Recently in software Category

Recently I needed something like web based equivalent of tail -f and tail -n commands, so I could display running tail or last N lines from specific log file. To avoid reinventing the wheel I started looking at previous works on-line and found some interesting bits here and there - one of the most useful being AJAX Logfile Tailer & Viewer, so I based my work on this one.

The trick is, that as far as it does exactly what I needed, this solution requires web server with PHP... and installing web server (not to mention PHP) is not really what I want on my logserver.

Mojolicious to the rescue!

Mojolicious is a very powerful Perl web framework that comes without bloat (almost unheard of these days!) - all you need is standard Perl interpreter and core Perl modules as they come preinstalled with your Linux distro and you can install Mojolicious - no other dependencies. On Debian systems installation is as simple as

apt-get install libmojolicious-perl

and we're up and running. Writing Mojolicious::Lite app is really simple and the best part is that it comes with it's own, built in web server (operating in several different modes if needed). Sounds like nice way to go - no dedicated web server on the machine, self-contained application, etc. One more thing - writing, testing and deploying the whole code to actual machine took less than 10 minutes!

Less than two weeks ago I've sent a tweet asking for honeypot recommendations. I wanted to play a bit with something new, something I never did before, mostly because I never had time for it (right, like I have it now). Anyway, thanks to all the great people that replied to my tweet I've learned a lot and found some great software. Now it's time to give something back to the community.

Kippo - simply amazing

First honeypot I've reached for was kippo. It is a medium interaction SSH honeypot designed to log brute force attacks and log the whole session as it goes - including timings, typos, etc. The magic sauce is that you can play the session back (with typos!) and see what the attackers are made of. Believe me - playing back those session is totally amazing! Some samples are available on project's page.
There are also other features to like, like trapping sessions and not disconnecting them even if bad guys do logout, logging ssh client used (very easy to tell scanning bots apart from real people), quite nice interaction and most of all easy way to extend your honeypot it with your own commands.

Certainly 140 characters is not enough to express all the thoughts around recent CSRF flaw in OpenCart and how it was handled (in my humble opinion it even deserves nomination for Pwnie Awards), although some people had a good go at Daniel Kerr.

Above is just a selection of comments that you can find on Twitter and in all of this negative karma there is some good thing going on. This incident got quite a lot of people to write some really good posts about the incident. Some of my favorite posts are Humble Helps and Psychology of "Secure Code" - definitely worth reading.

Although I'm not an expert in either coding or security (but I did quite a lot of both) I think there is also a bit more to it.

What can be better to do on the tube than to kill some time reading manuals or books? Of course in IT quite a lot of that stuff comes as PDFs or other non-paper formats, so good eBook reader or an app for whatever terminal you have is an advantage.

During one of the DC4420 meetings one of the guys gave a very good recommendation for an iPhone app that copes very well with PDFs and some other formats. The app is called Good Reader and I have to say, it's really good (for what I need it to do).

Usually the problem is how to deliver the files of interest to the reder. You want to be able to read when off-line and have flexibility in delivery methods of course. Here is the thing that sold me to the Good Reader - you can upload the files over wifi directly to the iPhone, using nothing more than a web browser. Yes - the app functions as a web server to do it! Just to make sure it doesn't turn your phone into public web server, you have to confirm that you want to allow the given IP to connect and you get that question every time you turn the wifi upload option on.

Recently I had some serious problems with wi-fi at home - especially one of the laptops was dropping off and couldn't come back. Quick survey using Kismet and other tools to scan what's flying around has proven that my network is in less populated part of the spectrum (at least here) but still, problems are getting worse and worse.

I was fully aware of Wi-Spy by Metageek, seen it in action previously but never had a chance to buy one. Part of the decision was the price back then, maybe now it would be another game, but anyway - I got myself another device, made by well known wi-fi vendor Ubiquiti and it's called AirView2.



What's so special about this one? Why it's better than Wi-Spy?

First of all I didn't say it's better. It's different, woks with Linux, Mac OS X and Windows, has a nice price tag and does pretty much the same as Wi-Spy. Let's have a closer look then, shall we?