I attended SIUIS4 on this Saturday. The organizer was Southern Illinois University Innovative Systems group, a student-run interdisciplinary effort aimed at helping students at SIUC and around the area. The event, titled “SIUIS4,” included a premier professional networking event featuring more than 20 speakers as well as technical presentations, panel discussions, paper symposiums, competitions and workshops, among other items.The conference is still at its baby steps. However, there were some good talks and discussion. Especially, I like the discussion about IPv6. It was informative and interesting one. I will have a blog post about IPv6 soon.
As I mention on the “Some Updates About MySelf” I will update my blog more frequently. Today, I want to talk about BackTrack4.
Backtrack is a lovely Linux distribution for security professionals. BackTrack4 is now using debian deposotories and that makes it nicer for me.
If you want to run BackTrack on your windows machine, you can use LiveCD or a virtual machine.
Only virtual image I have found was for VMware. VMPlayer is not best solution for a windows machine. Ram and cpu usage goes up and machine can be so slow. However Virtual PC 2007 runs smoothly.
Then go to this website and get the VMDK converter. This program will convert VMware images to virtual PC’s virtual hard disk image.
Use ‘letmein’ as your username and ‘bugmenot’ as your password ( Yeah, I don’t like to set up an account either!)
After unzip the directory and start program, you convert BackTrack 4 image to Virtual PC’s hard drive.
That is it!
Ask any question or problem you have.
As you see from the logo at the upper side, I am CCNA now. Personally, I believe certifications are important but they are not mean a lot to me. I was required to get it and the mission accomplished.
Another good news is my application for an author position at a popular Turkish IT Security magazine was accepted. I will be writing monthly articles in there. (I will be writing an English IT Security magazine soon but still don’t decide it). Of course I will continue to write for articles.slicehost.com as part of my job.
To be honest, I am finding writing technical articles in Turkish harder than in English. For example, I am having hard time to find a Turkish word which means “multithread” or even “server”. I don’t know their Turkish correspondence (all computer class I have were in English- even at the Istanbul Technical University so I am not good Turkish IT terminology) but it will be good to learn them.
After now, hopefully I will have more time to update my blog at the evenings. You will find lots of new article and they will especially be about security tools ( nessus, ettercap, wireshark, metasploit, JohntheRipper, aircrack….)
I am adding a new project section: Computer Forensics. I will give more details about it later, but this will be a section just dedicated to my personal work on computer forensics .
I have already re-designed realinfosec.com and lunched a new section but could not have time to update it. It will be updated very soon.
My system administrator blog will stay in googlespot but can be reached from realinfosec.net with its new interface in a few days.
I am lunching another website soon (realinfosec.org) but this will be just dedicated to soccer. I was refereeing some games for kids and very soon I want to do more serious stuff for it. (I am required to get a certificate for this too!)
That’s all for now.
I already knew that information security is a hot topic but I was not expected to see many visitors from all around the world. This blog has regular visitors from Africa, America, Europe, Asia and Australia. My goal is now getting visitors from Antarctica!!
Seriously, this blog is still new but it has good statistics. Actually, I did not and will not have any expectation from realinsec.com except sharing my knowledge and learning new things. Having readers from different countries just mean people are interested in this stuff.
Anyway, here is the map for last 500 visitor (the program only holds data for last 500 visitors, other wise you need to upgrade and pay for this service. I will see what google has for this.)
I have updated my blog and make it look nicer!
I am trying to write quick handful articles for command line based tools. I now decided to have a web page dedicated to web based security tools. I will update this page frequently and will make a blog post for the complex tools. (Usually you don’t need to have information security background to run these software, however interpreting output may require some advanced knowledge). Please let me know if you know any useful, good sec. tools!
Social engineering is so interesting. You can get all access of a system without a little technical information. To protect yourself is not that easy. A social engineer who has done much researching about his victim can do many harmful things.
You cannot hide your foot prints on internet. There are several command line utilities which use google and find all pdf, txt file on a domain then extract user names from those documents.
User names are so important and easy to get…. After I see people’s hotmail and google passwords, I can say guessing password based on social engineering is easy too.
Social engineering and computer forensics are two things I want to specialize in.
Learning crackers tactics can help security people to protect their users.
I am currently busy with some networking stuff. However, I will love to learn more some social engineering tools. There is a good website for this purpose: http://www.social-engineer.org/
As it said at the website “Because there is no patch for human stupidity”
Nmap 5.0 has just came out, so I thought it would be nice to have a nmap tutorial….
I will post some quick tips about information security, so they won’t be articles I am usually post. You can find them under Information Security->Quick Tips Category
I decided to write about security tools; how they work and what they do. You can find these post under security tools category. First one will be tcpdump. Tomorrow!
I love being in the IT industry. You never get bored and you learn new stuff everyday. Recently there is a rumor for a possible vulnerability of OpenSSH. I was really interested, so I made a small research. It turns out just a rumor, but if you want to be really sure that your machine is safe, then I recommend you to upgrade openSSH package.
How to fix it?
In your Linux box ( I used Ubuntu in this example), type ssh- v to learn the version you have. The latest stable version is 5.2 which is publicly available since february 09. If your distro doesn’t provide this version, then you need to download it from source code, and compile it on your own.
Lets get our hand dirty and install it from source.
First let’s remove openssh from our linux box.
$apt-get remove openssh-client openssh-server
I didn’t use –purge option and remove my config files, since I want to keep them. (But I installed openssh with default option (ah!), then I need to figure out where new config files are, where new sshd executable is etc, and do some tricks; however you can backup your config files and use –purge option and remove them completely, then paste your files in their new location which is /usr/local/bin, usr/local/sbin)
First go to their website and use wget to download the source (I choosed closest server for me):
Let’s now let’s install Zlib and OpenSSL which are prequisetes, (Probably you already have openssl so you can skip this step)
I installed zlib from it source.
$tar xvfz zlib-1.2.3.tar.gz
And apt-get for openssl
$apt-get install openssl
Now we can tar our openssh package.
$tar xvfz openssh-5.2p1.tar.gz
Then go to inside of openssh-5.2p1 and run
Ahh, you should get some error, why?
You can check log file config.log in the directory. I found that we also need to install libcurl4-openssl-dev
After you install that package, then run
$make install ssh -v
Remember that this will install openssh with default option.
Now type $ssh -v, You should see OpenSSH 5.2p1 if you install it correctly. Since I installed openSSH with default option I need to make some changes to get ssh server is running. First, I see that my sshd executable is in /usr/local/sbin; however /etc/init.d/ssh script is looking for it in /sbin directory; so I copy sshd into that directory. Then I see that sshd check /usr/local/etc/sshd_config file not /etc/ssh/sshd_config file, so then I need to copy my previous sshd_config to /usr/local/etc/sshd_config
Finally it works! Even tough my new config files in the /usr/local/etc I am happy with that.
I hope this helps for ones who concern about their ssh server security.