Thursday, April 30, 2009

Laptop PWN3D!


It took three tries and as usual OpenVPN stability was an issue, but I finally stole my own laptop without ever touching it.

It took almost thirteen hours, but that's within the limits of an unattended laptop in a "secure" location. Not everyone takes their laptop home, and if you work in an environment like I do, nobody likes to log off or reboot because it takes at the very least twenty minutes for your system to get back to normal (our specific problem is Outlook - it really has a hard time waking up in the morning).

Granted, the hard disk only had 20G of data on it. A bigger drive would have taken more time, bleeding into working hours and increasing the likelihood of an OpenVPN interruption, but as a Proof of Concept (PoC) the results are valid.

It would have taken four hours had the VMware vConverter taken full advantage of my cable connection. It never went over 585kBps for the duration of the transfer.

The first two attempts never went over 400. On those runs I was using vConverter 3.x. I upgraded to 4.x before the final run. I have a feeling, which I can't prove, that the free versions of the VMware Infrastructure tools might be crippleware. There is no reason for it not to have taken full advantage of my pipe. I have gotten the full bandwidth in other file transfer exercises between home and work and the CPU utilization on the source and destination systems was minimal-to-nothing.

As an added bonus, it turns out that nothing on the network even noticed that gigabytes of data were being sent out to the Internet for three full days! No alarms went off. No red flags went up. It didn't even show up in the reports generated every day by the Microsoft ISA (Internet Security & Acceleration) servers that "control and monitor" access to the Internet.

Unbelievable! Especially considering it was me who set those reports up (and I wasn't even trying to hide anything).

The skeptics (I among them) will say, "Sure, you had admin access to the machine, what is so special about this 'hack'?"

That, my friends, is the whole point of this PoC. The environment I work in has 50+ "DesktopSupport" personnel that have admin access to every PC in our multi-campus WAN. Some of these people are complete, utter bozos who have been known to do idiotic things like Google for "flash upgrade" and then complain because the file they downloaded from a Ukrainian Web site gets pounced on by the anti-virus.

They are not too bright. Maybe that was an upper management decision. I could see the logic in that, but in my opinion stupid people are dangerous.

The problem is the smart ones, and the smart ones who act dumb (the dumb ones who act smart usually blow their own cover anyway).

This group of support personnel should be split up to support the different campuses, but with sick days, vacations, and scheduling conflicts it's just easier to give them access to everything.

Luckily, almost no one trusts them. But there is the "out of sight, out of mind" problem.

That aside, the Really Scary Issue - in my own mind - is my Big Shot Boss, the Chief Security Officer, cannot seem to grasp the power they have. Sure, the guy's at 35,000 feet and everyone looks like ants, but he's been out of the trenches for so long he doesn't realize what people can do with the access they have been handed on a silver platter.

He doesn't know that, by utilizing the tools built-in to Windows, these jokers can slurp up any file on any hard drive on any desktop across the Enterprise, deleting the security logs as they exit. If those logs were turned on, which they're not.

To him, and the rest of his ilk, the security problems we face are all about servers. Nobody cares that the desktop is an accident waiting to happen. When the desktop is pwn3d, the servers, the network, and the data will surely follow.

It's never the other way around.

Tuesday, April 28, 2009

I'm Stealing A Laptop Today!


Don't get excited. I haven't gone over to the Dark Side.

Yet.

Besides, it's my own laptop. That is, it's the laptop my employer has issued to me. And I'm not taking it home in my lunch box. This time.

I'm stealing it virtually!

You see, nobody steals laptops for the hardware anymore. It's all about the data. With the right access level, laptops, or any computer, can be stolen without ever busting a lock or leaving a fingerprint.

All with free tools easily available over the Internet. I'm not talking about "hacking tools" - you have to be brave to use that crap these days because you never know what might be hiding in them - I'm talking about legitimate software distributed by legitimate companies. In this case, VMware.

VMware distributes a nice little tool called the VMware vCenter Converter which allows you, among other things, to turn a real nuts and bolts box into a virtual machine.

Which is exactly what I'm doing now. As I type this, the bits and bytes of the hard disk in my laptop are flying over the Internet to a VMware server in my family room. When it's all over I will have an exact copy of my laptop, minus the hardware of course.

This is really No Big Deal. Anyone with the right amount of access can do this surreptitiously in your IT environment, cut the image to a USB thumb drive and take it home to hack at their leisure. Or sell to the highest bidder.

The trick is in doing it over the Internet. If I had a 32G USB drive I'd probably do it that way, but I don't. What I do have is a cable modem and three covert channels back to the office.

Plus an aging Linux box that I talked a former Boss into letting me install on the corporate network over eight years ago. If I had my way, Linux would only be allowed under the strictest security policy possible - it's just too damned powerful for mere mortals.

The biggest problem to overcome is establishing a common network share for the corporate and VMware boxes. That is accomplished with OpenVPN, the BEST damned Open Source SSL VPN on the planet.

That is covert channel #1. Channels 2 and 3 are port-forwarding SSH tunnels that connect back to HinkyNet over the corporate proxy. One of the SSH channels is established with a Cygwin service running on my corp workstation. The other is a bash script on a Debian VM that runs on the VMware GSX server on my workstation. All three will reconnect if the workstation is bounced and there is enough redundancy so that if any two of them go down the third can be used to bring the other two back up.

In practice, OpenVPN is the hardest to keep running, but that is due to the security limitations in our environment (many of which are of my own doing).

And because of that issue, I'm on my second attempt at this Proof of Concept exercise. I started yesterday and got 15 gigs downloaded before the OpenVPN connection crashed at 5AM this morning. I can also do this just as easily over SSH tunnels, but that would require using the VMware 2.0 server on my MythTV box, which currently has too much disk space dedicated to unwatched recordings of "Terminator" and "Life on Mars"!

The first time through is always a learning experience.

But the point remains: given enough time and enough access and the right tools, an insider can walk away with your company's entire IT infrastructure. I'm already looking into what can be done about this with the tools our company already has (like everyone else in this economy we're not spending cash we don't have). VMware and virtualization in general is so hot, no one is looking into the security implications these tools bring with them.

Or at least they're not publishing.

Monday, April 27, 2009

StinkFly BANNED!


I got a complaint! Here it is...
If you are the guy cheating on your maps, known as STINKYFLY..then I am talking to a degenerate. If you are not him, then I suggest you please remove him. He is flagrantly winning games by cheating on your maps. Scores like 35 to 5 when nobody else is even close and they are good players. Show your class and integrity and kick his childish, cheating ass off. He spoils the game.
Well, jeepers. I never did like that guy anyway. He's one of "those" players who tends to make everybody leave, all at once. But I never caught him in flagrante delicto, if you know what I mean.

And I try to refrain from banning people who just happen to piss me off (except for Zodiac). I'm not a good player, even though I've been fragging away for the last ten years (my, how time flies) I just never got the hang of it (I still can't strafe for the life of me). I'm so bad sometimes it seems like everybody's cheating.

So I refrain from banning people - as much as possible - until somebody complains.

But I love to do it, because I've put a lot of time and effort into Ban-O-Matic and tying it into the firewall rules. And because it works so well (when it works - there have been no lack of problems with it over the years).

And since I migrated everything to the new server and put all the scripts on a network share it's easier than it's ever been!

Plus I get no small amount of satisfaction of watching the banned players trying to play. They sort of float across the map, if they can move at all, and they bitch and moan and curse their fate. Or they get paranoid and blame it on a Denial of Service attack from another player.

That's just precious.

Anyway, Stinky's gone. I may immortalize him as a bot ("StinkyFly" seems like a nice subtle twist, but "ShitFly would work, too).

But be forewarned, a lot of times they come crying back to Hinky, promising to play nice and never ever cheat again. And being the kind hearted old fool I am, I take pity on their worthless basement boy existence and usually let them back on (except for Zodiac).

So anyway, please feel free to complain! I do listen and I like playing UT with a good crowd.

Eliminate the ninnies and the twits!

Tuesday, April 21, 2009

www.mrhinkydink.net


I got the news today that Google Page Creator (GPC) is going to die this June. This is a shame because I was quite fond of it and have been using it for the last two years to document a number of (usually silly) things, including documenting the progress of The Proxy List. Sometime in June it's going to be moved over to Google Sites.

Luckily I already squatted on Google Sites about a year ago. At about the same time, I registered mrhinkydink.net (the dot-com version is the site at GoDaddy that holds the utmods and the Proxy List).

So anyway, since mrhinkydink.net wasn't really doing anything, I pointed www.mrhinkydink.net to my little corner of Google Sites.

Nothing much is there right now. To be brutally honest, I don't like Google Sites that much. It seems limited compared to GPC, which was an awful hack (with infuriating quirks) to begin with but I got finally used to it (and GPC is much faster to working on with Google Chrome than either FireFox or Internet Explorer).

Since Google is forcing this move on me I'm starting to put backup copies of my GPC pages on the GoDaddy site, just in case. And I plan on investigating other venues, so the hinkydink.net name may yet be transferred again. Maybe to WordPress.

That plan could change if Google decides to improve Sites, but I'm not counting on that happening.

Sunday, April 19, 2009

I Hate Ads

Advertising is private sector propaganda. It's vile. It's evil.

I avoid it whenever possible.

Especially on the Internet. I've been running a Squid proxy at home for over ten years, primarily to use Ad Zap to eliminate the popups, banners, and ShockWave Flash crap all mainstream Web sites would like to shove down our pipes.

For example, here's a screenshot of ComputerWorld on a slow advertising day. Click for a larger view..

SHITTY ADSAgain, this was captured on a weekend. Durig the week, when there is much more traffic from corporate proles such as myself, it is one hundred times worse.

Minimum.

Here is the same exact page when viewed through my Squid prozy with Ad Zap...

ADS NO MORE!Much better.

One thing the screen captures don't show is the fact that all three of the ads are animated. Animation sucks primarily because the bandwidth required chokes a remote desktop connection. I do most of my browsing at work through an encrypted pipe back to my house, which uses the 785kBps (**SLOW**) uplink. Any animation sucks the lifeblood out of that link.

There are several other ways to accomplish the same thing. I had been using FireFox with NoScript exclusively for the past eight months, but I switched to Google Chrome because it is much faster than FireFox.

Blazingly fast. Un-fucking-believably fast.

Blogably fast! TROOF! But maybe some other time. We're talking about ads today.

Since there's no NoScript plug-in for Chrome, I had to go the Ad Zap route. As it's distributed in its stock configuration, it kills maybe 90% of all adds, banners, popups, etc.

But I want no less than 100%!!!!

The big problem I had with Ad Zap was the small town TV and radio news sites across the US. They tend to use more obscure Web advertising companies, or they use their own home-brew methods. These aren't included in Ad Zap out of the box, so you have to roll your own rules. This is simply a matter of setting a few variables and editing a text file or two.

The result is very clean and very safe Web surfing. Once you start blocking ads, you will never want to go back.

Never.

I have mentioned before I'm the Network Nazi at work. I run a commercial content-blocking software package - that will remain nameless - and I also block ads on my own corporate account. I've been doing so for a very long time with this package. I am so used to not seeing ads that I'm totally appalled whenever I have to use someone else's computer.

Why do people put up with that crap?

Saturday, April 11, 2009

The Year Of Proxies



That's right, the List is now a year old, going on 13 months.

March 15 (the Dinkster's birthday) was the actual one year mark, but I was busy that day, meeting the Fockers (the parents of Rinky Dink's True Love, Twinky Dink). It was a busy day and I never got around to it. That and the other blogs, the new UT server, and a half dozen other projects kept me from marking the date.

I only mention it now because I've been up since about 3AM moving the server that runs the publication of the List and all its varied and sundry subfunctions.

That was fun. Right now, the new server (a VM - virtual machine) is re-doing the 4AM run and it's going quite nicely. But it was a rough road getting there, but it had to happen because I hit a solid brick wall with the old VM. Ubuntu, in their infinite wisdom, stopped supporting "Feisty Fawn" (a.k.a. Ubuntu 7.04).

That in itself was a major pain in the ass. No more security updates. No more new software packages. And no more OLD software packages. After I moved the UT servers to a common code base by putting everything on an NFS (Network File System) share, I wanted to leverage the information stored there for the proxy site VM. But I couldn't install the software! ARRRGH!

So right now, this is the THIRD incarnation of the new proxy site server, an Xubuntu 8.04 platform. It is the THIRD because I neglected the First Rule of Virtual Machines: snapshot! snapshot! snapshot!

For the uninitiated, snapshotting a VM freezes the configuration so you can roll back to a known good state. But... I was in a hurry. In order to make the new box 100% like the old box, I made a list of all the Debian software packages that weren't in the new and did a shotgun upgrade to synchronize them.

Consequently, I ended up screwing the hard disk configuration by getting packages that required LVM (Logical Volume Manager).

I hate LVM. I has been a major pain in my ass ever since I set the old VM up. It's a very powerful, complex package that no one needs. Sure, you can extend volumes when space gets tight, but it's easier and faster to use gparted (Gnome Partition Editor). LVM was on the top of my Shit List and it had to go.

But it kept coming back. On the third incarnation I had the presence of mind to take the snapshot and, of course, I never needed it. I finally had the list pared down to packages that I needed and didn't rely on LVM (stuff like Rhino and gocr and a lot of other little packages my scripts rely on). I restored the database (yes, I do make backups these days), twiddle MySQL's run-time parameters, and did a few test runs. These died because they relied I utilities I wrote and forgot about. I moved those packages over and it ran like a top.

And it's running like a top as we speak. The 4AM run is almost done. When it finishes I'll shut the VM down, patch the Windows XP box it's running on, and reboot.

There should be a new list by noon.