iCrap

Posted on October 2, 2009 by Seb

My first attempt to coin a term: iCrap

Definition:

iCrap [ahycrap] icrapped, icrap-ing, noun

- verb (used without object)

1. to go to a secluded place, usually a toilet at work, possibly with the intention to avoid someone or something and use and operate an iPhone, often a game, often using headphones.

– verb (used without object)

2. the act of iCrapping.

– noun

3. anything starting with i followed by a capital letter, but isnt cool.

Origin: Littlebighuman, while chatting with his friend Alexis, came up with it when explaining that he was going to iCrap on the toilet for a while.

Related forms: iCrap, noun

Synonyms: None yet.

Examples:

  • I totally need to go iCrapping right now;
  • He was taking a huge iCrap, seriously, he was gone for one hour at least;
  • Our company has a policy against taking iCraps.
Posted in Apple, Fun, Geek, Mac | Tagged , | Leave a comment

Download BruCON security presentations and videos

Posted on September 26, 2009 by Seb

The first edition of the Belgium Security conference BruCON has ended and we can conclude it was a big success, besides being very informative it was a total blast to meet all these security geeks :)

Presentations and Video can be found here.

I’m also providing a mirror to the video’s here. There is also a torrent available.

A list of the presentations (PDF’s):

Knowledge is power ;)

Posted in Security | Tagged | 1 Comment

Walloon Government prohibits use of Firefox in favor of IE, for security reasons

Posted on September 25, 2009 by Seb

Datanews (Dutch) reports that the Walloon Government (Belgium government for French speaking citizens) prohibits use of Firefox in favor of IE for security reasons. In some cases this means using IE6.

Reasoning behind this remarkable decision seems to be a “security incident” with Firefox. The director of software solutions and projects also explains that it is mostly because of legacy applications.

I’m going to speculate and wonder if:

  • is there a dislike for Firefox by IT conservatives? Like non tech IT managers that don’t want to deal with what they expect is going to be a hassle;
  • did they make up or over emphasise the “security incident” to simplify or cover up something else? Non technical IT managers are easy victims for this scenario;
  • did they have really bad software management / road maps so they are stuck with a more then necessary bunch of legacy apps? Basically been postponing software upgrades and/or migrations so they are stuck with so many that it is practically unmanageable.

Again, I’m just speculating. The only fact I can offer is that I think this is all very entertaining ;)

Another site, also in Dutch, discussing this topic is Tweakers.net.

Posted in Politics, Security | Tagged | Leave a comment

Theme change

Posted on September 24, 2009 by admin

I just switched to this theme, because I have been having compatibility issues with my old theme and the latests WordPress version. Ill try it out for now. When I figure out how to slow down time or run my life in paralel threads I might make my own theme ;)

Posted in Blogging | Leave a comment

Skimming magnetic strip debit cards in the Netherlands

Posted on September 23, 2009 by Seb

Last night I watched the Dutch crime show "Opsporing Verzocht" (rough translation: wanted). They showed how easy it watch to skim debit cards by placing a magnetic card copier to copy the card and a little camera to capture the pin-code.

They went out of their way to interview a bunch of people. One representative of some bank organisation actually claimed that using these debit cards is still save.

The program failed to investigate the technology behind these cards. Would they have done that they would have found that magnetic strip cards are considered obsolete in the security world and that a solution to this problem: cards with a chip. These cards are used in many countries like neighbouring country Belgium. Chip based cards cannot be copied they way magnetic cards can and provide a perfect solution to this problem.

The “funny” thing is that probably all Dutch debit cards already have a chip, used for the micro payment solution "Chipknip". It is simply not used for debit transactions. Probably because someone did a bad cost risk analysis.

Great investigative journalism.

Posted in Security | Tagged , | 5 Comments

Wii games for 4-year olds based on Diego and Dora

Posted on May 28, 2009 by Seb

I finally found two Wii games that are 100% playable by my four year old daughter. Dora the Explorer: Dora Saves the Ice Princess and Go Diego Go, Safari Adventure. I can highly recommend them. Big plus is that they run in my native language as well (Dutch). My two year old loves to watch the four year old play, as if she is watching a regular Dora or Diego episode. Totally hilarious to watch (Jump!, Jump!, etc.).

You can tell they use the same engine for both games because they are quite similar. Both are side-scrolling platform games. Don’t get me wrong, they are different enough especially for the kids. There are a lot of fun little treasures, vehicles and actions like: skiing, swimming, hang-gliding, elephant riding, cave exploration, jumping, snowboarding, cable-gliding, etc.The on-screen and spoken instructions are perfectly understandable for the target audience.

I have noticed that there are a number of price differences between shops, so it pays to look around. Personally I think these games are worth about the 30 euro’s I paid for each.

Posted in Blogging | Leave a comment

Script for scanning Windows Vista to determine which Service Packs have been installed

Posted on April 20, 2009 by Seb

I needed a way to check which Security patches were installed on Windows Vista machines. Now on XP I used to use the command wmic qfe list , but the problem with this command is that it was never any good figuring out the installed date of a patch. This field was highly depend on the specific update and was/is usually not filled in. Also, in some cases it didn’t report all the updates. I think wmic qfe queried the registry and this wasn’t that reliable.

Another option I explored is to use the Windows Agent Update API. I’ve been having some troubles with that as well, as it seems that the VB-script I ended up writing doesn’t work on Windows XP SP2 (didn’t test it on SP1. SP3 and SP-less). And in one case it didn’t work in Vista either. For some reason it intHistoryCount = objSearcher.GetTotalHistoryCount returns 0 in these cases. I have to figure out why this is. Is it because it can’t talk to Windows update API?

The script outputs in csv format, except that I use “|” instead of “,”. I also put parenthesis around the text fields. So if you want to import it in Excel, make sure to select the pipe symbol “|” as a seperator. Run the script from a cmd box under Vista with: cscript scriptname.vbs > output-file.csv

I’ll be coming back to this post after I’ve done some testing in the coming weeks.

1
2
3
4
5
6
7

Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher
intHistoryCount = objSearcher.GetTotalHistoryCount
Set colHistory = objSearcher.QueryHistory(1, intHistoryCount)
For Each objEntry in colHistory
    Wscript.Echo objEntry.Operation & "|" & objEntry.ResultCode & "|" & objEntry.Date & "|" & Chr(34) & objEntry.Title & Chr(34) & "|" & Chr(34) & objEntry.Description & Chr(34) & "|" & objEntry.ClientApplicationID & "|" & objEntry.ServerSelection & "|" & objEntry.ServiceID & "|" &  Chr(34) & objEntry.UninstallationNotes & Chr(34) & "|" & objEntry.SupportURL
Next
Posted in Scripts, Security, Security Patches | Tagged , , , , , , | Leave a comment

Bash script to find the occurrences of MS KB patch# in a file

Posted on April 20, 2009 by admin

The script below can be used to check if certain patches, listed in one column in a file “B” occur in file “A”. This script can be used to process the output of the script in the previous post: Script for scanning Windows Vista to determine which Updates have been installed Now this script can be made more sophisticated by for instance adding some counters to keep track of occurrences. But I plan to re-write it in Perl to make it more cross-platform. I’ve delved into the Windows world of scripting with Vbscript, but I find it lacking in certain area’s (understatement).

Anyway, also note that the script can be used as a template for a script that simply looks for occurrences listed in file “B” in file “A”. You will most likely have to adept the grep I’ve done here specifically to look for KB patches.

Usage: ./script-name.sh list-of-KB-numbers.txt file-to-process.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

#!/bin/bash
processLine(){
  line="$@" # get all args
  searchresult=$(grep "KB\($line\)" $FILE)
  case "$?" in
0)
installeddate=$(echo "$searchresult" | cut -d"|" -f3 | sed -e 's/\./-/g')
echo $line found - installed on $installeddate
;;
1)
echo $line "NOT FOUND"
;;
2)
echo error
;;
esac
}
# Loop
# Store file names
FILE=${1}
LIST=${2}
# Check that files exists and are readable
[ ! -f $FILE ] && { echo "$FILE: does not exist"; exit 1; }
[ ! -r $FILE ] && { echo "$FILE: cannot be read"; exit 2; }
[ ! -f $LIST ] && { echo "$LIST: does not exist"; exit 1; }
[ ! -r $LIST ] && { echo "$LIST: cannot be read"; exit 2; }
# Open list for reading
exec 3< $LIST
# Process list line by line
while read -u 3 line

If everything works out you can generate output like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Seb$ ./kb-search.sh installed-patches.csv kb-numbers.txt
952004 NOT FOUND
952069 found - installed on 30-01-2009 15:23:31
953155 found - installed on 04-12-2008 13:14:25
954211 found - installed on 02-12-2008 14:53:12
954430 NOT FOUND
954459 found - installed on 04-12-2008 13:15:02
955069 found - installed on 04-12-2008 13:14:57
956390 found - installed on 02-12-2008 14:55:04
956572 NOT FOUND956802 found - installed on 30-01-2009 15:24:55
956841 found - installed on 02-12-2008 14:53:32957095 found - installed on 02-12-2008 14:53:42
957097 found - installed on 04-12-2008 13:15:06958215 found - installed on 30-01-2009 15:26:06
958623 found - installed on 30-01-2009 15:27:34958624 found - installed on 30-01-2009 15:26:33
958644 found - installed on 02-12-2008 14:55:27958687 found - installed on 11-02-2009 16:36:50
958690 NOT FOUND
959426 NOT FOUND960225 found - installed on 31-03-2009 12:46:42
960714 found - installed on 30-01-2009 15:28:13960803 NOT FOUND
961260 found - installed on 27-02-2009 08:23:40963027 NOT FOUND
Posted in Scripts, Security, Security Patches | Tagged , , , , , , , | Leave a comment

Scanning for SSL-hosts and automatic downloading of SSL-certificates

Posted on March 7, 2009 by Seb

Save the below script, for instance as get-cert-info.sh, make it executable and do:

$ ./get-cert-info.sh ips-domains.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

#!/bin/bash
# By Seb
# Script reads in a two column file of SSL IP-addresses and host-names, then downloads and processes their certificates
# Output is in CSV
 
# CSV header ROW
echo  "IP-address, Reverse lookup DNS-name, Signing Algorithm, Subject, Issuer, Start-date, End-date, Serial, Return code of certificate check"
 
# Start of loop
processLine(){
  line="$@" # get all args
  IP=$(echo "$line" | cut -d" " -f1)
  DNSNAME=$(echo "$line" | cut -d" " -f2) 
  TARGETDOM=$(echo "$line" | cut -d" " -f2)
  HOST="$TARGETDOM:443"
 
  # The use of expect here is mainly to improve performance, by sending a quit (q) after the cert is downloaded
  # we avoid waiting for the openssl timeout, in any case, a 5 second timeout is set just to be sure (the default is much longer).
 
  RAWCERT=$(expect -  EOF 
  set timeout 5
 
  # Connect and download certificate 
 
  spawn openssl s_client -connect ${HOST}
  expect "Verify return code:"
  send "q"
  )
 
  CERTTEXT=$(echo "$RAWCERT" | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p')
  SIGALG=$(echo "$CERTTEXT" | openssl x509 -noout -text | grep -m 1 "Signature Algo" | cut -d: -f2)
  SUBJECT=$(echo "$CERTTEXT" |  openssl x509 -noout -subject | sed -e 's/subject= //')
  ISSUER=$(echo "$CERTTEXT" |   openssl x509 -noout -issuer | sed -e 's/issuer= //')
  START=$(echo "$CERTTEXT" |  openssl x509 -noout -startdate | cut -d= -f2)
  END=$(echo "$CERTTEXT" |  openssl x509 -noout -enddate | cut -d= -f2)
  SERIAL=$(echo "$CERTTEXT" |  openssl x509 -noout -serial | cut -d= -f2)
  RETURNCODE=$(echo "$RAWCERT" | grep "Verify return code:")
 
  # Output CSV
 
  echo $IP, $DNSNAME, $SIGALG, $SUBJECT, $ISSUER, $START, $END, $SERIAL, $RETURNCODE
}
 
### File line loop ###
# Store file name
FILE=""
 
# Make sure we get file name as command line argument
FILE=${1?"No file name specified"}
# Check that file exists and is readable
[ ! -f $FILE ]  { echo "$FILE: does not exist"; exit 1; }
[ ! -r $FILE ]  { echo "$FILE: cannot be read"; exit 2; }
 
#Open file for reading
exec 3 $FILE
 
#Process file line by line
while read -u 3 line
do
   # use $line variable to process line in processLine() function
   processLine $line
done
 
# Close file after reading
exec 3-
 
exit 0

This is the re-dater script, save it, make it executable and do:

$ ./re-dater.sh dates.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

#!/bin/bash
# Clean up OpenSSL dates output
 
processLine(){
  line="$@" # get all args
  line=$(echo "$line" | sed -e 's/GMT//')
  line=$(echo "$line" | cut -d" " -f1,2,4)
  DAY=$(echo "$line" | cut -d" " -f2)
  MONTH=$(echo "$line" | cut -d" " -f1)
  YEAR=$(echo "$line" | cut -d" " -f3)
  echo $DAY\/$MONTH\/$YEAR
}
 
### File line loop ###
# Store file name
FILE=""
 
# Make sure we get file name as command line argument
FILE=${1?"No file name specified"}
# Check that file exists and is readable
[ ! -f $FILE ]  { echo "$FILE: does not exist"; exit 1; }
[ ! -r $FILE ]  { echo "$FILE: cannot be read"; exit 2; }
 
#Open file for reading
exec 3 $FILE
 
#Process file line by line
while read -u 3 line
do
   # use $line variable to process line in processLine() function
   processLine $line
done
 
# Close file after reading
exec 3-
Posted in Networking, PKI, SSL-certificates, Scripts, Security | Tagged , , , | Leave a comment

Create encrypted and password protected zip archives on Mac OS X

Posted on November 27, 2008 by Seb

Today I wanted to sent a password encrypted file to a Windows user and obviously the first thing that comes to mind is a password protected zip file. So I set out to create such an archive only to discover that OS X natively doesn’t support it. Not the built-in GUI unzipper (Bomarchiver I believe), nor the command-line gzip and zip. Total fail.

Now I knew for sure that zip supports encrypting files with the -e option, so the version installed on my OS X Leopard 10.5.5 wasn’t compiled with the right options.

I looked at purchasing a commercial zip utility, but I found them too expensive. C’mon, Stuffit Standard costs $49.99. A bit much if you ask me.

Anyway I decided to go for to go for the Open Source and command line based zip, except now compiled with encryption. I could have compiled from source, but I went for [Macports](http://www.macports.org “Macports”), which keeps my non-standard binaries organised under /opt.

So these are the commands I ran, to search for zip, see what variants are available and finally to install it. For more info see the [Macports website](http://www.macports.org “Macports”).

$ sudo search zip
$ sudo variants zip
$ sudo install zip

Then to figure out which zip you are using (read: is in your path first) do:

$ which zip

If it comes up with /usr/bin/zip you are using the standard, non-encryptorator zip. The Macports zip is installed (normally) under /opt/local/bin/zip. You can alter your path or backup the old zip and link to the new zip to solve this. Or just leave it where it is and call it directly. Whatever you fancy.

To password protect a file or files do:

$ zip -e archive.zip file1.doc file2.pdf file3.cap

And you will be prompted for a password.

Update: apperently some Mac OS X installs can encrypt zip files by default (see comments). At least as of Leopard you can do this with:

$ zip -e archive.zip <files>
Posted in Mac, Security | Tagged , , | 2 Comments