MySQL table is full
Posted by creining | Filed under Security
I recently found that the Barnyard process on my IDS sensors were unexpectedly throwing errors in /var/log/messages:
barnyard[3862]: FATAL ERROR: Error (The table 'data' is full) executingquery: INSERT INTO data(sid, cid, data_payload) VALUES('5', '9158','00000A2EFF534D4273000000001807C800004253525350594C2000000000FFFE000040000CFF002E0A04413200000000000000AB0900000000D4000080F309608209A706062B060
I logged into my master MySQL database server and checked the size of the sguildb data file:
# du -ha sguildb/data.MYD4.1G sguildb/data.MYD
Oh, there must be a 4G filesize limit. Let’s see how many rows I have in data:
mysql> select count(*) from data;+----------+| count(*) |+----------+| 3719121 |+----------+1 row in set (0.00 sec)
I probably need to bump up the number of rows. This article at the MySQL site helped.
mysql> SHOW TABLE STATUS FROM sguildb LIKE 'data';
That output gave me the rows and avg_row_length I need for the following command. I decided to bump up the max_rows to double what I currently had (2*3719121):
mysql> ALTER TABLE data max_rows = 7438242 avg_row_length = 1154;Query OK, 3719121 rows affected (16 min 0.57 sec)Records: 3719121 Duplicates: 0 Warnings: 0
Problem solved.
Wireless auditing
Posted by creining | Filed under Security
I bought some wireless components to do wireless auditing at work. It’s a bit confusing picking out exactly what you need and what works well so I wanted to make a note of what I got (from Netgate, recommended):
200mW Long Range 802.11b PCMCIA Card
9 dBi Yagi Antenna N Female
MMCX to N-Male Pigtail 18″
The card worked out well as it contains a widely supported Intersil Prism 2.5 chipset and has two external antenna leads. I was also tuned into a great bootable OS based on KNOPPIX called Auditor. It has 300 some security tools and worked well in performing wireless audits using tools like Kismet and Wellenreiter. Also, wavemon, a monitor for wireless devices, works extremely well for pinpointing the location of wireless devices. In fact, I liked Auditor so much I installed it on the hardrive of the laptop.
Here’s a picture I took of the wireless hardware.
Lock Bumping
Posted by creining | Filed under Security
Lock bumping works on 90% of locks. A good hack.
Banks Shifting Logins to Non-SSL Pages
Posted by creining | Filed under Security
Banks Shifting Logins to Non-SSL Pages as my local bank recently did. One day, I noticed that they had added a section to enter credentials for online banking to their main page which was HTTP. I was concerned as I immediately thought that they were (insanely) doing plaintext HTTP with customers credentials. But upon further investigation, I found that they were using the HTTP method CONNECT to connect to the SSL-ified login page, which is safe.
The Phishiest
Posted by creining | Filed under Security
The Phishiest Countries as well as the Phishiest Hosters as reported by Netcraft.
Analyze what specific vulnerability is addressed in a MS patch
Posted by creining | Filed under Security
“This little movie demonstrates how SABRE BinDiff can be used to analyze the vulnerability that lead to the MS05-025 security bulletin. Within a few minutes (and with just a few mouseclicks), the vulnerability is identified.” The SABRE BinDiff plugin is for use with IDA.
How To Crack WEP
Posted by creining | Filed under Security
Yes, everybody knows WEP is insecure and is easily breakable. However, I found this 3 part series at tom’s networking:
Setup & Network Recon
Performing the Crack
Securing your WLAN
to be an informative read even as a seasoned security professional. Alot of times we know that a protocol, a piece of software, or a process has inherent flaws but we wouldn’t know how to go about exploiting that without significant research. These articles offer the “how” aspect of breaking WEP, in minutes as a matter of fact, in a step by step fashion. I particularly like the second article, which showed the crack and the third article offers sound advice for securing WLANs.
How to fake a fingerprint
Posted by creining | Filed under Security
This article explains how to make a fake fingerprint, usable in testing out fingerprint biometric devices. I’ve read that some fingerprint readers can be easily fooled countering the claim by their manufacturers that they are very secure and impossible to fool. In fact, I recall that one manufacturers fingerprint reader would be fooled by simply blowing (warm air) on the reader as the latent fingerprint from the previous user is still there.
Snort ClamAV virus scanning preprocessor and new snort2pf
Posted by creining | Filed under Security
I read that a new preprocessor for Snort integrates ClamAV which will scan packets for viruses before passing the data on to Snort for detection. I really like this idea. The virus rules in the offical Snort rules tarball have been defunct for quite some time so it’s nice to implement some level of virus detection within Snort. The Snort ClamAV virusscanning preprocessor project page is hosted at Bleeding Snort. The addition of ClamAV with Snort reminds be of the ability within the Snort analysis frontend Pigris (still not released publicly) to scan the payload of one or several alerts with ClamAV. In related Snort news, I saw that the OpenBSD based snort2pf which was written in Perl has been rewritten in C and released as snort2c. These programs use Snort in order to act as an IDS/IPS by blocking traffic using Snort alerts. Additional support was added to snort2c during the rewrite to provide in-program whitelisting and logging to syslog.
My sisters computer
Posted by creining | Filed under Security
My sister complained about her out of date computer that is slow and that she “can’t do anything with”. I agreed to take it into my possession and make it so she can [insert whatever the opposite of can't do anything with is]. I basically wanted to look at the specs and do some upgrades if needed and to install a new operating system. When I first boot the computer up I find she is running Windows 98, unpatched of course. Her virus definitions haven’t been updated since August of 1999. Yes, that’s over 65 months old. She is using Internet Explorer version 5.00.2614.3500, which according to SecurityFocus’s Vulnerability page has no less than 46 unique vulnerabilites in it. I decided to download and run Spybot on her computer and it found *plenty* of spyware and registry changes. I think one of the saving graces that her computer was still functioning is that she still accesses the internet via dialup and spends less than 10 hours online a month so the “always on” security aspect of consumers on broadband doesn’t apply to her. In any event, I have rebuilt her computer with Windows XP Home Edition. I was contemplating installing Fedora Core 3 but decided against it. If I find myself rebuilding her computer in the near future it’s definitely getting a FC3 install with 2 icons on the desktop, Open Office and Firefox. After I installed XP, I fired up Internet Explorer and downloaded Firefox. I then uninstalled the Internet Explorer Windows component. I installed Spybot, AVG Anti-Virus, free for home use, and ZoneAlarm, also free for home use. She needed an office suite and didn’t want to buy one so I downloaded and installed OpenOffice.org. I’m not quite sure but am thinking OOO might be a bit to heavy for her so I installed AbiWord as well, which in my opinion is a great free standalone word processor. I used automatic updates to install all the current hotfixes and I set up XP to notify her that there are updates available. I’m not sure about the feasibility of her getting updates over dialup automatically but I want her to know that there are updates she needs to install as a reponsible computer/internet user. I remember hearing about receiving Windows security updates via CD for computers with no internet access or dialup but the page I found at http://www.microsoft.com/athome/security/protect/cd/order.mspx states “The Windows Security Update CD is no longer available”. It appears that you can, however, order Windows XP SP2 on CD. I plan on sitting down with my sister when I give her computer back and showing her how to be a savvy security-conscious computer user like her brother 