Jeff Rangel

Top 20 OpenSSH Server Best Security Practices

2009-07-26T16:05:00.000-05:00

Top 20 OpenSSH Server Best Security Practices

by Vivek Gite

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Default Config Files and SSH Port

/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys or ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the user’s account
/etc/nologin - If this file exists, sshd refuses to let anyone except root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here.
SSH default port : TCP 22

SSH Session in Action

#1: Disable OpenSSH Server

Workstations and laptop can work without OpenSSH server. If you need not to provide the remote login and file transfer capabilities of SSH, disable and remove the SSHD server. CentOS / RHEL / Fedora Linux user can disable and remove openssh-server with yum command:
# chkconfig sshd off # yum erase openssh-server
Debian / Ubuntu Linux user can disable and remove the same with apt-get command:
# apt-get remove openssh-server
You may need to update your iptables script to remove ssh exception rule. Under CentOS / RHEL / Fedora edit the files /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. Once done restart iptables service:
# service iptables restart # service ip6tables restart

#2: Only Use SSH Protocol 2

SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:

Protocol 2

#3: Limit Users' SSH Access

By default all systems user can login via SSH using their password or public key. Sometime you create UNIX / Linux user account for ftp or email purpose. However, those user can login to system using ssh. They will have full access to system tools including compilers and scripting languages such as Perl, Python which can open network ports and do many other fancy things. One of my client has really outdated php script and an attacker was able to create a new account on the system via a php script. However, attacker failed to get into box via ssh because it wasn't in AllowUsers.

Only allow root, vivek and jerry user to use the system via SSH, add the following to sshd_config:

AllowUsers root vivek jerry

Alternatively, you can allow all users to login via SSH but deny only a few users, with the following line:

DenyUsers saroj anjali foo

You can also configure Linux PAM allows or deny login via the sshd server. You can allow list of group name to access or deny access to the ssh.

#4: Configure Idle Log Out Timeout Interval

User can login to server via ssh and you can set an idel timeout interval to avoid unattended ssh session. Open sshd_config and make sure following values are configured:

ClientAliveInterval 300
ClientAliveCountMax 0

You are setting an idle timeout interval in seconds (300 secs = 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out). See how to automatically log BASH / TCSH / SSH users out after a period of inactivity for more details.

#5: Disable .rhosts Files

Don't read the user's ~/.rhosts and ~/.shosts files. Update sshd_config with the following settings:

IgnoreRhosts yes

SSH can emulate the behavior of the obsolete rsh command, just disable insecure access via RSH.

#6: Disable Host-Based Authentication

To disable host-based authentication, update sshd_config with the following option:

HostbasedAuthentication no

#7: Disable root Login via SSH

There is no need to login as root via ssh over a network. Normal users can use su or sudo (recommended) to gain root level access. This also make sure you get full auditing information about who ran privileged commands on the system via sudo. To disable root login via SSH, update sshd_config with the following line:

PermitRootLogin no

However, bob made excellent point:

Saying "don't login as root" is horseshit. It stems from the days when people sniffed the first packets of sessions so logging in as yourself and su-ing decreased the chance an attacker would see the root pw, and decreast the chance you got spoofed as to your telnet host target, You'd get your password spoofed but not root's pw. Gimme a break. this is 2005 - We have ssh, used properly it's secure. used improperly none of this 1989 will make a damn bit of difference. -Bob

#8: Enable a Warning Banner

Set a warning banner by updating sshd_config with the following line:

Banner /etc/issue

Sample /etc/issue file:

----------------------------------------------------------------------------------------------
You are accessing a XYZ Government (XYZG) Information System (IS) that is provided for authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:

+ The XYZG routinely intercepts and monitors communications on this IS for purposes including, but not limited to,
penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM),
law enforcement (LE), and counterintelligence (CI) investigations.

+ At any time, the XYZG may inspect and seize data stored on this IS.

+ Communications using, or data stored on, this IS are not private, are subject to routine monitoring,
interception, and search, and may be disclosed or used for any XYZG authorized purpose.

+ This IS includes security measures (e.g., authentication and access controls) to protect XYZG interests--not
for your personal benefit or privacy.

+ Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching
or monitoring of the content of privileged communications, or work product, related to personal representation
or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work
product are private and confidential. See User Agreement for details.
----------------------------------------------------------------------------------------------

Above is standard sample, consult your legal team for exact user agreement and legal notice details.

#8: Firewall SSH Port # 22

You need to firewall ssh port # 22 by updating iptables or pf firewall configurations. Usually, OpenSSH server must only accept connections from your LAN or other remote WAN sites only.

Netfilter (Iptables) Configuration

Update /etc/sysconfig/iptables (Redhat and friends specific file) to accept connection only from 192.168.1.0/24 and 202.54.1.5/29, enter:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -s 202.54.1.5/29 -m state --state NEW -p tcp --dport 22 -j ACCEPT

If you've dual stacked sshd with IPv6, edit /etc/sysconfig/ip6tables (Redhat and friends specific file), enter:

 -A RH-Firewall-1-INPUT -s ipv6network::/ipv6mask -m tcp -p tcp --dport 22 -j ACCEPT

Replace ipv6network::/ipv6mask with actual IPv6 ranges.

*BSD PF Firewall Configuration

If you are using PF firewall update /etc/pf.conf as follows:

pass in on $ext_if inet proto tcp from {192.168.1.0/24, 202.54.1.5/29} to $ssh_server_ip port ssh flags S/SA synproxy state

#9: Change SSH Port and Limit IP Binding

By default SSH listen to all available interfaces and IP address on the system. Limit ssh port binding and change ssh port (by default brute forcing scripts only try to connects to port # 22). To bind to 192.168.1.5 and 202.54.1.5 IPs and to port 300, add or correct the following line:

Port 300
ListenAddress 192.168.1.5
ListenAddress 202.54.1.5

A better approach to use proactive approaches scripts such as fail2ban or denyhosts (see below).

#10: Use Strong SSH Passwords and Passphrase

It cannot be stressed enough how important it is to use strong user passwords and passphrase for your keys. Brute force attack works because you use dictionary based passwords. You can force users to avoid passwords against a dictionary attack and use john the ripper tool to find out existing weak passwords. Here is a sample random password generator (put in your ~/.bashrc):

genpasswd() {
 local l=$1
       [ "$l" == "" ] && l=20
      tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}

Run it:
genpasswd 16
Output:

uw8CnDVMwC6vOKgW

#11: Use Public Key Based Authentication

Use public/private key pair with password protection for the private key. See how to use RSA and DSA key based authentication. Never ever use passphrase free key (passphrase key less) login.

#12: Use Keychain Based Authentication

keychain is a special bash script designed to make key-based authentication incredibly convenient and flexible. It offers various security benefits over passphrase-free keys. See how to setup and use keychain software.

#13: Chroot SSHD (Lock Down Users To Their Home Directories)

By default users are allowed to browse the server directories such as /etc/, /bin and so on. You can protect ssh, using os based chroot or use special tools such as rssh. With the release of OpenSSH 4.8p1 or 4.9p1, you no longer have to rely on third-party hacks such as rssh or complicated chroot(1) setups to lock users to their home directories. See this blog post about new ChrootDirectory directive to lock down users to their home directories.

#14: Use TCP Wrappers

TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet. OpenSSH does supports TCP wrappers. Just update your /etc/hosts.allow file as follows to allow SSH only from 192.168.1.2 172.16.23.12 :

sshd : 192.168.1.2 172.16.23.12

See this FAQ about setting and using TCP wrappers under Linux / Mac OS X and UNIX like operating systems.

#15: Disable Empty Passwords

You need to explicitly disallow remote login from accounts with empty passwords, update sshd_config with the following line:

PermitEmptyPasswords no

#16: Thwart SSH Crackers (Brute Force Attack)

Brute force is a method of defeating a cryptographic scheme by trying a large number of possibilities using a single or distributed computer network. To prevents brute force attacks against SSH, use the following softwares:

DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.
Fail2ban is a similar program that prevents brute force attacks against SSH.
security/sshguard-pf protect hosts from brute force attacks against ssh and other services using pf.
security/sshguard-ipfw protect hosts from brute force attacks against ssh and other services using ipfw.
security/sshguard-ipfilter protect hosts from brute force attacks against ssh and other services using ipfilter.
security/sshblock block abusive SSH login attempts.
security/sshit checks for SSH/FTP bruteforce and blocks given IPs.
BlockHosts Automatic blocking of abusive IP hosts.
Blacklist Get rid of those bruteforce attempts.
Brute Force Detection A modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.
IPQ BDB filter May be considered as a fail2ban lite.

#17: Rate-limit Incoming Port # 22 Connections

Both netfilter and pf provides rate-limit option to perform simple throttling on incoming connections on port # 22.

Iptables Example

The following example will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds:

#!/bin/bash
inet_if=eth1
ssh_port=22
$IPT -I INPUT -p tcp --dport ${ssh_port} -i ${inet_if} -m state --state NEW -m recent  --set
$IPT -I INPUT -p tcp --dport ${ssh_port} -i ${inet_if} -m state --state NEW -m recent  --update --seconds 60 --hitcount 5 -j DROP

Call above script from your iptables scripts. Another config option:

$IPT -A INPUT  -i ${inet_if} -p tcp --dport ${ssh_port} -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
$IPT -A INPUT  -i ${inet_if} -p tcp --dport ${ssh_port} -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -o ${inet_if} -p tcp --sport ${ssh_port} -m state --state ESTABLISHED -j ACCEPT
# another one line example
# $IPT -A INPUT -i ${inet_if} -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 22 -m limit --limit 5/minute --limit-burst 5-j ACCEPT

See iptables man page for more details.

*BSD PF Example

The following will limits the maximum number of connections per source to 20 and rate limit the number of connections to 15 in a 5 second span. If anyone breaks our rules add them to our abusive_ips table and block them for making any further connections. Finally, flush keyword kills all states created by the matching rule which originate from the host which exceeds these limits.

sshd_server_ip="202.54.1.5"
table  persist
block in quick from 
pass in on $ext_if proto tcp to $sshd_server_ip port ssh flags S/SA keep state (max-src-conn 20, max-src-conn-rate 15/5, overload  flush)

#18: Use Port Knocking

Port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A sample port Knocking example for ssh using iptables:

$IPT -N stage1
$IPT -A stage1 -m recent --remove --name knock
$IPT -A stage1 -p tcp --dport 3456 -m recent --set --name knock2

$IPT -N stage2
$IPT -A stage2 -m recent --remove --name knock2
$IPT -A stage2 -p tcp --dport 2345 -m recent --set --name heaven

$IPT -N door
$IPT -A door -m recent --rcheck --seconds 5 --name knock2 -j stage2
$IPT -A door -m recent --rcheck --seconds 5 --name knock -j stage1
$IPT -A door -p tcp --dport 1234 -m recent --set --name knock

$IPT -A INPUT -m --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 5 --name heaven -j ACCEPT
$IPT -A INPUT -p tcp --syn -j doo

fwknop is an implementation that combines port knocking and passive OS fingerprinting.
Multiple-port knocking Netfilter/IPtables only implementation.

#19: Use Log Analyzer

Read your logs using logwatch or logcheck. These tools make your log reading life easier. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Make sure LogLevel is set to INFO or DEBUG in sshd_config:

LogLevel INFO

#20: Patch OpenSSH and Operating Systems

It is recommended that you use tools such as yum, apt-get, freebsd-update and others to keep systems up to date with the latest security patches.

Other Options

To hide openssh version, you need to update source code and compile openssh again. Make sure following options are enabled in sshd_config:

#  Turn on privilege separation
UsePrivilegeSeparation yes
# Prevent the use of insecure home directory and key file permissions
StrictModes yes
# Turn on  reverse name checking
VerifyReverseMapping yes
# Do you need port forwarding?
AllowTcpForwarding no
X11Forwarding no
#  Specifies whether password authentication is allowed.  The default is yes.
PasswordAuthentication no

Verify your sshd_config file before restarting / reloading changes:
# /usr/sbin/sshd -t

Tighter SSH security with two-factor or three-factor (or more) authentication.

Just thinking

2009-07-24T22:50:00.002-05:00

So this weekend Jillian and I started pulling the weeds from our back yard. I tell you that is no easy task! After pulling all the weeds, going to spread some Weed Feed Killer all over the yard. Sprayed some Round UP, hope that helps too. Hopefully getting some grass, after this drought that we are in.

We shall see!

Jeff-

S.A.-based company fights against cybercrime

2009-07-24T15:48:00.001-05:00

San Antonio is becoming the hub for national cyber security
08:13 AM CDT on Thursday, July 23, 2009
Karen Grace / KENS 5

San Antonio is becoming the hub for national cyber security. A new report reveals there are not enough trained people to fight attacks.

Video

July 23rd, 2009

One San Antonio company is fighting against cybercrime. KENS 5's Karen Grace reports.

>More News video

Search Video:

The government is vulnerable to hackers and cyber criminals who could scramble the financial world and threaten national security.

EADS North America is based in San Antonio, and they say they're the brains behind our nation's best weapon against cybercrimes.

"We provide simulators that train people how to secure a network," said Eric Franey, director of product management and marketing for EADS North America Defense.

That type of traning is desperately needed, according to a report out today that says the federal government is at risk of being unable to fight off terrorist and foreign government attacks on the nation's computer networks.

"The report card that came out today said we dont have enough experts to adequately protect our computer systems," Franey said. "I can tell you there are thouands of attacks a week."

And while you may think this type of espionage doesn't hit home, the experts say think again.

"Cybersecurity is serous for everyone at this point," Franey said. "State and local governments are being attacked."

The company will also work closely with the 24th Air force, a cyber command headquarters that is also coming to San Antonio next year.

Apollo 11 command module is released to open source

2009-07-21T16:36:00.000-05:00

Virtual Apollo Computer for developers

Posted by: Siobhan Chapman ShareThis

The software that helped take humans to the moon has been released to the developer open source community to commemorate the fortieth anniversary of the Apollo 11 mission.

The Apollo 11 program was made up of two different spacecraft, the Command Module (CM), used to get the three astronauts to the moon and back, and the Lunar Module (LM), used to land two of the astronauts on the moon.

An on-board Apollo guidance computer (AGC) was the principal computer for all Apollo missions. On any Apollo mission, there were two AGCs, one for the Command Module, and one for the Lunar Module, but they ran different software because the tasks the spacecraft had to perform were different. "Software" was also different to today, and was effectively built using paper-tape rolls and thick cardstock that was punched with special holes.

Developers of the Virtual AGC and AGS project scanned and transcribed the hard-copy scanned images of the code from both spaceships from the MIT Museum, to create an open source-based emulator of the Apollo Guidance Computer. The resulting Virtual AGC software public domain executable code is designed to work in Linux, in Windows XP, and in Mac OS X 10.3 or later.

The team behind the Virtual AGC project have said the emulator is not a flight simulator, but an accurate recreation of the functionality of the computers which were installed in the Apollo vehicles. But the code can be used as a component for other developers to create a flight simulator, if they so wish.

Tweeting via Pidgin on Ubuntu

2009-06-07T16:50:00.000-05:00

Pidgin is a multi-featured instant messaging desktop client that is very popular among Linux users. It supports a wide range of chat networks like Yahoo!, AIM, Google Talk, ICQ, and IRC. You can even send and receive SMS (Text Messages) for free via Pidgin. So if it can do all these, does it support everybody's favorite micro-blogging platform Twitter?

--Yes it does. Thanks to a plugin called microblog-purple you will now be able to send and receive tweets via Pidgin.

For Ubuntu users, here's a simple tutorial on installing this Twitter plugin on Pidgin:

1. Depending on your Ubuntu version, add these software repositories:

deb http://ppa.launchpad.net/sugree/ppa/ubuntu hardy main deb-src http://ppa.launchpad.net/sugree/ppa/ubuntu hardy main

or

deb http://ppa.launchpad.net/sugree/ppa/ubuntu intrepid main deb-src http://ppa.launchpad.net/sugree/ppa/ubuntu intrepid main

or

deb http://ppa.launchpad.net/sugree/ppa/ubuntu jaunty main deb-src http://ppa.launchpad.net/sugree/ppa/ubuntu jaunty main

You can easily add software sources by opening Synaptic Package Manager, and then going to Settings --> Repositories --> Third-Party Software:

After adding the above repositories, close the Synaptic Package Manager.

2. Open a terminal and type this command in order to import the key:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0CF459B8DF37ED8B

Then:

sudo apt-get update

3. Install the microblog-purple plugin with this command:

sudo apt-get install pidgin-microblog

4. After installation, we can now enable the microblog-purple plugin by opening Pidgin, and then going to Tools --> Plugins. Make sure to check "Twitgin":

5. We can now add Twitter from the list of protocols. To do this, simply open the "Manage Accounts" window, add an account, and select TwitterIM from the "Protocol" drop-down menu:

6. Proceed by providing your Twitter username and password:

7. You can now start tweeting via Pidgin!

Note that you can also use these commands inside the Pidgin Twitter window:

/replies - get all replies to you
/refresh - get new tweets instantly
/tag, /btag, /untag - automatically tag all your message

Enjoy!

Monitoring E-Mail with Nagios

2009-05-15T00:25:00.000-05:00

Have you ever felt like you were being ignored? Have you ever felt like you were talking but no one was listening? Well, that's how it feels when your e-mail system is broken and you don't know it.

During the past week, I've had a couple system problems that prevented people from receiving e-mail messages that my wife or I sent. The sad part was that we didn't know the messages weren't being delivered. We'd receive a message asking a question, and we'd reply to the sender thinking nothing of it. A few days later, we'd get a phone call from the person asking whether we ever were going to respond.

In our case, two situations were conspiring against us: a change in Comcast's firewall policy and a change in Yahoo's mail delivery policy.

It all began when my wife started complaining that something was wrong with the e-mail system because she'd not heard back from a friend whom she had sent a message the previous day. I sent a quick e-mail to a friend of mine, got a response, and informed my wife that “it worked for me,” and chalked it up to her friend not being responsive.

Then, just to demonstrate to her that the mail server was healthy, I asked the server to print out its mail queue. Crap! There were 55 messages in the queue waiting to be delivered. Of course, by this time, even I had noticed that the volume of incoming spam had gone down to none. So, Houston, we had a problem.

After several years of running my own mail server on my home machine connected to the Internet via Comcast, Comcast decided to implement a new firewall policy and started blocking incoming SMTP (tcp/25) connections on its residential users' networks. Of course, I wasn't informed of the change, because I don't use Comcast's e-mail system! Previously, we would send e-mail from our workstations, and our mail server would forward the message through Comcast's smarthost; incoming messages came directly to our server. This configuration had worked for years. But, with the new firewall policy, something broke. Some of our messages were being delivered, and some weren't. I'm speculating that the ones not delivered were going through servers that did sending address verification, and as they couldn't connect back to my mail server to validate my e-mail address, they refused delivery.

So, I decided to take the inexpensive way out. I could have spent an extra $20 a month and gotten a business account with Comcast, which I eventually did, but I didn't at first. I created a VPN tunnel from my home machine to one of my servers on the open Internet. Then, I moved my DNS pointers to point to that machine and had it forward incoming messages through the VPN. I configured my home server to use that machine as its smarthost rather than Comcast's server. Aside from the blatant violation of Comcast's Acceptable Use Policy, this seemed like it would work pretty well.

Then, the other shoe dropped.

My wife and I quickly realized that this was working much better, but it still wasn't quite right. People my wife emailed on a daily basis weren't receiving her messages. The common denominator was that all of these people were using Yahoo e-mail accounts. So, I manually forced delivery of one e-mail messages and saw that Yahoo was deferring delivery due to questionable traffic patterns. And, that made sense; I was trying to deliver 55 deferred messages, probably all at once.

It's important to note that I monitor my e-mail server, and the Exim daemon never sent an alarm, so merely monitoring a service isn't enough. Instead of monitoring the service itself, it's better to monitor the server's function, which is what the rest of this article is about.

I was hesitant to write another article on Nagios, but e-mail is becoming more and more critical, and when it does break, it breaks in strange ways.

Of course, I monitor my Exim daemon as well as my server's route to the Internet. I use a Nagios service check for SMTP, like this:

define service {
       use generic-service
       name                    smtp
       host_name               host.example.com
       notification_options    w,c,r
       service_description     E-Mail SMTP Server
       check_command           check_smtp
}

I use a similar check to monitor my Internet gateway. But, as bad as the e-mail situation became, neither of these alarms would have indicated a problem. So, rather than monitoring to see whether a process is running, I set out to begin monitoring the server's critical functions, e-mail transport and delivery.

The first problem I wanted to address was being informed when messages were stuck in Exim's mail queue. I actually thought I'd have to write a custom program to check for this situation. While researching the situation further, I came across a posting from someone with a similar problem. It turns out that Nagios already has a command that performs this check, and I never knew it. Nagios's check commands are in /usr/nagios/libexec/, and let me tell you, there is a lot of gold in that directory.

So, I created an entry in Nagios's checkcommands.cfg file, like this:

define command{
       command_name    check_mailq
       command_line    $USER1$/check_mailq -w 3 -c 5 -v 9
}

Then, I created an entry in the services.cfg file that looked like this:

define service {
       use generic-service
       name                    mailq
       host_name               dominion
       notification_options    w,c,r
       service_description     SMTP Mail Queue
       check_command           check_mailq
}

Finally, I restarted Nagios and tested the new configuration by shutting down my server's outside network interface and attempting to send an e-mail message. Obviously, the mail transport operation failed and I got my alarm.

So at this point, I am pretty sure that if I have another problem with my e-mail system, at least I'll know it in a timely fashion. But, I thought it would be good to put in one more check.

It would be nice to know if my server ever finds itself on a Real-time Blocking List (RBL). Once again, Nagios has a command to check for this situation, but it comes in C source, which I couldn't get to compile. Anyway, I think I like my solution better.

My program looks up the server's IP address at http://www.anti-abuse.org, which, in turn, checks the IP address against several other RBLs at once. I'm probably going to configure Nagios to perform this check a few times a day, at most.

Here's the program:

#!/usr/bin/perl

open CMD, "wget -q http://www.anti-abuse.org/rblresults.php?host=192.168.1.1 -O - |";

while () {
       if (!/listed in /) { next; }
       if (!/NOT listed in /) { $error++; }
}

if (!$error) {
       print "OK\n";
       exit 0;
} else {
       print "CRITICAL: $error\n";
}

As you can see, it's not that complex. It simply sends a query to Anti-abuse.org and looks for the results. I hard-coded my machine's IP address in this case, but it would be trivial to use one of Nagios' variables and send the IP address as a command-line parameter to this program. Then, the program makes sure that each of the results indicates that my machine is not listed on an RBL. If this check fails, we set a flag for later use. Finally, I created a checkcommand.cfg and services.cfg entry just as I did above.

Now I find myself in the awkward predicament of having written a program that I can't test. In order to test this program fully, I'd have to get my server on an RBL list, which I'm not about to do. Even so, I believe this program will work.

I don't know about you, but I live by e-mail, so my e-mail system simply has to work. The problems I had recently demonstrated that my monitoring policy wasn't sufficient. I believe that the new policy would have alerted me to the situation in a timely fashion. But, as is always the case, you can't test for everything, so I'm sure I'm missing something.

Cloud computing with Linux thin clients

2009-05-15T00:08:00.000-05:00

Cloud computing has been covered extensively in a number of venues and from many points of view. For embedded Linux engineers and aficionados, one exciting aspect of cloud computing is the sudden interest in thin Linux clients.

The basic concept of cloud computing is the use of resources accessed over the Internet. Combined with clients of limited capability, cloud computing becomes broadly similar to client-server computing over a LAN using dumb terminals or once-vogue thin clients. (The reference to "thin" meant these devices had little or no processing power of their own, relying instead on the processing power of the server.)

Because a great deal of data had to traverse the network, the limiting factor was bandwidth. When graphical thin clients became popular in the mid-1990s, their use was still largely limited to LANs because of bandwidth requirements. The Internet simply wasn't fast enough. But even with this limitation, the benefits of centralization—particularly hardware cost, as computers were expensive and thin terminals were cheap—made it worth the trade-off.

Network computing

This trade-off has disappeared with the rapid growth of readily available high-speed Internet access and the ever-increasing capacity of the Internet backbone itself. The resulting shift to higher throughput makes all kinds of interesting technology feasible.

It is now possible to use a Web browser to perform tasks on a remote server that were previously the sole domain of software hosted on a local machine—even graphics-intensive operations such as page layout or image editing. A large number of companies are creating services to meet the demand. Think of any task you perform locally, and chances are good that some company somewhere is providing that service online, probably at no cost.

This paradigm has also paved the way for new methods of accessing information over networks, including entirely new classes of software and devices. Terminals are no longer dumb, and clients are no longer very thin. For some, the definition of "thin" has grown to include any system that can access the Internet, regardless of its overall capabilities: cellular phones, new devices such as netbooks and mobile Internet devices (MIDs), even re-purposed, older desktop and laptop computers. All clients are thin when the server is as thick, rich, and connected as the Internet itself.

Most industry analysts agree that the use of thin clients—particularly cellular phones—is rising dramatically. In fact, thin clients are expected to be the primary method of accessing the Internet for a majority of people in the world within the next few years.

The network has finally become the computer, as John Gage predicted back in 1984.

The bottom line

Usefulness, however, is not always the primary factor that determines wide-scale adoption. A more accurate determination can be made in terms of absolute cost—especially when adoption is considered in developing countries—as well as relative cost in relation to value. A client's thinness bears a direct relationship to its cost, because less capable systems are less expensive to produce. Similarly, the cost of cloud-based software is directly related to its large-scale adoption.

Creative markets and the cost-value ratio

Cloud computing, along with supporting technology like thin clients, is driving organizations to consider creative methods of financing and marketing. For example, One Laptop Per Child (OLPC) produces extremely inexpensive devices (currently in the US$200 range), structure the software around education, and market to governments of developing countries rather than to individuals in order to create educational opportunities in countries that previously had no Internet access or technology education at all. This kind of activity, although eventually profitable for the company, is also beneficial to the world in general.

OLPC's story also points out the importance of considering cost in relation to value. Consider the total cost of a "thick" client. Think of a technical writer at a laptop computer in a coffee house. This laptop may contain all the resources available to complete the project—a word processor, page-layout program, diagramming tools for graphical insets and illustrations, and conversion tools for XML and PDF—all in the self-contained universe of that laptop, which may cost US$2,000 and have similar capabilities to a desktop machine. The software could cost as much as the system itself, resulting in a US$4,000 total investment.

In contrast, that same writer in the same coffee house may work on a thin client—a much smaller, resource-constrained system that literally costs one-tenth as much as the expensive laptop. Thanks to the software and storage available in the cloud, this thin client may have no moving parts, a very simple processor, and just enough resources to run a modern Web browser and a fast network connection, but the writer has as many—possibly even more—resources at hand than the local user, as well as the safety of knowing that his or her work will survive even if the battery dies or the laptop itself is stolen.

The software available in the cloud can produce documents of the same quality with similar levels of control over the end product, yet it is absolutely free, subsidized by corporate adoption, by advertising, or by some other creative monetization process. Total investment by the user: US$200.

Penguins in the clouds

The best operating environment for a thin client designed around cloud computing has the following characteristics:

Highly customizable
An inexpensive or even free operating system
All necessary applications inexpensive or free
Networking built into the operating system core
Small enough to fit into tiny devices
Flexible and powerful enough to run full laptops
Miserly enough to conserve battery life to a maximum degree

Linux meets all of these criteria. It is taking over in the mobile space, the enterprise space, and the embedded space, including dedicated consumer devices such as book readers and set-top boxes. And with virtualization, Linux can also run applications built for the Windows®, Mac OS X, and other operating systems.

Linux: the operating system for the cloud

Linux has matured and become viable as an embedded operating system; its freedom—both in terms of cost and royalty-free licensing—has revolutionized a market that once was dominated by only a few players who demanded stiff per-unit royalties. Linux now has real-time support as well as structured driver support with a flexibility never dreamed of for proprietary real-time operating systems, and the availability of relevant applications is unprecedented. Linux is the basis behind at least four new netbook operating systems, leads the explosive growth in smart phones, and is slated to continue to absorb market share over the next 5 to 10 years.

The flexibility, developer control, power-management facilities, and overall stability of Linux also make it well suited to older, recycled systems. You can give older machines a new life by loading Linux instead of (or in addition to) the host operating system.

Applications for accessing the cloud

What about applications? Something beyond the operating system is required in order to gain access to the cloud, and cost must be considered here, as well. The cloud has made thin clients possible, but the key to making them inexpensive is limiting the cost of the software to run them.

As most developers know, some of the most powerful network-oriented applications available are completely free, including Web browsers (such as Firefox, Opera, and Chrome), e-mail software (such as Thunderbird and Evolution), instant messaging (such as Pidgin and Trillian), and multi-platform application environments (such as Java™ technology). The combination of just these four application types alone would make a formidable thin client, all completely free.

Note, however, that free, open source operating systems and applications do not mean that you can make a device completely without cost. As noted open source developer Jamie Zawinski famously said, "Free software is only free if your time has no value." You must accept a certain amount of work to design and implement systems based on free software, just as you must do when evaluating proprietary software. However, because the base product is free and its source code is available, the value gained for that time is far higher for free software than for paid software, even if the process itself takes a little longer.

It is no wonder that there are over 100,000 embedded Linux developers currently, and the number is growing.

What thin clients currently exist?

This section describes several types of thin clients on the market today. Many of these clients are new devices still finding their niches in the hearts of consumers and enterprises. All share a few common features: they have little storage and processing power of their own relative to the functions they are designed to perform, they are all designed around cloud computing, and they all run operating systems based on Linux and other open source software.

Netbooks

A netbook is a small, underpowered (by modern standards), yet fully functional laptop, usually supporting wireless networking. Netbooks are designed to be used as thin clients, and many have no fans or disk drives.

Examples include the OLPC XO, the Asus EEE PC, and the MSI Wind. Most run full-scale Linux distributions like Fedora or Ubuntu, although some have distributions developed for them specifically, like OLPC's Linux-based Sugar operating system, which was developed by educators as a learning environment. The Sugar interface is also available to run on a standard Windows or Apple system (see Resources for links to more information).

MIDs

A mobile Internet device (MID) is a very small-scale device with a touchscreen and, optionally, a thumb-sized keyboard. Also known as ultra-mobile PCs (UMPCs), MIDs support wireless networking and are designed specifically for mobile use. (They are roughly the size of cellular phones.) The principal difference between netbooks and MIDs is size, because many use the same processors, although MIDs are generally less capable: they have less storage, less memory, and smaller screens.

Examples include the Nokia N810, the Sony Vaio P, and the Acer Aspire ONE series. Nearly all devices known as MIDs run some variant of Linux. The Nokia device in particular runs Maemo, a combined kernel and middleware platform whose user environment is relatively constrained and optimized in order to keep resources available for applications, although some developers have created alternative desktop environments. Also available is Ubuntu MID Edition, which can be built together with Moblin on Intel®-based middleware sets, to yield a powerful operating environment.

Smart phones

These overgrown cellular phones, which started out as enterprise devices capable of reading e-mail and browsing the Web, have exploded in popularity. Many come with thumb keyboards and fast, always-on Internet connections because of the simultaneous massive growth of 2.5G and 3G cellular telephone data networks.

Examples of smart phones with keyboards include the new Palm Pre, the HTC G1, and the OpenMoko project. Some without keyboards include the Motorola Krave ZN4, the Samsung Anycall SCH-i859, and the Emblaze Mobile Edelweiss, and the Purple Magic reference design from French company Purple Magic. All of these phones are based on Linux.

Many new phone designs running variants of Linux have recently been announced. Linux distros designed specifically for smart phones include Android (a Google product) and software based on LiMo, a smart phone standards organization.

Dedicated devices

Some dedicated devices also rely on the network for their primary functions. Electronic book readers must have some method of downloading books: The Amazon Kindle uses a cellular-based network connection to connect directly to Amazon's server. (Note that the Kindle runs Linux.) Other dedicated, network-capable devices include the TiVo digital video recorder (DVR) and the Roku Netflix Player video-streaming set-top box, both of which run Linux.

Hybrid devices

There is a new device entering the market that might best be called a hybrid cloud computer. It is a standard office laptop with an interesting twist: a thin Linux-based client built directly into the hardware that shares the keyboard, screen, and network connection. It may seem strange to have two computers in one case, but the utility becomes apparent when the thin client turns on and connects instantly like a cellular phone, stays on for up to 18 hours with a standard battery, and goes to sleep so the user can boot into the larger machine whenever necessary. It is a true cloud machine with a local backup.

The only current hybrid device is the Dell Latitude E4200/E4400 series (the capability is called Latitude ON), but more such devices are planned in the near future.

Green penguins, green clouds

There are environmental benefits to both cloud computing and the use of thin clients based on Linux.

Cloud computing centralizes resources, which means that all the hard processing happens on large, fast machines somewhere out there "in the cloud." Some companies—Google in particular—have taken this concept to heart by locating server farms physically close to power-generating stations, as they have in Oregon and in Eemshaven, The Netherlands (near a large set of windmills). Because much of the efficiency of electrical power is lost in transport, this is good for the planet as well as for the company. Google has also (famously) patented a floating wave-powered server farm, which would not only be co-located with its power source but would also be totally sustainable.

There are additional benefits to thin Linux clients. First, they are "thin," meaning that they contain low-powered hardware and thus use much less electricity than expensive laptops. Second, they run Linux, which has many advantages related to power management, even on older hardware.

Third and most importantly, Linux runs practically everywhere. Rather than consigning an old computer to the e-waste scrap heap, give it a new, inexpensive hard disk—or just boot from a CD or a USB flash drive (UFD)—and re-purpose the computer as a thin client.

The earth will thank you.

Resources

Learn

Read "Automating Linux Cloud Installations" (developerWorks, November 2008) to learn how to make cloud-based Linux installations automatic on IBM POWER systems.
In "Cloud Computing with Linux" (developerWorks, February 2009), you'll get more details about using Linux in the cloud.
"Architectural manifesto: An introduction to the possibilities (and risks) of cloud computing" (developerWorks, February 2009) gives details about the pros and cons of cloud computing.
"Cloud computing with Amazon Web Services" (developerWorks, July 2008) discusses cloud computing with an Amazon focus.
"Linux system development on an embedded device" (Anand Santhanam and Vishal Kulkarni, developerWorks, March 2002): This is an older but still very relevant article on porting Linux to embedded devices, making them thin Linux clients.
Check out Linuxdevices.com for news on embedded Linux and thin clients.
Meld is an online community for embedded Linux developers.
Wikipedia's thin clients entry centers mostly around enterprise thin clients but also describes the concepts well.
In the developerWorks Linux zone, find more resources for Linux developers, and scan our most popular articles and tutorials.
See all Linux tips and Linux tutorials on developerWorks.
Stay current with developerWorks technical events and Webcasts.

Get products and technologies

Some popular, free Linux environments suitable for thin clients include:
- Ubuntu MID Edition
- Maemo
- OLPC's Sugar
- Moblin (Note: Moblin is not an operating system but middleware that can be packaged with many Linux distributions.)
With IBM trial software, available for download directly from developerWorks, build your next development project on Linux.

Discuss

Get involved in the My developerWorks community; with your personal profile and custom home page, you can tailor developerWorks to your interests and interact with other developerWorks users.

Obama vows antitrust crackdown

2009-05-11T20:09:00.000-05:00

NEW YORK (CNNMoney.com) -- President Obama's top antitrust official said Monday that the administration will aggressively crack down on antitrust violations, reversing a Bush-era policy that had weakened the government's ability to take on monopolies.

"As antitrust enforcers, we can no longer sit on the sidelines," said Assistant Attorney General Christine Varney, speaking Monday at the Center for American Progress in Washington.

As part of her remarks, Varney retracted a September 2008 report that amended Section 2 of the Sherman Antitrust Act. Section 2 deemed it illegal to make any attempt at creating a monopoly but the amendment had loosened those rules.

"The report ... raised too many hurdles to government antitrust enforcement," Varney said. "Withdrawing the report is a shift in philosophy and the clearest way to let everyone know that the Antitrust Division will be aggressively pursuing cases where monopolists try to use their dominance in the marketplace to stifle competition and harm consumers."

Though the report had followed more than a year of hearings conducted by the Justice Department and the Federal Trade Commission, the FTC never actually signed the document.

Changing landscape: The Bush administration brought historically few antitrust cases to trial. But Varney said those days are over.

She promised a return to "tried and true case law and Supreme Court precedent." For example, Varney said the United States could start seeing more cases like the 1998-2001 United States vs. Microsoft case in which the software giant was found to have forced out Internet browser competition like Netscape and Opera.

There's a good chance that the Justice Department's decision will not only lead to more antitrust complaints but also to a more receptive ear, said Joe Angland, partner in White & Case's antitrust practice.

"The administration signaled that, in certain areas, it will adopt stricter rules to deal with dominant firms," he said. "It will likely lead to more investigations of the firms' abilities to deal with competitors."

But Angland added that the decision does not herald a return to the "bad old days" of the 1950s and '60s, when the government aimed to take down corporations it deemed too large. He said the repeal of the report likely means a return to Clinton-era policies which he described as "stricter, but not anti-business."

Angland also believes that the Obama administration is not looking to target any specific companies or sectors. Instead, the shift will likely lead to more investigations of loyalty discounts and refusals to deal with competitors -- two areas in which the Supreme Court has not issued a ruling.

"The administration can't change Supreme Court decisions; they can only step in where there is not a ruling," said Angland.

Varney will be delivering the same speech Tuesday at the U.S. Chamber of Commerce, which represents a broad spectrum of companies.

"The chamber is all for competition in the marketplace, but without knowing what the new standard is, without prescribed policies, it's tough to articulate whether the administration's plans are favorable or unfavorable position for businesses," said Sean Heather, executive director of global regulatory cooperation at the Chamber of Commerce. "Enforcement of policy needs to be grounded in sound economic analysis and hard evidence of harm to consumers," he added.

European shift: After Bush became president in 2001, many plaintiffs started opting to take antitrust cases to European courts.

Among the bigger cases, Microsoft (MSFT, Fortune 500) was fined $1.2 billion by the European Commission in February 2008 after it was found to be pricing out rivals and refusing to comply with the court's previous antitrust decision.

Similarly, European Union antitrust regulators are expected to say Wednesday that Intel Corp. (INTC, Fortune 500) unfairly paid computer makers to delay or even cancel products that contained chips made by rival AMD (AMD, Fortune 500), according to reports.

Varney, a former FTC commissioner under the Clinton administration, said the U.S. Justice Department plans to closely align itself with the European Union to streamline antitrust regulation. "I don't think you'll get a better result from one jurisdiction than another," she said.

Angland said the Justice Department's new antitrust enforcement will slow the movement of cases to European courts, but not end it completely.

Too big to fail...really? Varney said a major failure of the previous administration was allowing corporations to grow to such an extent that they essentially did become too big to fail. That's because many had become so intertwined with other businesses within their industry that a failure would have posed a systemic risk to the entire sector.

"Too big to fail [is] a failure of antitrust," Varney said. "The recent developments in the marketplace should make it clear that we can no longer rely upon the marketplace alone to ensure that competition and consumers will be protected."

Varney suggested a "back-to-basics" approach to antitrust enforcement. "When companies compete, you get better programs at lower prices," she said.

Portable Ubuntu, Windows Live Together in Perfect Harmony

2009-05-10T15:50:00.001-05:00

By Jack M. Germain
LinuxInsider
05/08/09 4:00 AM PT

PC users who want to have an Ubuntu machine without eighty-sixing Windows completely often configure their systems to run both -- though a reboot is sometimes required. Not so with Portable Ubuntu. The app starts up an instance of Hardy Heron within Windows on demand. Though its window frames and menu bars appear the same as those of the user's Windows setup, it's Ubuntu through and through.

Want to try out Ubuntu Linux without giving up your Windows desktop? How about running Ubuntu from a USB drive on any Windows PC while still operating within Windows?

Portable Ubuntu provides both of these computing options, no setup hassles or programming skills required. You do not even have to reboot the computer or set up a dual boot environment -- and no, you do not need to install any virtual machine software to make it work.

Argentinean programmer Claudio Cesar Sanchez Tejeda released Portable Ubuntu in mid-April. He built upon the concept of an existing project known as "Cooperative Linux." The tweaking he added created a version of the Hardy Heron Ubuntu 8.04 Linux distro that loads from the Windows desktop. Both Windows programs and Linux apps can run seamlessly on the same Windows desktop.

Portable Ubuntu is a fun and convenient way to learn about one of the most popular Linux desktop distributions with no risk to the Windows computer. It can be an ideal transition path from the Windows platform to the Linux world.

Better Than Live CD

Portable Ubuntu offers some convenient improvements over running Ubuntu from a live CD session. To load Ubuntu as the complete operating environment in a computer, users must reboot the computer from the CD drive. Once loaded, users can either install Ubuntu to the hard drive or run the Linux OS (operating system) from the CD.

Not so with Portable Ubuntu. The Linux environment loads within Windows and runs as an isolated process. All configuration changes are saved to a file in an encrypted folder on the computer's hard drive or USB drive. No speed issues exist because hard drives and USB drives provide faster read access.

With a live CD session, all features of Ubuntu are the same except program updates, and configuration changes are not permanent. So you have to reset them each time you start another live session. Of course, some of the peppiness of Linux is lost to the slower process of reading from the CD.

Looks Like Windows, Walks Like Ubuntu

The only difference in the appearance of Portable Ubuntu from the dedicated Ubuntu OS is that the desktop in the Windows environment does not change. Instead of seeing the tell-tale orange Ubuntu background, the Microsoft (Nasdaq: MSFT) Windows background remains visible. Only a series of Ubuntu windows open as Ubuntu apps are accessed from a standard Ubuntu menu bar that docks on the Microsoft Windows desktop.

The Ubuntu menu bar can be moved anywhere on the Windows desktop. Even the title bars on the opened Ubuntu windows have the look and functionality of a standard Microsoft window.

For example, I run several display enhancement programs on my Windows XP system to add Vista-like functionality. Some of these add-on features in XP show as additional symbols at the top of the title bar on opened windows. They are still present in a Portable Ubuntu window even though they no longer serve any purpose in Linux.

No VM Process

I am not a fan of dual boot configurations. I want access to different operating systems conveniently without having to reboot from one OS into another on the same computer. Plus, I often run two systems side by side. So I maintain a separate Windows laptop and Windows desktop. I also run Ubuntu on a dedicated desktop box and have a netbook that runs the Ubuntu Remix distro.

I also am not very fond of running a virtual machine environment to accomplish the same side-by-side OS delivery. Portable Ubuntu bridges both of these options to give me Linux access on demand without leaving my running Windows programs and data.

Various Linux-on-a-USB drive concoctions usually present some of the same inconveniences as dual booting. Portable Ubuntu solves that dilemma for me as well.

Easy Installation

Setting up Portable Ubuntu is quick and painless. The process requires downloading and decompressing the zipped file and then running a batch file to install the Portable Ubuntu directory on either the hard drive or other external media. You can download it here. Select the download page and choose a mirror site from the list of links.

Clicking on the "Run Portable Ubuntu" file (create a desktop icon for easy access) starts the Ubuntu session. All running programs in Windows remain unaffected.

A green arrow appears in the system tray on the Windows desktop when the process starts. Clicking it will open a terminal window to allow you to monitor the startup process. Click the arrow again to close the terminal window without hampering the OS startup within Microsoft Windows.

A splash screen appears for a short interval and then is replaced by the Ubuntu menu bar. Click on the Ubuntu menu items to load Linux apps.

Light on Resources

Unlike running a shared VM environment, Portable Windows causes very little drain on system resources because it does not split available system resources between the installed OS and a virtual machine OS.

My Windows programs still ran without hesitation. The Ubuntu apps were as speedy as on my dedicated Linux desktop and netbook computers.

I was particularly impressed with Portable Ubuntu's ability to run without interfering with system performance. I run Dexpot virtual windows on my Microsoft boxes. This gives me the ability to run separate desktops so many open programs do not result in desktop clutter.

Even with a Web browser, a word processor, multiple security programs, file managers and graphics editors open on multiple desktops, Portable Ubuntu had no discernible impact on resources. In this regard, running Portable Ubuntu is much like my experiences with using Puppy Linux, which boots from a USB drive and runs in available system RAM.

Portable Ubuntu has a leg up over Puppy Linux -- it runs without requiring a reboot.

Twisted Roots

Portable Ubuntu and the CoLinux projects are two separate distributions. Portable Ubuntu is not associated with the Ubuntu Linux distro headed by Canonical, according to Tejeda. In fact, the Ubuntu community was not aware of Portable Ubuntu until its release.

"Portable Ubuntu was developed independently without direct involvement from the Ubuntu project. I only became aware of Portable Ubuntu recently and don't know much about it beyond what is published on its Web site," Matt Zimmerman, CTO for Canonical, told LinuxInsider.

At its core, Portable Ubuntu is different from the Canonical version. The developer of Portable Ubuntu designed his Linux strain to run on the Xming windowing system.

"I use the Colinux kernel inside Portable Ubuntu. The Colinux kernel is a Linux kernel that could run on Windows, so I included this kernel in Ubuntu and modified some files so that Ubuntu can be executed with Colinux and can use Xming, (an X server for Windows)," Tejeda told LinuxInsider.

Secure Environment

Running Portable Ubuntu inside the Windows OS is a similar concept to using a VM shell to create a sandboxed environment. The CoLinux kernel is faster than virtualization techniques because it interacts more closely with Windows, Tejeda explained.

Although Portable Ubuntu can access files on the Windows platform, the process is not easily reciprocal. Windows cannot access Portable Ubuntu directly. The only way is through a Secure Shell (SSH) protocol, he said.

The same structure that isolates a virtual machine prevents Windows from getting into the Portal Ubuntu envelope. Portable Ubuntu communicates with Xming, which has multiwindow functionality. This functionality enables Portable Ubuntu applications to integrate on the Windows desktop via the window system of the Microsoft OS.

"You can't access your Portable Ubuntu file system from Windows when it is running. The only way is configuring Samba in Portable Ubuntu, but Samba has security settings so you can limit the access to Portable Ubuntu," said Tejeda.

Accessing Data

Portable Ubuntu comes with AbiWord as its default word processor and FireFox as the Web browser. OpenOffice, by contrast, is the default word processor/office suite with Canonical's Ubuntu distro. Of course, OpenOffice and any other Debian-based Ubuntu app can be installed using the same Add/Remove service utilized by Ubuntu.

Windows data files can be loaded from the hard drive and saved back to that same source. However, a smidgen of configuring is needed to provide access to a USB drive or the resident CD/DVD drive on the Windows computer.

Here is the explanation that Tejeda provided to accomplish this: You need to know the device system number or the letter of the optical and/or USB drive. Using any text editor, locate and open the portable_ubuntu.conf file found in the Ubuntu folder.

Configure the storage device using either its drive letter in Windows or its device name in Linux. For instance, the CD Rom drive can be listed as E: or cdrom0.

With the letter drive:
Letter drive: E:

Line to add in the portable_ubuntu.conf: cofs4=E:

Command to use in Portable Ubuntu to access the CD drive: # mount -t cofs cofs4 /dir_to_mount

# cd /dir_to_mount
With the system device number:
Device number: cdrom0

Line to add in the portable_ubuntu.conf: cobd4=\Devices\Cdrom0

Command to use in Portable Ubuntu to access the CD drive: # mount -t iso9660 /dev/cobd4 /cdrom

# cd /cdrom

Final Thoughts

Portable Ubuntu runs within Windows XP and Windows Vista. In theory, it will also run within Windows 7. Tejeda plans to update Portable Ubuntu on the same six-month development cycle used by the Canonical community.

Ubuntu package updates are handled the same way they're handled with Canonical's Ubuntu -- through the Update Manager in the System/Administration menu. One hint: Change the software source to the main server. I found that the default Argentina server could not always read the libraries in the Ubuntu repository.

Whether you are an experienced Linux user or just curious about Ubuntu, Portable Ubuntu is a cool way to grow out of the newbie ranks.

Creator of Dovecot Joins Mailtrust

2009-05-09T19:28:00.000-05:00

A Little Old, but thought this should be posted!

Mailtrust recently hired Timo Sirainen to work at our Blacksburg office. Timo is the creator and lead developer for Dovecot, the open source IMAP mail server that we use here at Mailtrust, and has moved here from Finland. Mailtrust and Timo have worked together for several years, but with Timo in the US we will be able to accomplish a lot more in a much shorter timeframe

We’ve asked Timo to give you all his view on his experience thus far. Check it out below:

Posted by Timo Sirainen, Developer of Dovecot, which is arguably the highest performing open-source IMAP server for Linux/Unix.

2009 should be a great year for Dovecot. I'll be working at Rackspace's Mailtrust office in Blacksburg, VA for the entire year. With Mailtrust's support, I'm hoping to get a lot more work done than in the last couple of years combined. In Finland, I was working at home and that didn't work too well for me (it's way too easy to start wasting time on TV). I've also paused my university studies for this year, so they won't eat my time, either.

Mailtrust is dedicated to making Dovecot successful, and we share a lot of common ideas. Our priorities for new features are also very similar. After this year, there will be a lot more reasons to choose Dovecot. I'm learning about the complexity of running a large mail server installation with thousands of servers. Just knowing about those could help me implement new features better and get some problems solved more easily in the future.

After being here for only 3 weeks, I think Mailtrust is pretty much the ideal company to work for. People love what they do here and they're good at it. It seems to be easy to get things done without annoying unnecessary bureaucracy. The environment is pretty relaxed—people take breaks to play Nintendo Wii, ping pong, and eat free snacks. It's easy to talk to even the top level management. There's even a person whose job is to make Mailtrust the best place to work for!

Interested in helping me work on Dovecot while I am in the US? Mailtrust is hiring!

12 million new IP addresses hijacked by botnets

2009-05-05T19:06:00.000-05:00

Today the McAfee first quarter threat report revealed that cybercriminals have taken control of almost 12 million new IP addresses since January, a 50 percent increase since 2008.

The United States is now home to the largest percentage of botnet-infected computers, hosting 18 percent of all zombie machines. Cybercriminals are building an army of infected, “zombie” computers to recover from last November’s takedown of a central spam-hosting ISP, according to the new report from Avert Labs.

The November 2008 takedown of McColo Corp. dropped spam levels by an estimated 60 percent, but spam quantities are rising as cybercriminals create new ways to send bulk e-mails.

The quick expansion of botnets threatens to boost spam levels back up. In fact, spam volumes have already recovered about 70 percent since McColo Corp. went offline. Compared with the same quarter a year ago, spam volumes are 20 percent lower in 2009 and 30 percent below the third quarter of 2008, which had the highest quarterly volumes recorded to date.

“The massive expansion of these botnets provides cybercriminals with the infrastructure they need to flood the Web with malware,” said Jeff Green, senior vice president of McAfee Avert Labs. “Essentially, this is cybercrime enablement.”

The Koobface virus has made a resurgence, and more than 800 new variants of the virus were discovered in March alone
Servers hosting legitimate content have increased in popularity with malware writers to distribute malicious and illegal content
Cybercriminals are increasing their use of URL redirects and Web 2.0 sites to disguise their location
Compared to the overall landscape, the Conficker worm represents a small subset of all threat reports. Autorun malware, a vector used by certain Conficker variants, represented only 10% of all detections reported during the first quarter.

We continue to see widespread use of legitimate Web 2.0 and business-related URLs for spreading malware. Ten or more years ago, it seemed you could remain safe by simply staying away from certain content, but today threats seem to find us regardless of where we browse. Any website that can be exploited (via any of numerous vulnerabilities) will be. Administrators routinely see scans looking to exploit their servers. What is interesting is the high prevalence of these scans coming from sites and servers associated with everything from illegal software to malicious sites to anonymizers. If a high-traffic website is vulnerable, then it is not a matter of whether it will be exploited, but when.

Is Ubuntu Bigger than Debian now?

2009-04-26T20:34:00.000-05:00

By Sean Michael Kerner on April 24, 2009 12:20 PM

From the 'Is Debian's failure, Ubuntu's Linux success?' files:

This week's Jaunty Jackalope release was Ubuntu's 10th release and the 9th release that I've used myself. I first became aware of Ubuntu in 2005 with the 'Hoary Hedgehog' release for only one reason, Debian Sarge was AWOL.

Debian is the basis for Ubuntu, but in some ways you can argue that Ubuntu has at this point, exceeded Debian. The great 'failure' of Debian is also it's great strength. Debian hasn't been able to put out releases in a regularly scheduled format in years -- something developers will commonly attribute to not making a release until it's ready.

While Debian has struggled on release dates (getting better lately), Ubuntu comes out with its releases like clockwork. Though Debian has been tremendous strides since Sarge with its desktop installation, Ubuntu has become one of the most popular Linux distribution for the desktop period.

On the server, Ubuntu is now ramping its efforts too, which is an area where Mark Shuttleworth also sees a place where Ubuntu can exceed what Debian does.

"We see Debian as the system administrators choice," Shuttleworth said during a conference call announcing Jaunty. "And we see Ubuntu as bringing a level of corporate identity and backing to that platform which makes it acceptable and palatable in a large scale organizational environments."

Yes, I know -- Debian is a community GNU/Linux distribution. I also know that others including Debian founder (and now Sun employee) Ian Murdock tried to get Debian into commercial enterprises with his firm Progeny. There was even something called the Debian Common Core Alliance (DCCA) at one point that was going to push comemrcial adoption. Those efforts are now gone.

There is another though. HP is a big backer of Debian and HP today has commercial support for Debian.

Debian is also very widely deployed in non-commercial instances on uncounted servers globally. Certainly there are alot of instances where a commercially supported Linux is not necessary on a server and Debian fits in well there.

That strength in the community is also something that Ubuntu and Shuttleworth are banking on to grow Ubuntu's server business.

"Our heritage in Debian postions us to be a very strong platform for common infrastructure type work on Linux servers inside large organizations from Government through to Universities," Shuttleworth said. "In Debian we have a foundation that is very modular perhaps more modular than any other version of Linux."

Has the apprentice become the master now?

One thing is for sure, Ubuntu continues to be built on the shoulders of Debian. Depending on how you look at it that's a good thing for Debian (or bad) and it's definitely a good thing for Ubuntu.

Pentagon Fighter Jet Data Breach Was Avoidable

2009-04-21T22:51:00.001-05:00

The hack into the Pentagon's computer system that led to the theft of information related to the $300 billion Joint Strike Fighter project could have been prevented, one solution provider said.

A report Tuesday by The Wall Street Journal said cyberspies cracked into the Joint Strike Fighter project, the Pentagon's costliest weapons program. The report indicated that the information targeted could help adversaries mount defenses against the radar-evading fighter jet, though the most sensitive information was not breached because it is stored on computers not attached to the Internet.

Following the report, a Pentagon official said he was not aware of any specific concern that the attacks compromised sensitive information or technology.

"I'm not aware of any specific concerns," Pentagon spokesman Bryan Whitman said, according to Reuters. Whitman added he was speaking generally and not talking about specific incidents.

While it was unclear on Tuesday exactly how the breach was carried out, The Wall Street Journal reported that intruders likely entered through vulnerabilities in the networks of the contractors involved in building the aircraft and that Pentagon insiders noted that Chinese networks are in some way involved in the cyberattack. Lockheed Martin is the project's lead contractor. Other contractors include Northrop Grumman and BAE Systems.

According to Aamir Lakhani, security solutions engineer with World Wide Technology, a St. Louis-based solution provider, the breach of the Joint Strike Fighter program, also known as the F-35 Lightning II project, could have been avoided.

"I think one of the ways this could have been prevented is by limiting what kind of information is stored on noncontrolled computers," he said. "Classified information should be stored on centralized computers. Taking advantage of cloud computing or centralized data themes could help prevent this information from leaking."

Lakhani said network security technologies could be set up to limit when and how data is accessed from the cloud and could be designed in a way that any computer accessing the information from the cloud is accessing it from a classified network over an encrypted VPN.

Lakhani added that the onus is on the Pentagon to better implement and enforce end-user desktop policies to further ensure the network is impervious to such attacks and data breaches. Network Access Control (NAC) technologies could ensure computers are abiding by corporate information security policies and quarantine or lock out users' machines if they are not up to snuff.

"Information security staff cannot rely on the good behavior of the user," he said. "It must be enforced automatically."

The U.S. has become increasingly concerned about potential cyberattacks. Earlier this year, U.N. Secretary-General Ban Ki-moon said cyberweapons will be added to the list of arms falling under the auspices of the U.N.'s Advisory Board on Disarmament Matters and said breaches of critical systems represent "a clear and present threat to international security."

Additionally, the Pentagon is developing the National Cyber Range program, part of the government's Comprehensive National Cybersecurity Initiative, which will enable the Pentagon to imitate and mimic the likely actions of cyber aggressors using the equipment hackers could use to inflict attacks.

Lakhani said the real problem is information leakage and that sensitive information stored on computers is getting out into the Internet. That can happen when policies that govern computer usage are not followed. Also, he said, such policies are difficult to enforce on laptops because they can be taken from classified networks and put on nonclassified networks with relative ease. Lakhani added that the data leak may not have been malicious, but the computer may have been moved to a nonclassified network for something as innocuous as viewing a YouTube video clip, which could open the machine to spyware and Trojans that infect a computer and transmit information over the Web.

"By default, many peer-to-peer file-sharing applications share out the entire hard drive," he said. "These laptops may be sharing classified information on P2P networks without the user ever knowing."

Overall, however, Lakhani said the security breach involving the Joint Strike Fighter project could have been thwarted with the right technology and end-user training on the importance of safeguarding information.

"The technology is out there to prevent these types of threats from happening," he said. "However, one of the biggest challenges for anyone in information security is making sure the end user is knowledgeable and understands the importance of protecting information. It really doesn't matter how good the locks on your house are if you are always going to keep the door open."

April 15th, 2009 : Rich Miller

2009-04-19T22:55:00.001-05:00

April 15th, 2009 : Rich Miller

In an underground bunker 100 feet beneath Stockholm lies a unique facility operated by the Swedish ISP Bahnhof. It’s become known as the “James Bond Villain Data Center” after it was featured on the Pingdom web site last year. Dean Nelson of Data Center Pulse recently got a tour of the data center from Bahnhof CEO Jon Karlung, who provided a look at the many unusual features of the facility, a former military bunker designed to withstand a hydrogen bomb blast. Karlung has said he drew his inspiration for many of the center’s flourishes from James Bond villains (especially Ernst Blofeld), hence the waterfalls, greenhouse-style NOC, glass-enclosed conference room “floating” above the colocation floor, and blue-lit diesel engines (supposedly used in German submarines). This video runs about 9 minutes.

The world’s most super-designed data center – fit for a James Bond villain

Posted in Main on November 14th, 2008 by Pingdom

This underground data center has greenhouses, waterfalls, German submarine engines, simulated daylight and can withstand a hit from a hydrogen bomb. It looks like the secret HQ of a James Bond villain.

And it is real. It is a newly opened high-security data center run by one of Sweden’s largest ISPs, located in an old nuclear bunker deep below the bedrock of Stockholm city, sealed off from the world by entrance doors 40 cm thick (almost 16 inches).

(For the curious there is plenty of more information further down.)

Above: The space-themed conference room is suspended about the server hall.

Above left: View from the conference room (its floor is the surface of the Moon). Above right: Power equipment.

Above: The NOC is set in a cozy jungle setting. That light fog almost makes us think of cloud computing. Fog computing?

Above: Artificial waterfalls and plenty of green plants adorn the halls.

Above left: The submarine engines used for backup power. Above right: Another view of the power equipment.

Above: This map shows the layout of the data center. Original image courtesy of Albert France-Lanord Architects (Pingdom added the English translation).

And here is what it used to look like

Quite a difference, isn’t it?

Facts about the data center

Originally a nuclear bunker: The data center is housed in what was originally a military bunker and nuclear shelter during the Cold War era. The facility still has the code name from its military days: Pionen White Mountains.
Located in central Stockholm below 30 meters (almost 100 ft) of bedrock: The facility has 1110 sqm (11950 sq ft) of space and is located below 30 meters of solid bedrock (granite) right inside the city.
Fully redesigned in 2007-2008: Pionen was completely redesigned in 2007-2008 to become the data center that it is today. More than 4,000 cubic meters (141,300 cubic ft) of solid rock was blasted away to make more room.
Can withstand a hydrogen bomb: The bunker was designed to be able to withstand a near hit by a hydrogen bomb.
Houses the Network Operations Center for one of Sweden’s largest ISPs: The bunker houses the NOC for all of Bahnhof’s operations. They have five data centers in Sweden, Pionen being the largest. The facility also acts as a co-location hosting center, so you can actually put your own servers here.
German submarine engines for backup power: Backup power is handled by two Maybach MTU diesel engines producing 1.5 Megawatt of power. The engines were originally designed for submarines, and just for fun the people at Pionen have also installed the warning system (sound horns) from the original German submarine.
1.5 megawatt of cooling for the servers: Cooling is handled by Baltimore Aircoil fans producing a cooling effect of 1.5 megawatt, enough for several hundred rack-mounted units.
Triple redundancy Internet backbone access: The network has full redundancy with both fiber optics and extra copper lines with three different physical ways into the mountain. Pionen is one the best-connected places in northern Europe.
Work environment with simulated daylight and greenhouses: For a pleasant working environment the data center has simulated daylight, greenhouses, waterfalls and a huge 2600-liter salt water fish tank.
Staff: 15 employees, only senior technical staff, work full time in Pionen.

Breaking the mold and focusing on humans

We simply couldn’t resist the temptation to ask the people behind the Pionen data center what made them design such an insanely cool and unusual environment deep inside the bedrock of Stockholm.

Jon Karlung, CEO at Bahnhof (the ISP behind Pionen), was kind enough to take the time to speak to us here at Pingdom and explain their motivations.

“Rather than just concentrating on technical hardware we decided to put humans in focus,” he said. “Of course, the security, power, cooling, network, etc, are all top notch, but the people designing data centers often (always!) forget about the humans that are supposed to work with the stuff.”

We suspected that the unique location itself must have been a big inspiration, something which Karlung confirms.

“Since we got hold of this unique nuclear bunker in central Stockholm deep below the rock, we just couldn’t build it like a traditional – more boring – hosting center,” he said. “We wanted to make something different. The place itself needed something far out in design and science fiction was the natural source of inspiration in this case – plus of course some solid experience from having been a hosting provider for more than a decade.”

The visual inspiration

So, where to turn for visual inspiration? Apparently movies were the way to go for Pionen.

“I’m personally a big fan of old science fiction movies. Especially ones from the 70s like Logan’s Run, Silent Running, Star Wars (especially The Empire Strikes Back) so these were an influence,“ said Karlung. “James Bond movies have also had an impact on the design. I was actually looking for the same outfit as the villain ‘Blofeld’ in Bond and even considered getting a white cat, but that might have been going a bit far!”

The marketing aspect

The unique approach also helps the company to get the word out about their facility. It makes them stand out, and since the facility offers co-location hosting, they have customers who frequently visit the place and work there. These people share what they see with others.

“The unique design makes it a ‘talk about’ facility,” said Karlung.”If you have been inside Pionen you will for sure tell somebody else about it.”

Do you know of other awesome data centers?

We here at Pingdom always love it when people step up to the plate and do something different, like what Bahnhof has done with this awesome data center.

If you know of other data centers that are as super-designed and different as this one, please let us know in the comments since we would love to check them out. Links to pictures and information are always welcome!

A big thank you to Jon Karlung at Bahnhof for providing us with extra information and taking the time to answer all our questions. You can read more about the Pionen data center at the Bahnhof website (in Swedish, though).

Microsoft Improves, Rebrands Managed Security Offering

2009-04-16T14:54:00.000-05:00

Thursday, April 16, 2009 11:40 AM PDT

Microsoft is updating and rebranding its cloud-based e-mail security service, formerly known as Exchange Hosted Filtering, and spending US$75 million to beef up industry support for its new suite of security software.

The product is being rolled into Microsoft's Forefront security product group and will now be called Forefront Online Security for Exchange. A new version of the service, due in May, will feature improved management capabilities and will be priced at US$20 per seat per year, according to Doug Leland, general manager of Microsoft's Identity and Security Business Group.

The security service is based on technology Microsoft picked up in its 2005 acquisition of FrontBridge Technologies.

Microsoft also plans to release a second beta update to its unified security software suite, code-named Stirling, later this week. The final version of Stirling will start to be rolled out by year's end -- six months later than previously expected -- when Microsoft releases its Forefront for Security for Exchange Server and Threat Management Gateway, the next-generation version of its Internet Security and Acceleration (ISA) Server. The other parts of the suite will follow in 2010, Microsoft says.

Leland has been working hard to build out the Forefront line since he took over as general manager of the division in July 2008, and part of that effort has been ensuring that other security products will work with Stirling components. This year, Microsoft plans to spend $75 million on partner programs to improve the way Stirling works with products form vendors such as Brocade, Juniper Networks, Sourcefire, TippingPoint and RSA.

Hackers develop 'memory-scraping malware' to steal PINs

2009-04-16T14:49:00.000-05:00

They are probably watching you now and laughing

By John Leyden • Get more from this author

Posted in Enterprise Security, 16th April 2009 18:39 GMT

Join the Intel seminar. IT has companies talking

More personal data records were breached last year than the previous four years combined, thanks to increased hacker activity rather than insider threats.

Verizon's second annual Data Breach Investigations Report also found that the financial services sector accounted for 93 percent of all such record compromises during 2008. The study is based on an analysis of data involving 285 million compromised records from 90 confirmed breaches, 90 per cent of which are blamed on the activities of cybercriminals.

Because the survey is based on actual cases of confirmed data breaches, rather than responses to surveys or questionnaires, it provides a much more revealing insight into cybercrime trends.

Most of the breaches (74 per cent) investigated were caused by external sources, while 32 per cent were linked to business partners. Only one in five (20 per cent) were attributed to insiders, a finding that runs against conventional wisdom in security circles. Some breaches were caused by more than one source, hence the overall figure adds up to more than 100 per cent.

The study also found that the majority of breaches resulted from a combination of events rather than a single security mistake. Two in three breaches were blamed on hackers. Typically, miscreants exploited vulnerabilities to install malware onto systems for later retrieval.

Two in three breaches (69 per cent) were discovered by third parties. Nearly all the records compromised (99 per cent) last year came from internet-connected systems, either servers or applications. The finding put concerns about mobile devices and portable media in context, the SANS Institute's Internet Storm Centre notes.

Much has been made of the fact that some organisations who achieved compliance with the credit card industry's PCI-DSS standard wound up becoming the target of some of the highest profile hacking attacks. However, Verizon's study found that 81 per cent of organisations hit by security breached subject to PCI-DSS had been found to be non-compliant prior to the attack.

PIN down

Verizon reports that attacks targeting PIN data "exploded" last year.

These PIN-based attacks hit the consumer much harder than typical signature-based counterfeit attacks in which a consumer's credit card is compromised. Investigators found that PIN fraud typically leads to cash being withdrawn directly from the consumer's account - whether it is a checking, savings or brokerage account - placing a greater burden on the consumer to prove that transactions are fraudulent.
The higher monetary value commanded by PIN data has spawned a cycle of innovation in attack methodologies. Criminals have re-engineered their processes and developed new tools, such as memory-scraping malware, to steal this valuable commodity.

Bryan Sartin, director of investigative response for Verizon Business, told Wired.com that these attacks involved assaults on both unencrypted data held on insecure systems and encrypted data.

"We're seeing entirely new attacks that a year ago were thought to be only academically possible," Sartin said. "What we see now is people going right to the source... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks."

Hardware security modules, which act as a form of switch for encrypted data within bank networks, are under active attack. "Essentially, the thief tricks the HSM into providing the encryption key," Sartin explained. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device."

The class of attack has been understood in academic circles for some years (researchers at Cambridge and in Israel have published papers on it) but Verizon's detailed study is the first evidence that it's been used in anger.

Green cross code

Verizon analysts found - as they did in the firm's previous study, which covered 230 million compromised records from 2004 to 2007 - that nearly nine out of 10 breaches were avoidable with basic security precautions.

The survey concludes with a series of common-sense recommendations on how to guard against attack - such as patching, regular auditing and robust password security - explained in greater depth in the complete report (PDF) and in a summary here. ®

Report: Conficker worm bites University of Utah

2009-04-12T16:16:00.001-05:00

More than 700 computers at the University of Utah have been infected with the Conficker worm.

The hit includes computers at the university's three hospitals, the Associated Press reported early Sunday.

University spokesman Chris Nelson said the outbreak was detected Thursday, the AP reported. By the next day, the worm had struck at the hospitals, medical school, and the nursing, pharmacy, and health colleges.

Patient records have not been touched, Nelson said. IT cut off Net access for up to six hours on Friday in order to isolate the virus, the AP reported.

Teen takes responsibility for Twitter worms

2009-04-12T16:15:00.001-05:00

As a second Twitter exploit began circulating on the micro-blogging site Sunday, a teen-ager from Brooklyn told CNET News he created both worms to promote his Web site.

Much like Saturday's StalkDaily worm, the "Mikeyy" worm posts unwanted messages to users' pages. The "Mikeyy" worm began spreading on the micro-blogging site early Sunday, posting messages such as "Mikeyy I am done...," "MikeyyMikeyy is done.," and "Twitter please fix this, regards Mikeyy."

Brooklyn resident named Michael "Mikeyy" Mooney, 17, told Twitter news service BNO News that he created the worm "out of boredom."

"I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website," he told the site.

Mooney told CNET News that the site has has been live to the public for about two weeks and has 905 members, but that it "is growing quickly because of the worm."

The messages circulating Saturday promoted StalkDaily.com, a short-messaging site similar to Twitter. While initially denying any responsibility for the worm, StalkDaily.com posted a message saying, "I have came clean and have accepted the responsibility for the worm..."

Twitter said it has closed the hole that allowed the worm to spread.

"We've taken steps to remove the offending updates, and to close the holes that allowed this 'worm' to spread," Twitter said in a statement Saturday. "No passwords, phone numbers, or other sensitive information were compromised as part of this attack."

Conficker also installs fake antivirus software

2009-04-11T16:04:00.001-05:00

Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday.

The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend Micro blog.

If you see this pop-up message, chances are your computer is infected with Conficker. The latest feature of the widespread worm is that it installs fake antivirus software on infected machines.

(Credit: Trend Micro)

The infection alerts repeatedly appear and experts are worried that people may be clicking on them and paying for the software just to be rid of the annoying messages, thereby handing thieves their credit card information.

The fake antivirus program also attempts to install a Trojan downloader that is programmed to download new versions of Spyware Protect 2009, according to Kasperky Lab's blog. However, the domain the Trojan downloader was being accessed from has been shut down, the blog said.

The fake antivirus feature further bolsters the speculation that the motivation behind the worm is to make money and not a desire to disrupt computer or network operations.

Researchers were still analyzing new component code of the worm that began being spread via peer-to-peer and being downloaded off domains that host the Waledec worm on Wednesday but were finding the task difficult because the instructions are encrypted.

The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords. The worm disables security software and blocks access to security Web sites.

Despite all the news the worm has made, many computers still remain unpatched, Sophos said. Of the number of people who have used Sophos' free endpoint assessment test to check the security risk of a network since the beginning of the year, 11 percent did not have the Microsoft patch installed, according to Graham Cluley's blog at Sophos.

For the month of March, 10 percent of all of the people who used the Sophos assessment tool were missing the patch, he said. The company did not divulge exactly how many people had used the tool and Cluley said the statistics cannot be extrapolated to represent the number of unpatched systems on the Internet.

In an indication of infection rates, IBM's Internet Security Systems group released statistics that show that the number of unique IPs infected with Conficker.C is increasing slightly.

Based on infections seen through monitoring devices in its IBM ISS' Managed Security Services, the number has grown from just over 64,000 on April 2 to more than 71,000 on April 8, according to the unit's Frequency X blog.

"We've seen around 11 percent more unique IPs in the past few days in comparison to a week ago," the blog said, also adding that the number doesn't necessarily indicate the scope of worldwide Conficker infection.

Nearly 60 percent of the infections monitored by IBM ISS are in Asia, followed by 18 percent each in Europe and South America, and 4 percent in North America, the statistics show. By country, China leads with 16.6 percent, followed by Brazil at 10.8 percent, Russia at 10.2 percent and Korea at 4.6 percent, according to ISS.

To check if your computer is infected you can use this Conficker Eye Chart or this site at the University of Bonn. There is also a Conficker removal guide on CNET's Download.com site.

China denies role on US grid hacks

2009-04-11T16:03:00.000-05:00

The Chinese government is denying any involvement in the reported infiltration of US electric grid systems.

Xinhua news agency quoted Chinese foreign ministry spokesperson Jiang Yu as saying that any sort of involvement from China in the incident "doesn't exist at all."

The denial follows a report in the Wall Street Journal which claimed that agents from China and Russia along with several other countries had infiltrated the computer systems charged with managing electricity in the US and left behind software payloads which could be used to control or disable electric grids in the US.

Security experts warned that while the incident showed glaring holes in the US security infrastructure and that in a time of conflict such an attack could have catastrophic effects for the country.

"We hope that the concerned media will prudently deal with some groundless remarks, especially those concerning accusations against China," Jiang said.

This is not the first time that China has been accused of hacking US computer systems. In 2007, the Pentagon blamed a series of break-ins on hackers working for China's People's Liberation Army. Last month, the country was also said to be behind a massive spying operation involving individuals in 103 countries.

Proposed Bill Gives Obama Power to Shut Down Internet

2009-04-06T09:46:00.001-05:00

A new cybersecurity bill being proposed would give the President emergency authority to halt web traffic and access private data, effectively declaring martial law on the web.

Last week, senators John Rockefeller and Olympia Snowe proposed the Cybersecurity Act that would create the Office of the National Cybersecurity Advisor. Its powers are detailed in the The Cybersecurity Act of 2009 (PDF), and this is where it gets very scary indeed.

If the President so chooses, he can call a "cybersecurity emergency" and shut down or limit any 'net traffic on a "critical" network "in the name of national security," though the bill fails to provide concrete definitions on what is "critical" or what constitutes an "emergency."

The Secretary of Commerce would also have the power to "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access."

"We must protect our critical infrastructure at all costs - from our water to our electricity, to banking, traffic lights and electronic health records-the list goes on," said Senator Rockefeller in a statement. His colleague, Senator Snowe, took the metaphor further saying, "if we fail to take swift action, we, regrettably, risk a cyber-(hurricane) Katrina."

As you can imagine, the thought of such powers has put a number of internet advocacy groups on full alert. "The cybersecurity threat is real," said Leslie Harris, head of the Center for Democracy and Technology (CDT), "but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

Viruses with trigger dates

2009-04-03T01:06:00.000-05:00

Conficker, which was set to activate on April 1 but failed to cause any problems, isn't the first virus to be programmed to take action on a certain date or time. Experts believe that worms with a trigger date can lead to panic and hype. Here are some others:

Michelangelo
The Michelangelo virus, first discovered in 1991, was triggered to launch its payload (rendering disk unusable) on computers running MS-DOS every March 6, but by 1997 it appeared to have petered out.

CIH
The CIH, or Chernobyl, virus targeted Windows and was discovered in 1998. The original variant was set to destroy data on April 26, the birthday of the virus writer, which coincidentally happened to be the anniversary of Chernobyl disaster. Subsequent variants have different trigger dates for their payloads, including one that was set to activate on the 26th of every month but which was not widespread.

Code Red
The Code Red worm, discovered in July 2001, exploited a flaw in Microsoft IIS software and directed infected Web servers to launch attacks on other computers within a certain period of time. One of the sites was that of the White House, but the administration was able to successfully fend off the attack after moving the site from the targeted IP address.

Klez.e
Klez.e first spread via e-mail messages in February 2002 and exploited a hole in Outlook. It was set to activate on the sixth day of odd-numbered months and destroy files on infected Windows computers. However, it caused little or no damage because in the month between when it surfaced and when it was first due to activate on March 6, 2002, PC users were able to update their antivirus software.

Blaster
Blaster, or MSBlast, began spreading August 11, 2003, about three weeks after Microsoft announced a serious hole in Windows. The worm exploited the hole and was programmed to launch a denial of service attack on a Microsoft update Web site on August 15, 2003, but the company killed the Internet address to thwart it. In the code, the worm writer exhorted Bill Gates to "stop making money and fix your software!!"

MyDoom
Discovered in January 2004, the MyDoom virus targeted Windows PCs and was originally triggered to launch a denial of service attack against the Web site of the SCO Group between February 1 and February 12, 2004. The attack crippled SCO Group's site, forcing the company to move to an alternate site. A second variant launched a DDOS attack on Microsoft's site, but that had little impact. SCO Group and Microsoft both offered $250,000 rewards for information leading to the arrest of the creators of the variant targeting their site. (Microsoft is also offering a $250,000 reward in the Conficker case.)

Kama Sutra
The Kama Sutra worm, also called Nyxem, spread via e-mail and infected Windows PCs when the e-mail, typically sexually suggestive, was opened. It was programmed to delete files on infected machines on February 3, 2006, but failed to do much damage.

Sober
A variant of the Sober Windows worm that began circulating in November 2005 was set to activate on January 5 or 6, 2006, possibly dated to coincide with the 87th anniversary of the founding of the Nazi party. It had the potential to download malicious code onto infected computers and launch a new wave of viruses, but was unsuccessful.

Homeland Security Keeps Tabs On Conficker Worm

2009-03-30T19:09:00.000-05:00

The agency's US-CERT team created worm-scanning software for federal and state government agencies, commercial vendors, and critical infrastructure owners.

By Thomas Claburn
InformationWeek
March 30, 2009 07:45 PM

As computer security firms play down the risk posed by the Conficker/Downadup worm, the Department of Homeland Security on Monday released a DHS-developed detection tool to help organizations scan for computers infected by the worm.

The DHS US-CERT team created worm-scanning software for federal and state government agencies, commercial vendors, and critical infrastructure owners. It's being made available through the Government Forum of Incident Response and Security Teams Portal and to private-sector partners through various Information Sharing and Analysis Centers.

More Security Insights

White Papers

Webcasts

Videos

Instead of spending money on more security infrastructure for your virtual environment, Solera's V2P Tap promises to regenerate the virtual traffic to your existing security infrastructure, thereby protecting your investment.

DHS expects to continue its outreach efforts in the days to come.

US-CERT director Mischel Kwon said in a statement that while other worm-mitigation tools are available, this is the only free tool available for enterprises like government agencies.

"Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation's critical networks and systems, both from this threat and all others," he said.

Last week, Luis Corrons, director of PandaLabs, urged Internet users not to panic, as did representatives from other security companies, many of which offer worm-mitigation tools for consumers.

But some may panic anyway and a malware group is ready to take their money. F-Secure reports that the domain remove-conficker.org was registered on Monday to sell fake security software.

The Conficker/Downadup worm attempts to exploit a Microsoft (NSDQ: MSFT) Windows vulnerability that was patched (MS08-067) last October. Since then, it has been updated several times. Now in its fourth iteration, it has developed multiple avenues of infection, including USB devices. It also uses a variety of sophisticated techniques to evade detection and to maintain its command-and-control channel, including a pseudo-random algorithm for generating the domains it uses to receive commands.

The worm is supposed to get a code update on April 1 that may make it harder to disrupt. Infected machines previously polled 250 domains daily to see whether to execute new commands. Security researchers who have analyzed the worm's code believe that on Wednesday infected machines will start scanning 500 out of 50,000 domains for update information.

It's not clear whether this will cause the botnet created by the worm to take action. Until now, the botnet has been dormant.

Somewhere between 1 million and 2 million computers are actively infected, according to F-Secure. At the worm's peak, almost 9 million computers were infected.

2009 marks the 12th year that InformationWeek will be monitoring changes in security practices through our annual research survey. Find out more, and take part.

-------------

Jeff

Cyber-Spy Network Is Uncovered

2009-03-29T19:18:00.000-05:00

By BEN WORTHEN

Security researchers said they have discovered software capable of stealing information installed on computers in 103 countries, an apparently coordinated cyberattack that targeted the office of the Dalai Lama and government agencies around the world.

The software infected more than 1,200 computers in all, almost 30% of which are considered high-value targets, according to a report published Sunday by Information Warfare Monitor, a Toronto-based organization. Among the affected computers were those in embassies belonging to Germany, India, Romania, and Thailand, and in the ministries of foreign affairs for Barbados, Iran and Latvia.

The researchers said the infected computers acted as a kind of illicit information-gathering network. Researchers said they observed sensitive documents being stolen from a computer network operated by the Dalai Lama's organization, and traced the attacks to computers located in China. The report doesn't suggest who was behind the attack.

A separate report by researchers at Cambridge University, also published Sunday, alleges that the Chinese government or a group working closely with it is responsible for the attack on the computer in the office of the Dalai Lama.

Media officials at China's Ministry of Foreign Affairs and State Council Information Office declined requests for comment Sunday. The Chinese government has repeatedly denied past allegations that it sponsors cyberattacks.

The New York Times published an article about the reports on its Web site Saturday.

The apparent attacks are the latest in a series of incidents that suggest cyber-espionage is on the rise. Last year, Kevin Chilton, commander of the U.S. Strategic Command, said military computer networks are increasingly coming under attack from hackers trying to steal information, many of whom appear to have ties to China. The U.S. government has also said that military contractors have been victims of these attacks.

In trying to tap into government computers, attackers have been stepping up the use of sabotaged programs, sometimes called "malware." The technique is essentially the same as that used by criminals who try to break into people's home PCs to steal credit cards or other information.

A victim is tricked into opening an infected file attached to an email or downloading a file from a Web site. Criminals have managed to gain control over millions of computers by sending files pretending to be racy pictures of celebrities or winning lottery tickets.

In an espionage attack, the messages are much more targeted, says Shishir Nagaraja, one of the authors of the Cambridge study who investigated the attack on the office of the Dalai Lama. The emails appear to come from someone the recipient knows and may contain a file that recipient has been expecting.

"Who wouldn't open that?" says Mr. Nagaraja. The attacks "depend less on technical measures and more on abusing trust."

In the attacks tracked by the Canadian researchers, the installed software provided near-complete control over the victims' computers. The attackers could search for and steal sensitive files, capture passwords to Web sites, and even activate a computer's Web camera if they desired. The victims were usually unaware that someone else could control their computers.

Mr. Nagaraja stresses that businesses are also at risk. While the incidents uncovered by the researchers dealt mainly with government organizations, corporations could hire hackers to steal information from rivals using similar techniques.

Indeed, there is a precedent for such incidents. In May 2005, Michael and Ruth Haephrati were arrested and later pleaded guilty to stealing secrets from dozens of businesses in Israel by crafting fake business proposals that really contained malicious software.

The Haephratis would call their targets on the phone to make sure they had opened the infected files.

Targeted attacks are on the rise. Researchers at MessageLabs, a division of Symantec Corp., only detected about one or two targeted attacks per week in 2005. In 2008, the researchers detected 53 of these attacks a day.

The Canadian researchers are based at the Munk Centre for International Studies at the University of Toronto.

—Jason Dean contributed to this article.

Worldwide Computer Worm Conficker May Strike Your Computer This Week

2009-03-29T17:55:00.001-05:00

This April 1st may be no joke.

A potentially dangerous Internet Worm, called CONFICKER, may erupt on as many as three million computers worldwide.

This WORM already resides and lies dormant on infected PCs.

If CONFICKER is on your computer now, you would not know it unless your virus protection program detects it.

On April 1st, the WORM will activate, go onto the internet and possibly download a more danger version of itself.

Millions of computers in tandem may attack some internet target. Or perhaps it will steal personal information from your computer and transmit it across the internet.

We here at WFMY have answers on how to protect your computer and your personal information.

If you clean the WORM off your computer before April 1st, the date it mutates into a more dangerous version, it is fairly easy and safe to remove the worm.

Visit the Microsoft site, Microsoft.com, to download a free program which will kill this worm if it's on your system.

Perhaps this is just an April Fool's hoax. Microsoft doesn't think so.

And even if it is a joke. Why not use the next two days to run your virus protection programs to make sure your computer and personal information are not at risk.

microsoft.com

Follow digtriad on Twitter...

Protect yourself.

Buying a house

2009-03-28T20:27:00.004-05:00

So my lady and I decided about May of 2007 that after we move into our apartment we would look into getting a house. Well a year has almost gone buy and it is time to make a decision. We Did! We have been looking at houses for the longest time and found a Realtor Joann who is just the best! A one day trip her and we found the perfect house. a Brand New D.R. Horton home in Converse, Tx. 2500sqft, 4 bedrooms, a Game Room/Media Room, 2 car garage, big walk-in closets, Big backyard, French doors, to many to add. This is a big step forward in our lives and hope for all the best. We should be able to close June 30th, 2009. It is good especially now to be a first time home buyer. Incentives are Great! Above is the floor plan. Wish us luck!

Jeff -

YAMMER

2009-03-20T21:26:00.002-05:00

Yammer is a tool for making companies and organizations more productive through the exchange of short frequent answers to one simple question: "What are you working on?"

As employees answer that question, a feed is created in one central location enabling co-workers to discuss ideas, post news, ask questions, and share links and other information. Yammer also serves as a company directory in which every employee has a profile and as a knowledge base where past conversations can be easily accessed and referenced.

Anyone in a company can start their Yammer network and begin inviting colleagues. The privacy of each network is ensured by limiting access to those with a valid company email address. The basic Yammer service is free. Companies can pay to claim and administer their network

Live TV : Ustream

IT Pro Gets Four Years for Building Botnets

2009-03-08T20:47:00.000-05:00

Robert McMillan, IDG News Service

Thursday, March 05, 2009 5:40 PM PST

An employee of search engine startup Mahalo has been sentenced to four years in prison for infecting as many as 250,000 computers with malicious botnet computer code.

John Schiefer was sentenced Wednesday in federal court after previously pleading guilty to hacking, fraud and wiretapping charges. He was arrested in 2007 as part of a large U.S. Federal Bureau of Investigation enforcement action against botnet makers, called Operation Bot Roast II.

The case marks the first time that someone has been charged with operating a botnet under federal wiretapping laws. Schiefer could have been sentenced to as much as five years in prison on the charges.

When they hired him, Mahalo executives didn't know about his criminal activities. In a blog posting, Mahalo founder Jason Calacanis said company CTO Mark Jeffrey had "screwed up by not doing a simple Google search on John's name," but he stood by his employee, saying there is a fine line between hackers "who put one foot over the line" and commit minor indiscretions, and others like Schiefer, who "race past it."

"I consider myself a fairly decent judge of character, and after spending months with John, I'm convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001% of the damage it could have)," Calacanis wrote. "Now he's an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica."

"When he comes out, I hope to be able to offer him a job and that we can work together again," Calacanis said.

Schiefer built his botnet army while a consultant at 3G Communications, a small Los Angeles telecommunications company. The network, built with the help of two accomplices, was used to snoop in on Internet traffic between victims' computers and financial institutions such as PayPal, prosecutors said. Schiefer would then make purchases or simply drain his victims' bank accounts.

He used several partners in the scheme -- some of them minors whom he "bullied ... into participating in the crimes," prosecutors said in the suit, filed in the U.S. District Court for the Central District of California.

When a minor named Adam expressed reservations about claiming stolen money from PayPal, Schiefer told Adam to "quit being a bitch and claim it," the filing states.

Online, Schiefer was known as Acidstorm. His MSN Messenger handle also included the tagline, "Remember the name or feel the pain."

In another scam, a Dutch online marketing company called Simpel Internet paid him more than US$19,000 for installing the company's TopConverting adware on PCs, which he did without the consent of his victims. As part of his plea agreement, Schiefer will pay $20,000 in restitution to Simpel Internet and the financial institutions he defrauded.

He also used the botnet to launch distributed denial of service (DDOS) attacks, and in an interview with the FBI he claimed to have knocked the Los Angeles Times' Web site offline, prosecutors said.

According to an FBI affidavit filed in the case, Schiefer also accessed computers at an unnamed 3G Communications client without authorization.

Schiefer seemed happy with the money he was making from his scams. According to evidence entered into court, another one of his instant messaging signatures read: "Crime pays, and it also has an excellent benefits package."

Schiefer hopes to seek future employment in the information security field, prosecutors said.

Cyber Security Community Joins Forces to Defeat Conficker Worm

2009-02-15T15:06:00.000-06:00

By Brian Krebs

washingtonpost.com Staff Wrtier
Friday, February 13, 2009; 3:01 PM

The quarter-million dollar award Microsoft is offering for information that leads to the arrest and conviction of those responsibile for unleashing the "Conficker" worm may represent the culmination of what security experts say has been an unprecedented and collaborative response from industry, academia and Internet policy groups aimed at not just containing the spread of this worm, but also in creating a playbook for dealing with future digital pandemics.

Estimates of how many systems infected by Conficker, a contagion that has exploited Microsoft Windows PCs over the past few months, vary widely, from 2 million to more than 10 million machines. Microsoft estimates that at least 3 million PCs worldwide remain infected. Yet, PCs sickened by Conficker have not yet been observed in facilitaing the kind of illegal online activities typically spewed by computers infected with malicious software, such as sending spam or hosting scam Web sites.

Rather, security experts say the worm may be the first stage of a larger attack. By using a mathematical algorithm, Conficker can tell infected systems to regularly contact a list of 250 different domain names each day. If just one of those domains is registered by the virus writer, it could be used to download an as-yet unknown secondary component to all infected systems maliciously, such as malicious software.

"This worm would be a marvelous tool in hands of whoever can control it, but the real harm from it has yet to be felt, and we're trying to postpone that day," said Paul Vixie, founder of Internet Systems Consortium, a Redwood City, Calif., company whose open-source software powers millions of Internet servers around the globe.

For several weeks after Conficker first surfaced in November, the anti-virus community began studying and publishing their research online. Individual security researchers were then able to begin registering the 250 domains sought daily by Conficker-infected systems to ensure those machines would not receive its intended instructions. At least one researcher told washingtonpost.com that he registered a number of the domains in the names of the FBI and Microsoft.

But, the FBI already was investigating individuals who were found to have recently registered domains sought by Conficker-infected systems, according to Bill Woodcock, research director of Packet Clearing House, a San Francisco based non-profit organization that provides support and training to companies that manage critical Internet infrastructure.

"There have been law enforcement folks trying to figure out who the holders of these domains are," Woodcock said.

Officials for the FBI did not return calls seeking comment.

Phillip Porras, director of the computer security lab at SRI International, also began tracking Conficker domains in late November. Porras and his team learned they could determine sets of domains sought by Conficker host systems in the past or the future, merely by rolling back or forward the system date setting on Microsoft Windows systems that they had purposesly infected in their test lab.

As Porras's group began building lists of domains sought by Conficker that had already been registered, they found hundreds that traced back to security researchers and anti-virus companies that were hoping to glean intelligence about the number of systems infected with the worm.

"We found that lots of people had registered these domains to try and gather size estimates and to better understand the worm," Porras said. "Early on, various folks were sharing this data privately, but nothing was really that coordinated."

Yet, as December rolled around and the number of machines infected by the worm swelled into the millions, a consensus began to emerge within the security research community that they needed a broader coordination effort.

That community had only weeks before learned the consequences of inaction in the face of another mounting threat. In late November 2008, the "Srizbi botnet," a massive collection of compromised Microsoft PCs that sent billions of spam e-mails each day, was knocked offline after Internet providers shuttered the Web servers that were being used to control and update the botnet's activities.

Researchers knew that Srizbi had a built-in fallback mechanism similar to the updating capabilities in Conficker, a failsafe device that could resurrect the botnet by forcing infected systems to seek out a randomly generated set of four domains that changed every 72 hours.

For several weeks, FireEye, a private security company in Milpitas, Calif., took it upon itself to register each of the domains that Srizbi-infected systems were told to seek out in order to allow criminals to regain control over the wayward systems. But as the costs of registering those domains mounted, the company ceased reserving them. On Nov. 25, a day after FireEye quit registering the Web site names, unknown individuals took over that task, and the Srizbi botnet was back online and blasting out spam.

Woodcock said many in the security community, including the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the domain registration industry, were eager to avoid a repeat of the Srizbi fiasco.

"Nobody wanted to go through a big exercise to deal with the Conficker worm and not have a process in place to make it easier the next time this happens with a different worm," Woodcock said.

Still, coordinating a Conficker counterpunch would require some bending of the rules that govern domain name registrations, along with unprecedented level of cooperation from foreign governments.

For example, "top level domains" most sought after by Conficker-infested systems -- dot-com, dot-org and dot-net -- have explict contracts with ICANN that prohibit them from unilaterally reserving Web site names, even the seemingly gibberish domains that were known to be sought out by Conficker.

Also, some of the domains sought by Conficker would need to be registered through registrars controlled by soverign nations that are not beholden to ICANN, such as dot-ws (Western Samoa), and dot-cn (China).

Rodney Joffe, senior vice president of Sterling, Va., based Neustar Inc., which has an exclusive contract with ICANN to manage dot-biz and dot-us domain registrations, said ICANN recently took the unprecedented step of allowing registrars to set aside any domains sought by Conficker systems now or in the future.

Joffe said ICANN was instrumental in waving those restrictions for domestic registrars, but also in convincing the Chinese and other international registrars to agree to shelve the Conficker domains.

"People blame ICANN when anything having to do with domain names being used for abuse comes up," Joffe said. "But this is one of those interesting instances where ICANN has been very progressive in the kinds of help they've given the registry operators. There seems to be growing, global understanding that these kinds of things don't reflect well on anyone in the industry and actually cause damage to everyone."

For its part, ICANN will continue to work with the registry community to refine its policies on how to deal with future domain name-based threats, said Greg Rattray, chief Internet security advisor at ICANN.

"We agreed with the registries that we need to look at how to do this in a coordinated, coherent fashion that enables the community to respond in accordance with the contractual policy guidelines while at the same time being operationally effective and timely," Rattray said. "We hope this can become the model for more collaborative response in the face of future threats."

Rick Wesson, chief executive of Support Intelligence, a security firm in San Francisco, called the international effort to contain the worm "incredible."

"Here we have the Chinese cooperating with the Americans on a cyber threat when so much of the rhetoric [from the U.S. government] is about concerns around the cyber threat from China," said Wesson, who was also one of the researchers who began registering Conficker domains back in November.

But it's too soon for the community to declare victory, Wesson said. The next domain-based worm could significantly ratchet up the number of domains, and thereby sideline a large number of Web site names that might otherwise be commercially viable and sought after by legitimate Internet users.

"I think we're going to have successes and we're going to have failures, and this one clearly isn't a success until Microsoft has paid a quarter of million dollars and the individuals behind this worm are in jail," Wesson said.

SLICEHOST

2009-01-25T20:15:00.002-06:00

I just bought what you would say a slice of slicehost. They are a Virtual Server Provider for the linux peeps out there. I bought the 512 slice version and accidentally bought it with Ubuntu, which was not the distro that I wanted. There is a SliceCHAT available to the customers which is NICE. They were able to easily guide me to the slicehost manager and reload my virtual server with the distro of my choice. I thought that was SWEET!

Virtual Private Servers.

Our VPS slices are the ultimate mix of price, performance and power. We use the revolutionary Xen virtualization software to reserve memory and CPU slots, then employ a custom built backend to manage our slices.

Why should you consider a Slicehost VPS?

A Slicehost VPS fills the huge performance gap between entry-level, shared hosting and expensive dedicated hosting. Our 256slice will smoke any shared package you can find in terms of performance and reliability. The 1024slice rivals a fully dedicated server, at a fraction of the price. And every Slice package gives you full root access, instant reboots, one of several Linux distributions and the ability to install whatever software you want.

Unrivaled Prices.

Go ahead and shop around. You’ll find that our VPS prices trounce the competition. How did we do it? We wrote our own software and run our NOC as efficiently as possible. Our management interface handles every situation, including instant reboots, distribution setups and software reinstalls. Our competitors? They have to buy expensive hardware or man-hours to accomplish the same tasks.

A Slicehost VPS can…

Serve Ruby on Rails applications using Mongrel, Apache or Lighttpd
Host Python applications using the Django framework
Run MySQL or Postgres databases
Power a Java application server
Serve PHP apps lightning fast

We’ll take care of you.

We take three things very seriously: customers, servers and networks. Our infrastructure was built from the ground up to satisfy intense demands: the best hardware, customized software, fast networks, a world class data center and redundancy galore. If something goes wrong, we’ll fix it fast, tell you what happened and make sure it doesn’t occur again. We answer to you.

When you choose Slicehost, your servers become our servers.

Hardware.

Quad core, 64-bit machines (8+ ghz)
RAID-10 disk storage
Hard usage caps on VPS machines
Gigabit network backbone

Facilities.

Cagespace in multiple facilities including a new $7-million dollar datacenter and Switch & Data datacenters
Redundant power, UPS, cooling and fiber
Biometric authentication, key card access and video surveillance
24×7 staffed NOC and customer support
24×7 custom monitoring tools with email/SMS timed escalations

Our Story

We’ve been doing this for a while. Until recently, our services were focused on the managed hosting needs of the business world. We never considered opening our NOC and services to smaller markets or individuals. However, the explosive growth of hosted applications, web frameworks and open source software brought colleagues to us searching for solutions. There were plenty of fly-by-night operations that would take their money and cram them onto an oversold box, but they wanted more. So we built our own management system around a cutting edge virtualization project, expanded our NOC and opened the doors.

Slicehost brings the experiences, high expectations and support demands of business hosting to the consumer market. We aim to please developers – people who know their stuff. People who write software, build servers and get things done. If you’re new to web applications and hosting in general, we’re probably not the best choice for you. If you want the cheapest price, go to any of the volume driven web hosts with outsourced support. But if you know what needs to be done and want a host who will help you get there, you’re in the right place.

Our Customers

Don’t take our word for it, take theirs.

Try THIS out and see what you think

Jeff

Saturday @ Work

2009-01-17T16:28:00.002-06:00

For some reason, I am not feeling so well. I guess I was ok this morning waking up. Seems like the tables have turned. Feel very much so under the weather. Although it was good because I woke up and was able to spend a little time with my fiance. She has moved to an overnighth schedule cause of someone not able to do there job. So Jillian is the one that steps in and takes charge. GO SWEETIE !

Pilate's is no joke, looks easy and you do not need to spend much time working out, I beg to differ. I can speak on behalf of all guys out there that will not admit that they have tried Pilate's. IT HURTS. LOL

Tuesday is the inaugural for President Elect Obama.

Happy Days To All, hoping to have a great Weekend.

Jeff

Cannot Sleep

2009-01-17T05:31:00.000-06:00

It is about ...... 5:30a.m, just thinking alot about what I want and need to do in life. Not only do I want to better myself, but as well as other around me.

LANS-TECH so far is coming in great, although I feel there is something else that we need to be doing.

Mailtrust is a great company, I tell you, never had as much fun working there then anywhere else. Pat Matthews, Kevin and Bill, al have inspiring stories that one day I hope to have dreams that high. Click here to read more on the founders of MAILTRUST.

Always keeping my vision and eyes wide open to any and all possiblities. One day, I will make those dreams reality.

I guess night for now.

Jeff-

Linux's '09 Outlook: Everywhere, Even On Windows Machines(Google News)

2008-12-21T13:44:00.000-06:00

It sounded like a wild hook for a story, to put it mildly: In 2009, it is said, Linux will ship on more PCs than Windows. So I sat down with Jim Zemlin of the Linux Foundation to explain his reasoning behind such a statement. He did, and I learned about great many other forward-looking insights for Linux in '09, too.

"The New York Times recently did a piece on big-name companies like Dell (Dell) and Hewlett-Packard (NYSE: HPQ) all diving in the [Linux-powered] netbook space," he told me, "and on top of that there's QuickBoot, where you power on your machine and a couple of seconds later, you've booted into a Linux-powered mini-environment with network access, e-mail, and so on. The thing is, when people use this,Microsoft (NSDQ: MSFT) loses that much more customer experience. You're not booting into Windows, so Windows becomes further from the consumer in terms of what they're using day to day. And as you get less dependent on Windows, other things rise to the fore. If every machine that ships, ships with this, that’s that much less of Windows people are using in some form. You can see then how Linux outships Windows in this sense."

Maybe that's a sneaky way to think about it, but I could see what he meant. Get Linux into people's hands in some form, especially in a form that allows them to do an end run around Windows, and you have that many more things that don't require the Windows ecosystem to be successful. And the time is right.

"A lot of the stuff we've been talking about [re: the growth of Linux] has been coming true this year," Jim went on. "Major PC makers are shipping PCs without Windows as A-list items, and the OEMs now have that much more leverage with Microsoft thanks to that. Hardware drivers work more often than not, even with things like wireless network cards that used to be a problem."

So what are the major Linux Foundation goals for 2009?

"Two big things. One, to grow the market for Linux; two, to provide a market for ISVs to use Linux that's a consistent target. The people who are using Linux to build things now, like netbooks, are trying to add their own branding to them apart from 'Linux'. Asus doesn't speak about the Eee PC as being a 'Linux' machine; it's their own Asus Eee OS. The experiences we have with each brand are what they want to take credit for."

To my ears this sounded fairly analogous to what happens with video game consoles. The XBOX 360, the PlayStation 3, the Nintendo Wii -- the names alone speak volumes about what you're going to get and in what form.

"Very true. Thing is, PS3 apps don't run on an XBOX; they're all isolated. With Linux, the challenge is for people who do custom branding -- can they build and innovate on the platform and also make the kind of money needed to drive future development? Consistency is something that's really important for that, especially on the back end where the innovation appens; it helps create critical mass. And it's not optional to do that when your most direct competition in this space has a 90% market share. You don't have the luxury of not working together."

Among the big projects and initiatives that the Foundation wants to really kick up a notch or three in '09 is Moblin, Intel (NSDQ: INTC)'s standardization platform for mobile devices. I asked how this differs from the already-out-there Android, and Jim put it this way: "Android's a Linux-based smartphone platform, but Mobil is a more traditional Linux distribution that's been specifically built for netbooks and similar devices. The two are aimed at different markets."

With the economy imploding like the house at the end of Poltergeist, there's been a lot of talk about using open source as a way to make IT budgets meet, but such talk has always for me had the flavor of "water is wet". Surely there's some deeper significance to how open source is a smart idea in hard times, I asked.

Jim used an economic analogy, one that I'd myself echoed a while back in a different way. "When you go into a recession, the people who come out on top are the people who have managed their risk effectively. Who’s feeling the most pain? The people who put all their money into real estate; they’re in real trouble. Or they put all their retirement money in the stock markets, and now their 401K has bottomed out. Those are the ones who hurt the most. The people who do well are balanced in their portfolio, with a little of everything -- some bonds, some stocks, some real estate, some cash, and so on.

"Linux is the most massively hedged computing project in the history of computing. Look at the tech companies: the one hurting most is Sun. Why? Not just because of their strategic mistakes, but because they’re not hedged; they put everything into one basket. If you bet on Sun, which is doing badly, where are you going to be in five years? If you bet in Linux, look who’s behind that:IBM (NYSE: IBM), Novell (NSDQ: NOVL), everyone."

One major set of events that Jim's looking forward to -- and me along with him -- is the expansion of Linux Foundation events overseas. "In '09 we'll be holding a major international Linux get-together in Tokyo, and we're looking to provide better training, education and other support for a future Linux labor pool. We're going to focus on the big markets for this, where big decisions are being made. Linux is no longer in a position where we need to perform flanking maneuvers; we can now meet things head-on."

Open Vulnerability Assessment System

2008-12-21T13:37:00.000-06:00

OpenVAS stands for Open Vulnerability Assessment System and is a complete tool for network security scanning including a graphical user front-end. I is used to detect security problems in remote systems and applications. The OpenVAS development team consists of various interested parties from academia and commercial entities as well as individuals.
OpenVAS derives from the Nessus project which turned into a commercial product. All OpenVAS products are Free Software under the GNU General Public License (GNU GPL).

The OpenVAS software consists of five different parts which are provided and maintained by the OpenVAS projects. These parts are:

OpenVAS-Server
OpenVAS-Libraries
OpenVAS-LibNASL
OpenVAS-Plugins
OpenVAS-Client

According to the documentation, only UNIX systems are supported by OpenVAS and out of this group, Linux distributions are tested most extensively. xBSD should work but has not been extensively tested.
Additionally OpenVAS-Client Packages for Microsoft Windows XP SP2 are available on the OpenVAS website.

Please notice that there are currently two different series available for download: the stable 1.0 series and the upcoming 2.0 series. The OpenVAS developers recently have announced the release of the 2.0-rc1 versions of openvas-libraries, openvas-libnasl, openvas-server and openvas-client.
In this step by step workshop we’ll describe how to compile, install and use OpenVAS on a Mandriva 2009 server and client. The workshop configuration could look like this:

Step 1: Installing Mandriva 2009 server

We think it is not necessary to explain how to install Mandriva 2009 and recommend reading the articles below in case of problems:

http://www.howtoforge.com/perfect-server-mandriva-2009.0-i386
http://www.howtoforge.com/perfect-server-mandriva-2009.0-x86_64

We recommend using the following website to add official media and latest update recourses:

http://easyurpmi.zarb.org

The automatic media setup usually works perfect and will help you to get an up-to-date system quickly.

Make sure to have the following packages available on your system. We’ll later need them to compile OpenVAS. Use the urpmi command like described in this article.

gcc
make
libglib2.0-devel
bison
libopenssl0.9.8-devel
libgtk+2.0_0-devel

Depending on your installation, you may need the following packages also. Watch for error messages during the pre-configuration process in the next step:

libgnutls-devel
libpcap-devel
libgpgme-devel

Step 2: Compiling OpenVAS from source

After downloading the source code please be aware that the installation process might copy files to places different from the ones expected by you or the distribution you are using. This may lead to unexpected results, especially if you install releases from different series or try to remove old copies of OpenVAS if you are not careful. Because of this, you should use a prefix (i.e. ./configure prefix=/opt/openvas). In this case you can easily isolate all the files belonging to this particular OpenVAS version. You can also later uninstall OpenVAS from your machine by removing the related subdirectory.

You have to compile and install the packages in the following order:

1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins
5. openvas-client

We recommend reading the files INSTALL and README inside the respective packages.
Let’s start with the libraries and end with the openvas-plugins:

mkdir /opt/openvas
tar xzf openvas-libraries-2.0.0.rc1.tar.gz
cd openvas-libraries-2.0.0.rc1
./configure prefix=/opt/openvas
make
make install

tar xzf openvas-libnasl-2.0.0.rc1.tar.gz
cd openvas-libnasl-2.0.0.rc1
./configure prefix=/opt/openvas
make
make install

tar xzf openvas-server-2.0.0.rc1.tar.gz
cd openvas-server-2.0.0.rc1
./configure prefix=/opt/openvas
make
make install

tar xzf openvas-plugins-1.0.5.tar.gz
cd openvas-plugins-1.0.5
./configure prefix=/opt/openvas
make
make install

On your client machine just compile the following package like this:

tar xzf openvas-client-2.0.0.rc1.tar.gz
cd openvas-client-2.0.0.rc1
./configure prefix=/opt/openvas
make
make install

Change the path variable like this:

Edit the root profile using your favourite editor as root and reboot your machine.

vi ~/.bash_profile

Add the following line at the end:

export PATH=$PATH:/opt/openvas/bin:/opt/openvas/sbin

To avoid problems with the openvas libraries, we need to create this symbolic link:

ln –s /opt/openvas/lib/libopenvasnasl.so.2 /lib

Step 3: Prepare OpenVAS for the first run

After installing OpenVAS-Server some additional steps are needed to get your OpenVAS installation up and running. For security reasons, communication between the OpenVAS server and client is only possible through SSL encrypted connections. In order to establish an SSL encrypted connection, the server needs to have an SSL certificate. We’ll use the command openvas-mkcert to generate it.
In addition, a client needs to have a user account on the server. The OpenVASServer
package provides the openvas-adduser script to simplify the creation of user accounts.
You are able to restricted user access rights by implementing different rule. Please read the documentation for more details.

Just open your favourite console and use the following commands as root. If you have problems to run it, please make sure to configure the PATH and library settings like mentioned in step 2. See the screenshots below:

openvas-mkcert
openvas-adduser

You are browsing images from the article:
Open Vulnerability Assessment System" target="_blank">

Step 4: Performing a synchronization with a OpenVAS NVT Feed

The OpenVAS project offers a public feed of Network Vulnerability Tests (NVTs). The feed contains all NASL plugins available in the OpenVAS source code repository and now contains more than 6000 plugins. The feed is usually updated every weekday.

http://www.openvas.org/nvt-feeds.html

The following command will connect to the currently only available NVT feed. At the end, it will verify the md5 checksums of all synchronized files. If any of them fails, an error is reported. In this case you should retry a couple of minutes later:

openvas-nvt-sync

Start the sever using the following command:

openvasd -D

You are browsing images from the article:
Open Vulnerability Assessment System" target="_blank">

Step 5: Running the first scan using your Linux OpenVAS client

Please use your client machine and open the OpenVAS Client using the following command:

OpenVAS-Client

We recommend using the Scan Assistant like shown in the pictures below. It will guide you step by step and will help you to understand the procedure. At the end, you need to connect to the OpenVAS server. Use the server hostname (or IP address) and the username and password you have created in step 3 using the openvas-adduser command.
Once you are connected to the server, you will receive all new plug-ins available and start the scan process on the selected target.
The system will need some time to discover security holes and will give you appropriate references to remove them. Please use the possibility to export the reports in different formats.

You are browsing images from the article:
Open Vulnerability Assessment System" target="_blank">

Step 6: Troubleshooting and additional help

Please use the following log files to discover problems. The tail command in a separate console will help you to keep an eye on your system:

tail –f /opt/openvas/var/log/openvas/openvasd.messages

tail –f /opt/openvas/var/log/openvas/openvasd.dump

The OpenVAS developers providing a mailing list you can use. To see the collection of prior postings to the list, visit the Openvas-discuss archives.
http://lists.wald.intevation.org/pipermail/openvas-discuss/

Read a complete OpenVAS Compendium here:

http://www.openvas.org/compendium/openvas-compendium.html

[Good Stuff to know for those Linux admins out there.]

Jeff

linuxterminal.org - What to do?

2008-12-19T22:09:00.000-06:00

Ok,

So i had an idea of making this site a search engine something strictly for Linux. I am not to sure now. I would like to have a forum page etc... I don't have any direction on this project, so I was hoping any of you Linux gurus out there might lend a fella a helping hand.

Of course the idea is using this site as a search engine looking like a terminal.

Any ideas???

Jeff

Linux - Stop holding our kids back!

2008-12-19T21:56:00.000-06:00

"...observed one of my students with a group of other children gathered around his laptop. Upon looking at his computer, I saw he was giving a demonstration of some sort. The student was showing the ability of the laptop and handing out Linux disks. After confiscating the disks I called a confrence with the student and that is how I came to discover you and your organization. Mr. Starks, I am sure you strongly believe in what you are doing but I cannot either support your efforts or allow them to happen in my classroom. At this point, I am not sure what you are doing is legal. No software is free and spreading that misconception is harmful. These children look up to adults for guidance and discipline. I will research this as time allows and I want to assure you, if you are doing anything illegal, I will pursue charges as the law allows. Mr. Starks, I along with many others tried Linux during college and I assure you, the claims you make are grossly over-stated and hinge on falsehoods. I admire your attempts in getting computers in the hands of disadvantaged people but putting linux on these machines is holding our kids back.

This is a world where Windows runs on virtually every computer and putting on a carnival show for an operating system is not helping these children at all. I am sure if you contacted Microsoft, they would be more than happy to supply you with copies of an older verison of Windows and that way, your computers would actually be of service to those receiving them..."

Karen xxxxxxxxx
xxxxxxxxx Middle School
AISD

Hmmmm....

I suppose I should, before anything else, thank you. You have given me the opportunity to show others just what a battle we face in what we do. "We" being those who advocate, support and use Free Open Source Software and Linux in particular.

If you find my following words terse or less than cordial, take a breath and prepare yourself...what I have to say to you are soft strokes to your hair in comparison to what you are about to experience.

First off, if there was even the slightest chance that I was doing something illegal, it would not have been done. To think that I would involve my kids in my "illegal" activities is an insult far beyond outrage. You should be ashamed of yourself for putting into print such none sense.

And please...investigate to your heart's content. You are about to have your eyes opened, that is if you actually investigate anything at all. Linux is a free as-in-cost and free as-in-license operating system. It was designed specifically for those purposes. Linux is used to free people from Microsoft. The fact that you seem to believe that Microsoft is the end all and be-all is actually funny in a sad sort of way. Then again, being a good NEA member, you would spout the Union line. Microsoft has pumped tens of millions of dollars into your union. Of course you are going to "recommend" Microsoft Windows". To do otherwise would probably get you reprimanded at the least and fired at the worst. You are only doing what you've been instructed to do.

You've been trained well.

I don't know when you attended college Karen but the Linux of even two years ago pales in feature and ability to what there is available now...and that in turn will pale in a year's time. linux is superior to MS windows in so many ways, they are too numerous to mention here...I am weary of enumerating them. Unlike Microsoft who meters their "improvements" and then shovels them to you every five years or so for purchase; Linux releases their improvements upon their completion. We receive the newest and the best of the system when it is tested to be usable and stable. Karen, you have no idea the slavery you work under...but you don't know any better. The shame of it is, you are trapped with millions of other teachers in obeying the NEA and preaching the goodness of Windows and Microsoft. A superior, free and absolutely entertaining method of operating your computer is within reach and you are unable to grasp it.

The most disturbing part of this resides in the fact that the AISD purchases millions of dollars of Microsoft Software in a year's time when that money could be better spent on educating our children. A dedicated School Teacher would recognize that fact and lobby for the change to Free Open Source Software and let the money formally spent on MS bindware be used on our kids.

A teacher who cared about her students would do that.

That is sad past my ability to express it to you. Don't shackle your students in your prison Karen.

Now. You give that boy his disks back. Aaron is a brilliant kid and he's learned more using Linux than he ever did using Windows. Those disks and their distribution are perfectly legal and even if he was "disruptive", you cannot keep his property. I have placed a call to the AISD Superintendent and cc'd him a complete copy of your email. It looks like we will get to meet in his office when School starts again after the holiday. I am anxious to meet a person who is this uninformed and still holds a position of authority and learnedness over our children.

Ken Starks
HeliOS Solutions

All-Righty Then

[Funny stuff how half the people on the face of the earth have no clue about Linux. We need to change that.]

Jeff

Jeff's Terminal First Entry

2008-12-19T20:01:00.000-06:00

Hello Folks,

My name in Jeff, a little bit of what you would call a techie. I like the world of linux!!!!

LINUXTERMINAL.org

In a World without walls or fences,

who needs Windows or Gates?

USE LINUX!

Coming Soon

This is my website that I am building on my free time. Still under construction. Thinking of making a Linux search engine. I dunno, we will see. Just want to introduce my self. Please feel free to hit me up for anything.

Jeff