Yep, been a while since I've last posted something (actually this would be the first thing I've posted in 2011), but indispensable utilities like this one motivate me to post more often.
sshfs is part of the FUSE project for implementing file systems in userspace. A file system is typically run in kernel space, both because it gets more tightly integrated with the kernel and it becomes more transparent to the user. Running a file system in userspace alongside applications is a fairly new concept but it works surpringly well.
sshfs is easily installed from the ports system:
cd /usr/ports/sysutils/fusefs-sshfs; sudo make config-recursive; sudo make install clean
is all that's needed. With that step completed, enable mounting file systems devices as a normal user:
I recommend sticking that in /etc/sysctl.conf (omitting the sysctl : ) to make it permanent . Lastly, add 'fusefs_enable="YES"' to your /etc/rc.conf and run /usr/local/etc/rc.d/fusefs start to load the fusefs kernel module that was built with the port.
In order to mount remote machines over ssh, you'll use the sshfs utility. I highly recommend setting up password-less ssh login using a public/private key pair. A simple Google search will show you how that's done. As a first example of mounting a remote server (don't try to mount something from your local machine. weirdness will ensue.), use the following:
%sshfs remotebox: local_dir
Notice the colon after the remote machine. By default, sshfs will try to mount your home directory on the remote server as the local_dir. You can specify any paths your user would normally have access to:
%sshfs remotebox:/usr/src local_dir
The command above would mount the /usr/src directory on the remote machine as /usr/home/<your user>/local_dir. To unmount a directory, the documentation states that you should use fusermount -u <mountpoint> but I was perfectly ok using the normal umount command. To keep the mountpoint available, it's worth adding a keepalive to your ssh client configuration. Simply add something like ServerAliveInterval 5 to your ~/.ssh/config file to send keepalives every 5 seconds to the server.
Kismet is a very handy wireless scanning and capture program. Unlike programs such as Netstumbler, Kismet allows you to capture wireless traffic. This could, of course, be used for both good and evil, so I leave it up to you to do what you will.
Kismet is in Portage, but it lags a bit behind the current version (2008.05 is in Portage and 2010.07R1 is the latest as of this writing). You should be able to get the latest version by using an overlay, but I'm not keen on using overlay software unless I really need the bleeding edge. Use portage to install Kismet:
%sudo emerge -av net-wireless/kismet
Once installed, you'll need to modify the config file before you begin scanning. Open /etc/kismet.conf in your favorite text editor and add your login to the 'suidsuser' variable. There are quite a few options to configure, but the one you must configure is a capture source. For our needs, change the 'source=' line to the following:
I suppose this would work for most of the older IPW2100-based Centrino notebooks since the Centrino chipset is the same. Save the config and exit. You should be able to type 'kismet' at a terminal and have the client and server automatically start. If this doesn't work, you may have to manually change the kismet server to set uid. Do the following:
%sudo chmod +s /usr/bin/kismet_server
Try launching the program again. If you see a text based interface and some SSIDs, you're good to go! If not, you may have to fiddle with your settings a bit more. Either way, happy scanning!
Apple's OSx86 10.4.4 Security Broken: "Happy Valentine's Day... from Maxxuss. According to The OSx86 Project, the 'hacking guru' has broken Apple's security measures in OS X 10.4.4, which were stronger than all previous releases combined. The article has a great discussion on the implications of this event."
In case you're not familiar with OneCare, it's basically a antivirus, antispyware, and backup package you subscribe to for $50 a year. The ironic thing is that this is a paid service to protect you from the many security problems in Windows. Basically, you're paying twice: once for a security-hole ridden OS, and again for (Mafia-like) "protection". Why doesn't MS just scrap the legacy code and write a real OS?
Article available here.
For NSA photo opp prop, Feds use security portal as if top-sekrit: "Xeni Jardin:
Mike Outmesguine says,
Boing Boing readers may have missed this on Digg, but I thought they'd get a kick out of it: Link.
In a press pic of Bush touring sooper sekrit NSA headquarters, a way cool, wargames-looking big screen display is in the background with all sorts of cryptic worldwide threat intel: Link.
But that's actually a volunteer-run computer security portal that anyone can display through a web browser: Link to SANS.org
(Ed. note: SANS, btw, does not stand for 'Sekrit-Ass-NSA-Stuff.').
Click here to launch your own NSA Global Threat Display. I'm so leet, I have it running on LCD #4 right now!
(Via Boing Boing.)
I wonder if PC Magazine knows it, after their Mac-bashing article ? By the way, this article was from Ziff Davis, a VERY PC-biased media company. Either way, that seems to be the case according to RFC 2131, better known as DHCP.
After reading this weblog, it appears that any machine that connects to a rouge DHCP can be 0wn3d.
Here's an interesting quote from the article:
The only difference to Apple is that they also use DHCP for LDAP discovery. But even if all you use DHCP for is IPv4 addressing, and DNS, you're still at risk on a rogue server, because that server now has your IP address, and your MAC address, which can be of great convenience to a cracker.
A nice rebuttal is at The Mac Observer. Ready to eat your words, Mr. Ulanoff?