Monthly Archive for July, 2003

O’Reilly, Hax0red

Published on 2003/7/28 in Linux, etc.. 1 Comment

Just read a great article by Tim O’Reilly Piracy is Progressive Taxation on publishing and how it’s affected (and not affected) by Internet ‘piracy’, and digital distribution. Very appealing, libertarian-esque view I think.

My server was compromised last week due to the OpenSSL vulnerability which I’d opened up for secure webmail.

Fun fun fun, here’s the relevant log entry:

[Thu Jul 24 21:31:15 2003] [error] [client 218.150.223.238] File does not exist: /var/www/sumthin
[Thu Jul 24 21:32:11 2003] [error] mod_ssl: SSL handshake failed (server caemlyn.thadk.net:443, client 218.150.223.238) (OpenSSL library error follows)
[Thu Jul 24 21:32:11 2003] [error] OpenSSL: error:1406908F:SSL routines:GET_CLIENT_FINISHED:connection id is different
[Thu Jul 24 21:34:26 2003] [error] mod_ssl: SSL handshake failed (server caemlyn.thadk.net:443, client 218.150.223.238) (OpenSSL library error follows)
[Thu Jul 24 21:34:26 2003] [error] OpenSSL: error:1406908F:SSL routines:GET_CLIENT_FINISHED:connection id is different
[Thu Jul 24 21:52:39 2003] [error] [client 216.39.48.171] File does not exist: /var/www/employ/index.html

Looks as somehow I got a slightly updated version of the OpenSSL library somehow through apt-get but only the version included with the stable debian distribution was being updated for security patches. Yuk.

Luckily it appears all clean now, the automated attacker sqrewed up in two ways:

  • His email account was shut down so the automated attack-report email was mailer-daemon returned-to-sender.
  • As if that wasn’t obvious enough, his script changed the root password and added another user (volvo uid:0) but failed to remove sudoers or remove ~/.ssh keys
  • The steps to cover up file changes wern’t made, I just pulled up Knoppix and searched for all files changed since the above time and easily nuked all of the offending files. I even saved a copy for forensics purposes.

I found that many of my /bin/* files were replaced with equivilents infected with the rst.b linux virus, what appeared to be some cracking utilities in /usr/lib/unamed, a covert ssh server in /usr/lib/xsf hosting behind port 1003 with a password of 123 and a psybnc tgz (IRC bouncer) in /var/tmp.

And now I’ve been made appropriately paranoid about security.

Tablet PC

Published on 2003/7/17 in Link. 0 Comments

Jumping around all ends of the Intarweb tonight in search of interesting tablet applications. Here’s some of my fruit.

How MS came up with their tablet implementation

Michael Shilman, a berkeley student who interned at Microsoft and worked on the tablet project. He is implementing what looks to be a very cool sketch>Powerpoint algorithm.

DENIM. A website prototyping app developed at berkeley. This one
looks semi useless as is but uses a very slick interface. And java works particularly nicely on my linux desktop. Synopsis article.

An Excellent website for the TC1000 I’ve probably visited before but had lost.

Also as a side note it looks like various emulators are coming along without me noticing. Nintendo 64 and others such as XBOX (with nice description of the issues on that). Mmm. Fun. But I had a few roms for the 64 lying around from back when that console was unemulatable. I own the carts, mind you, but it’s still fun to mess with.

real life: The Full Review

Published on 2003/7/14 in Link. 0 Comments

A nice reminder to keep real.

And from the strike-that: reverse it! dept: Blizzard Chess.