OpenBSD and the FBI

Jordan Aberle jordan.aberle at gmail.com
Fri Dec 17 21:09:35 MST 2010 

First of all, I don't believe in bloated *nix installs, all my servers are
setup from the bare minimum, I install only packages that are needed for
that server's purpose.  I do agree, DNS is one of the weakest points when it
comes to security.  It also helps to run things on non standard ports.  If
someone does try an attack they will need to figure out what is running on
that port.  Disabling version replies is also very important.  It will be
tougher to run things like metasploit if you don't know the version of the
service running.  Packet filtering and IDS I take to heart. :)


On Fri, Dec 17, 2010 at 8:53 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:

>
>
> On Fri, Dec 17, 2010 at 8:26 PM, Jordan Aberle <jordan.aberle at gmail.com>wrote:
>
>> Passwords being the same? No, passwords being a word of some kind? No.
>>  All the passwords I use are a mix of upper / lower mixed letters, numbers
>> and special characters.  Brute forcing doesn't work worth a shit unless the
>> admin of the server is an idiot and doesn't enforce complicated passwords.
>>  Even WPA2 can be cracked with simple keys, some of the best rainbow tables
>> I have seen come from here: http://www.renderlab.net/projects/WPA-tables/
>>
>> <http://www.renderlab.net/projects/WPA-tables/>Also take a look at
>> Gr-Security.  I use hardened kernels, normal users can't  list /home or
>> directories like /etc, the root user can't modify log files without
>> recompiling the kernel and rebooting the server.
>> http://grsecurity.net/
>>
>
> Yes, I like that also, let's not check your squid version or other binary
> patch levels?  Did you all gcc or cc?  Do you install your distro (SLES?)
> with all the bells and whistles?
>
> Glad you are using good password management with truely random passwords.
>
> Is your DNS open?  It's completely pwnable.  Admit it; you are just another
> American caught in the NSA/DHS security matrix!
>
> And we are sure you aren't packet filtering BOTH directions?  <grin>
>
>
>> <http://grsecurity.net/>
>> On Fri, Dec 17, 2010 at 7:59 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>
>>> Oh, WAIT, let's be complete?
>>>
>>>
>>> http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
>>>
>>> and:
>>>
>>> If you are found accessing anything interesting (via various MAE-West,
>>> Cable Company, Telco TAPS) from your so-called secure Squid Proxy in Dallas,
>>> (or if your email origination address is tracked for anything related to
>>> security and privacy  [like this POST   :( ], the government can trivially
>>> gain access [I can, 2% if all security professionals in the field could
>>> also, so why would the NSA/DHS not also be able to?]:
>>>
>>>
>>> http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=Squid_vulnerabilities.html&fact_color=&tag=
>>>
>>> Of course you also have SSH on in Dallas (on a "secret" port, right?)
>>> http://www.madirish.net/?article=183
>>>
>>> And you ARE using a password you use on ALL the OTHER logins, right?  And
>>> it's a WORD right?
>>>
>>> And you did just open and read this email didn't you?
>>> http://unicode.org/reports/tr36/tr36-1.html
>>>
>>> [?]
>>>
>>>
>>>
>>> On Fri, Dec 17, 2010 at 7:35 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>
>>>> You obviously have port 80/443 open?
>>>> And probably 53?
>>>>
>>>> I didn't evaluate your email header for your source IP and nmap you but
>>>> you might want to look at this:
>>>>
>>>>
>>>> http://www.backtrack-linux.org/forums/backtrack-howtos/34939-my-metasploit-tutorial-thread-2.html
>>>>
>>>>
>>>>
>>>> On Fri, Dec 17, 2010 at 6:56 PM, Jordan Aberle <jordan.aberle at gmail.com
>>>> > wrote:
>>>>
>>>>> I prefer security at the router level, I drop packets from everywhere
>>>>> except for a specific whitelist I created, if I need to go somewhere
>>>>> (incoming/outgoing) I modify my protocol rules for specific addresses.  It
>>>>> is time consuming when you are starting from scratch but it's worth it in
>>>>> the wrong run.  I have windows boxes and linux boxes, my windows boxes have
>>>>> never been infected since naturally all ad generated sites are blocked at
>>>>> the router level.  If I do online banking etc, I go one step further by
>>>>> connecting through a secure squid proxy via a server I have setup at a
>>>>> datacenter in Dallas.  If the government ever wants to monitor me I'm sure
>>>>> they can figure out a way but it's going to be a pain in the ass for them to
>>>>> do so.  Truecrypt is a very nice thing to have as well, it doesn't do it's
>>>>> job if you don't have your system to be configured to lock after a certain
>>>>> amount of idle time though.  The point of truecrypt is to make a person
>>>>> reboot the machine, at that point they are pretty screwed unless they are
>>>>> very quick about freezing the ram to extract the keys.  Even then, it's
>>>>> unlikely to be successful.
>>>>>
>>>>> Jordan
>>>>>
>>>>>
>>>>> On Fri, Dec 17, 2010 at 6:07 PM, keith smith <klsmith2020 at yahoo.com>wrote:
>>>>>
>>>>>> I wonder where we would be today id someone had told our founding
>>>>>> fathers "get over it!" and they had said "Yeah your right." and had given
>>>>>> in. The government is here for us not the other way around.
>>>>>>
>>>>>>
>>>>>> ------------------------
>>>>>> Keith Smith
>>>>>>
>>>>>> --- On *Fri, 12/17/10, Lisa Kachold <lisakachold at obnosis.com>* wrote:
>>>>>>
>>>>>>
>>>>>> From: Lisa Kachold <lisakachold at obnosis.com>
>>>>>> Subject: Re: OpenBSD and the FBI
>>>>>>
>>>>>> To: "Main PLUG discussion list" <
>>>>>> plug-discuss at lists.plug.phoenix.az.us>
>>>>>> Date: Friday, December 17, 2010, 5:13 PM
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Dec 17, 2010 at 4:12 PM, keith smith <klsmith2020 at yahoo.com<http://mc/compose?to=klsmith2020@yahoo.com>
>>>>>> > wrote:
>>>>>>
>>>>>>
>>>>>> I would not doubt something like this could happen.  Our rights are
>>>>>> being eroded moment by moment.  If this were to happen, this would clearly
>>>>>> be a violation of our Fourth Amendment rights.
>>>>>>
>>>>>> I just read an article that for the first time since the government
>>>>>> has been wiretapping everyone's calls a judge said a warrant was required
>>>>>> for every wire tape.  3 judges prior sided with the government and rules no
>>>>>> warrant required for a wiretap.
>>>>>>
>>>>>> Now back to OpenBSD.  Why OpenBSD?  Why not Linux?  Or maybe Linux has
>>>>>> been compromised too?  At least there is the hope that some wiz kid will
>>>>>> determine if this is true.
>>>>>>
>>>>>> I know this list runs the gamut when it comes to political beliefs.
>>>>>> And I respect that.  I think one thing we can agree on is we need to be free
>>>>>> from unreasonable search and seizure.
>>>>>>
>>>>>>
>>>>>> ------------------------
>>>>>> Keith Smith
>>>>>>
>>>>>> --- On *Fri, 12/17/10, Jordan Aberle <jordan.aberle at gmail.com<http://mc/compose?to=jordan.aberle@gmail.com>
>>>>>> >* wrote:
>>>>>>
>>>>>>
>>>>>> From: Jordan Aberle <jordan.aberle at gmail.com<http://mc/compose?to=jordan.aberle@gmail.com>
>>>>>> >
>>>>>> Subject: OpenBSD and the FBI
>>>>>> To: "Main PLUG discussion list" <
>>>>>> plug-discuss at lists.plug.phoenix.az.us<http://mc/compose?to=plug-discuss@lists.plug.phoenix.az.us>
>>>>>> >
>>>>>> Date: Friday, December 17, 2010, 2:37 PM
>>>>>>
>>>>>>
>>>>>> Interesting information:
>>>>>>
>>>>>> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
>>>>>>
>>>>>>
>>>>>> Jordan
>>>>>>
>>>>>>
>>>>>> It's actually a great deal worse than you might think.  I am sorry I
>>>>>> am not at liberty to divulge the technical details but be advised that NSA
>>>>>> and DHS "backdoor" access is available from IPSEC, JAVA, Microsoft Explorer
>>>>>> and M$ Systems, and all of the various means for which a standard BACKTRACK
>>>>>> user could gain access [i.e. everything] without consequences.
>>>>>>
>>>>>> Be advised that EVERYTHING you type or do on your systems regardless
>>>>>> of your OS, when logged into ANY browser, is completely available to any
>>>>>> government staff.
>>>>>>
>>>>>> There is no privacy or security; get over it!
>>>>>> --
>>>>>>
>>>>>> (503) 754-4452
>>>>>> (623) 688-3392
>>>>>>
>>>>>>  http://www.obnosis.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -----Inline Attachment Follows-----
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us<http://mc/compose?to=PLUG-discuss@lists.plug.phoenix.az.us>
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> (503) 754-4452
>>>> (623) 688-3392
>>>>
>>>>  http://www.obnosis.com
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> (503) 754-4452
>>> (623) 688-3392
>>>
>>>  http://www.obnosis.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
>
> (503) 754-4452
> (623) 688-3392
>
>  http://www.obnosis.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20101217/0a893570/attachment.html>

More information about the PLUG-discuss mailing list