nairbs howto blog: 2011

Saturday, November 12, 2011

Some thoughts about bio-metric scanning security

There was a recent post on The Hacker News which shows that android phone's current facial recognition security software can be fooled with a simple picture of the person's face.

However, "Burn Notice" (show on USA) publicly outed this technique of fooling facial recognition based security systems a few seasons ago. I cant find the exact episode right now, but I remember it was during season 1, or 2. I did find a post on the "myth busters" forum which was posted 09-19-08, so it would likely be before that date during the airing of season 2.

I believe I also recall a few years ago, there was news that kids in japan where getting alcohol from vending machines that used facial recognition software using parent's photos similar to this security bypass.

Either way, clearly with only 1 camera, there is no depth perception. Facial recognition security systems need to start taking such into account.

To try and prevent this type of bio-metric security bypass flaw... 3D perspective facial recognition needs to be used. Both hardware (2 cameras, like our eyes) and software to handle such perspective recognition would need to be enabled.

For now however it would be good to also enable a required passphrase. an extra layer of security. something you have (your face), and something you know (the passphrase). and/or perhaps come up with a way to require another external pass-phrase protected PKI (private key infrastructure), for instance on an SD card.

Or create a blue-tooth enabled (close range) broadcast chip. You would only want it to broadcast for a couple of feet. For instance, when you click a button, you would want a few feet broadcast of the "key" (something you have), that still requires a passphrase (something you know). Perhaps a bluetooth chip in a necklace, rign, watch, ect.

Hope someone finds the thoughts/ideas helpful,

- nairb

Friday, August 19, 2011

Numeric file permissions help

Sorry for the delay in posting another howto. I have been working on a set of network knocking scripts (server daemon, init.d, and client). I should be posting them soon. For now though...

I find when working on scripts that remembering numeric representations of file permissions can be a pain. So I wrote a quick 1liner to paste and run, to help decide.

It creates a temp-file in the current directory, loops through changing the permissions, and prints the current number, along with what permissions the user has with that number represented. You can then use that to decide which number to use for each (user|group|other). Finally it removes the temp-file again.

There are tables out already, but I wanted a quick function in terminal for myself. so I include the following function in my default functions-rc file. Here is the function:

fileperms(){ testfile=$(tempfile -d ./);for i in {1..7};do chmod 0$(($i))00 $testfile;echo "$i $(ls -l $testfile |cut -d ' ' -f1)";done;rm $testfile ; }

You can then use it by just calling 'fileperms'

Hope you find it useful and thanks for reading.

Tuesday, August 9, 2011

tscp - Script to quickly and securely transfer files by tunneling tar through ssh

For security, pretty much every file I transfer over the network I use 'scp'. Or more likely (to save time and traffic) I tunnel 'tar' through 'ssh'. This compresses the data, transferes securly through the network, and then de-compress on the other end. But it can be a pain remembering the exact syntax, and others have requested a script to help with this.

So to help I wrote the following script:



#!/bin/bash

#

#       tscp

#

#       Copyright 2011 nairb <code@nairb.us>

#

#       This program is free software; you can redistribute it and/or modify

#       it under the terms of the GNU General Public License as published by

#       the Free Software Foundation; either version 2 of the License, or

#       (at your option) any later version.

#

#       This program is distributed in the hope that it will be useful,

#       but WITHOUT ANY WARRANTY; without even the implied warranty of

#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

#       GNU General Public License for more details.

#

#       You should have received a copy of the GNU General Public License

#       along with this program; if not, write to the Free Software

#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

#       MA 02110-1301, USA.



tarscp(){

  if [ $1 ] ; then

    myaddress=''

    localfile=''

    localtoremote=''

    if [ -z sshopts ]; then

      sshopts="-2 -A"

    fi

    for i in $@ ; do

      if [ $(echo $i |grep -iE '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}:.*') ] ; then

        myaddress=$i

        if [ $localfile ] ; then

          localtoremote="true"

        fi

      else

        if [ -f $i -o -d $i ] ; then

          localfile=$i

        fi

      fi

    done

    if [ $myaddress ] ; then

      remotepath=$(echo $myaddress |cut -d ':' -f2)

      myaddress=$(echo $myaddress |cut -d ':' -f1)

    else

      echo -e "yo, come on...\nneed to give a full address and path\nlike: 'myuser@myhost.com:~/some/folder/or/file'" && return 1

    fi

    checkremotepathcom="if [ -d $remotepath -o -f $remotepath ] ; then echo 0 ; else echo 1 ; fi"

    if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then

      if [ $localfile ] ; then

        if [ $localtoremote ] ; then

          checkremotepathcom="if [ -d $remotepath ] ; then echo 0 ; else echo 1 ; fi"

          if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then

            remotecom="cd $remotepath ; tar -xzf -"

            tar -czvf - $localfile |ssh $sshopts $myaddress "$remotecom"

          else

            echo "yo dude. that path aint on the server." && return 1

          fi

        else

if [ $remotepath == '~/' ] ; then

remotefile=$(ssh $sshopts $myaddress "pwd")

remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w))

remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"

else

remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w))

if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then

mypath='/'

else

mypath='~/'

fi

for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do

mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i)

done

remotepath=$mypath

mypath=''

remotecom="cd $remotepath ; tar -czvf - $remotefile"

fi

if [ -d $localfile ] ; then

cd $localfile

fi

if [ $remotepath == '/' ] ; then

remotecom="tar -czvf - /"

fi

ssh $sshopts $myaddress "$remotecom" | tar -xzf -

fi

else

if [ $remotepath == '~/' ] ; then

remotefile=$(ssh $sshopts $myaddress "pwd")

remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w))

remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"

else

remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w))

if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then

mypath='/'

else

mypath='~/'

fi

for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do

mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i)

done

remotepath=$mypath

mypath=''

remotecom="cd $remotepath ; tar -czvf - $remotefile"

fi

if [ $remotepath == '/' ] ; then

remotecom="tar -czvf - /"

fi

ssh $sshopts $myaddress "$remotecom" | tar -xzf -

fi

else

echo "dude, that path aint on the server." && return 1

fi

else

echo -e "no arguments given fool\ntry again" && return 1

fi

}

case $(echo ${0##*/} |cut -d '/' -f $(echo ${0##*/} |wc -w)) in

tscp)

tarscp $@

;;

*)

echo -e "come on... just call the script 'tscp'"

;;

esac

And, if like me, you find yourself logging into a server that doesnt have the script saved, and you dont want to make a new script file (maybe you only need to use the command once to migrate data from your old server to a new one). I converted the above into a 1-liner function that can just be pasted in and used with the same call. Alternatively you could include this function in one of your functions rc files like mentioned in my previous post.

Regardless of the reason, here is the 1-liner function:



tscp(){ if [ $1 ] ; then myaddress=''; localfile=''; localtoremote=''; if [ -z sshopts ]; then sshopts="-2 -A"; fi; for i in $@ ; do if [ $(echo $i |grep -iE '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}:.*') ] ; then myaddress=$i; if [ $localfile ] ; then localtoremote="true"; fi; else if [ -f $i -o -d $i ] ; then localfile=$i; fi; fi; done; if [ $myaddress ] ; then remotepath=$(echo $myaddress |cut -d ':' -f2); myaddress=$(echo $myaddress |cut -d ':' -f1); else echo -e "yo, come on...\nneed to give a full address and path\nlike: 'myuser@myhost.com:~/some/folder/or/file'" && return 1 ; fi; checkremotepathcom="if [ -d $remotepath -o -f $remotepath ] ; then echo 0 ; else echo 1 ; fi"; if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then if [ $localfile ] ; then if [ $localtoremote ] ; then checkremotepathcom="if [ -d $remotepath ] ; then echo 0 ; else echo 1 ; fi"; if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then remotecom="cd $remotepath ; tar -xzf -"; tar -czvf - $localfile |ssh $sshopts $myaddress "$remotecom"; else echo "yo dude. that path aint on the server." && return 1 ; fi; else if [ $remotepath == '~/' ] ; then remotefile=$(ssh $sshopts $myaddress "pwd"); remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w)); remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"; else remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w)); if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then mypath='/'; else mypath='~/'; fi; for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i); done; remotepath=$mypath; mypath=''; remotecom="cd $remotepath ; tar -czvf - $remotefile"; fi; if [ -d $localfile ] ; then cd $localfile; fi; if [ $remotepath == '/' ] ; then remotecom="tar -czvf - /"          ; fi; ssh $sshopts $myaddress "$remotecom" | tar -xzf -; fi; else if [ $remotepath == '~/' ] ; then remotefile=$(ssh $sshopts $myaddress "pwd"); remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w)); remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"; else remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w)); if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then mypath='/'; else mypath='~/'; fi; for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i); done; remotepath=$mypath; mypath=''; remotecom="cd $remotepath ; tar -czvf - $remotefile"; fi; if [ $remotepath == '/' ] ; then remotecom="tar -czvf - /"          ; fi; ssh $sshopts $myaddress "$remotecom" | tar -xzf -; fi; else echo "dude, that path aint on the server." && return 1 ; fi; else echo -e "no arguments given fool\ntry again" && return 1 ; fi; }

Hope you find this helpful. Thanks for reading.

***** UPDATE *****
Sorry to anyone who copied this earlier today. The functionality worked for some folders (not including '~/', or '/'), but it has now been edited to work for those. Also now including ssh options like '-2 -A' and I have fixed it to work for single file, which failed before (since you can only 'cd' into a directory, not a file)

Also the prior 'exit' lines have been changed to 'return' to prevent the terminal window being closed if you run from the function without the right arguments.

Again sorry for posting it prior to thorough testing (these things hapen with insomnia posting scripts at 5am with no sleep), but it has been fixed now, and tested on both debian, and ubuntu computers/servers

I may still update this again to make it more organized, but will likely release future revisions as file downloads on my own site instead of this blog (its a kinda long script already to copy and paste)
****

Tuesday, August 2, 2011

HTML Safe Characters - Bash function using 'sed'

I find myself posting the output from commands in terminal to html pages often, so wrote a quick "1-liner" bash function to convert a string to (mostly)html safe characters. you can "pipe" a string to this function, and direct its output to another file.

The function:

tohtm(){ IFSBACK=$IFS;IFS=$(echo -en "\n\b");string2htm(){ [[ $1 ]] && echo $1|sed -e 's/\&/\&amp;/g' -e 's/\"/\&quot;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/>/\&gt;/g'; };if [ ! -t 0 ];then echo -e "<html>\n<head></head>\n<body>\n<p>";for i in $(cat /dev/stdin); do string2htm $i;echo "<br/>";done;echo -e "</p>\n</body>\n</html>";fi;IFS=$IFSBACK; }

Syntax to run this function would be is similar following example commands:

ls - la |tohtm >thisfolder.html

Or

echo 'this & that is < than "something", but > than "something else"' |tohtm

Both of the above commands should work, but there may be others that don't (if the string includes single quotes for example). I still need to do some work on initially formatting such strings, but this function has been very useful for me so far.

you can also simply use cgi.escape from python. for example:

2htm(){ if ! [ -t 0 ];then myvar=$(cat /dev/stdin); else if [ "$1" ];then myvar=$@;fi;fi;pycom=$(echo -e "from cgi import escape\nprint escape(u'''$myvar''')"); python -c "$pycom"; }

That is about all I have for this post. I will post other similar functions (and perhaps this one again) in a future post. Thanks for reading.

Monday, August 1, 2011

User owned scripts security

Since I am posting scripts (bash, pythong, ect.) up here, I figure it would be a good idea to mention security and permissions of these (or any of you own/other's) scripts. If you make a script executable (chmod +x scriptname), Linux can use the shebang to determine the script type, and run with a call similar to any other application on the system. However, if like me you care about security, you may not want to have executable files in your home directory. One of the best things about linux (or any *nix including bsd, or mac) is the user permissions management. If your account gets compromised, that doesn't mean the rest of your whole system has been "rooted" (compromised as the root user). Most infections (linux is not immune to compromise) attack executable files that your user has access to, and so if you have executable scripts in your home directory, they can be written to. Then the next time you call on one of these scripts, you may be running a malicious hacker's code.

Now you may ask “what alternative is there?”. With the rest of this post, I plan to give a few.

root owned (standard for most systems):
If it is a script that others on the system would want to use (and you can become root), you could move it into one of the system folder in the users $PATH. I don't tend to do this often (and dont really suggest it), since it puts random scripts outside of the system's package management. Instead it may be best to use one (or a combination like I do) of the following options. You can then give the other users the file (use links, edit their rc files (~/.bashrc, ~/.profile) as root, or include them in /etc/skell before creating the users) .

rc file:
As stated in my previous post, you may create a file with a list of simple functions. If its a simple script, it may be fairly easy to convert to a function (or a few). If you can create a few functions you would want to use together, include them into an 'rc' file. Then when you want to use them, you only need to 'source' the file first (source MyFunctions.rc). You can then call on the functions just like any other command. If it is a list of functions you would want to use (or at least be able to without sourcing the file) every time you login, you could include sourcing the rc file through your ~/.bashrc (or ~/.profile if you might want to use these functions as shortcuts in your GUI shell such as gnome. I may go into this further in another post, but thats beyond the scope of this article).

Not every script can easily be converted to the function, and so

alias the complex scripts:
most modern linux distrobutions include a tag in your ~/.bashrc, or .profile to source a ~/.bash_aliases file. Create, and use this file if you dont already have it. And a statement similar to the following 'if' should be included your ~/.bashrc, or ~/.profile

if [ -f ~/.bash_aliases ]; then

    . ~/.bash_aliases

fi

!!you can use a this as example of sourcing to source one of the previous mentioned functions rc files in your bashrc, or profile.

Create your ~/.bash_aliases file and fill it with statements similar to the following example to create a command to run a non-executable bash script called ~/myscripts/newscript as a command 'myscript'

alias myscript=”bash ~/myscripts/newscript”

your ~/.bashrc file is parsed every time you login to bash, your .profile is sourced every login (including most GUI shells such as gnome, kde, xfce4) so if you have non-executable scripts that use a gui toolkit (such as zenity for gnome) you may want to source another ~/.gui-aliases or similar in your ~/.profile so you can easily run said aliased script through terminal, or a shortcut in your applications menu, panel, or desktop.

Thats about all for this post. I will probably give an example rc file (with some fun included functions) that auto-aliases all scripts under a folder based on the “shebang” line in a future post.

Friday, July 29, 2011

Bash Script - Port Scanner

Please be careful! port scanning can be seen as abuse, and get you into trouble (ISP may block your traffic, ect...)

The following bash script works slowly as a port scanner, but may take a long time to scan the 1000 ports that it scanns. It is just a quick example script using 'nc'. The fastest run is with no arguments to scan your localhost. The next fastest would be IP addresses (or domain) in your local network. A slow scan would occur for a non-local IP or domain. or, the slowest scan is a list of hostnames to scan as arguments

Check it out - hope its useful to someone:

#!/bin/bash

#

#       wazopen

#     

#       @copyright - 2011 nairb <code@nairb.us>

#     

#       @license -  GNU General Public License V2







findwazopen(){

 portscanfile=$(tempfile -p port -s scan.txt)

 nc -v -z -w 1 $1 1-1000 >>$portscanfile 2>&1

 echo $(cat $portscanfile |grep succeeded|awk '{print $4}')

 rm $portscanfile

}



case $(echo ${0##*/} |cut -d '/' -f $(echo ${0##*/} |wc -w)) in

 wazopen)

  if [ $1 ] ; then

   if [ $2 ] ; then

    for i in $@ ; do

     echo -e "HOST: $i has the following open ports:"

     findwazopen $i

    done

   else

    findwazopen $1

   fi

  else

   findwazopen localhost

  fi

 ;;

 *)

  echo -e "wtf r u trying to do?\n\ncant call this as $0"

 ;;

esac

although if you have 'nmap' installed, you can do a much easier (and much faster) version like the following 1-liner function to be called on later in the same environment as zopen:

zopen(){ nmap $1 |grep \/ |grep -v nmap |awk '{print $1 " " $3}' ; }

or if you only care about the port numbers:

zopen(){ echo $(nmap $1 |grep \/ |grep -v nmap |awk '{print $1}'|cut -d '/' -f1 ) ; }

another function for a list of hosts:

zopenlist(){ for i in $@ ; do echo -e "$i:\n\t$(echo $(nmap $i |grep \/ |grep -v nmap |awk '{print $1}'|cut -d '/' -f1 ))\n" ;done ; }

or a my favorite, a much better version with better logic and usage of 'awk':

wtfsopen(){ wadopen(){ for i in $@;do echo -e "Host: $i:\nPorts\tServices\n$(nmap $i |awk '/^[0-9].*/ {print $1 " " $3}')";done ; };if [ $(which nmap) ];then if [ $1 ];then wadopen $@;else wadopen localhost;fi;else echo -e "install 'nmap' first";fi; }

and if you find you would like to use any such function often you can just include it in one of your shell's rc instead of making an executable script

Website Security Intro - Looking for RFI attacks

If you run server-side scripting (which most major sites/applications do), it makes your site much more vulnerable to many attacks. If you are dealing with data-bases, this opens you up for other attacks. Unfortunately one may be hard pressed to find a web-site, (CMS solution) that does not have any server-side scripts, unless you have no need for dynamic content, and can program the site in just html/java-script/flash.

If you can manage to write your site up in html only (including java-script and/or flash) this is clearly the most secure solution.

But the rest out there, may want to look into putting their site up on a 3rd party managed CMS-service. Blogs (like this) can be run here on blogger (or WordPress, TypePad, ect. Also offer solutions). If blogs are not what your looking for, Google freely offers “google sites”. There are many other managed CMS hosting services available, check with your chosen hosting provider. A major benefit to these services is to leave the server-side security (and incident handling) on them instead of you. You would just need to keep up with your passwords, email, PC security just like with your facebook, or myspace pages.

For those that just cant find a managed solution for their needs (or just dont want to use them/enjoy more freedom then the provided solutions), monitoring the security of your sites can be an ongoing battle. In the following introduction, you will find helpful weapons to add to your arsenal.

I find dealing with linux servers the easiest, (and also the most common hosting solution) so I will be primarily discussing such. If your site is on a hosting account without ssh access, upgrade your account, or find a new host.

SSH, and the linux server's terminal applications (grep, awk, sed, cat, less, ect.) are your best friends. Get to know them. Google searching for their “example uses” will greatly help. If you get stuck with any of them, chances are the 'man' application will give you much more info about the options of these apps than you will ever need.

Server-side scripting exploits can be seen in the apache access logs. If you dont know where these are for you, find out. Apache log files can be viewed (searched, and their data formated more friendly) using your ssh login, and the terminal apps.

For example: RFI attacks (“remote file include” - usually the result of include statements not being sanitized correctly, allowing remote scripts to be run on your server with your users permissions) show up in the apache access logs as a line including the apache code: '200'. This is the code for successful access, although this can still be misleading if you have custom error pages, it could indicate that there was an attempt which only successfully returned the error page. Weather just an attempt, or successful, RFI attack log entries usually include a 'POST' or 'GET', and a link to a remote file such as: '=http://SomeDomain.com/MalitionsHackerScript.php'.

To run the following example (1-liner) command, to look for RFI attack attempts (including the mentioned false-positives), you would want to ssh into your webspace, and change directory to your 'logs/' (or whatever the folder name of your logs).

Example 1-liner:

zcat ./access.log.* |grep -i '=http' |grep ' 200 ' |grep -iE 'txt|php|cgi'

Now lets break down that above call:

zcat ./acess.log*

This command outputs all of the lines in your apache access logs, and then its output is “piped” to the next search command:

grep ie '=http'

Which searches for occurrences of '=http' or '=HTTP'. The output of this is then “piped” to the command:

grep ' 200 '

Which searches for occurrences of the successful apache code '200'. the output of this is then “piped” to:

grep -iE 'txt|php|cgi'

That then searches and outputs only the lines that include common extension for hacker scripts such as 'txt', 'php' or 'cgi'. There are others, or non-normal-pattern files, and scripts used also, so you could just replace this like with 'less' to just view all the posts or gets of the previous search commands. Although this will also show many potential false-positives that are just links from/to your site from/to elsewhere.

To further explain the above used grep options or “switches”:

For 'grep -i', the 'i' option tells grep to not count the case of the characters, so picks up '=http', '=Http', '=hTtP' or '=HTTP', ect...

The 'E' option in 'grep -iE' tells it that we are looking for an expression (in this case any occurrences of: txt, php, or cgi), instead of just 1 specific text.

--
Anyhow, thats more than I meant to go into for one post, but its a starting point to one look into their websites security.

keep on keeping on, and bad guys be gone...

Monday, July 25, 2011

Hacked Website or Web-space

Web-space: If your web-space has been compromised you would want to take steps to re-secure any information which may have been collected by the hacker (such as passwords, and contact information) and re-secure the web space its self.

A.) Take steps to update any passwords that are used or available in your web-space or databases. You may also need to inform any other users of the potential compromise.

B.) As with security of your personal computer, it may be best to “re-image,” or delete all files/databases associated, and re-upload from (known secure) backup or new updated code and files.

1.) Make Backups frequently! This way you always have a recent secure backup to restore from.

C.) Update any applications (Wordpress, Joomla, or any other CMS or server-side scripts) you are running. Contact the vendor/developer for updates if needed, and be sure to always keep up to date with security patches and advisories.

Credit Card Fraud, and Identity Theft

Have you been the victim of Online Fraud, Identity Theft, or some other form of Internet Abuse? The following outline contains steps you may take to help re-secure your information.

I.) Your Credit Card: If your Credit Card has been compromised, contact your card provider.

A.) Contact the telephone number usually listed on your credit card.

B.) Have them cancel your card number and issue a new number. Some providers also allow you to place a "security lock", or "fraud-watch" on your account. Ask your provider if they offer any such service.

C.) Review your credit card statement for any fraudulent charges and dispute those charges through the card provider.

D.) Contact any vendors who post these charges as they may not be informed by the card provider that the purchase was a fraud, and may forward any account created with your information to a collections agency. This may then result in a blight on your credit report.

II.) Your Identity: If accounts are created fraudulently using your name/contact information.

A.) Contact your local law enforcement agency (start with your local police).

1.) File a claim of "Identity Theft", and provide them with all the documentation you have regarding the incident. While the local authorities may not actively pursue smaller claims frauds, getting a police report gives legal documentation of the incident.

i.) Changing your credit card information is easy and stops the initial credit card fraud. However, a malicious person has already pretended to be you, and likely has your contact details. They may continue using your information fraudulently as their own. Having police report gives you evidence that you have been the victim of Identity Theft. You can show this documentation to future agencies attempting to collect on further accounts which may be set up by this other "you".

2.) The local law enforcement may also contact or direct you to contact the FBI Cyber crimes division. At which point you would need to report a complaint through the "Internet Crime Complaint Center". This site is available at the following URL: http://www.ic3.gov/default.aspx

PC Security - dealing with viruses, spyware, and malware

Your Personal Computer: The security of your personal computer.

A.) Regularly apply all security updates provided by your operating system vendor.

B.) It is good practice to scan for viruses, spyware, and malware frequently. Im not going to go into which software I would suggest for these purposes here, since there are many to choose from, and i havnt tried them all. There are many free ones that will manage the primary issues needed, but many payed applications have many bonus features.

1.) On-Access protection: Many anti-virus applications have "on-access" protection which may result in your computer running slower, but this adds an extra layer of security scanning before files get written to your hard drive. This is good idea to keep running in most situations.

2.) Firewall: Monitor your firewalls (these can be hardware embedded, OS system created, or included in many anti-virus applications). Do not enable any ports to be open that you dont need to use for a service.

3.) No-Script: many infections, and attacks are a result of malicious scripting on a compromised (or intentionally malicious) website. If you use firefox (and why wouldn't you at least over IE) you can install the noscript extension which blocks all client side scripting by default. Only after you accept the validity of the source and "white-list" it does this extension allow those scripts to be run.

C.) If your computer is compromised, (there is NO anti-virus which is 100% effective) you may need to "re-image" the system -- this involves formatting and re-installing the operating system and any programs, before virus-scanning and restoring your files.

1.) Alternatively, you may wish to use a linux "live cd" -- since it is a known secure OS to boot and work from and update your passwords, and online account security. A couple free examples that you can download are Knopix, or Ubuntu. These can also be installed to the hard drive, and run much faster installed than from the "live cd".

Email, and Passwords Passwords Passwords

Email: If your email is compromised by a hacker, than the hacker also has access to any other accounts associated with that email address. Follow the steps below to update to new, more secure passwords.

Passwords: The easiest link in a person's security chain to compromise is most often a password.

A.) Every password should be unique. Never use the same password for more than one account, as this requires a hacker to compromise only 1 password to access any of your accounts.

B.) Change your passwords frequently. Even random passwords can be guessed eventually. As the "infinite monkey theorem" states, a monkey hitting keys at random on on a keyboard will eventually have hit the right sequence of keys to guess your password. Computers can do this much faster than any monkey.

C.) Use Strong Passwords! Passwords should be random alpha-numeric (with symbols if allowed by service) as to make dictionary attacks unlikely. For example: F4k72bT is much more secure than jon123. Creating secure passwords can be easy with the following examples:

1.) Think of an easy-to-remember sentence and take the first letter (or 2) of each word (lower, and uppercase), numbers and special characters (!,&,$,#,-...)... For example the sentence “In ‘97, Bob and I were on vacation in Spain!” would result in a password like “I’97BaIwoviS!”

i.) In order to remember what password you used for an account try adding something about the account as part of the sentence or pre/post tag along with each password. From the above example, “I’97BaIwoviS!_Fb” for a facebook login, or “On_I’97BaIwoviS!_Ba” for online banking login. An example sentence including the name of (or abbreviation/symbol, mnemonic) the service you are logging into: “In ‘97, Bob and I became Myspace friends!” results in a easy-to-remember password of “I’97BaIbMf!”, which has the added security benefit of being unique to the service.

2.) If you do not wish to create all these passwords, it can be a good secure alternative to use a “random password generator”.

3.) Password Manager: It is not a good idea to write passwords down anywhere in plain text. To aid in keeping your passwords secure regardless of which method was used to create them, you may wish to use a “password manager”. One free (cross platform) password manager application is “keypass password safe” which also includes a strong random password generator (as mentioned in previous section). You can freely download keypass for your platform (computer, or smartphone) from their site http://keepass.info/

Python Superscript

similar to my last post about bash scripting with "basename" functionality, here is an example python module to determine the name of the link being called as well as the arguments supplied:



#!/usr/bin/env python

#-*- coding:utf-8 -*-



"""

        PROJECT - MODULE:

                Python-SuperScript.py



        DESCRIPTION:

                example basename functionality handling in python



        @copyright: 2011 by nairb <code@nairb.us>

        @license: GNU GPL, see COPYING for details.

"""



import os, sys, string



class App(object):

        """ Class doc """

      

        def __init__ (self):

                """ Class initialiser """

                pass

              

        def progName(self):

                """  Return the program name of running script

                @param: none

                @return: base name of the running script

                """

                argvz=string.split(sys.argv[0], '/')

                return argvz[len(argvz)-1]

              

        def progArgs(self):

                """ Return the array of arguments given

                @param: none

                @return: the arguments passed to script

                """

                return sys.argv[1:]



        def Main(self):

                """ Main Function

                @param PARAM:

                @return RETURN:

                """

                print "This program was called as:\n\t" + str(self.progName()) + "\n\nArguments where passed of:\n\t" + str(self.progArgs())

      

if __name__ == '__main__':

    a=App()

    a.Main()

hope someone finds this useful

Sunday, July 24, 2011

Basename function processing without basename binary installed

OK, so Im going to start posting some howto pages to this blog.

starting with a bash scripting case statement to decide script function based on "basename" (or the name of the file running as the script) without the "basename" binary installed. This way you can create many links to the same script, and make the that script do many different things determined by the link name it is being called as. Then you just need to make sure these links to the script are in a directory somewhere within your $PATH.

example:

case $(echo ${0##*/} |cut -d '/' -f $(echo ${0##*/} |wc -w)) in

    scriptlinkname1)

        echo "doing the function scriptlinkname1"

        ;;

    *)

        echo "did not define that links function yet"

        ;;

esac

hope you find this helpful.