Security Samizdat

This is cool.

The work on QRBG Service has been motivated by scientific necessity (primarily of local scientific community) of running various simulations (in cluster/Grid environments), whose results are often greatly affected by quality (distribution, nondeterminism, entropy, etc.) of used random numbers. Since true random numbers are impossible to generate with a finite state machine (such as today’s computers), scientists are forced to either use specialized expensive hardware number generators, or, more frequently, to content themselves with suboptimal solutions (like pseudo-random numbers generators).

[…]

To ensure high-quality of the supplied random numbers (true randomness) and high speed of serving, we have used fast non-deterministic, stand-alone hardware number generator relying on photonic emission in semiconductors. The used Quantum Random Bit Generator was previously developed at Rudjer Boskovic Institute, in Laboratory for Stochastic Signals and Process Research (for details, see below).
To achieve high availability of the service, several network access modes are developed, or shall be developed. These include transparent acquisition of random numbers using C/C++ libraries, web services (access over the SOAP protocol), and Mathematica/MATLAB client add-ons. 

You can visit que QRBG site, download the client of your choice, and start getting true randomness in no time (registration required)

Interesting 0-day vulnerability in Firefox when installed in a box already running Internet Explorer (i.e. all Windows machines).

Firefox installs three protocol handlers, which lack some basic input validation. It seems that IE is able to launch Firefox in such a way that arbitrary commands are passed onto the shell (with the privileges of the current user)

Read the details at Jesper’s blog.

I’ve just found this while browsing public del.icio.us links tagged with “security” (you’d be surprised at how much interesting stuff can be found there).

This is such a great idea. Harnessing the power of humans solving CAPTCHAs so perform accurate OCRs of print books. Stop the web-SPAM problem and help digitize books!

“About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that’s not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day.”

[…]

“reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.

But if a computer can’t read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here’s how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.”

They have plugins for all major blog/board systems, and I plan to give the Wordpress plugin a try!

Rootkits are security tools used by intruders after compromising a hacked system. Rootkits help the intruders maintain their access to the system while hiding the toolkit, processes, open ports, etc. from the system administrator.

There are several interesting tools to scan for rootkit presence on a system. In this post, I’ll look at the two tools I use: Rootkit Hunter, and chkrootkit.

Rootkit Hunter

http://rkhunter.sourceforge.net/

Rootkit Hunter is a scanning tool that scans for rootkits, backdoors and local exploits. It checks MD5 hashes, default files used by rootkits, strange permissions in binaries, suspect strings in modules, hidden files, etc. It works in most flavours of Linux, BSD (OpenBSD, FreeBSD, MacOS X, but not NetBSD) and some Unix variants (AIX, Solaris, etc.)

Once you download Rootkit Hunter, unpack it, and execute the installer.sh script as root user.

After installing, just execute it (as root) with the following options:

rkhunter -c

- performs standard check of the system

rkhunter -c –quick

- performs quick scan

rkhunter -c –check-deleted

- performs a “deleted files” check (processes using deleted files)

rkhunter -c –scan-knownbad-files

- performs a “known-bad files” check

rkhunter –update

- updates database of rootkits

An interesting option is to use a cron job to schedule periodic update and system check, by using this script (add it to the crontab or /etc/cron.daily directory)

#!/bin/sh

( /usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run’ root

chkrootkit

http://www.chkrootkit.org/

chkrootkit is another option for our rootkit-detection toolkit. It can be downloaded from: http://www.chkrootkit.org/download/

It doesn’t need to be installed. Just unpack it and run chkrootkit it as root. This is useful if you need to run it from read-only media, such as CD-ROM, to avoid compromise of the rootkit-detection tool itself.

chkrootkit has an interesting option, which allows to specify the root directory to be scanned. Although I haven’t tested it yet, it could be used to mount an off-line image of a suspect filesystem, in a typical forensics analysis way, and scan it for rootkit infections.