scanning for base64_decode references

A friend’s site was recently hit by the massive infections/hacks on Dreamhost‘s servers, so I decided to do some scanning on some servers that I administrate for base64_decode references.

The simple command I used to find suspect files was:
# find . -name \*.php -exec grep -l "eval(base64_decode" {} \;

The results could be sorted in just 2 categories. Malware and stupidity. There was no base64_decode reference that did something useful in any possible way.

The best malware I found was a slightly modified version of the c99 php shell on a hacked joomla installation (the site has been hacked multiple times but the client insists on just re-installing the same joomla installation over and over and always wonders how the hell do they find him and hack him…oh well). c99 is impressive though…excellent work. I won’t post the c99 shell here…google it, you can even find infected sites running it and you can “play” with them if you like…

And now comes the good part, stupidity.
My favorite php code containing a base64_decode reference that I found:

$hash  = 'aW5jbHVkZSgnLi4vLi';
$hash .= '4vaW5jX2NvbmYvY29u';
$hash .= 'Zi5pbmMucGhwJyk7aW';
$hash .= '5jbHVkZSgnLi4vLi4v';
$hash .= 'aW5jX2xpYi9kZWZhdW';
$hash .= 'x0LmluYy5waHAnKTtl';
$hash .= 'Y2hvICRwaHB3Y21zWy';
$hash .= 'd2ZXJzaW9uJ107';
eval(base64_decode($hash));

Let’s see what this little diamond does:


% base64 -d 
aW5jbHVkZSgnLi4vLi4vaW5jX2NvbmYvY29uZi5pbmMucGhwJyk7aW5jbHVkZSgnLi4vLi4vaW5jX2xpYi9kZWZhdWx0LmluYy5waHAnKTtlY2hvICRwaHB3Y21zWyd2ZXJzaW9uJ107
include('../../inc_conf/conf.inc.php');include('../../inc_lib/default.inc.php');echo $phpwcms['version'];

So this guy used a series of strings which all of them together create a base64 encoded string in order to prevent someone from changing the version tag of his software. That’s not software, that’s crapware. Hiding the code where the version string appears ? That’s how you protect your software ? COME OOOOON….

Using OpenVPN to route a specific subnet to the VPN

I have an OpenVPN server that has the push "redirect-gateway" directive. This directive changes the default gateway of the client to be the OpenVPN server, what I wanted though was to connect to the VPN and access only a specific subnet (eg. 100.200.100.0/24) through it without changing the server config (other people use it as a default gateway).

In the client config I removed the client directive and replaced it with these commands:
tls-client
ifconfig 172.18.0.6 172.18.0.5
route 172.18.0.0 255.255.255.0
route 100.200.100.0 255.255.255.0

What the previous lines do:
tls-client: Acts as a client! (“client” is an alias for “tls-client” + “pull” … but I don’t like what the pull did–>it changed my default route)
ifconfig 172.18.0.6 172.18.0.5: The tun0 interface will have ip 172.18.0.6 on our side and 17.18.0.5 on the server side. The IPs are not random, they are the ones OpenVPN used to assign to me while I was using the “client” directive.
route 172.18.0.0 255.255.255.0: Route all packets to 172.18.0.0 on the tun0 interface. In order to access services running on the OpenVPN server (172.18.0.1) I needed a route to them.
route 100.200.100.0 255.255.255.0: Route all packets to 100.200.100.0 on the tun0 interface

A traceroute to 100.200.100.1 now shows that I accessing that subnet through the vpn.

Greek adblock plus filter on the official subscription list

Six months after my original post on the creation of Greek Adblock Plus filter, the filter is finally added on the official subscription list thanks to Wladimir Palant.
Apart from Adblock Plus add-on for Firefox/Iceweasel/etc, the filter is also usable by the AdThwart extension for Google Chrome/Chromium

Until today the list peaked at 70 subscribers…I hope this will make more people trust my filter list and reach at least 100 subscribers.

As a sidenote, my RBL for Greek spam has moved to a new, better server thanks to a very kind person who donated it and some people administering mail servers have already added it to their spam filters. Since the original announcement the RBL jumped from 500 reqs/min to 2000 reqs/min.

26c3: Here Be Dragons!

We have been talking with Patroklos (argp of census-labs.com) about going to a CCC event for years. This year though we were determined. So on late September 2009 we booked our flight tickets to Berlin. A couple of weeks later some other friends expressed their wish to come with us. So in the end me, Patroklos, huku and SolidSNK (of grhack.net) and Christine formed up a group to visit 26c3 Here Be Dragons. Another group of Greeks also came to 26c3, among them Ithilgore, xorl, sin , gorlist and one more that I have no idea who he was, sorry 🙂

After a canceled flight on the 26th of December due to fog on SKG airport we finally flew on the 27th and went to Berlin. After arriving there we immediately went to the hotel we had booked and then straight to the Berliner Congress Center where the 26c3 was taking place.

BCC is an excellent conference center, nothing close to anything I have ever seen in Greece. It looks great both from the outside and from the inside. When we entered BCC we saw a huge number of diverse people. You could see and feel the difference with all the other IT conferences. People were very relaxed, very talkative and extremely friendly. What makes CCC so special is it’s community. There were soooo many CCC volunteers inside the BCC willing to help you with any information you might need. More on that later on…

After paying just 80€ for the whole conference, 4 days, we started walking around the ground floor. There were many information desks of various projects, free PCs to use (loaded with Ubuntu), the huge lounge which included a bar for food and drinks with lots of seats for people and 2 rooms for presentations. On the upper floor there were many more projects and another large room for presentations.

What made BCC so lively were all these projects around the presentation rooms. There were always hundreds of people sitting outside of the presentation rooms hacking on their projects, discussing with other people, selling merchandise, etc. Because it was our first time in the conference we were not experienced enough to use our time wisely between the lectures so I only managed to visit very few projects, Cacert, Gentoo and Debian. I am sure that there were people who did not attend any lectures at all and just sat all day at their projects’ infodesk.

Before I continue with the presentations we went to I want to make a note about volunteers again. Volunteers at 26c3 were called angels and they did an EXCELLENT job. They would not allow you to sit wherever you liked at a lecture, they would try to find you a seat or they would put you on a place where you could stand without blocking others. Nobody was allowed to sit at the corridors, nobody. Everything was in order and I never ever heard a single person complain about angels’ policy. They were strict and firm on one hand but helpful, fair and polite on the other. They were probably the best volunteers I have ever faced anywhere. All of them were carrying an ID and a DECT phone on them to cooperate with other angels (oh yes, the conference had it’s own DECT network…AND it’s own GSM network!!!) Funny quote: Angels at the entrance and exit doors wore t-shirts that wrote “Physical ACL”, heh.

The very first presentation we attended was “Here Be Electric Dragons“, and then we moved to see “Exposing Crypto bugs through reverse engineering“. After a break we tried to go to the “GSM: SRSLY?” lecture but it was SOO full that we were not allowed to go inside the presentation room. So we went to the “Tor and censorship: lessons learned” presentation which was more interesting than I expected. The final talks we saw on the first day were: “UNBILD – Pictures and Non-Pictures” which was in German and of course “cat /proc/sys/net/ipv4/fuckups“. Since none of us spoke German there was no urge to see the UNBILD lecture, but as we painfully understood by not being able to even enter the presentation room for the “GSM: SRSLY?” lecture, you have to go a LOT earlier to see a good lecture. We definetely wanted to see fabs lecture so we went there an hour earlier to find some seats. By the way, outside of the presentation rooms were TVs with live streaming from inside for people who couldn’t go inside or for people who didn’t want to. As I said earlier a lot of people preferred sitting at their projects’ infodesk and watched the streams of the presentations.

On the next day we saw: “Milkymist“, “Advanced microcontroller programming“, “Fuzzing the Phone in your Phone“, “Defending the Poor, Preventing Flash exploits“, “Haste ma’n netblock?” and “SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system“.

On the third day just “Playing with the GSM RF Interface“, “Using OpenBSC for fuzzing of GSM handsets” and “Black Ops Of PKI” since we decided to do some sightseeing as well 🙂

Finally on the last day we went to “secuBT” and from that to another German lecture about a distributed portscanner called Wolpertinger that replaced a canceled lecture on IBM AS/400. Afterwards we went to the realtime English translation stream of “Security Nightmares” and to the “Closing Event“.

I had a really great time and I certainly want to be there again next year. If I manage to go there again though I will try take a lot more days off work so I can visit many more places around the city. The whole event was excellent, the organization was almost perfect and the people who contributed to it deserve a huge applaud, especially the angels.

Congratulations to all.

Necessary pics:
lounge Room 1
FX presentation BCC at night
Pirate Flags BCC with snow
Closing EventThe Greeks

P.S. I don’t want to go into specific details about the lectures I attended. Some were REALLY good, some were average and some were totally boring. If you follow the news you already know which streams of lectures you should certainly download and see. You can find every lecture on CCC’s FTP server.

P.S.2 What a great wiki for an event…I was amazed by the amount of information one can find in there…

P.S.3 To Greeks only…please download the closing event presentation to see how we should start organizing events. Just check on the efforts of the people who contributed to the 26c3 event. I don’t want to write anything more about this issue because the difference with any Greek event I’ve ever attended to, or even the mentality of the people attending “our” events is SO SO SO HUUUUGE that it makes me really sad. I hope that this might fire up something. If more Greeks attended events organized abroad then maybe one day we might get more serious about our events as well.

Mac OS X tips/reminders

3 simple tips/reminders for stuff I had to deal with while using Mac OS X the last two days…

To get arrows working while inside vim in a remote server one needs to change Mac OS X’s terminal type.
$ cat .profile
TERM=linux

If you use push "redirect-gateway" option in an openvpn server configuration file, you need to add redirect-gateway def1 in your client’s configuration file when using openvpn’s Mac OS X client (Tunnelblick) or else when you close the VPN the previous default route is not restored.

To check on the signal quality of nearby Access Points get AP Grapher.

Speed up multiple ssh connections to the same destination

When you are doing multiple ssh connections to one host there’s a way to speed them up by multiplexing them. When you open the first network connection a special socket is created and then all other connections to the destination machine pass through the first network connection and don’t open any new ones. All that is done via ControlMaster and ControlPath settings for ssh_config.

Example usage:
Inside /etc/ssh/ssh_config
ControlMaster auto
ControlPath /tmp/%r@%h:%p

Firsh ssh connection:
% ssh foobar@foo.bar.gr
Password:
Linux foo.bar.gr 2.6.20.1-1-686 #1 SMP Sun Mar 4 12:44:55 UTC 2007 i686 GNU/Linux
foobar@foo:~$

Second ssh connection:
% ssh -p 22 foobar@foo.bar.gr
Linux foo.bar.gr 2.6.20.1-1-686 #1 SMP Sun Mar 4 12:44:55 UTC 2007 i686 GNU/Linux
foobar@foo:~$

No password is asked and the connection opens up immediately.

kudos to apoikos for telling me about this neat feature in fosscomm 🙂

Openvpn – MULTI: bad source address from client – solution

Problematic Configuration:
OpenVPN server config:
dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"

OpenVPN client config:
dev tun
client
proto udp
persist-tun
persist-key
resolv-retry infinite
mute-replay-warnings
remote REMOTE.HOST 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
comp-lzo
verb 3

The problem:
Using the above config files I continuously got errors like this on the server syslog:

May 1 00:00:00 hostname ovpn-openvpn[22563]: client1/X.Y.Z.W:1194 MULTI: bad source address from client [10.10.1.11], packet dropped

where X.Y.Z.W is my public IP and 10.10.1.11 is the Lan IP of the machine that makes the connection to the openvpn server.

The solution:
OpenVPN server config:
dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"
client-config-dir ccd
route 10.10.1.0 255.255.255.0

Then I created the /etc/openvpn/ccd/ dir and put inside a file named client1 with the following contents:
# cat /etc/openvpn/ccd/client1
iroute 10.10.1.0 255.255.255.0

Client configuration stays the same.

All should be fine now and in your server logs you will now see entries like this:

May 1 00:00:00 hostname ovpn-openvpn[27096]: client1/X.Y.Z.W:1194 MULTI: Learn: 10.10.1.11 -> client1/X.Y.Z.W:1194

Hint: If you want your clients to be able to access the internet through the VPN tunnel you _must_ create NAT.
a typical config on a debian acting as the OpenVPN server:
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address A.B.C.D
netmask 255.255.255.0
gateway A.B.C.E
network A.B.C.0
broadcast A.B.C.255
post-up iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.1/24 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

ACS…σημαίνει ασφάλεια

Σήμερα το μεσημέρι βρίσκω στην εξώπορτα της πολυκατοικίας ένα ειδοποιητήριο της ACS.

Έχω κάνει blur τον αριθμό του πακέτου και το όνομα…

Όπως κάποιος θα παρατηρεί, το ειδοποιητήριο αναφέρει επάνω του:

“Παρακαλούμε όπως επικοινωνήσετε μαζί μας στο ανωτέρω τηλέφωνο για την παραλαβή το ταχύτερο δυνατόν.”

Αν βλέπει κανείς τηλέφωνο επάνω στο ειδοποιητήριο να μου το πει και μένα…
Ανοίγω Firefox, πηγαίνω στο site της ACS, click στο “Καταστήματα” και εμφανίζεται ένας ωραιότατος χάρτης σε Flash. Clickety click στο νομό, ανοίγει νέα σελίδα με κανένα κατάστημα…Clickety click σε άλλο νομό, τα ίδια… ξανά click στο δικό μου νομό…πάλι τίποτα. Βλέπω ένα link “εργαλείο αναζήτησης”..το χρησιμοποιώ, βρίσκω το τηλέφωνο του καταστήματος και τηλεφωνώ

– Γεια σας, τηλεφωνώ σχετικά με μία παραλαβή. Στο ειδοποιητήριο αναφέρει ότι προβλέπονται 3 προσπάθειες παράδοσης. Πότε μπορείτε να το φέρετε ξανά το δέμα ?
– Αύριο.
– Μπορώ να έρθω να το παραλάβω μόνος μου σήμερα ? Και αν ναι, μέχρι τι ώρα είστε ανοιχτά ?
– Ναι, μπορείτε. Είμαστε ανοιχτά μέχρι τις 19:30.

Η ώρα ήταν ήδη 17:00 οπότε αποφασίζω να πάω προς το μαγαζί. Παίρνω την ταυτότητά μου αλλά ξεχνάω το ειδοποιητήριο σπίτι. Φτάνω εκεί, μπαίνω μέσα και ήταν μια υπάλληλος:

– Τι θα θέλατε ?
– Έχω λάβει μια ειδοποίηση για ένα δέμα.
– Έχετε το ειδοποιητήριο μαζί σας ?
– Όχι, το ξέχασα..
– Το όνομά σας ?
– ΧΧΧ…
– Μισό λεπτό…
(το ψάχνει για 20-30 δευτερόλεπτα, βρίσκει το δέμα και το φέρνει)
– Μένετε στην οδό ΥΥΥ ?
– Ναί, ΥΥΥ αριθμός ΖΖΖ.
– Βάλτε ολόκληρο το ονομά σας και υπογράψτε εδώ…
(συμπληρώνω τα στοιχεία μου και υπογράφω)
– Ορίστε (μου δίνει το δέμα)

και έτσι έφυγα από την ACS με ένα δέμα χωρίς να μου ζητηθεί καν ταυτότητα.

Θα μπορούσε κάποιος πολύ άνετα να πάρει το χαρτάκι από την πόρτα της πολυκατοικίας, το οποίο αναφέρει το όνομα του παραλήπτη, να πάει στην ACS και να πάρει το δέμα μου χωρίς εγώ να πάρω χαμπάρι. Δεν θα έπρεπε να με είχε πάρει τηλέφωνο κάποιος από την ACS αφού δεν με βρήκαν σπίτι για να με ειδοποιήσουν για την αποτυχημένη παραλαβή ? Πραγματική ασφάλεια…

PGP Keysigning Party στη Θεσσαλονίκη

*UPDATED με ώρα/μέρος*

Την Τετάρτη 23 Απριλίου του 2008 στη Θεσσαλονίκη θα διεξαχθεί συνάντηση για συλλογή/ανταλλαγή υπογραφών σε pgp/gpg κλειδιά. Για τη συμμετοχή σας θα χρειαστείτε κάποιο επίσημο έγγραφο που να πιστοποιεί την ταυτότητα που αντιστοιχεί στο κλειδί σας, και αρκετά αντίγραφα από το ψηφιακό δακτυλικό αποτύπωμα του κλειδιού σας και του ονόματός σας γραμμένα σε χαρτί.

Περισσότερες πληροφορίες για τη διαδικασία που θα ακολουθηθεί (Informal Method Party) υπάρχουν εδώ.

Το ακριβές μέρος και η ώρα θα ανακοινωθούν μέσα τις επόμενες μέρες.
Το meeting θα γίνει μάλλον σε cafe της πόλης ώστε να μπορέσουμε να συζητήσουμε και να γνωριστούμε καλύτερα.

Όσοι πιθανώς ενδιαφέρονται ας κάνουν ένα comment εδώ ή στο blog του Πάτροκλου για να μετράμε συμμετοχές έστω και στο περίπου.

*Update*
Ημερομηνία συνάντησης: Τετάρτη 23/04/2008
Ώρα: 16:30
Μέρος: Καμάρα Θεσσαλονίκης

Annoying spam from Magenta

Magenta is a greek software company which among others has a product called OfficeSuite 2008 Professional, which is based on OpenOffice. Nothing bad in that. This is very good news indeed.

The last couple of days though they have been spamming the “Greek internet” with emails about their wonderful product. I got the same spam to at least 4 different emails and mailing-lists that I am subscribed. It’s very very annoying. It is also known that magenta’s people have been reading emails on some of those lists, they have used them in the past, but none came forward these last couple of days to say that they are sorry for spamming us and that it won’t happen again, etc, etc. Advertising is one thing, spamming is something very very different. I expected that company to be a bit more serious about their marketing tactics, shame on them.

All spam emails come from the address: listmaster@magentadb.gr If any mail administrators are out there…PLEASE PLEASE block them.

Oneliner: text to image using imagemagick

$ convert -size 200x30 xc:transparent -font /usr/share/fonts/dejavu/DejaVuSansMono.ttf -fill black -pointsize 12 -draw "text 5,15 'this is just a test'" test.png

The result:

With this oneliner it’s very easy to create images of e-mail addresses for anti-spam purposes (pretty old-fashioned though).

Vivodi Full LLU και Packet Filtering ?

Χθες προσπαθούσα να βοηθήσω κάποιον στο IRC να βάλει gentoo (δεν χρειάζονται σχόλια 😛 ). Είχε διαβάσει το gentoo handbook φτάσει στο σημείο που πρέπει να κατεβάσει το stage3 tarball (Παράγραφος 5a του handbook). Αρχίζει να κατεβάζει όλο χαρά το stage3 tarball από το mirror του ntua (http://ftp.ntua.gr/pub/linux/gentoo/releases/x86/current/stages/stage3-i686-2006.1.tar.bz2) και ξαφνικά κολλάει στο 72%. Το ξαναβάζει…τα ίδια. Δοκιμάζει με ftp αντί http….τα ίδια. Του δείχνω το wget -c ώστε να κάνει resume…τίποτα…δεν γινόταν resume. Του λέω ότι εγώ στο σπίτι μου το κατεβάζω κανονικά (Vivodi με γραμμή ΟΤΕ)…και του δίνω το mirror του uoi. Αρχίζει το download από την αρχή, στο 72% πάλι κόψιμο. Δοκιμάζει να κατεβάσει το αρχείο από windows ώστε να το περάσει μετά με usb flash στο gentoo, πάλι κόλλημα στο 72%. Δοκιμάζει mirror από την Γερμανία, τα ίδια…ενώ εγώ να το κατεβάζω κανονικότατα σε 2-3 διαφορετικές dsl. Του λέω δεν γίνεται…κάποιο δικτυακό πρόβλημα έχεις. Του ζητάω να μου ανοίξει ssh πάνω στο PC που θα γινόταν το install, δοκιμάζω και εγώ να το κατεβάσω…τίποτα…ούτε με links ούτε με wget, πάντα κόλλημα στο 72%. H κάρτα δικύου έπαιζε κανονικά…collisions, errors όλα μηδενικά.

Λέω…δεν γίνεται, το modem σου πρέπει να έχει πρόβλημα, κάποιο time-out γίνεται…δεν βγάζω άκρη. Τον ρωτάω αν έχει 2ο adsl modem, μου απαντάει θετικά και το αλλάζει κατευθείαν. Αρχίζει πάλι το download, στο 72% πάλι τα ίδια. Η κατάσταση ήταν πλέον για κλάμματα.
Τον ρωτάω τη σύνδεση έχει και μου απαντάει Vivodi Full LLU στην Πάτρα. Τον ρωτάω έπειτα αν έχει κανένα άλλο φίλο/γνωστό με full LLU στην Πάτρα και μου απαντάει θετικά. Βάζει το γνωστό του να κατεβάσει το ίδιο αρχείο…και ναι…κολλάει στο 72% !!!! Παράλληλα ο γνωστός του αυτός του αναφέρει πως ακούγεται πως η Vivodi έχει στήσει filtering σε κάποια σημεία του δικτύου της…
Η τελευταία ελπίδα ήταν να πειράξω το mirror του uoi ώστε να απαντάει και σε https ώστε τα πακέτα να είναι encrypted και να μην μπορούν να τα πιάσουν τα οποιαδήποτε φίλτρα. Δοκιμάζει να το κατεβάσει με https…και όντως δούλεψε! Πέρασε το 72% και ολοκληρώθηκε χωρίς κανένα πρόβλημα…

Το συμπέρασμα είναι πως σίγουρα το dslam της Vivodi στην Πάτρα είναι προβληματικό. Πολύ πιθανό η Vivodi να εφαρμόζει κάποιο packet filtering, και το συγκεκριμένο αρχείο στο “72%” να κάνει trigger ένα από τα filtra της vivodi και να γίνεται corrupt ύστερα. Εγώ δεν μπορώ να το εξηγήσω διαφορετικά. Αν κάποιος μπορεί και έχει μια άλλη εξήγηση…ευχαρίστως να την ακούσουμε…Αν επίσης κάποιος με full LLU από Vivodi έχει λίγο χρόνο ας δοκιμάσει να κατεβάσει το αρχείο:

http://ftp.uoi.gr/mirror/OS/gentoo/releases/x86/current/stages/stage3-i686-2006.1.tar.bz2

και να μας πει αν κολλάει στο 72%. Αν ναι ας πει και σε ποια πόλη/περιοχή μένει…μήπως και βγει κάποια άκρη…

Εννοείται πως σήμερα όταν ο άνθρωπος αυτός πήρε τηλέφωνο στην Vivodi να ρωτήσει πως και γιατί…δεν είχαν να του πουν τίποτα. Ποιος όμως θα τον αποζημιώσει για τις 4-5 και παραπάνω ώρες που έχασε και κόντεψαν να τον φέρουν σε κατάσταση υστερίας ?

Thoughts on the evolution of Operating Systems

Linux is a multiuser operating system “designed to be secure by design”. Each user has it’s own home directory and can only execute applications that the Administrator (root) of the system has allowed him to. That means that users that want to run priviledged applications must either have root’s permission to do so or are asked for a password to escalate their priviledges. So every linux user not only knows the difference of a simple user and the “root of all evil”, but is well aware of where/when to use passwords, what are file permissions and so on and so on. A linux user has (or had, until recently) given up pretty graphics in favor of a more stable, more secure and more “free” operating system.

Windows is a (multiuser?) operating system with emphasis on usability. Since the first windows versions, the users of windows got used to being able to do almost everything without ever being asked for another password than the one at the login screen. Sometimes there wasn’t even such a login screen. A windows user is used to doing administrative tasks with his every day account. Most windows users don’t even know about file permissions and how to use them on their system. That makes life both easier and riskier.

Until broadband came to our lives at the very end of the 20th century, when Windows 98 and ME ruled the IT universe, windows users had very little to fear. While they only exchanged files with their friends on floppies and cdroms, and their computers were not 24/7 online, remote exploits, internet worms and trojans were unknown words to them. A decent antivirus was the only thing required. Windows 98/ME did not even have “services” running on them by default (apart from shared folders). During that time Microsoft only had to worry about making their users’ OS easier and more beautiful. And they were pretty successful in that.
Their server (NT) version though had tons of problems. It was very incompatible with a lot of software and was easily attacked by internet worms. The number of service packs for NT reached a ridiculous number, and still Microsoft couldn’t handle all the problems. Their enhanced server edition, Windows 2000 was a lot better than NT, but the security weaknesses remained. What made Windows NT and Windows 2000 so insecure was that they were supposed to be 24/7 online. The bad guys attacked WinNT and Win2K because they could then use them for their own purposes. A hacked win98 box behind a dialup was useless compared to an always online windows server. While more and more windows 2000 servers were getting online and worms hammered them, more and more people started bitching Microsoft about it. Microsoft tried to fix problems those problems with numerous service packs, but that wasn’t enough.
Then came Windows XP, the first Microsoft OS for users that had various services enabled by default. At the same time more and more people started having broadband at their homes. Now the bad guys had something new and more powerful to fiddle, and it wasn’t long until the first remotely exploitable problems appeared. The bad guys created worms and trojans that attacked WinXP, the OS of millions users. Users’ machines are millions more than server machines, and they were all probable targets/victims for those worms. If a remotely exploitable vulnerability was somehow found for Win98, the impact would be a lot smaller because the number of online PCs was a lot smaller back then . Every remotely exploitable hole found for XP drove users crazy. XP was not designed to be secure, it was to designed to be a _lot_ more beautiful than 98/ME. It was designed with multimedia, games, office work, etc in mind. People started asking for more than an antivirus for their PCs and a new word came to every windows user life, “Firewall”. Then came service pack 1, then service pack 2…and problems still existed and will exist even if a service pack 3 is launched sometime in the future. One of the basic problems with Microsoft XP is that it doesn’t help users understand how and when to use the Administrator account. Most users create a user with Administrator privileges during XP’s installation process and then run their machines with that admin account. This is _plain_ wrong. Every windows XP user feels that he can do everything he wants with his PC without ever being asked for a single password. So when something infects their PC and runs with their user’s privileges, it actually runs as the administrator of the machine. This leads to total destruction.

Vista is said to have a different approach to security though. It has supposedly been built from scratch with security in mind. Users are now ‘just users’ and their default account does not have administrative privileges. So every time they want to do an administrative task dozens of warnings appear before them. That supposedly ensures that nothing can run with administrative privilege unless the user explicitly wants it to be that way. Someone I know who used Vista told me that Vista makes you think that it’s for more advanced users than XP was. All these notifications that pop up asking you for permission to do this and that, makes you feel a bit uncomfortable. New users of computers, that first stumble upon Vista will feel much more uncomfortable with that OS than they would feel if their first OS was XP. And that’s bad for a “Windows OS”, every version until Vista was easier to use than the previous one, apart from Vista…which is harder.
Microsoft with Vista acts as parent who has spoiled their children for a veeeery long time, giving them free chocolates and candies even though they knew that by doing this they hurt their children’s health, and are now trying to put them on a diet. And this just can’t be done. Windows have spoiled users for more than 10-15 years and it’s too late to start telling people, “Hey mind your security!”. “Your account is now on a diet, no more candies for you”.

When Vista starts spreading among users (maybe in 1 year from now?), users themselves will eventually understand more and more about security concepts. They will start to understand why it is so important that the administrative account is something completely different than theirs and why they should only “touch” it occasionally. Vista might be a lot more beautiful as an OS but it will be a lot more difficult for users to “manage”. Nag screens will be all over the place. Passwords might be frequently asked to change something fundamental for the system.

Where does this lead ? Users will get more and more acquainted with the whole administrator’s rights idea and Linux will not look so much like an alien OS to them. The transition from Windows to Linux for users will get easier and easier as linux becomes (slowly and painfully) more good looking and windows becomes (slowly and painfully) more secure.

Every OS has a different beginning and a different approach on evolution, but they tend to meet at some place in the future. They have just taken different roads to reach their goal. Windows prefers user-friendliness over security and stability and linux prefers it the other way around.

Μπανανια.bn

Διαβάζοντας κάποιος το http://www.knowhow.gr/ecPage.asp?id=34859&nt=105 θα υποθέσει πως η Ελλάδα είναι από τις χώρες που προστατεύουν την ελεύθερη διακίνηση ιδεών στο Internet..

Σήμερα έχουμε όμως το εξής απίστευτο: To blogme.gr δέχθηκε μύνηση!!

Συνοπτικά:
Προσφάτως, δημόσιο πρόσωπο μήνυσε το Blogme.gr για δυσφήμιση και άσεμνο σατυρικό περιεχόμενο.
Το πρόσωπο αυτό σατιρίζονταν μέσα από τις σελίδες κάποιου άλλου blog, το οποίο ήταν καταχωρημένο στο directory του Blogme και στις υπηρεσίες ροής RSS. Ως αποτέλεσμα των παραπάνω, ακολούθησαν: διαδικασία του αυτοφώρου, κατάσχεση του σκληρού δίσκου, παραμονή στο κρατητήριο και προσαγωγή στην εισαγγελία.

Περισσότερα στο http://e-roosters.blogspot.com/2006/10/blogme.html και στο http://www.blogme.gr/blog/post/index/21/BLOGME
Από ότι λέει ο κόσμος το δημόσιο αυτό πρόσωπο είναι ο κ. Λ…

Και θυμάμαι εγώ τώρα ότι η “Διάσκεψη Κορυφής για την Κοινωνία της Πληροφορίας” που έγινε πέρυσι, και στην οποία αποφασίστηκε ότι η Ελλάδα θα διοργανώσει το “1ο Παγκόσμιο Φόρουμ για τη Διακυβέρνηση του Διαδικτύου”, επιλέχτηκε να γίνει στην Τύνιδα επειδή εκεί υπήρχαν προβλήματα λογοκρισίας…ώστε να ενισχυθούν οι ελεύθερες φωνές/γνώμες. Και πάμε εμείς τώρα που κάνουμε μυνήσεις σε άσχετο κόσμο να πούμε στον κόσμο για την διακυβέρνηση στο Internet. Μια από τα ίδια είμαστε και εμείς…τα ίδια και χειρότερα γιατί εμείς νομίζουμε κιόλας ότι όλα εδώ πάνε καλά…Αυτό είναι ακόμα πιο επικίνδυνο από το να ξέρεις ότι δεν πάνε καλά τα πράγματα…

edit: slashdotted!! http://yro.slashdot.org/yro/06/10/29/2040220.shtml
way to go!

Επίσης χθες ο τηλε-ευαγγελιστής Εισαγγελάτος στην εκπομπή του άρχισε να τρομοκρατεί τον κόσμο λέγοντας πώς μπορεί κάποιος να βάλει διάφορα στο κινητό του και να παρακολουθεί τον καθένα με την ελάχιστη δυνατή προσπάθεια. Ας σπείρουμε τον φόβο στον κόσμο λέγοντάς του μισές αλήθειες…εύγε… περισσότερα και πιο αναλυτικά στο http://www.myphone.gr/forum/showthread.php?t=154376

Και για να επιστρέψω στο πρώτο θέμα…μήπως θα ήταν καλή ιδέα να μαζευτούν οι bloggers στο Φόρουμ αυτό που ξεκινάει στις 30/10 και να πουν τι έγινε προχθές μπροστά στον υπόλοιπο κόσμο που θα παρακολουθεί ?

Προτείνω επίσης να ζητήσουμε από το Brunei το TLD του…το .bn και να τους δώσουμε το δικό μας..το .gr

Μπανανία.bn … μας πάει καλύτερα…

Google to offer e-mail hosting services ?

Well it looks like google is going to offer massive storage for e-mail accounts on any domain… just check this page: https://www.google.com/hosted/Home

Very interesting, and simple…you probably just need to change the MX record of your domain to a server IP that they will send you.

If only the interface was a bit better…if it had encryption support…if … if…if they could be trusted not to make your e-mails searchable in public one day in the future…