April 2010 Archives

Since my iphone is a company phone, jailbreak was never an option. I'm surprised to see the amount of terrible "tether your iphone by jailbreaking it" guides there is out there. I suppose at some stage there was no decent driver in sight. ANyway, this is how you tether the iphone by installing third party compiled binaries.

First we add the third party repository and update the apt cache (this has security implications, so don't cry if your wall paper suddenly changes to tubgirl):

    sudo add-apt-repository ppa:pmcenery/ppa
    sudo apt-get update

Then we install the required modules (accept the dependencies):

    sudo apt-get install gvfs ipheth-utils

This will install and insmod the ipheth driver. Make sure that internet sharing is enabled on your iphone and plug it in. It should show up as a wired connection. If something went wrong check your dmesg. I have experience timeouts on TX which caused it not to initialize. Replugging did the trick.

In the spirit of openness the Apache foundation has released an excellent post mortem write up of their recent compromise. It started with a XSS attack leveraged through the issue tracking software they use (JIRA) and ended with complete root access on one server, limited access to another and a number of passwords compromised.

Read the entire story at https://blogs.apache.org/infra/entry/apache_org_04_09_2010

From Chris Spencer on the ruxcon mailing list:

As part of a new initiative, the Ruxcon Team in conjunction with RMIT Information Security Collective, have established a monthly meeting in Melbourne. The aim of the meeting is to encourage individuals to perform a short presentation on computer security or a related topic in front of a small audience. The monthly meetings are open to everyone and free to attend.

The presentations are intended to be short (between 5-20 minutes), a projector and screen will be provided. We encourage participation from everyone and hope to see a variety of presentations over the coming months. Any topic is welcome, a presentation could be as simple as speaking for 5 minutes about a project you are currently working on, or day to day work tasks within your given field.

If you are interested in participating please email us at ruxcon ruxcon org au.

Please join us on Friday and help make the kickoff a success!

Details for the kickoff:

Date: Friday, 23rd April
Time: 6:00pm
Location: RMIT University, City Campus
https://my.rmit.edu.au/portal/page/portal/RMITPortal/campusmaps?dsize=max
Room 008.09.041 (Building 8, Level 9, Room 41)

Presentations:

• SQL Injections 101 - Louis Nyffenegger (@snyff)
  
• Malware Analysis for Incident Response - Ash Fox
• Binary Analysis Basics - Chris Spencer

Bugle is a neat tool which uses google and regular expressions to detect security defects in code. It makes it super quick to find vulnerable code.

The downside is that the code is often old and the vulnerability has been found, disclosed and fixed. And checking all those hits take time. Still it is well worth a spin.

Disclaimer:
Bugle's use of regular expressions to locate code defects was what initially prompted me to organize my messy scripts into the open source script graudit