System Overlord

A blog about security engineering, research, and general hacking.

AOL and KaZaA to blame for file sharing?

17 Aug 2007 in Misc (Reading time: 2 minute)

While I think that the RIAA lawsuits over filesharing are downright despicable, I also think that the Santangelo family really needs a reality check here.  According to this arstechnica article, they are alleging that the makers of KaZaA and AOL, their ISP at the time, are partly culpable for their file sharing.  They allege that Sharman Networks failed to warn them that using the application could allow them to violate the law and that AOL did not block the infringement.

Read More...

Pirated Software -- A problem for Free Software

16 Aug 2007 in Linux (Reading time: 1 minute)

According to ZD Net, Free Software (Linux et al.) may need to be worried about pirated copies of commercial software.  Apparently your average user would prefer to run an illegally obtained copy of a commercial application than run legitimately free software.  There's an interesting discussion on this here.  My thinking: it doesn't matter.  Linux isn't terribly concerned (yet) about home market share: the business place is where it really excels.  The lack of games and completely legal MP3/DVD/etc. implementations is a bigger hindrance to Linux at home than the availability of pirated copies of Windows.

Linux Forecast

16 Aug 2007 in Linux (Reading time: 1 minute)

The Linux Foundation has started publishing a Linux Weather Forecast -- a summary of ongoing development in the Linux community and predictions for forthcoming developments and technologies.  It's a very cool snapshot/summary of development, and it's presented in a very understandable manner.

Ubuntu Gutsy Gibbon Tribe 4

15 Aug 2007 in Linux (Reading time: 2 minute)

Ubuntu 7.10/Gutsy Gibbon is still Alpha Software.  That being said, I've been running it on my laptop and run into a few snags.

The first, and most annoying (partly because it's by design) is the removal of the orinoco_cs driver from the kernel package.  Apparently they thought everyone would move to hostap.  Apparently they didn't do their homework: Lucent Technologies Orinoco cards are NOT supported by ANY driver other than orinoco_cs.  That means my wireless card is effectively useless under the 2.6.22-ubuntu kernel series.

Why am I using a PCMCIA wireless card?  Well, I'd bet it has something to do with the bcm43xx driver continuing not to work properly.  No surprise there, however... the hardware is broadcom, so what can anyone do but hang their head in shame?

Yesterday I was updating Gutsy and a new ATI driver came down for xorg... so imagine my surprise when, today, I boot my system and get a full black screen.  Ooops, looks like the new ati driver is broken.  I'm about to go file a bug report on that.  Running on the so-slow vesa driver right now, but at least I could get back in.

At this point, I'm back to using a generic video driver and the Feisty Fawn kernel... hopefully there will be some pending updates to repair things.

Running as Root: It's really NOT Okay.

14 Aug 2007 in Linux (Reading time: 3 minutes)

LinuxBrainDump.org has an article on the 10 Linux Commandments.  The most controversial of these is "Thou shalt not log in as root".  I'd like to take a moment to point out some of the flaws in the belief that it's okay to run as root -- as well as some of the risks you face by running as root.

  1. Being compromised as a non-root user still leaves your data vulnerable.  This is completely TRUE.  Your data is vulnerable either way.  Your data is your most valuable asset: OSs can be reinstalled, data cannot.  This is why we have DVD+Rs, Backup Drives, etc.  Use them: they protect you against attackers, stolen computers, hard drive failures, and (done properly) fires, tornadoes, and floods.  Amazing technology.
  2. A user can still send spam mail and other annoyances.  This is true as well.  Unless you have a high security system where no users can have executables (i.e., a noexec /tmp and /home) any user can bring in an executable and run it.
  3. Most home computers are single user machines.  Probably not anymore.  I know my girlfriend has an account on my machines.  Other people I know have been granted guest accounts, and I've got multiple accounts for testing things.  Root would have access to all of this, a normal user only to their own account.
  4. It's no worse to be compromised as root than as a user.  Completely false.  An attacker with root can cover their tracks much better than a user.  A root attacker can create new accounts, modify system binaries, and otherwise damage much more of the system.  And, of course, they can do all of the above.  An attacker with root can also craft custom packets to exploit other systems on your LAN.  Also, a root attacker could run a packet sniffer on your network and read traffic.  A compromise is bad, root access is a nightmare.

Long story short: it still makes sense not to run as root.  Mac OS X, Linux, and Unix have always run this way.  Windows Vista has even moved away from users being given administrative privileges by default.  "Allow or deny?" was not added because it looks cool: running as a non-privileged user is REALLY better.  Don't be fooled into thinking it's okay because it's only a workstation: security is important everywhere, especially around your data.