OpenDNS is one of the public domain name servers available to the users.
When setting the DNS IP address to 208.67.222.222 or 208.67.220.220 your client will lookup the domain name using OpenDNS servers. Apart from the security advantages (that I don’t want to discuss here) one killing feature of OpenDNS is the possibility to effectively set content filters for your client computers.
Imagine you’re a father and don’t really want your 6 years old kid to stumble upon (yes you can involuntarily stumble upon them) adult websites while surfing the web. You should be with your kid when he/she does but we know that this isn’t always possible even at home. OpenDNS gives the user the possibility to filter several categories of websites and even to create personal blacklists and whitelists.
The problem is that OpenDNS recognizes a user through his/her IP address. This works fine in case of static IP but doesn’t work with dynamic IP addresses that are assigned by the ISP to the user at every session.
DDclient is what we need to do the trick. It’s basically a perl client designed to catch the user’s IP address and perform the update of that for certain services.
You can find and install the script directly from the repositories, just look for DDclient in Synaptic.
While performing the installation the script will render a setup form that you must fill in with basic data about the task DDclient has to do.
Anyway I found that also by filling in the form the IP address update for OpenDNS doesn’t work. This is not a big deal because we are gonna modify the configuration script.
Open a terminal and type:
sudo gedit /etc/ddclient.conf
Enter the following information in the text file
/etc/init.d/ddclient status
sudo ddclient
ssl=yes
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
pid=/var/run/ddclient.pid
use=web, web=whatismyip.org
protocol=dyndns2
use=if, if=eth0
server=updates.opendns.com
login=XXXXXXXXXXX
password=XXXXXXXXXX
Home
Customize the following data:
login --> your login name in OpenDNS
password --> your password account in OpenDNS
Home --> change this with whatever name you gave to your network in OpenDNS
Save the script and close.
Now type:
sudo /etc/init.d/ddclient status
This will check if DDclient in running. The ouput should be something like this: Status of Dynamic DNS service update utility: ddclient is running
DDclient is configured by default to run as a deamon, therefore you shouldn’t have to do anything. Should you have issue with it running check first the configuration file to spot syntax or command errors. You could also type sudo /etc/init.d/ddclient restart to see an error output.
To check the update of the IP in your machine try to switch off and on the router a few times, obtain a new IP address from your ISP and check the setting page of OpenDNS. You should see the new IP address associated with your network (gives a few minutes to the trick to happen though). You could also monitor changes in /var/log/syslog
Well, you’re now set up to effectively filter what your kids will access on the web.
Friday, May 28, 2010
Wednesday, May 26, 2010
Revolutionists of the small screeen - Google introduces the Google Tv
Google's doing that again. They're taking good ideas, trying to make them better and the hammer down the old ways to shape the future. This time their target is the old school, fence-and-spear, tv. They took Boxee's idea, insert new concepts and are about to sweep the video fruition scenario like a combine harvester.
Let's just pray and hope Google will succeed in being what mammals were for dinosaurs...
Introducing the Google Tv
Let's just pray and hope Google will succeed in being what mammals were for dinosaurs...
Introducing the Google Tv
Sunday, May 23, 2010
Friday, May 21, 2010
Google Doodle with Pac-Man
Google celebrates 30 years from the release date of Pac-Man (22 May 1980 in Japan) with a doodle that's not just good taste but also very fun. Reach Google today and find their logo changed in a googolized version of the original Pac-Man level. There's more, you can interact with the doodle and play Pac-Man. Click one more time on the "insert coin" button and play a double.
I'm falling more and more in love with Google every passing day.
I'm falling more and more in love with Google every passing day.
Tuesday, May 18, 2010
Fan restyle of 1984 David Lynch's DUNE
In 1984 David Lynch directed the movie representation of Frank Herbert sci-fi classic DUNE. If you haven't read the novel I strongly advise you to do it because it's a masterpiece of science fiction literature (and that's not just my opinion).
Anyway, Lynch's film got alternate reviews. Many, including Herbert himself, gave the movie a high rate, while others despised it because of the complication of the plot and the deviations from the book story.
I personally liked the film but I can admit that the realization can be at least seen as controversial.
A talented fan, Sasha Burrow, a Los Angeles based 3D modeler and animator, is relentlessly working on a project to "revamp" the movie, with a focus on the special effects.
Here below you can see the showreel, dated March 2010, and appreciate the improvements so far tested on the film. Considering the quality of the improvements and the fact that Sasha's currently working alone, the effort is really heroic.
You can find more information and keep track of the improvements on Sasha's blog: DUNE Special Edition.
The guy's looking for help, so if you feel able to join this interesting and commendable project, just contact Sasha.
Anyway, Lynch's film got alternate reviews. Many, including Herbert himself, gave the movie a high rate, while others despised it because of the complication of the plot and the deviations from the book story.
I personally liked the film but I can admit that the realization can be at least seen as controversial.
A talented fan, Sasha Burrow, a Los Angeles based 3D modeler and animator, is relentlessly working on a project to "revamp" the movie, with a focus on the special effects.
Here below you can see the showreel, dated March 2010, and appreciate the improvements so far tested on the film. Considering the quality of the improvements and the fact that Sasha's currently working alone, the effort is really heroic.
You can find more information and keep track of the improvements on Sasha's blog: DUNE Special Edition.
The guy's looking for help, so if you feel able to join this interesting and commendable project, just contact Sasha.
Monday, May 17, 2010
B-Movie Cast 104 is Out! - Teenagers from Outer Space 1959
A new episode of the B-Movie cast is available at http://bmoviecast.com/.
Check the website to listen to the episode and subscribe to the podcast!
You can drop your comment to the show with their Toll Free Number 888-350-2570
Check the website to listen to the episode and subscribe to the podcast!
You can drop your comment to the show with their Toll Free Number 888-350-2570
Sunday, May 16, 2010
Friday, May 14, 2010
B-Movie Cast 103 is out! - Interview with John Saxon
A new episode of the B-Movie cast is available at http://bmoviecast.com/.
Check the website to listen to the episode and subscribe to the podcast!
You can drop your comment to the show with their Toll Free Number 888-350-2570
Check the website to listen to the episode and subscribe to the podcast!
You can drop your comment to the show with their Toll Free Number 888-350-2570
The Moon Nazis Are Coming – The First Iron Sky Footage is Out!
Thanks to my friend Vince of the B-Movie Cast that let me know that the first footage of Iron Sky was released yesterday.
I don't know if you are aware of this movie but it drives me crazy! I can't wait they finish and release it.
Iron Sky is being produced by Energia Production a Finnish independent movie company. The movie is set in an alternative timeline where (or better when) bunch of Nazis managed to escape to the moon and install a base on the dark side of the rock.
In the 2018 they are ready to come back to Earth and attack!
You can find more information aboout this amazing production on the official website here.
If you like alternative timelines, science fiction and world war two stories then Iron Sky it's for you! If you happen to be an expert in some movie production areas drop a line to the production. Moreover, if you happen to have some money to invest you can finance the production. Just check the web site for more information.
See the footage here below and.. watch out for the invasion!
I don't know if you are aware of this movie but it drives me crazy! I can't wait they finish and release it.
Iron Sky is being produced by Energia Production a Finnish independent movie company. The movie is set in an alternative timeline where (or better when) bunch of Nazis managed to escape to the moon and install a base on the dark side of the rock.
In the 2018 they are ready to come back to Earth and attack!
You can find more information aboout this amazing production on the official website here.
If you like alternative timelines, science fiction and world war two stories then Iron Sky it's for you! If you happen to be an expert in some movie production areas drop a line to the production. Moreover, if you happen to have some money to invest you can finance the production. Just check the web site for more information.
See the footage here below and.. watch out for the invasion!
Wednesday, May 12, 2010
Valve's Steam game distribution client and Source game engine are coming to Linux!
Modern distribution like Ubuntu are finally in range of competition with the most famous [2] commercial operating system. That's true for a lot of things. For other things they're even superior. But not for gaming. Every Linux user knows that gaming on Linux it's a big pain in the ass. Don't mistake me. There are lots of independent games and you know that I'm especially fond of them. Apart from few exceptions though the major games are lacking.
However the future scenario of Linux gaming is getting a bit brighter. Today Phoronix announced what was a long time speculation and something that they stalked since long: Valve is going to release Steam, their gaming distribution client, for Linux. The good news aren't finished though. Valve will also release their Source game engine for Linux. Source is a modern game engine that powers games like Half Life 2, Portal, Left for Dead 2 and so on.
This is a huge hit for Linux gamers and users in general. The trend of increasing quality some Linux distributions are showing so far is getting more and more users to Linux. It's a drop of water in the sea comparing to major commercial operating systems, yet is improving. Could this be one reason of Valve's bet on Linux? I can't say for sure but I hope this incredibly good news will spawn other good happenings. For one I hope Id Software support to Linux will strengthen. Moreover -and here I can be wrong- but Linux strategy towards game development frameworks sucks, or better is non existent. There are scattered libraries for the management of the basic systems needed for gaming like graphics, sound and controls. However the lack of a unified and solid framework affects game development and keep developers away from Linux. It's far too common to encounter problems when running games for Linux. For example I can easily recall the most recent disappointments trying out the demo of X2 the Threat which had serious audio problems, Little Space Duo with non existent sound, Heroes of Newerth which didn't even start.
To wrap this article up, Steam for Linux is expected for the end of the summer and a Valve announcement is imminent. Kudos for Valve for what they're doing and I look forward supporting their choice and buying Linux games when available - Portal, Portal 2 and Postal III in particular.
Monday, May 10, 2010
How to open Magnet Links with Google Chrome and Transmission on Ubuntu
Magnet links represent a way to reference resources available for download via peer-to-peer. This is a relatively new way of access to peer to peer resources that will probably substitute in time the BitTorrent files. The differences with the afore mentioned files are that magnet links identify the files by the content’s hash value and not by name or location. This is an improvement in the effort of a more unique identification and fake content’s isolation. Another huge improvement is the fact that peer-to-peer content providers won’t have to store physical files anymore. Magnet links are just plain text and can therefore be stored effortlessly on any web page and even copied into emails, etc…
Magnets can nowadays be found on many peer-to-peer content providers like The Pirate Bay. There are however two main problems with them: they aren’t supported by all BitTorrent clients and, even when they are, by clicking on a magnet link the browser doesn’t usually open the desired application to resolve the request.
For the first problem the solution is quite simple. Clients are getting updates to include the magnet links features. Vuze, µtorrent, and the last version of Transmission are just three of the BitTorrent clients that support magnet links.
For the second problem I found a solution to open a magnet link with Transmission via Google Chrome.
This works for sure with Ubuntu 9.10 and Ubuntu 10.04.
Open the terminal and type
$ gconftool-2 -t string -s /desktop/gnome/url-handlers/ magnet/command "transmission %s"
Enter
$ gconftool-2 -s /desktop/gnome/url-handlers/ magnet/needs_terminal false -t bool
Enter
$ gconftool-2 -t bool -s /desktop/gnome/url-handlers/ magnet/enabled true
Enter
In this way you should be set up to use magnet links with your Ubuntu distribution and the default BitTorrent client Transmission.
Have fun.
Tags:
Linux,
Magnet Links,
The Terminal,
Transmission,
Ubuntu
Thursday, May 6, 2010
An Overview of Linux Rootkits
Linux is widely considered and appreciated as secure and reliable operating system. Especially for what concerns desktop users, the advantages of Linux in terms of security overwhelm the situation of other operating systems like, for example, Microsoft Windows. However malware like viruses and rootkits do exist for Linux as well, and they are especially dangerous for more tasty systems like those connected to large networks. In this article we will cover one particular set of malware: the rootkits.
A rootkit is essently a set of tools designed to set up an pathological environment inside the host’s operating system. It first needs to gain access to that system by means of various type of attacks. Having succeeded in doing so, the rootkit is designed to implement actions in order to take perform the fulfill the following objectives:
1- Establish a backdoor for future access to the host system
2- Perform malicious operations like gaining passwords or any kind of reserved and confidential information related to the compromised system (i.e. by means of keyloggers).
3- Using the compromised system to sniff communications within the network to which the system is connected
4- Attack other systems
5- Cover their tracks especially by deleting portions of log files
All these three objectives are related to the concept of the rootkit gaining superuser privileges within the infected system.
To assure future access to the system there are a few option.
- Connect via telnet. This method is a bit primitive and quite easy to be spot by the experienced administrator.
- Connection via SSH daemon. This method provides a higher level of stealth compared to the one above because the communication is encrypted and, by using a customized ssh daemon, it’s possible to avoid leaving traces of activities in log files. Provided that commands haven’t yet been replaced by the attacker’s customized ones, it is possible to spot ssh activity using the netstat command. This command is very useful to display inlet and outlet network connections as well as routing information and various network statistics.
- Other more subtle and advanced techniques like UDP listeners, backdoors on Internet Control Message Protocol (ICMP), backdoors opened through remote HTTP shells that mimic a regular browser connection to an internet website using a standard HTTP compliant protocol
My favourite one: covert channel backdoor. A covert channel attack is based on techniques that enable to transfer information using channels that aren’t normally meant for this operation. The advantage is clearly that of going stealth by creating a customized communication that will not be detected by the security systems. This method opens a world of creative ideas and suggestions about the creation of the protocol and the transmission method. For example I read (http://www.invisiblethings. org/papers/joanna-passive_ covert_channels-CCC04.ppt) that at least one method is to slightly change some fields in the packets generated by the HTTP communication. For more information check this (http://www.fas.org/irp/nsa/ rainbow/tg030.htm) book of the DoD Rainbow Series and these websites that are intereting resources in the fields of hacking and computer security. (gray-world.net, http://invisiblethings.org)
In order to maintain the environment which enables the attacker to perform operations inside the victim’s system, part of the rootkit’s job is to acquire root privileges and substitute system administration commands with customized ones. For example an attacker could hack the netstat command in order to hide the unauthorized connections, killall to block administrators from killing rootkit processes or lsof to conceal open files from the list provided by this command.
Another task that rootkits must implement in order to maintain their stealth status is deleting log files. Rootkits can be more subtle and erase only part of log files or even change dates and references.
Rootkits that access the system as LKM can be even more malicious. LKM is an acronym of Loadable Kernel Module. This components represent a simple way to expand or add features to the kernel without the need of recompilation. Should a rootkit gain access to the system carried inside an LKM, it could modify the behavior of all a series of command without the need to replace them!
One funny (if ever) operation accomplished by rootkits is sometimes clearing the field from competition. Sophisticated rootkits have been found implemented with capability to remove pre existent malware on the target system.
From all this derives the best common sense advice agains rootkits: prevention. Despite the havoc they bring to a system once installed, rootkits aren’t designed as instrument for gaining access to the system. Therefore, after installing a new system, a good strategy is to concentrate all the efforts in the techniques for preventing attackers to gain access. Some common techniques include:
- firewall the networks
- avoid installation of LKM
- use strong passwords and change them routinely
- use secure encrypted communications like VPN and SSH
- avoid granting useless and potentially dangerous privileges to system users
Once having implemented the above mentioned techniques, there are techniques that can be used to harden the system to rootkit manipulation and tools that can be used to check for rootkits either by direct comparison or by deductive methods.
- keep an up to date list of the daemons and other services that are running in the system and monitor it for changes
- keep an up to date list of the modules loaded into the kernel by means of lsmod command. It shows the module name, size, use count and list of referring modules. Note that the same information can be found from /proc/modules.
- keep track of and install all the security patches that are released for the software installed in the system
- familiarize with netstat command to check the network connections. This command shows information as protocol name (TCP, UDP), IP address of the local computer as well as the port used, IP address of the remote computer to which the local computer is connected and state of the TCP connection. Another way to obtain the same data is to look at /proc/net/dev
- routinely run lsof command which is meant to list open files as well as the processes which opened them. By running lsof -i | grep we can isolate a certain service / daemon and acquire information about the TCP port the file is listening. The option –i lists the IP sockets.
- remotely store log files to an external location so they can’t be manipulated directly on the system
- protect crucial files from modification by making them unchangeable. Typing $sudo chattr +i who will flag the who command as immutable. Note that although a superuser can’t delete a chattr +I flagged file, he can set mutable with chattr –i
Chkrootkit is a shell program designed to check for known rootkits activities like: system binaries modified by rootkits, promiscuous mode of the network interface, lastlog deletions, wtmp deletions, LKM Trojans, dirty strings replacement and utmp deletions. To run all the tests (which I consider wise) open the terminal and type sudo ./chkrootkit. A good idea would be to add chkrootkit to the system cron for routine checks and email the log report to the administrator. Chkrootkit can be found here (www.chkrootkit.org).
- Rootkit Hunter (rkhunter) is another tool to spot rootkits in your system. It will compare MD5 hash to spot files alterations, look for default files used by rootkits, wrong file permissions for binaries, suspected strings in LKM and KLD modules, hidden files, and optionally scan within plaintext and binary files. It’s an instrument similar to chkrootkit but I advise to use them bot for redundancy. The same advices regarding cron scheduling and remote reporting are valid also here. The common usage is sudo rkhunter –check. For more information chek the project website at http://www.rootkit.nl/ projects/rootkit_hunter.html
- Tripwire and AIDE are two tools that perform useful checks on the files’ integrity. The rationale is simple: by comparing the MD5 values (http://en.wikipedia.org/wiki/ MD5) of two versions of the the same file –a password protected sample and the in-use version in the system- they should find if a certain file was modified from the original version. Check the websites of the projects at http://www.tripwire.org and http://www.cs.tut.fi/~rammer/ aide.html
A rootkit is essently a set of tools designed to set up an pathological environment inside the host’s operating system. It first needs to gain access to that system by means of various type of attacks. Having succeeded in doing so, the rootkit is designed to implement actions in order to take perform the fulfill the following objectives:
1- Establish a backdoor for future access to the host system
2- Perform malicious operations like gaining passwords or any kind of reserved and confidential information related to the compromised system (i.e. by means of keyloggers).
3- Using the compromised system to sniff communications within the network to which the system is connected
4- Attack other systems
5- Cover their tracks especially by deleting portions of log files
All these three objectives are related to the concept of the rootkit gaining superuser privileges within the infected system.
To assure future access to the system there are a few option.
- Connect via telnet. This method is a bit primitive and quite easy to be spot by the experienced administrator.
- Connection via SSH daemon. This method provides a higher level of stealth compared to the one above because the communication is encrypted and, by using a customized ssh daemon, it’s possible to avoid leaving traces of activities in log files. Provided that commands haven’t yet been replaced by the attacker’s customized ones, it is possible to spot ssh activity using the netstat command. This command is very useful to display inlet and outlet network connections as well as routing information and various network statistics.
- Other more subtle and advanced techniques like UDP listeners, backdoors on Internet Control Message Protocol (ICMP), backdoors opened through remote HTTP shells that mimic a regular browser connection to an internet website using a standard HTTP compliant protocol
My favourite one: covert channel backdoor. A covert channel attack is based on techniques that enable to transfer information using channels that aren’t normally meant for this operation. The advantage is clearly that of going stealth by creating a customized communication that will not be detected by the security systems. This method opens a world of creative ideas and suggestions about the creation of the protocol and the transmission method. For example I read (http://www.invisiblethings.
In order to maintain the environment which enables the attacker to perform operations inside the victim’s system, part of the rootkit’s job is to acquire root privileges and substitute system administration commands with customized ones. For example an attacker could hack the netstat command in order to hide the unauthorized connections, killall to block administrators from killing rootkit processes or lsof to conceal open files from the list provided by this command.
Another task that rootkits must implement in order to maintain their stealth status is deleting log files. Rootkits can be more subtle and erase only part of log files or even change dates and references.
Rootkits that access the system as LKM can be even more malicious. LKM is an acronym of Loadable Kernel Module. This components represent a simple way to expand or add features to the kernel without the need of recompilation. Should a rootkit gain access to the system carried inside an LKM, it could modify the behavior of all a series of command without the need to replace them!
One funny (if ever) operation accomplished by rootkits is sometimes clearing the field from competition. Sophisticated rootkits have been found implemented with capability to remove pre existent malware on the target system.
From all this derives the best common sense advice agains rootkits: prevention. Despite the havoc they bring to a system once installed, rootkits aren’t designed as instrument for gaining access to the system. Therefore, after installing a new system, a good strategy is to concentrate all the efforts in the techniques for preventing attackers to gain access. Some common techniques include:
- firewall the networks
- avoid installation of LKM
- use strong passwords and change them routinely
- use secure encrypted communications like VPN and SSH
- avoid granting useless and potentially dangerous privileges to system users
Once having implemented the above mentioned techniques, there are techniques that can be used to harden the system to rootkit manipulation and tools that can be used to check for rootkits either by direct comparison or by deductive methods.
- keep an up to date list of the daemons and other services that are running in the system and monitor it for changes
- keep an up to date list of the modules loaded into the kernel by means of lsmod command. It shows the module name, size, use count and list of referring modules. Note that the same information can be found from /proc/modules.
- keep track of and install all the security patches that are released for the software installed in the system
- familiarize with netstat command to check the network connections. This command shows information as protocol name (TCP, UDP), IP address of the local computer as well as the port used, IP address of the remote computer to which the local computer is connected and state of the TCP connection. Another way to obtain the same data is to look at /proc/net/dev
- routinely run lsof command which is meant to list open files as well as the processes which opened them. By running lsof -i | grep
- remotely store log files to an external location so they can’t be manipulated directly on the system
- protect crucial files from modification by making them unchangeable. Typing $sudo chattr +i who will flag the who command as immutable. Note that although a superuser can’t delete a chattr +I flagged file, he can set mutable with chattr –i
Chkrootkit is a shell program designed to check for known rootkits activities like: system binaries modified by rootkits, promiscuous mode of the network interface, lastlog deletions, wtmp deletions, LKM Trojans, dirty strings replacement and utmp deletions. To run all the tests (which I consider wise) open the terminal and type sudo ./chkrootkit. A good idea would be to add chkrootkit to the system cron for routine checks and email the log report to the administrator. Chkrootkit can be found here (www.chkrootkit.org).
- Rootkit Hunter (rkhunter) is another tool to spot rootkits in your system. It will compare MD5 hash to spot files alterations, look for default files used by rootkits, wrong file permissions for binaries, suspected strings in LKM and KLD modules, hidden files, and optionally scan within plaintext and binary files. It’s an instrument similar to chkrootkit but I advise to use them bot for redundancy. The same advices regarding cron scheduling and remote reporting are valid also here. The common usage is sudo rkhunter –check. For more information chek the project website at http://www.rootkit.nl/
- Tripwire and AIDE are two tools that perform useful checks on the files’ integrity. The rationale is simple: by comparing the MD5 values (http://en.wikipedia.org/wiki/
If you’re a novice or an amateur administrator, I think that by reading this article you can have a better idea of some of the stuff that is involved in Linux systems security. If you’re a pro you’ll probably know all of this and maybe find me a bit retarded. In both cases I beg all of you to forgive all the mistakes and inaccuracies in the text.
Live long and prosperity and stay out of trouble.
Sunday, May 2, 2010
Amateur video edit - Mogwai Auto Rock
This guy made a stunning editing of Mogwai Auto Rock. The song is beautiful.
Subscribe to:
Posts (Atom)