set up shop temporarily on a Blogger platform at makeuseof-temporary.blogspot.com. The hosting company (GoDaddy.com) released the domain to someone who was impersonating the owner of the domain.  Here is what Mark from MakeUseOf.com had to say:

“Now it turns out that in order to transfer the domain, Ferank (or someone helping him) called up GoDaddy and impersonated Aibek. At that point he had already access to our account (or at least had enough information to recover the username/pass for the account) and basically said “hi, I’m the owner of MakeUseOf.com, please transfer the domain”. GoDaddy then complied. “

The Real Truth Behind The MakeUseOf.com Domain Crack

The plot has thickened because the hijacker (aka Ali Ferank) has requested a ransom of $2000 for the safe return of the MakeUseOf.com domain name.

What I would do if I woke up in Mark and Aibek’s shoes:

1) I recommend that the MakeUseOf.com team go over and take a swim in the ICANN registrar transfer policies to determine what pressure can be placed on GoDaddy.com to take some responsibility for what happened.

2) I would get Google involved since the  person currently holding the registration is using Goggle as the email host provider.

The following shows the current WhoIs for MakeuseOf.com:

Registrant Contact:
DomainsGame LLC
Ali Ferank

Alhana baghas nara St
Dubai, NA 85445
AE

Administrative Contact:
DomainsGame LLC
Ali Ferank ()
+1.5544415212
Fax: +1.5555555555
Alhana baghas nara St
Dubai, NA 85445
AE

A quick nslookup for the MX record for the email domain listed in the registration information shows that DomainsGame.org is using Goggle as a host for email services.

> domainsgame.org
Server:  vnsc-pri.sys.gtei.net
Address:  4.2.2.1

Non-authoritative answer:
domainsgame.org MX preference = 30, mail exchanger = aspmx3.googlemail.com
domainsgame.org MX preference = 30, mail exchanger = aspmx4.googlemail.com
domainsgame.org MX preference = 30, mail exchanger = aspmx5.googlemail.com
domainsgame.org MX preference = 10, mail exchanger = aspmx.l.google.com
domainsgame.org MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
domainsgame.org MX preference = 20, mail exchanger = alt2.aspmx.l.google.com
domainsgame.org MX preference = 30, mail exchanger = aspmx2.googlemail.com
>

3) I would give these guys at Moniker Privacy Services a call to see who registered DomainsGame.org.

A WhoIs on the DomainsGame.org domain shows it registered to:

Admin ID:MONIKER1571241
Admin Name:Moniker Privacy Services
Admin Organization:Moniker Privacy Services
Admin Street1:20 SW 27th Ave.
Admin Street2:Suite 201
Admin City:Pompano Beach
Admin State/Province:FL
Admin Postal Code:33069
Admin Country:US
Admin Phone:+1.9549848445
Admin FAX:+1.9549699155
Admin Email:

4) I would not assume this to be an international issue just because the person gave a Dubai snailmail address.

Conclusion

In the meantime GoDaddy has told the MakeUseOf team to realax in a bowl of legal stew.  GoDaddy is obviously trying to determine their liability in this matter before taking too much action.  Lets hope that GoDaddy is not one of the registrars described in the Wikipedia explanation of Domain Hijacking and Domain Theft.

“However, it is well documented that some registrars will admit no fault in accepting the forged credentials and will refuse to correct the record until forced by legal action. In many of these cases, justice is not done and the hijacker retains control of the domain. The victims of such theft often do not have the resources or willingness to invest the effort necessary to regain control of their domain, which may require a lawsuit or a lengthy and time-consuming arbitration process, especially if the hijacker and victim are in different countries.”

GoDaddy.com has a chance to avoid more of the “GoGaddy Sucks” articcles if they handle this correctly.

Click for a full-screen view

This is a capture of my current iGoogle Page. We talked about iGoogle a little last year when the new name surfaced. Today I want to share with you how iGoogle and some cool add-ons like Google Reader can be used to make you more productive. The following list helps you understand a few things I am doing with my iGoogle page.

A – I track the weather in the two cities I spend most of my time: Goose Creek, SC and Washington, DC

B – I track the feed of a group blog that I manage (GrowingKids.org)

C – I track current events

D – I track the feed of Simply Recipes my 2nd favorite food blog

E – Google Reader copy #1 tracks Information Security related feeds that have been placed in my Security folder.

F – Google Reader copy #2 tracks blogs that I placed in my General folder.

You will also note that I use multiple tabs. The BLOG Watch tab is a post for another day. There I track blogs using custom feeds created mainly from Google Blog Searches.

I want to offer a few more comments on the multiple copies of Google Reader found on my iGoogle page. You can add multiple copies or you can switch between folders using the pull-down on one of the readers. Using Google Reader in this way allows for a quick view of a hot subject (folder). For instance, I subscribe to several dozen blogs in my general folder. It is pretty easy for a high priority topic related network security to get lost in the midst of dozens of other posts in a general category. The security folder for me allows for a focus on blogs and new sites that provide RSS feeds related to information security. These RSS feeds are related to announcements on the release of patches from vendors like Cisco, Microsoft, Red Hat, and Oracle to address security vulnerabilities.

A flurry of comment spam has been going around in recent days with the following message:

“very interesting, but I don’t agree with you
Idetrorce”

There is no URL and the message is exactly the same on all the blogs where you find this comment.

What is this comment all about and who is Idetrorce?

In my humble opinion, this is a pre-attack campaign for a bigger spam campaign that will come in the next few weeks. The comment above would be okay on most blog posts since it is not trying to link people back to a product of service and it is just a polite disagreement. Once posted on a loosely moderated blog, the blogger might get a bad rap for deleting such a non threatening comment. Read the editors comments on the wormblog comment number 12.

“So I googled and found that it is indeed SPAM.

I am leaving it up though as I would never wish to be accused of deleting someone who simply disagreed with me.”

If a blogger does not block the email address and user name associated with this comment, then they could be opening themselves up to something much bigger coming down the pipe. That is just one man’s opinion. I am not afraid to delete and edit comments on my blog. I have even deleted some comments from people who agreed with me. When it’s my blog I will do what I think is in the best interest of my blog.

I do strict moderation on all comments on some of my blogs. There are very few terms I force moderate on here on this blog, but this user name and email address will be added to my list. I recommend you do the same with your blog. I just don’t have a good feeling about this Idetroce character.

In Wordpress

Go to your Dashboard and select Options/Discussion. Scroll down and enter the user name, email address and IPs from this commenter. By the way, the IPs this person is sourcing from are out of Amsterdam.

When ranking the security status of a PC on a scale from 1 to 5, with 5 being the most vulnerable, this PC ranks an 87.

This is a screen capture from the Windows Update site for one of my laptops shortly after installing Windows XP Professional and adding Service Pack 2.  Choosing to ignore these updates leaves a PC very open to attacks especially if the machine has not anti-virus software and a firewall is not running.

Visiting the Windows Update site is a good first step to securing a PC.  There are a few other things that I would highly recommend when building or buying a new PC.

1. Purchase and install an enterprise grade anti virus application and subscribe to automatic signature and software upgrades.
2. Install a client based firewall application, especially if you will be connecting to public networks.
3. Use VPN software and SSL (https) web sites as much as possible when on public WiFi. (more HOWTO details to come on this subject)
4. Update your other third party applications on Windows regularly and enable automatic updates where possible. (i.e., iTunes, QuickTime Viewer, Java run-time, etc.)
5. Verify that your PC is not trying to automatically reconnect to Windows Network shares at logon.

I can not impress upon you bloggers how important number three is for those of you who frequently log onto your blog software via http (tcp port 80) over a public wireless access point from a hotel, coffee shop, or your favorite lunch location.  The software to enable a hacker with the capability to capture your user ID and passwords over a public access point is widely available and very easy to use.   The same from utilities can be used to capture unencrypted passwords used when accessing email, ftp servers, and web site control panels.

I have worked in recent years as a network security engineer. One task I faced was making various network devices authenticate to a central AAA solution. Most of the devices were pretty straight forward with the exception of Linux.

Most network environments I have been exposed to where there is an interest in creating a single sign-on solution have been focusing on getting all their devices to authenticate against Microsoft’s Active Directory or some third party two-factor authentication tool. My work on this little project led me into a hole that none of my local Linux guru friends could dig me out of. While most of this information can be gathered straight from various sources on the Internet, I have yet to find anyone put it all together in a step by step procedure like found in this post.  These instructions worked on RedHat enterprise and Fedora while running against a variety of radius servers including Microsoft IAS and SafeWord from Super Computing. The following steps assume that you have a functional radius server in place that can already accept and authenticate user logins from devices like Cisco routers and switches.

HOWTO configure Linux SSH users to authenticate to external Radius

1. Log in to the Linux box that needs to authenticate against Radius using root privileges.
2. Download ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz using the FTP command
3. extract the pam_radius-1.3.17.tar.gz file to a subdirectory of you home directory called /pam_radius-1.3.17
4. Switch directories to /pam_radius-1.3.17
5. Edit pam_radius_auth.conf to reflect actual Radius server IP, ShareSecret and timeout.
6. Execute the “make” command
7. Copy file that was created during the make over to /lib/security – cp pam_radius_auth.so /lib/security
8. Make a backup of the /etc/pa.d/sshd – cp /etc/pam.d/sshd /etc/pam.d/sshd.BU
9. Edit /etc/pam.d/sshd to read as follows: (Note: the client_id in line one is optional and configurable)

#%PAM-1.0
auth sufficient /lib/security/pam_radius_auth.so debug client_id=linux
auth sufficient pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so

10. Edit /etc/ssh/sshd_config and add the following line to the bottom of the file:

UsePAM yes

11. Create accounts on the Linux box for all users requiring access to this server via SSH using AAA authentication. Assign a blank password to each account on the Linux box.
12. Verify that the IP addresses and shared secret(s) have been added to the AAA server clients configuration for this Linux box.
13. Verify that all users requiring access to the Linux box have AAA accounts configured on the radius server.

These instructions were compiled from mostly trial and error based on instructions found at FreeRADIUS.org.

Disclaimer: I consider myself to be an intermediate Linux administrator. Please feel free to share links in the comments to more clear and comprehensive solutions for authenticating Linux against and external AAA server if you have them.  I would especially like to hear ideas on how to get around the need for matching ids on the Linux server.