http://www.nth-dimension.org.uk/ Nth Dimension, security research and development Nth Dimension Web Master, 2006 - <mailto:webmaster@nth-dimension.org.uk> timb@machine.org.uk Sat, 23 Aug 2008 16:50:39 BST http://www.nth-dimension.org.uk/blog.php?id=70 http://www.nth-dimension.org.uk/blog.php?id=70 Just been watching the DebConf 8 BOF on the Debian OpenSSL debacle and my gut instinct is that the discussions really focussed on the wrong question. The question shouldn't be how can we expose our divergences from upstream but as I've said before, how we can encourage better relationships between Debian participants and those that operate either upstream or on other distributions so that the many eyes maxim holds. Maybe what is needed is a social network for patches, packages and packagers but whatever, I do not believe a Debian centric solution will work. timb@machine.org.uk Thu, 01 May 2008 13:24:24 BST http://www.nth-dimension.org.uk/blog.php?id=69 http://www.nth-dimension.org.uk/blog.php?id=69 Securing networks, of both the social and electronic variety interests me. The old saying that No man is an island was never more true than it is now. We're an interconnected species and those connections span the globe. Anyway, with that thought in mind I thought I'd share two interesting developments in the security domain that have occurred this week. timb@machine.org.uk Fri, 04 Apr 2008 00:02:20 BST http://www.nth-dimension.org.uk/blog.php?id=68 http://www.nth-dimension.org.uk/blog.php?id=68 What follows is an analysis of Debian's response to my advisory regarding a remote code execution vulnerability in the Festival test to speech server. timb@machine.org.uk Tue, 26 Feb 2008 19:10:38 GMT http://www.nth-dimension.org.uk/blog.php?id=67 http://www.nth-dimension.org.uk/blog.php?id=67 Just a quickie really, and mostly inspired by my cursing of GTK. I was thinking today that what pentesters really want is a nice list of the interesting ports on the target network. OpenVAS can help here, but until now, the client has always defaulted to listing reported issues by IP. So on that note, I just hacked it to allow a default sort order to be specified. Now I can always see the interesting ports first :). Whilst I was at it, I made a few minor tweaks to the server component too. Less memory leaks and compiler warnings ahoy and it now supports logging to syslog as per its Tenable spawned brethren. timb@machine.org.uk Sun, 24 Feb 2008 04:40:11 GMT http://www.nth-dimension.org.uk/blog.php?id=66 http://www.nth-dimension.org.uk/blog.php?id=66 Well, the good news is that I have just tagged Fuzzled rc2.0 in CVS. Hopefully, it should be up on the Portcullis web site by the end of the week.Changes: timb@machine.org.uk Wed, 20 Feb 2008 03:03:28 GMT http://www.nth-dimension.org.uk/blog.php?id=65 http://www.nth-dimension.org.uk/blog.php?id=65 It's been a while since I last posted anything here, so I thought I'd do a quick brain dump of things I've been working on. If you're a regular visitor to these parts, hopefully you'll spot that the site has had a makeover, however since it's not just the look that matters, I've upgraded it to latest version which you can find in the CVS tree linked to from the downloads page. Whilst it's by no means user friendly hopefully, it's it's getting there little by little. Anyway, onwards... timb@machine.org.uk Tue, 08 Jan 2008 14:59:33 GMT http://www.nth-dimension.org.uk/blog.php?id=64 http://www.nth-dimension.org.uk/blog.php?id=64 It had to happen eventually, after the hard work of Jan, Javier and myself, OpenVAS-Client is now in Debian unstable (aka sid) and can be downloaded from all good mirrors. Now starts the hard work of packaging the server components. timb@machine.org.uk Fri, 28 Dec 2007 15:21:08 GMT http://www.nth-dimension.org.uk/blog.php?id=63 http://www.nth-dimension.org.uk/blog.php?id=63 I appear to have been relatively successful:I passed my CHECK examI maintain 2 Debian packages, with more on the wayI released 7 advisoriesI attended DebConfI released lots of Free SoftwareI released an interesting (I think) paper on Vista gadgetsI travelled a lot and met some interesting people - surviving an earthquake along the way... and OpenVAS grew timb@machine.org.uk Tue, 18 Dec 2007 17:39:11 GMT http://www.nth-dimension.org.uk/blog.php?id=62 http://www.nth-dimension.org.uk/blog.php?id=62 I was thinking today about the recent spate of vulnerabilities that have affected Firefox and IE where they execute external programs and it crossed my mind that konqil.icio.us and other scripts of its ilk might be vulnerable in a similar manner. Konqil.icio.us fetches the contents of the bookmarked page and uses this to execute dcop requests using system and Perl's backticks like so: timb@machine.org.uk Sat, 01 Dec 2007 10:07:16 GMT http://www.nth-dimension.org.uk/blog.php?id=61 http://www.nth-dimension.org.uk/blog.php?id=61 LOL, just a day after I release gpgutils to the world, some dutch folk release details of how they were able to subvert MD5 and produce two Windows executables with different functionality but the same hash. The amusing thing is that previously I'd been supplying signed MD5 hashes for my tools, but the release of gpgutils coincided with my decision to move to supplying MD5 and SHA1 hashes and indeed gpgutils includes such functionality - just in the nick of time it seems. All this does however lead me wondering what the liklihood is of collisions against both algorithms occuring simultaneously. One for the mathmaticians and cryptographers me thinks.