www.jclaudius.net/blog

I’ve been wanting to set up outbound mail server for quite some time for alerting, spoofing and other fun activities.  Unfortunately, my ISP (Comcast) blocks outbound SMTP over port 25.  After a little searching around I found some articles showing Comcast end users how to set up their mail clients and noticed there wasn’t much support for people who wanted to run their own mail servers.  Well, in a round about way I found enough information to get my test server bouncing mail through the Comcast server and I want to share how it works.

The first thing I noted through trial and error was that in my postfix logs I was getting a message stating that my external IP had been blocked from sending mail and had been reported to spamhaus.  Upon further investigation, I found out that due to the levels of spam that been sent via Comcast IP’s they have now moved to allowing Comcast customers to relay smtp traffic through smtp.comcast.net over TCP port 587.

So I then told my email server (postfix) to relay my outgoing mail to comcasts smtp server (smtp.comcast.net) over TCP port 587 by editing “/etc/postfix/main.cf”.

I then cycled the postfix daemon (sudo /etc/init.d/postfix reload) only to find that it wouldn’t allow me to send email without first authenticating using Simple Authentication and Security Layer (SASL).  This was a little discouraging; however I can still encrypt the contents of any email I send so why not! After a little more digging and figured out how to configure postfix to authenticate to Comcast.

Add SASL Parameters to /etc/postfix/main.cf

Create /etc/postfix/sasl_password with the following.  Your username and password are the same as what you use for your Comcast email account.  I didn’t have one of these yet, but a simple call to Comcast support and they’ll setup it up no problem.

Once you’ve got /etc/postfix/sasl_password you’ll need to change the permissions of the file and postmap the executable to generate a db file.

The next step is just a little praying and reload of the postfix daemon and you’ll be sending email like a champ.  Some of the side effects I’ve found by sending through this relay agent was that my emails are much less likely to get caught in my webmail spam filter.

Anyone else have their ISP doing this?  It seems like a decent way of preventing or at least compartmentalizing it for better manageability.

One quick post before I head for bed.  I was searching around for the official definition of risk assessment on wikipedia and came across the concept of a “weasel word“.

Weasel words are words or phrases that seemingly support statements without attributing opinions to verifiable sources. Weasel words give the force of authority to a statement without letting the reader decide if the source of the opinion is reliable. If a statement can’t stand on its own without weasel words, it lacks neutral point of view; either a source for the statement should be found, or the statement should be removed. If a statement can stand without weasel words, they may be undermining its neutrality and the statement may be better off standing without them.

One of the more humorous parts of the risk assessment wikipedia article was the section on the criticisms of quantitative risk assessment.  It talked passingly about the criticism that quantitative risk managers are no more than “blind users” of statistical tools and methods.

Maybe this is more of an inside joke for me, but this was too good to pass up.

Do you know someone who uses “weasel words”?

It’s always been an interest of mine to integrate operating system environments.  I’m not sure if it’s a genuine interest in using a single product for user management or an inability to decide on a single operating system.  Anyways, I started playing around with likewise-open this week for the first time.

Likewise-open according their website is a “free, open source application that joins Linux, Unix and Mac machines to Microsoft Active Directory and securely authenticates users with there domain credentials.”  It sounded good, but I had to test it to be absolutely sure this wasn’t another WinBind/Kerberos configuration nightmare (Ironically Like-wise is based on Winbind).

I started out with a patched A/D Domain Controller and a patched Ubuntu Desktop 8.10.  I performed the following as recommended by likewise on the Ubuntu system.

Install likewise-open

Join to the domain

-OR YOU CAN USE THE GUI-

You can’t ask for a faster way to add a non-windows host to the domain.  What I also found pretty interesting what that it populated the Operating System Version to the properties of the host object in A/D.  After that you can simply logout and login as a domain user using the “domain\user” format.  I was expecting a bigger challenge here, but it looks like likewise-open has their act together.

Another useful command when you are testing is removing the machine from the domain.

Removing the system from the domain

That last item that I have yet to dig into is access control to the host once you are part of the domain.  As a domain administrator in the test domain I was not immediately granted sudo access to the ubuntu workstation, but I’m guessing there is some way to configure the host to allow certain domain groups to perform certian tasks.  I’m eye balling the likewise-enterprise software that they have a 30-day trial that boasts AD integration, group policy management, single sign-on for applications, network security, compliance and sudo management.

…I wonder if it will wash my car?…

Anyways, it looks like a pretty cool product and if it does all the things it promises then it’s a well needed tech in the market place.  It’s not broken any promises to me just yet.  Maybe when I start pushing the limits of the free version I’ll start complaining, but for now it’s on my watch list.

So I started pulling stats on this blog a little while ago just to see who was peeking in on my posts and where they were coming from.  I started using statcounter.com and it’s awesome for a free service.  I wanted to share a little of the information for my fellow blogging friends so they know to expect should they also want to know who’s peeking in on their posts.

The first graph that I found particularly interesting was the activity map that showed where my hits were coming from around the world.

The next set of information that I thought was surprisingly interesting was the distribution of web browsers hitting the site.  I was actually surprised to see that some people have already started using IE 8.0.

The last statistic was the google search terms that new visitors used to find my my site.  I’m not sure how it’s getting this information, but I really like knowing what people are looking for when they end up on my site.

 
I’m coming into the final turn of my race to get through the new CompTIA 2008 Security+ Certification Exam material.  I know that if I didn’t schedule the exam I may have never gone back to it.  Next Friday at 10pm is my scheduled test time to take a stab at round two.  I’m feeling much more confident this time around because I’m actually studying material that was created for this years exam and I’ve taken a much more structured approach over the past week or so.  I’ve committed to reading a chapter a day and making sure to do the follow up chapter assessments a full 24-hours after I read the material to reduce my ability to use short-term memory to answer questions.

I’ll probably be finishing my training book early Sunday and will be moving into the final “stage” of my training plan, which includes studying each day this week as if tomorrow was the exam and taking a practice exam for each day and following up on any question I get wrong to make sure I’ve got most of my bases covered.  I know this sounds like over-kill, but if getting an 81% (you need an 85%) on the first attempt wasn’t a kick in the junk, not passing the second time will probably end my interest in this cert as my focus will be changing on the first of the year to the CISSP certification.

***Update Tuesday Night (AKA: Early Wednesday Morning) ***

Do you ever feel like you’ve made one step forward only to make two steps backward?  That’s how I’m feeling with these practice tests.  So here is where I stand so far….

Practice Exam #1 (Monday) = 86%
Practice Exam #2 (Tuesday) = 71%

… I surely don’t have any clue how I could have gotten 15 points worse in one day (after studying the content I got wrong the first time).  Anyways, I’m finding that my book and the exam don’t “exactly”match up and there where more “choose all that apply” questions which hurts my multiple guess strategy.  At any rate, I need to get better scores from here on out.  I want to be well into the 90’s by tomorrow (preferrably 100’s) if I’m to expect a 15 point swing on a bad day.  “Just keep swimming…, Just keep swimming…”

***Update Wednesday Night***

Well,  that feels a little better.  It’s not the 100 I was hoping for but it’s certainly the closest I’ve gotten so far.  I’m happy to have rebounded back.  For a minute there I was a little worried.  Just keep swimming…

Practice Exam #3 (Wednesday) = 88%

***Update Thursday Night***

Confidence is not 100%, but feeling better.  Measurable results that implying that this information is sticking is quite refreshing.  Well, time for bed.  Wish me luck!  Just keep swimming…

Practice Exam #4 (Thursday) = 92%

***Update Friday Night***

I passed! Now off to work on the CISSP.

Final Exam #2 (Friday) =92%

Tonight was the night I finally got motivated enough to give our recently purchased blue ray player a connection to the Internet.  I originally tossed and turned on the decision, but now that I’m running the latest firmware and I love it.  Some unknown features that have recently been brought to light include being able to stream video and audio content from 3rd parties.  Two authorized third parties include NetFlix and Pandora both of which I am going to be using more in the coming weeks.  NetFlix has a two week trial so I’ll give it a try and see if it’s going to be a monthly expense.  From what I’ve seen in the demos it’s much more robust than any cable providers “ondemand” features.  I’m also pretty excited to see what comes out in the next firmware release scheduled for the 31st of this month.  With any luck another great feature will be revealed further reforcing my belief that getting this player was well worth the $150 ($399 on Samsung’s website) I paid at best buy.

Does anyone else have this player or a similar one that allows you to upgrade?  I’d be really interested to see what other vendors have done in this space and how it compares.  I’d also be curious to see if there are branch firmware sets that allow further customization beyond the standard manufacturer support (e.g. Linksys <-> dd-wrt/tomato/open-wrt). At any rate, I want every device I buy from here on out to have some form of “auto-update” feature to ensure my gear is kept up to snuff with added features and most importantly security updates.

Of course, like any like minded security professional, I scanned the thing to see what new interesting vulnerabilities I’d be introducing to my home network and funny enough  it came back running rpc over 111.  Maybe when I get more adventurous I’ll take a closer look and see if there are any vulnerabilities that need fixing/reporting.

***Update: A few hours later***

So after a reboot of the blue ray player the RPC bind port is closed.  Anyone got an unpatched version of this of the Samsung BP-2500?  I would surely like to know more about the RPC services enabled prior to patching.

Last week I made the plunge and decided to sell my 2006 MazdaSpeed6.  The girly generously put together a sweet little for sale sign that I could hang up in my car.  I even posted my car on a few online sites hoping that someone would be interested.  At some twist of fate, on Friday I ended up in a head on collision with a 1997 Dodge Intrepid (AKA: The Tank). Please send all inquiries to my email address (claudijd<at>yahoo.com).

More updates as soon as I hear whether or not it’s “totaled”!  Check out the girly’s site for more picture.

Exterior

 Interior

***Update December 12, 2008***

I heard back from the insurance company this week and my car in fact was “totaled”.  The estimated damages were above and beyond $17,000.  Considering engine damage, airbags and the body work needed I’m glad this was the final result.  The next day I went to go pickup my new ride (2009 Volkswagen Rabbit).  It’s no where near as fast as my old car, but it does make me feel much better leaving this one at home while I’m off gallivanting around the nation for work.  Not to mention, the payments are much less and are doing wonders for my “house fund”.

**Update December 17, 2008***

It’s been about a week since I bought the rabbit.  Who knew that I fall in love with this car.  It’s prefect for what I need it for and it’s not too shabby in the snow either.

Nearly every Christmas I make the trek back home to New York to be with the family.  This year marks the first year that the girly and I put up a Christmas tree.  It’s not the biggest or fullest tree in the world, but its ours.

An unsuspected but exciting surprise that has presented itself in the past few days was my mom’s recent engagement to her long time boyfriend.  Congratulations mom and Mike!  I am very much looking forward to attending the wedding in the near future!

So as most of my friends know, with all the travel that I do for work, I have more than enough hotel points to burn (> 1/2 Million).  As a result, the girly and I thought it would be a good idea to spend the recent holiday weekend in the city (Chicago).  To sweeten the pot, we also had some visitors (my sis and her bf) join us to celebrate the occasion.  I’m hoping to get my hands on some of the pictures to post an update soon.  All in all we had a great time and didn’t get too silly or sloppy.

Special props goes out to C. Bopp for rocking the D**k in a box costume.

See the following youtube video if you don’t know what I’m talking about.  It was priceless!

http://www.youtube.com/watch?v=WhwbxEfy7fg

So was tooling around on the web tonight and I finally found enough time to investigate the “new” server service vulnerability associated with Microsoft Security Bulletin MS08-067.  I’m some what partial to the Microsoft server service because it has been on my radar since 2006 with the announcement on Microsoft Security Bulletin MS06-040.  Since then, it’s been a constant pain for industry to make sure that all there systems are patched to this nasty little vulnerability and it looks like we’re going to need to be ready for round two.

Below is the “small” list the affected software…

• Microsoft Windows 2000 Service Pack 4
• Windows XP Service Pack 2
• Windows XP Service Pack 3
• Windows XP Professional x64 Edition
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 1
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP1 for Itanium-based Systems
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista and Windows Vista Service Pack 1
• Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
• Windows Server 2008 for 32-bit Systems*
• Windows Server 2008 for x64-based Systems*
• Windows Server 2008 for Itanium-based Systems

Just about the time I think I’m done with these something like this happens.  Should be an interesting year considering a lot of folks running 2003, 2K8 and Vista have something to fear again.

***Update 3 minutes later***

Exploit code has been released into the wild under the following…

• TrojanSpy:Win32/Gimmiv.A
• TrojanSpy:Win32/Gimmiv.A.dll

***Update 5 minutes later***

Just found it on milworm…

• http://milw0rm.com/exploits/6824
• http://milw0rm.com/sploits/2008-ms08-067.zip

***Update 10 minutes later***

Nessus has published a check for 2k, xp and 2k3

•  http://blog.tenablesecurity.com/2008/10/network-and-cre.html

***Update Thursday October 30th***

Well, it’s a wrap on this one.  The vulnerability code is now available in the SVN version of metasploit and soon to show up in the other versions.  That was fast!!!