Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Softpanorama Open Source
Security Products Chronicle

Softpanorama, October-December 1998; v.10. No. 4 (0a3)

Note: This Chronicle covers 3-d quarter of 1998, but materials relevant to this period can be added much later.


Vulnerabities

Free Tools

Commersial Tools

Viruses

Security Policy and Social Issues        Etc

Free subscriptions to SANS Security Digest

Subscriptions are free and easily obtained by sending a note with the subject `subscribe' to <digest@sans.org>.

Musings on open source security models  -- important article from Linux World. Please read it.

Vulnerabities

Attention: This section should not be considered as an authoritative source of vulnerabilities. Selection of material is arbitrary and strongly dependent on the author current interests.


Free/Open Source Security-related Tools

 

John the Ripper 1.6
John the Ripper is a password cracker, currently available for UNIX, DOS, WinNT/Win95. Its primary purpose is to detect weak UNIX passwords. It has been tested with Linux x86/Alpha/SPARC, FreeBSD x86, OpenBSD x86, Solaris 2.x SPARC and x86, Digital UNIX, AIX, HP-UX, and IRIX.
scoop @ 12/04/98 - 17:45 EST

pgp4pine 1.42
pgp4pine is an interactive program for using PGP with email programs, specifically Pine. It is compatible with PGP2.6.3i, PGP5.0, and GnuPG 0.42).
NCSfck v1.2.0
NCSfck is a very secure program to check for file changes in files like /bin/login to protect your system against trojan binaries. It creates a database which you can put on a read-only disk to ensure that nobody is able to alter any information contained therein.
vision @ 11/29/98 - 17:08 EST
traffic-vis 0.22
traffic-vis is a tool to help determine which hosts have been communicating on an IP network, with whom they have been communicating and the volume of communication taking place on a host by host basis. Currently traffic-vis uses a console interface, but postscript report generation and a GNOME frontend are planned.

Version 0.22 adds peliminary Postscript report generation, fixes a few small bugs and adds some additional options.

big-dog @ 12/02/98 - 15:31 EST

Log Scanner 1.0

Log Scanner was written to watch for anomalies in log files. Upon finding them, it can notify you in a variety of ways. It was designed to be very modular and configurable. Unlike most other log scanners, this one has more than single pattern matches. It will allow you to trigger notifications on multiple occurrences of one or several events.

This release no longer depends on tail -f, now allows for log files that are rotated, and even comes with a nifty little Install script.

Egon @ 12/02/98 - 17:44 EST
 

Secure Remote Password Protocol 1.4.3

Secure Remote Password (SRP) is a password-based authentication and key exchange mechanism where no information about the password is leaked during the authentication process. It does not require any public key cryptography, yet even if one were to eavesdrop on the authentication process, no information which would aid in guessing the password can be obtained (in theory). There are some reworked Telnet and FTP clients and servers available already.
guest @ 12/03/98 - 03:49 EST
mod_ssl 2.1.2-1.3.3
mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the SSL/TLS implementation library SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project.

This is a pure bugfixing release.

Ralf S. Engelschall @ 12/03/98 - 05:02 EST
hunt 1.0
hunt is a security tool by Pavel Krauz that was recently announced on bugtraq. It uses well-known weaknesses in TCP/IP to perform connection hijacking detection, normal, active and ARP-spoofed hijacking, connection watching and resets as well as arp spoofing, sniffing and mac discovery.
the amazing ice-cube @ 12/04/98 - 11:39 EST
Deception Toolkit (DTK) 0.7
The Deception ToolKit (DTK) is a toolkit designed to give defenders a couple of orders of magnitude advantage over attackers. The basic idea is not new. Deception can be used to counter attacks. In the case of DTK, the deception is intended to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. DTK's deception is programmable, but it is typically limited to producing output in response to attacker input in such a way as to simulate the behavior of a system which is vulnerable to the attackers method.
guest @ 12/04/98 - 12:59 EST
Secure-Linux Patch 0.6
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing.

This release adds support for the recently released Kernel 2.0.36.

Ethereal 0.3.17
Ethereal is a network protocol analyzer that lets you capture and interactively browse the contents of network frames. Packet data can be read from a file, or live from a local network interface.

Ethereal now sports TCP session reconstruction, IP hostname resolution, ethernet manufacturer resolution, and quite a few other fixes and improvements.

pgp4pine 1.22
pgp4pine is an interactive program for using PGP with email programs, specifically Pine. It is compatible with PGP2.6.3i, PGP5.0, and GnuPG 0.4.

This version introduces support for GnuPG. It uses pipes to extract your secret and public keys from PGP 2, PGP5, or GnuPG 0.4.

Saint 1.3.3
SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.

Version 1.3.3 contains major bugfixes, and added tests for the tooltalk vulnerability, Back Orifice and NetBus.

Fortify 1.3.0
Fortify provides full strength, 128-bit encryption facilities to export editions of Netscape Navigator and Communicator. These are used when connecting to an encrypting web server (with the SSL protocol). Fortify also adds the ability to generate 1024-bit RSA keys internally (these are typically used for client certificates), plus the ability to send and receive e-mail messages using strong 128-bit encryption (with the S/MIME protocol).

This version adds support for the first time for Netscape's newest generation of browsers - the v4.5 stream.


Fortify 1.3.0
Fortify provides full strength, 128-bit encryption facilities to export editions of Netscape Navigator and Communicator. These are used when connecting to an encrypting web server (with the SSL protocol). Fortify also adds the ability to generate 1024-bit RSA keys internally (these are typically used for client certificates), plus the ability to send and receive e-mail messages using strong 128-bit encryption (with the S/MIME protocol).

This version adds support for the first time for Netscape's newest generation of browsers - the v4.5 stream.

scoop @ 11/04/98 - 17:18 EST category: software

----------


netwatch 0.8a
Netwatch allows a user (superuser) to monitor an Ethernet segment and examine activity on the network. Hostnames are highlighted in colours (for those supporting them) to indicate activity on the bus network based on time ( less than 1 minute red, less than 5 minutes yellow, less than 30 minutes green and otherwise blue). The monitor includes statistics on transmitted and received packets, transmitted and received bytes, protocol of last packet (TX or RC), last communication partner (IP address) and Logging entire stats to an ASCII file.

 

rc.firewall 1.0
rc.firewall is a shell script to set up tight rules-based firewalling and IP masquerading using ipchains. The homepage also includes an ipfwadm equivalent.

 

ftpcheck 0.2
ftpcheck scans hosts and networks for FTP and anonymous FTP archives. It was written as a security analysis tool. ftpcheck is very fast. It can effectively scan a class C network for anonymous FTP sites in less than 5 seconds. It does this by starting a new process for each connection. ftpcheck requires perl and libnet (from CPAN).
Squid 2.1.PRE3
Squid is a high performance Web proxy cache that can be arranged hierarchically for an improvement in response times and a reduction in bandwith usage. Squid runs on all popular Unix platforms.

 

KSniff Snapshot 981101
KSniff is a packet sniffer/analyzer developed for the KDE project which supports plugins written in TCL.

This snapshots contains fixes to the binary RPM and installation as well as further cleanups.


Commercial Tools


Security Policy and Social Issues

"The Commerce Department will allow a coalition of 10 hi-tech companies to export a new encryption technology ... while enabling law-enforcement officials to eavesdrop on some digitized conversations."

"The coalition, led by Cisco, Ascend, BayNetworks, 3Com, HP, Network Associates, Novell, Red Creek Commuications, Secure Computing, and SUN..."

"Companies also submitted for government approval the private doorbell system... These private doorbell access points rest inside routers... Though the new system allows easy access to electronic massives and files, police would still need a court order to open those messages."

"An administration official said the technology is helpful to law enforcement because it allows them access to e-mail systems, which have proved the most difficult to monitor."

Wall Street Journal, page B5

Suggested by Leonid Yegoshin.

Source: InfoWorld


Viruses


Random Findings

Withdrawal ordered for U.S. Pentagon hackers

SAN FRANCISCO -- Two California teenagers who mounted one of the most systematic hack attacks ever on U.S. military computers have received their official sentence from a federal judge: no more computers. U.S. District Judge Maxine Chesney ordered the two, aged 16 and 17, to keep their cybernoses clean during their three-year probation, the U.S. Attorney's Office announced on Thursday.  The judge forbade the hackers from possessing or using a computer modem, from acting as computer consultants, or having any contact with computers out of sight of "a school teacher, a librarian, an employer, or other person approved by the probation officer."

Chris Andrian, a lawyer for one of the boys, said Thursday the judge had been wise to pull the plug.

"That is the punishment aspect; it is like taking their toy away from them," Andrian said. "But I think (the order) should stick. They have been sufficiently frightened and humiliated that they don't want to run back into the arms of the law."

After an intensive investigation by the FBI, the Defense Department and NASA, all alarmed over hacker assaults on sensitive military and institutional computers, the boys were cornered on Feb. 25, when FBI agents descended on Cloverdale, about 75 miles (120 km) north of San Francisco, searched their homes and seized computers, software and printers.

Although officials said no classified networks were penetrated, the ease with which the hackers accessed computers at Lawrence Livermore National Laboratory, the U.S. Air Force and other organizations clearly demonstrated how vulnerable the U.S. computer system had become.

Deputy Defense Secretary John Hamre told reporters the barrage was "the most organized and systematic attack the Pentagon has seen to date," and officials said later the boys' activities had "had the potential to disrupt military communications throughout the world."

The teenagers, who went by the codenames "Makaveli" and "TooShort", pleaded guilty to illegally accessing restricted computers, using "sniffer" programs to intercept computer passwords, and reprogramming computers to allow complete access to all of their files. They also pleaded guilty to inserting "backdoor" programs in the computers to allow themselves to reenter at will.

Beginning with a local Internet service provider, which eventually raised the alarm over possible intrusion, the boys leapfrogged into other systems, including the University of California at Berkeley, the Massachusetts Institute of Technology, national laboratories, numerous military computers and two sites in Mexico.

Each of the two teenagers could have been put into custody until his 21st birthday. But Chesney's sentence was the result of plea agreements which included the "no computer" provision.

The two boys were also ordered to serve 100 hours of community service and to pay $4,330 and $1,195 respectively in restitution to institutions and companies damaged by their intrusions.

Andrian, the lawyer for one of the boys, said most of the money would go to the Smithsonian Institution in Washington. He added that he felt the teenage hackers had no malicious intentions, but were simply trying to probe the country's most advanced computer systems.

"I call it the Mount Everest effect," Andrian said. "They did it to prove they could."


Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2020 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Created: May 16, 1997; Last modified: March 12, 2019

`