Monday Jun 19, 2006

Week to go for FIRST 2006 Baltimore

The largest annual gathering of Computer Security folks (FIRST) who keep the world's computing infrastructure safe, (aka white hats) is happening in Baltimore in a weeks time.

Sun is one of the Supporting Sponsors of FIRST 2006. If you are a security geek fighting the dark and evil forces of the underground, you wouldn't want to miss attending this. Registrations are still open.

Tuesday May 16, 2006

At JavaONE

I stopped by JavaONE Moscone Center, this evening, it was quite crowded. Java Pavilion was bustling with companies and groups showcasing some of the amazing stuff with Java. John and team won Duke's choice award for model rail road. There was a java GUI app that reflected the state of the track. You could change tracks by clicking on the track in the GUI. My mischievous mind changed tracks when the train was half way through a junction, causing the train to get stuck in the middle!

Another really cool stall was the Looking Glass 3D desktop operated by hand gestures (just like in movie Minority report). You could wave away a window or maximize it by pulling it towards you. (see the new videos from Cebit on lg3d site)

Monday May 08, 2006

Security Sun Alert Feed

Sun publishes Sun Alerts to warn users about product issues. A Security Sun Alert is published for every security vulnerability found in supported Sun products.

You can subscribe to a weekly summary email of all Sun Alerts. Hoping that an RSS feed is one way to propagate the news on the net, I wrote a small web-scarping script that looks at the SunSolve Sun Alerts page on an hourly basis, and posts a summary of all recently published or updated Security Sun Alerts to the Sun security blog (

Apart from Sun Alerts you may also find notes about product security issues (like the AMD64 FPU issue, to which Linux and BSD were vulnerable, but not Solaris!)

See also alertpool which is aggregating security alerts from major vendors and sites.

Saturday Mar 25, 2006

Parsing Sun Alerts

If you wanted to parse a Sun Alert to get meta data like its synopsis, product, state etc., here is something more than plain old regular expressions. It is a XSLT transform, that reads a Sun Alert html file and just prints the metadata in plain text format.

Use xsltproc(1) to process the Sun Alert this way:
$ /opt/csw/bin/xsltproc --html saplain.xsl '' 2>/dev/null
Sun Alert ID: 102262
Synopsis: Security Vulnerability in sendmail(1M) Versions Prior to 8.13.6
Category: Security
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System
BugIDs: 6397275
Avoidance: Workaround
State: Workaround
Date Released: 22-Mar-2006
Date Closed:
Date Modified: 24-Mar-2006

The intent is to channel this metadata to an RSS feed, so those who prefer a RSS feed for Sun Alerts can get them that way. Watch this space for more to come.

Friday Dec 16, 2005

Security Ideas for Solaris University Challenge Contest

Here are some security ideas that come to my mind to suggest for Solaris 10 University Challenge Contest.
  1. Come up with an exploit prevention mechanism, may be using DTrace. For eg. assume a new security vulnerability is discovered in Apache, before patches are available for Apache, your mechanism would prevent Apache from being exploited, if there is an attempted exploit. You may use some "Process Destructive Actions" in DTrace or you may do something more innovate and less harmful.
  2. Write a modern fuzz for OpenSolaris, that may parse SGML man pages, automatically figures out command line args, environmental variables, or use DTarce to dynamically find these. It could also fuzz library calls and system calls. It could do many more tests like giving large arguments, large environments, large and random files as input. Whether you win the university challenge or not, you will certainly be hero in the eyes of security community. You would also get a totally worthless but sincere acknowledgment in our Security Sun Alerts.
  3. Use the concepts of LiveSystem to visualize security roles, profiles(1) auths(1) user_attr(4) and privileges(5) and other security features in Solaris 10. This configuration is currently spread over multiple files and difficult to get the big picture.
  4. Create a "system integrity verification OpenSolaris liveCD" that, boots from a CD, detects any Solaris 10 instances on the hard disk, then verifies the Solaris ELF signatures of system binaries using elfsign(1) verify, and reports a summary if it found anything tampered. Could be useful if you suspect your system was compromised

  5. More later as I dig through my notes and home directory...

Friday Dec 02, 2005

The "pop-up blocker myth"

While A friend of mine was using his windows laptop, I noticed that there were Internet explorer windows popping up once in a while. And he would just close them or ignore them. It never occurred to him that those were Spy-wares or ad-wares and other Trojans (malware), which might be doing anything from capturing his keystrokes, to implanting backdoors for more adwares to occupy his machine.

I asked him to download and run Microsoft malware removal tool from Microsoft, and detected dozens of Trojans and malware. (Thank you Microsoft!)

Thinking about this I realize that there is a myth about "Pop-up-Blockers" - a misconception created by advertisements of ISPs or browsers. People think that pop-ups are some sort of pests inherent to using Internet. You need to buy XYZ or some pop-up-blocking service to get rid of them. They are like mosquitoes, you need some mosquito repellent stuff to get rid of them, but it is not much of a harm if you can live with them..

Searching for "pop up blocker" does show many advertisements that fuel this misconception.

Get the facts clear, if there are windows popping up - it means your system is hacked and something terribly bad has happened! and you should format your windows partition, either install something secure like Solaris or reinstall Windows, upgrade to latest patches..

BTW, notice the search results in google for "pop up blocker" there is a bug in google results. The very first hit does not even contain the words popup or blocker but gets ranked as number one hit!

Tuesday Nov 15, 2005

Second FIRST VendorSIG

I am at the FIRST Technical Colloquium in North America this week. Derrick will be discussing about Responsible Security Coordination with Open Source in the second meeting of FIRST Product Security Teams aka VendorSIG, focusing mainly on how we still do responsible security vulnerability handling with OpenSolaris.

Monday was the plenary session, including a dinner at TGIF on El Camino. Once again, these FIRST gatherings are a great place to meet heros who fight the criminal underworld, who safe guard the Internet and the global computing infrastructure, working together across countries and companies.

sayings of an hearer


« June 2016