Why iPhone and Android phones are unsuitable for the Enterprise world

Every month there seems to be another news article about a large enterprise investigating the possibility of replacing some or all of their Blackberry devices with iPhones or Android devices.

I can almost guarantee that the reason for this is due to senior managers who no longer want to carry around their funky iPhones as well as their boring old Blackberry. These senior managers see their kids using email on their iPhone and chew out their CIO because they can’t see their work email on their own. Unfortunately these senior managers don’t often understand the implications of their request, and this post is an attempt to help educate them.

1. iPhones have useless data encryption
The iPhone 3GS encryption is useless. It can be broken in under 2 minutes using software freely available on the internet.

In contrast, countries like the UAE and India are considering banning Blackberries within their country because even their government’s top science people can’t break the encryption.

For firms like UBS and JP Morgan this is a problem. More and more laws are being created relating to the encryption of customers financial data. For example, in Massachusetts:

The law requires any firm conducting business with state residents to deploy encryption and protect against data leakage. A combination of a person’s name along with their Social Security number, bank account number or credit card number must be encrypted when stored on portable devices, or transmitted wirelessly on public networks, according to the new law.

Encryption of personal information on portable devices carrying identity data like laptops, PDAs and flash drives must also be completed by Jan. 1, according to the Massachusetts Office of Consumer Affairs and Business Regulation, which announced the extension Thursday.

2. Control of device settings using policies
Blackberry’s have the ability to be controlled from a central administration console within the organisation. This means that systems administrators can control everything about a device from a server. This also ensures that all devices have a standard configuration making it far less likely they will stop working and easier (read: cheaper) for the service desk to support.

Enabling the encryption settings mentioned above on a fleet of 22,000 Blackberry’s involves changing one setting on a server. To change this setting on 22,000 iPhones it needs to be done manually on each device. Even then, there is no way to detect if it has actually been configured on each device. Something a financial auditor will pounce on immediately.

An enterprise solution also allows settings such as password unlock requirements to be enforced on the device. This allows administrators to ensure that if a device wiped clean if it is lost, and someone finds it and types the password wrong a few times. If this setting is configured manually on an iPhone or Android, it is often disabled by the user because they find it too cumbersome to type a password in each time they want to make a phone call or read an email.

3. Control of application installation
An enterprise solution, such as Blackberry, allows an administrator to control which applications an end user can install on their devices. This cannot currently be done on an iPhone or Android device. Allowing users to install any application that they choose on a corporate device poses several security problems.

A rogue application may have back doors or security flaws allowing it to steal corporate emails, calendar appointments and send them to the application author. A lot of malicious programmers embed this type of code within games or any other application that may seem initially harmless. This could allow sensitive customer data to fall into the wrong hands.

By only allowing users to install approved and tested applications system administrators can ensure this will not happen. It is amazing how many organisations ban installation of applications on locked down laptop and desktop computers but don’t seem to care what their users install on their mobile devices, which contain the same types of customer information.

At the end of the day, iPhones and Android phones are great and I couldn’t imagine life without one. However these are consumer products and therefore not designed for corporate use. Corporate devices are safe, secure and robust. This basically means that they are boring, which is why people want to stop using them. One day iPhones and Android might evolve to a point when they are suitable for corporate use, but I hope that never happens as it will take the fun, spontaneity and creativity out of them.

Review: Zenithink ZT-180 ePad

The release of the iPad has inspired many copy-cat devices, mostly originating from China. The Zenithink ZT-180 ePad is one of these devices, recently released with Android 2.1 as it’s OS. Being a Google fanboy, the idea of a 1Ghz tablet running Android had me very intruiged and I ordered one for $AU280.

I was excited to receive it and have a tinker. I quickly discovered that it is an absolute piece of garbage and here is why:

1. It does not in fact have a 1Ghz processor as advertisied, it is an ARM11 CPU with a coreclock of 800MHz. The OS is sluggish and it often freezes for 5-10 seconds as it catches up with what I am trying to do.
2. It has a resistive touch screen, not a capacitive one like the iPad. This makes it frustrating to use. It is also not multi touch. (Explained here: http://en.wikipedia.org/wiki/Touchscreen#Technologies)
3. There is no access to the Android Market out of the box. You can get access to the market by following a series of unnecessarily complicated steps, which I did and they indeed work a treet. I have a lot of respect for the people who hacked this together. (http://bobhood.wordpress.com/2010/08/30/android-market-and-the-zenithink-zt-180/)
4. The wifi antenna is on a PCB, and about the size of a match stick. This causes the wifi to drop out if you walk more than 5m away from your access point.
5. It is called an ePad, with the ‘e’ of their logo directly ripped off from the Microsoft Internet Explorer logo.

But like a puppy with only three legs, it is impossible not to simultaneously love this device. It shows so much potential and I can’t wait for an Android tablet from a decent hardware manufacturer. Even with the above major flaws it is much better than an iPad in the following ways:

1. It has USB ports, allowing you to plug in a wide variety of peripherals such as web cams, USB sticks and 3G modems.
2. It has a MicroSD slot which means you can upgrade the memory whenever you damn please. You can also have more than one storage device for it allowing you to copy movies or music to it without having to bollocks around with itunes or DRM. At the time of writing 16GB and 32GB microSD cards cost $60 and $110 respectively.
3. It plays a wide variety of formats like Divx, and it allegedly does this in 1080p.
4. You can install apps from the internet without having to go through the market place. Just click on a link on the developers website, or even have a friend email the application to you.
5. It multi-tasks quite well.
6. If you use the Google cloud, then this is a perfect companion for checking your emails, calendar or documents when you’re on the couch and can’t be bothered waiting for your laptop to boot.
7. Using apps from the Android store, you can access file shares from other computers in your house using Wifi.

You have to hand it to Apple though, they’ve once again found a piece of technology that has existed for many years and re-invented it as something that excites people. I thank them for re-launching the tablet PC world with the enthusiasm it deserves.

At the end of the day, considering ZT-180 is 1/3rd the price of an iPad, you really can’t expect much. It shows excellent potential and will continue to keep an eye on the Android tablet PC market. There are some exciting projects in the pipeline from people like Samsung and Asus which will be worth a look.

I love living in the future.

UPDATE::
Since upgrading the device firmware to the latest version the device is infinitely more stable and the touch screen is somehow a lot more responsive.

How to import your Bookmarks to Safari

So you’ve made the switch to the Safari web browser; congrats! But what about your bookmarks? If you have a rather large list of bookmarked websites then you’ll need to import them!

The following method demonstrates how to export your bookmarks from Firefox and import them using Safari.

Step 1: Export bookmarks from Firefox

The first step requires you to export your bookmarks from Firefox. Fortunately this is fairly simple process. Simply select the Bookmarks menu item, then select “Organize Bookmarks”.

Next select the “Import and Backup” dropdown and select “Export HTML”.
When prompted, save this file to your hard drive (desktop is fine for now).

That’s it! You’ve successfully exported your bookmarks from Firefox to a standard .html file.

Step 2: Import your bookmarks into Safari

Next we need to import this file back into Safari. Now for me, the primary menu toolbar wasn’t enabled and I don’t believe it’s enabled by default. If you can’t see menu bar with “File”, “Edit”, “View” etc, then you’ll need to enable this menu bar. You can do this by selecting the cog menu icon on the right of the browser, and selecting “Show Menu Bar”.

Once you’ve got the menu bar activated, simply select “File” then “Import Bookmarks” and browse to your desktop where you saved the Firefox bookmark export!

That’s it! You’ve successfully imported your bookmarks from Firefox. You can now drop and drag your bookmarks to your preference!

I dragged my most used bookmarks to the “Bookmark Bar” in Safari which allows me to quickly access the bookmarks I used most.

Installing Google Chrome on Ubuntu Hardy

With the release of Google Chrome last week, it was interesting to see all the articles that popped up with Linux users installing Google Chrome (Which is a windows product at present) on Linux. The biggest problem I found was that you need the latest version of WINE to get this working, and no amount of “apt-get update | apt-get install wine” will work.

Updating WINE

The first step is to update your WINE version to 1.1.4.

wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -

sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/hardy.list -O /etc/apt/sources.list.d/winehq.list

sudo apt-get update

Installing prerequisites

There’s a few software packages you need in order to get Chrome up and running. Winetricks is a script which allows you to quickly download necessary windows components.

Note: The last command below will install FIREFOX in WINE, you’ll see why in a second.

wget http://www.kegel.com/wine/winetricks

mv winetricks /usr/sbin/

winetricks riched20 riched30 flash msxml3 corefonts firefox

Installing Chrome

During the above process, you’ll be prompted to install FireFox 3. Proceed with the WINE installation of Firefox.
Note: Yes I know you can get around this step by not installing FireFox, but this way seems to the be the easiest way to do it.

Once Firefox is installed in Wine, RUN Firefox in WINE and visit

http://www.google.com/chrome/

Download Chrome and run the Chrome setup. It will proceed to download and install the Google Chrome browser. Once it’s complete, use the following command to run Chrome.

Running Google Chrome

wine “$HOME/.wine/drive_c/windows/profiles/$USER/Local Settings/Application Data/Google/Chrome/Application/chrome.exe” –no-sandbox –new-http

And there you have it. A fairly simple way to get Chrome up and running on Ubuntu Hardy.

Sources: Ubuntu Forums

How To: Kaspersky Anti-Spam

Every network administrator at some stage in their career will come into trouble with the influx of spam during their career because, quite simply, spammers are smart. If you did a Google search for “Linux Anti-Spam”, you’ll be bombarded with tutorials using the infamous, free, SpamAssassin software. However if spamassassin isn’t quite cutting it, you may want to give Kaspersky Anti-Spam 3.0 a whirl. (Please note, Kaspersky Anti-Spam 3 isn’t free and requires a per mailbox licensing fee)

The name Kaspersky is gaining quite a name globally, originally an Anti-Virus engine; Kaspersky Labs has developed tools to help assist network managers fight malicious attacks in all forms of life; spam, viruses, spy-ware and phis-hing attempts. Kaspersky’s anti-spam product, titled appropriately, Kaspersky Anti-Spam 3.0, is able to integrate with your existing Linux smtp engine to filter spam for your users. Kaspersky Anti-Spam (and from now on known as KAS) is able to integrate with;

- Qmail
- Sendmail
- Exim
- Postfix

Getting started

The first step is to obtain the package which suits your Linux distribution. For the sake of simplicity, we’ll install KAS using the debian packaged file.

Grab Kaspersky Anti-Spam here

wget http://dnl-eu8.kaspersky-labs.com/products/english/antispam/deb/kas-3-3.0.284-1.i386.deb
dpkg -i kas-3-3.0.284-1.i386.deb

Once KAS has been installed, it will show on the screen a number of steps you must perform to complete the installation. This includes installing the license key, enabling automatic updates and integrating KAS with your SMTP engine.

Configuring

You’ll need to transfer your kaspersky anti-spam license key file (.key) to the server so you can perform the following task;

/usr/local/ap-mailfilter3/bin/install-key /path/to/your/keyfile.key

The great thing about KAS3 over KAS2 is the web interface. Kaspersky Labs has developed a web interface, allowing you to configure various components of the software.

To access the web interface from a computer other than the one KAS is installed on, you’ll need to make a change to this file;

nano /usr/local/ap-mailfilter3/etc/kas-thttpd.conf

and uncomment the line

#host=0.0.0.0

Finishing up

Once that’s done, you can simply type in your browser; http://ip-of-kas-server:3080 and whola! You’re away. I won’t delve into how to configure the application as its pretty self explanatory. Simply hit the policy page and configure the action rules, which state what should happen to SPAM once detected (whether it should be deleted, redirected etc).

Screenshots

Preconceptions About Network Security

A common preconception about network security is that as long as the firewall is working and preventing all unauthorized access to internal devices (that’s incoming traffic) – then the firewall is doing its job. However this often isn’t the case and a number of recent attacks have proved this. This misconception is held amongst many sys admins and their IT managers, who often turn their back on security news with the idea that they have a firewall; they are protected.

I wanted to demonstrate how an attacker with a targeted victim, can gain access and infiltrate an organizations network.

When I say targeted victim, I mean the attacker specifically wants to target a certain organisation and has re-arranged his tools to suit the environment at hand. Many of these attacks are planned and a rough outline can be seen below.

For this little example, lets call the Attacker Bob and the company “Widgets Limited”.

Attackers goal: Bob wants to gain access to Widget’s internal network.

Bob knows that Widget’s has a strict firewall policy which has a number of open ports such as SMTP and FTP. After failing to exploit these two services, Bob moves on to a more complex approach using a little social engineering and a basic web vulnerability.

Step 1:

Bob visits social networking site; linkedin.com and looks for employees that work for Widgets. He finds out that Lisa and Mary both work for Widgets and have each other on their friends list. (Concept works for Facebook too)

Step 2:

Through the use of Google, Bob may be able to tell what email address format Widgets use (“@widgets.com”) and therefore will be able to determine whether the company uses simply “Lisa@widgets.com” or perhaps “lisa.lastname@widgets.com”.

Step 3:

In the next step, Bob sets up a website with javascript code known to exploit either Internet Explorer or other addons such as Adobe Flash player. (A exploit was found in the version of Adobe Flash that comes with Microsoft’s XP service pack 3″)

Step 4:

Remember those two Widget employees Bob found earlier? Bob can then send Lisa an email with a link to the website he created, and by spoofing the sender address, can make it look like it came from Mary, the other Widget employee. Bob uses the sender address format he found in Step 2 so that its sent to the correct Lisa. Bob might make the email say something like “Checkout this funny video”.

Step 5:

When Lisa visits the page, the exploit is injected into the operating system – which is most likely shell code designed to perform a certain function, or perhaps a trojan is loaded allowing Bob to take control.

But how can the attacker connect to Lisa’s machine; there’s a firewall!!

Why should sys admins restrict outbound traffic, I mean my employees aren’t hackers!

Ah but most firewalls generally allow outgoing traffic, so Bob configures the trojan to use a Backconnect script which tells the trojan to make a connection BACK to Bob’s computer – bypassing the firewall.

As you can see in this example, Bob is able to achieve his goal of gaining access to the Widgets network. From here, Bob could run network scans on internal subnets to asses further machines he could compromise. Have an unpatched domain controller? Bam – Bob is in and you don’t want to know what damage he can do. Bob could also use ARP poisoning tools which will allow him to perform man in the middle attacks (article coming soon), which allow data from a particular host to route through a certain network device.

What can I do to stop this?

Keep your Anti-Virus up to date!

Ensure all PC’s have an updated anti-virus program designed to be proactive! (Kaspersky 6.0 for workstation does a great job at this!)

Patch your network devices!

Nessus is a vulnerability scanner which has the ability to scan all machines in a particular subnet. Nesses can report;
-Hosts that need Microsoft updates
-Hosts that have exploitable software (Such as Adobe Flash, old versions of Firefox, IE, etc)

Limit outgoing traffic!

Create a firewall policy to only allow outgoing traffic on the ports people need! If your clients only need web access to browse the web, only open port 80! While this might help prevent Bob from using a backconnect script, he can always connect through port 80 ..

I’d love to hear peoples thought’s on this topic so feel free to add comments! Valuable comments will have their content injected into the post to help educate others.

Rootkit Detection and Removal

The other day I noticed something weird when I performed the command “ls -l”. Bash was reporting some strange output and the first thing I did was throw it into Google…. which revealed one thing; my Linux box had been comprised. Freaked out at first, I started researching everything I could; I was already aware of tools such as rkhunter and Chkrootkit and this was the first thing I did. RKHunter confirmed what I thought, my server had a rootkit, a SHV5 Rootkit to be correct. The compromised server was used in a web hosting environment and had all the usual services running such as; ftp, http, smtp, dns, pop3, imap etc. After some “intense” googling, I revealed that many sites and forums stated the three R’s to root kit removal;

Repartition, Reformat, Reinstall

And whilst I agree that the above actions are the only 100% way to ensure your system is completely rootkit free, I offer advice on how you can get get up and running without having to rebuild or disappoint your clients *gasp*.

Please take the following advice with caution – we cannot be held responsible for any further damage that you may cause. Further to that, this article is “always updating” – should you have further advice as to assist with the removal of Rootkits – please feel free to chip in and lend a hand.

Detection

The first step is to detect what Rootkit you have and there are two well known tools to do this;

- RKhunter
- Chkrootkit

Cleaning up

The first thing you should do once you KNOW what rootkit you have, is to Google any information you can. What you want to do is find out exactly what the rootkit does and often there are detailed posts or whitepapers which explain this.

In my case, the SHV5 rootkit replaced quite a few system binaries with its own “trojan’ed” version, designed to hide any suspicious activity from the system administrator. An example of commands that were replaced were; ps, ls, top, lsmod, find, netstat etc. (As you can see, these are essential tools to help clean out the rootkit! We need our originals back asap!)

The SHV5 rootkit also set the immutable attribute on core system commands, making it “undeletable”. To check what files the Rootkit may have infected, use the “lsattr” command.


root# lsattr /bin

You may see something like;

s---ia------- /bin/netstat
------------- /bin/zcat
s---ia------- /bin/mv
------------- /bin/date
s---ia------- /bin/cp
------------- /bin/grep
s---ia------- /bin/ls

The files that have the “sia” flags set have most likely been compromised and you are advised to replace them from your package maintainer. The flag “i” represents immutable, meaning it cannot be modified, renamed or deleted.

If you run a system that uses RPM’s, you’ll most likely have to delete the package that contains the above compromised tools, before you can replace them. As this is a dangerous move (deleting crucial commands), I suggest you get everything in place before you proceed.

Simple download the packages you need. In my case I needed the following;

- coreutils-x.i386.rpm
- findutils-x.i386.rpm
- net-tools-x.i386.rpm
- proccps-x.i386.rpm

Once downloaded I performed the following commands;

Because RPM won’t let me uninstall a package that has files with immutable set, I did the following;

chattr -ias /bin/ls
chattr -ias /bin/find

Then;

rpm -e coreutils.i386 --nodeps
rpm -i coreutils-x.i386.rpm

And I did this for all the files that I knew were compromised. Now that I had my everyday system commands back up and running, I could explore further.

Always check the /tmp folder, as this is most likely where the rootkit was first introduced. The /tmp folder is used by many web applications which is often the method of intrusion. In my case I found /tmp/r00t … interesting? I ziped up the folder and stored elsewhere for later viewing. (Oh and I also rm -rf’ed the prick :))

The SHV5 rootkit installs itself under /usr/lib/libsh – and removing this folder is probably a good idea.

Conclusion

Once you’ve got your core system commands back, you can perform an analysis of the situation, digging deeper to see what else has changed. For example;

- netstat -an
Use this command to verify which ports on your machine are open and awaiting information. SHV5 has the ability to run a hidden shell session, listening on a particular port.

- lsof
Cycle through the output this command generates and see what files are being used by the system.

Good luck!

Resources

Some handy sites to assist;

- Linux RootKits For Beginners – From Prevention to Removal
- Analysis of RedHat 8.0 Honeypot Compromise

Ezbounce tutorial

Ezbounce is a cool peice of software that has many useful features for the hardcore IRC user. If your a regular IRC user who wants to hide your identity, stay connected to channels whilst offline and have a centralized IRC session – be sure to check this guide out.

From the ezbounce website.

ezbounce is an Internet Relay Chat (IRC) proxy server.
Features include:

* Multi-user support
* Full access control (ban and allow lists)
* Full IPv6 support
* Secure Sockets Layer (SSL) support
* Lots of tweakable settings

Obtaining ezbounce
The first thing you will need to do is install the software onto an available Linux machine. You will need to recompile this from scratch, so make sure you have the appropriate gcc compilers already installed.

james[/home/james]# wget http://druglord.freelsd.org/ezbounce/ezbounce-1.04b.tar.gz

(If that doesn’t work – the link might be dead – head to the official download site)

Next we need to extract the ezbounce files.


james[/home/james]#
james[/home/james]# gunzip ezbounce-1.04b.tar.gz
james[/home/james]# tar xvf ezbounce-1.04b.tar

Compiling
cd to the newly created folder. The next step is to configure and compile ezbounce. We can do this with the following commands.

james[~/ezbounce-1.04b]# ./configure
james[~/ezbounce-1.04b]# make
james[~/ezbounce-1.04b]# make install

If all goes well the executable should appear in the folder your currently in. Next we need to configure ezbounce.

Config
Ezbounce comes with two config files, one with minimal options and another containing all possible options.

For this guide we’ll just use the minimal one (ezb.conf). Open up ezb.conf in your favourite text editor. Most of the options you can leave by default. You’ll want to edit the user bracket. Here is an example.


user lego
{
	allow
	{
		from *
		to *
	}
	set is-admin 1
	set password pass123
	set enable-incoming-dcc-proxying 1
	set enable-outgoing-dcc-proxying 1
	set enable-detach-command 1
	set enable-auto-detach 1
	set enable-vhost-command 1
	set enable-fake-idents 1

	vhosts
	{
		all
	}
}

This user block allows me to connect to any server, FROM any location. The “is-admin” makes me an admin and “password” line sets my password. You may read the readme for a more in depth explanation about each available option.

Next, run ezbounce!

james[~/ezbounce-1.04b]# ./ezbounce ezb.conf

Linux Innuendo

who | grep -i brunette | date; cd ~; unzip; touch; strip; finger; mount; fsck; gasp; yes; uptime; umount; sleep

Turning off Non Delivery Reports

MORE INFORMATION
To disable NDRs, follow these steps:
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Expand the Global Settings container in the left pane, click Internet Message Formats, right-click the Default object, and then click Properties.
3. Click the Advanced tab.
4. Click to clear the Allow non-delivery reports check box, and then click OK.

http://support.microsoft.com/default.aspx?scid=kb;en-us;294757

School blocked myspace?

A friend came to me with an issue recently, she found herself blocked from sites such as friendster and myspace. While I don’t particularly care for these type of social networking sites (I mean, we didn’t have them in my day – I turned out okay didn’t I?!?), I was here to lend a hand.

Now if you didn’t know already, the web proxy niche is flooded to the max. New sites popup every day that allow you to browse web pages through their web based proxy. Quite a few are making a tidy profit.

So what I’m going to do is recommend a few solutions to get around your school blocking myspace.

Solution 1
Use a web based proxy to bypass your schools firewall, here are a few;

http://www.hidemyass.com
http://www.keepbrowsing.com
http://proxify.com
http://www.unblockworld.com

Solution 2
You could try using a portable browser such as Opera + TOR, which promotes anonymous browsing;
Get it here

Solution 3
You can use Google Mobile to transform pages so you can view them. However the pages will look funky, as they are intended to be used by mobile device – however it does work, and schools rarely block google so you should be right :)

http://www.google.com/gwt/n?u=http%3A%2F%2Fwww.myspace.com%3Fuseclassicmyspace%3Dtrue

Solution 4
Does your school have a strong blocking policy that you can’t get around? If port 22 is open, you may be able to tunnel your HTTP traffic through an SSH server.

PLEASE NOTE; FOR THIS SOLUTION TO WORK YOU MUST HAVE ACCESS TO SOME SORT OF SSH SERVER Don’t have access to a SSH server? Search here for a free shell account.

First, download and install PUTTY.

Under session, type in the SSH server you intend to connect to.

Next, Under Connection you’ll see SSH and under that you will see “Tunnels”.
Apply the following;

Source Port: 7000
Destination: localhost
Select “Dynamic” and “Auto”

Now connect.

Next fire up Firefox and do the following; Tools->Options->Advanced->Network->Settings and set the following proxy configuration:

* Manual proxy config
* SOCKS Host: localhost
* Port: 70000
* SOCKSv5

Now all your HTTP traffic is being tunneled through your SSH server.

Don’t have Firefox? School blocks you from installing applications?
Download Firefox Portable! (Allows you to run Firefox without installing any applications)

Enjoy :)

Sorting WordPress categories alphabetically

By default, the blogging platform “wordpress” doesn’t sort categories by alphabetical order. To change this you need to set an argument when calling the function.

Under the theme editor, find where the categories are listed (most often the sidebar) and look for the function wp_list_cats.

To sort by category name use the following.


    Categories

« Previous Entries