OpenSource Project of the day

Over the last couple of weeks I have tried to regularly send a tweet with my choice of Open Source or Free Software security project of the day.

For those that missed some, here they are:

• FreeIPA http://www.freeipa.org/
  
• Lynis http://www.rootkit.nl/projects/lynis.html
  
• Kismet https://www.kismetwireless.net/
  
• MailWatch http://mailwatch.sourceforge.net
  
• SOMAP.org : http://www.somap.org/
  
• OpenSC http://www.opensc.org/
  
• SiLK http://tools.netsa.cert.org/silk/index.html
  
• Snare http://www.intersectalliance.com/
  
• Ettercap http://ettercap.sourceforge.net/
• RTIR http://www.bestpractical.com/rtir/
• IPCop http://www.ipcop.org/
• EJBCA http://ejbca.sourceforge.net/
• FreeRadius http://freeradius.org/
• ClamAV http://www.clamav.net/
• OpenVPN http://openvpn.net/
• Osiris http://osiris.shmoo.com/index.html
• NTOP http://www.ntop.org/
• Nikto http://www.cirt.net/nikto2
• OSVDB http://www.osvdb.org/
• p0f http://lcamtuf.coredump.cx/p0f.shtml
• Bastille-Unix http://www.bastille-unix.org/
• WireShark http://www.wireshark.org/
• OpenVAS http://www.openvas.org/
• Metasploit http://metasploit.com/
• OSSEC http://www.ossec.net/
• Snort http://www.snort.org
• OSSIM http://www.ossim.net/

Enjoy!

m0n0wall plugin for OSSIM

Just released a OSSIM plugin for m0n0wall. Just point your m0n0wall logging to an OSSIM sensor (via syslog) and have fun.

Find it here: m0n0wall plugin 

ipfw and OSSIM

Saw in the CVS update mailing list that my ipfw plugin for OSSIM is now generally available. 

OpenVAS released

I just read that OpenVAS (http://www.openvas.org), a well-organised fork of Nessus has been released to the world. What really warms my heart is that I see familiar names from the Kolab (http://www.kolab.org) are behind the fork.

This is combination with Alienvault's (http://www.alienvault.com) sponsored development of free (announcement) OpenVAS/Nessus plugins makes the whole arena quite exciting to watch again.

Is FOSS secure by default?

Unfortunately a lot of people equate a lack of software vulnerabilities with security. Here in South Africa we are trying to help institutions to make good choices around FOSS (Fee and Open Source Software) and security looking at policies, procedures, standards and guidelines and how they apply to FOSS.

If you think tha FOSS is secure by default please read the following article which highlights one reason why we cannot just trust without knowing and understanding:

Attacks on Package Managers

Mac OSX Hints double whammy

Good day for me today :-)
Mac OSX Hints have published two of my Mac hints! Quite pleased with that!

http://www.macosxhints.com/article.php?story=20080427091554310
and
http://www.macosxhints.com/article.php?story=20080427091327509

Getting Alex to read you to sleep (Make your own Audiobooks on a Mac)

I have recently undertaken some training in which I have to cover a massive amount of material. Being the natural procrastinator that I am I immediately went on the prowl for better books, better methods and all other sorts of periphery that doesn't actually count as studying.

One of these projects was to convert the text versions of my study guides to audio so that I could listen to the text in the car while I drive (an ideal time to study). The process was actually surprisingly simple.

Here is a procedure to convert PDFs to Audio books.

1) Open the document in Preview.

2) Command + A (Select All), Command + C (Copy).

3) Open a new document in TextEdit.

4) Paste the contents into the new document (Command + V)

5) Convert the document to Text (Format -> Make plain text)

6) Save the file to a .txt document. For this example we use rawfile.txt

At this stage you might want to do some cleanup. I use a little Perl Script listed below. You might want to do some Regular Expression hacking do clean up the document from things like Footers, Headers or Page Numbers.

convert.pl

#!/opt/local/bin/perl
while (<>) {
      s/^\d+\/.*$//;  #Remove page numbers
      s/^\d*.$//;   
      s/Chapter \d+: [\s\w]+//;
      #Remove image and figure references
    s/^Figure \d+.*/;
      #Remove - continuations from end on lines.
      if (s/-.$//) {
              chomp;
      }
      print;
}

7) Save convert.pl to the file system. And make it executable:

$chmod u+x convert.pl

8) Clean up the text document:

$cat rawfile.txt | ./convert.pl > cleanfile.txt

9) Open the file cleanfile.txt in TextEdit (you might have to choose the UTF-8 type)

10) Fire up Automator and create a Custom script with two actions.

• Text -> Get Contents of TextEdit Document


• Music -> Text to AudioFile

Select an appropriate target directory and filename. I highly recommend choosing the voice Alex

11) Make sure your cleanfile.txt document in TextEdit is selected.

12) Go back into Automator and hit Play.

13) Sit back and relax while Leopard converts your text to an Audio file.

From there you can import the audio file into iTunes, convert it to Mp3 if you want and sync it to your iPod to take the book on the road.

Guess I should start studying now...

I'll do some home work while I listen to my fresh Audiobook :-)

Suffering and kids dont mix.

So my four year old has pneumonia. I'm sitting here chilling with him in hospital while he watches DVDs. Luckily its not too serious - its more important that he just goes through the medication and rest.
The bad part is the kids crying next door. Couple of babies in here - it truly isn't fair that they have to suffer when they are too young to understand.

Twittered

For all my thousands (not!) of followers, I am also available on Twitter now. Just have a look at the side-pane for more information.