Tuesday, September 23, 2008

m0n0wall plugin for OSSIM

Just released a OSSIM plugin for m0n0wall. Just point your m0n0wall logging to an OSSIM sensor (via syslog) and have fun.
Find it here: m0n0wall plugin 

Tuesday, August 26, 2008

ipfw and OSSIM

Saw in the CVS update mailing list that my ipfw plugin for OSSIM is now generally available. 

Tuesday, August 19, 2008

OpenVAS released

I just read that OpenVAS (http://www.openvas.org), a well-organised fork of Nessus has been released to the world. What really warms my heart is that I see familiar names from the Kolab (http://www.kolab.org) are behind the fork.

This is combination with Alienvault's (http://www.alienvault.com) sponsored development of free (announcement) OpenVAS/Nessus plugins makes the whole arena quite exciting to watch again.

Friday, July 11, 2008

Is FOSS secure by default?

Unfortunately a lot of people equate a lack of software vulnerabilities with security. Here in South Africa we are trying to help institutions to make good choices around FOSS (Fee and Open Source Software) and security looking at policies, procedures, standards and guidelines and how they apply to FOSS.

If you think tha FOSS is secure by default please read the following article which highlights one reason why we cannot just trust without knowing and understanding:

Thursday, May 01, 2008

Wednesday, April 23, 2008

Getting Alex to read you to sleep (Make your own Audiobooks on a Mac)

I have recently undertaken some training in which I have to cover a massive amount of material. Being the natural procrastinator that I am I immediately went on the prowl for better books, better methods and all other sorts of periphery that doesn't actually count as studying.

One of these projects was to convert the text versions of my study guides to audio so that I could listen to the text in the car while I drive (an ideal time to study). The process was actually surprisingly simple.

Here is a procedure to convert PDFs to Audio books.

1) Open the document in Preview.

2) Command + A (Select All), Command + C (Copy).

3) Open a new document in TextEdit.

4) Paste the contents into the new document (Command + V)

5) Convert the document to Text (Format -> Make plain text)

6) Save the file to a .txt document. For this example we use rawfile.txt

At this stage you might want to do some cleanup. I use a little Perl Script listed below. You might want to do some Regular Expression hacking do clean up the document from things like Footers, Headers or Page Numbers.


while (<>) {
s/^\d+\/.*$//; #Remove page numbers
s/Chapter \d+: [\s\w]+//;
#Remove image and figure references
s/^Figure \d+.*/;
#Remove - continuations from end on lines.
if (s/-.$//) {

7) Save convert.pl to the file system. And make it executable:
$chmod u+x convert.pl

8) Clean up the text document:
$cat rawfile.txt | ./convert.pl > cleanfile.txt

9) Open the file cleanfile.txt in TextEdit (you might have to choose the UTF-8 type)

10) Fire up Automator and create a Custom script with two actions.
  • Text -> Get Contents of TextEdit Document

  • Music -> Text to AudioFile

Select an appropriate target directory and filename. I highly recommend choosing the voice Alex

11) Make sure your cleanfile.txt document in TextEdit is selected.

12) Go back into Automator and hit Play.

13) Sit back and relax while Leopard converts your text to an Audio file.

From there you can import the audio file into iTunes, convert it to Mp3 if you want and sync it to your iPod to take the book on the road.

Guess I should start studying now...

I'll do some home work while I listen to my fresh Audiobook :-)


For all my thousands (not!) of followers, I am also available on Twitter now. Just have a look at the side-pane for more information.

Wednesday, April 09, 2008

Getting Things Done with Leopard

Stumbled across this post about how to setup a GTD system with Applications that ship with Leopard. Go check it out: http://dennisbest.org/simple_leopard_gtd

I personally use OmniFocus and have found it to be a great productivity booster.

Time to test Firefox 3 on the Mac

If you have not yet grabbed Firefox 3 Beta 5 from Mozilla (http://www.mozilla.com/en-US/firefox/all-beta.html) you should try it now. Up until Beta 4 plug-ins were pretty broken. I am happy to see that my Nopassword, Del.ico.us, Passwordmaker and other plugins work properly now.

Wednesday, February 27, 2008

Protecting a Macbook (Pro) against harddrive encryption loophole

In the last couple of days a lot of attention has been given to the paper "Lest We Remember: Cold Boot Attacks on Encryption Keys". The attack outlines how laptop disk encryption is vulnerable due to the properties of RAM and its retention of the encryption keys. Its a pretty sophisticated attack and one can assume that the kind of subject that will perpetrate this attack is pretty serious about getting to your data. (Think organised crime or overzealous immigration police).

The consensus seems to be that the best way to defeat this attack would be to "hibernate" your machine or shut it down completely when travelling about. Macs unfortunately have this concept of "Safe Sleep". Through this default process a hibernation file gets created but the machine is put into low/power or "sleep" mode first (fully vulnerable to this attack).

All is not lost however - as shown in this blog post on Macworld you can set the mac to hibernate by default.
This is of course a bit of a pain and your Macbook will not resume normal operation as fast as normal.

I have set my Macbook Pro to only hibernate using the following command from a Terminal window:

$sudo pmset -a hibernatemode 5

Please note that this applies to my machine as I use the "Secure Virtual Memory" setting in the Security Preference pane. Other readers might need to use the value 1. Please refer to the blog posting mentioned a little earlier.

One other method would of course be to keep the status quo hibernation settings.
1) Safe Sleep your Macbook as normal.
2) Wait for the machine to indicate that it has successfully entered Safe Sleep (the little white light on the lid button will slowly pulsate on and off)
3) Then remove the battery.

By removing the battery you will kill the "sleep" mode and the Mac will resume from its hibernate file. That should get rid of any encryption keys in memory with the added advantage that while you are in a "safe area" or not travelling you have super fast resumes from sleep.

Thursday, February 14, 2008

FOSS and Security experience in South Africa? Who are you?

Dear Lazyweb,

The company that I work for, Exponant, is currently looking for skills in Information Security and FOSS (Free and Open Source Software).
If you are an experienced professional in the above areas I would love to hear from you.

On the security side we are looking for senior engineers and architects.
On the FOSS side we are looking for individuals with experience with FOSS in the enterprise.

We are based in Centurion, South Africa and most our demand is from clients in Pretoria.

Friday, February 01, 2008

Microsoft and Yahoo!

Wow! By far the biggest news of the year is that Microsoft has put in a bid to buy Yahoo!
Amazing news on so many levels, Yahoo! has been languishing for years and neither Microsoft or Yahoo! have been able to really respond to Google's dominance in the search market. This hot on the heals of Google's missed earnings...

Monday, January 28, 2008

Open Season for Open Source

Nokia has acquired Trolltech. This hot on the heals of Sun's acquisition of MySQL. It truly is an exciting time and really gratifying for those of us that have been saying for years that Open Source Software is viable and that it makes sense to businesses.

I've always had a soft spot for KDE and Trolltech and it really seems like a great opportunity for them to truly become serious players. Webkit has already demonstrated over and over that KDE is build on top of solid technology. An interesting intersection of KDE -> Trolltech -> Nokia and Apple...

Wednesday, January 16, 2008

Want to share your Wi-Fi like Bruce Scheier? Here's how (and no, its not by leaving it open).

I have been giving Bruce Schneier's article about leaving his wireless network open a lot of thought lately. Although I agree that its great to help out your neighbours there are just too many risks to leaving your Wi-Fi open. Paul from Pauldotcom raises very good points to which I wholeheartedly agree. Why risk leaving it open? It is analogous to leaving your sugar on the curb in-case a neighbour might run out. Obviously you could end up without any sugar at all and perhaps even in the worst case end up with something other than sugar in your food. The world can be a strange place.

In South Africa we routinely have people asking for help at our homes, they come in all shapes and sizes and I normally eyeball them and unless they really seem like bad apples I normally help out with a little food or money. I use my gut to judge the character of the individual.

Now, if I wanted to I could just always leave some money and food on the curb or in a publicly accessible place, but I'm afraid that that system might get very easily abused and leave the souls who really need my help with no help at all.

Ok, so what about Wi-Fi? I think that open wireless network are just silly, due to abuse, threat and possible liability. However, I do agree with Bruce that its nice and neighbourly to share. "Sharing is caring".

My proposal?

Set your SSID of your Wireless router to something that indicates your willingness to share, for example: "22 1st street for access" or "Text 5551000 for access" or even "Contact B. Schneier for access". Be creative as there is a limitation to how many characters your SSID can be.

In the case of a neighbourhood one can assume that your friends will be able to track you down and phone you for a password, you might prefer "authenticating" or making a "gut call" on all people you let in, but you can still broadcast your willingness to do so - while keeping your Wireless router encrypted with WPA encryption and a good password that you can change after a reasonable amount of time or when you feel that your goodwill is being abused.

This seems to me to be a "best of both worlds" solution. What do you think?

Friday, January 11, 2008

Steal This Wi-Fi

A very interesting, thought provoking, article by Bruce Schneier.

Security is all about tradeoffs, you can choose never to participate in dangerous activities like flying or driving a motorcar but most of us choose to assume the risk.

Thursday, January 10, 2008

Mac OSS roundup

Thanks for KMF for some of these.

Looking for OSS software for Mac OS X?

Here is a list of very useful Open Source Software/Free Software directories for the Mac. I have used a couple of these with great success. There inevitably is some duplication, so be warned.
Here they are:

The if you are looking for non-mac-specific OSS that will run on OS X there is:
Expect to need some Unix and X11 know-how to use the software provided through the last three links.

Apple Address Book and Microsoft Exchange (LDAP)

I had a short discussion this afternoon with a fellow Mac fanatic (KMF) discussing the problem we both share and that is: Accessing Microsoft Exchange from Mac OS X.

There are three elements that you would mostly be interested in: email, calendar and contacts. This quick howto deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).

Step 1: Determine the default naming context (base dn) for the search

- Fire up Terminal and issue an ldapsearch to determine the default naming context:

$ldapsearch -h your.exchange.server -x -b '' -s base '(objectclass=*)' 'namingContexts'

- Search for the lines beginning with "namingContexts":

namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com

namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com

The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (btw - this will work on other LDAP servers too), ie. DC=mycompany,DC=com.

Step 2: Configure Address Book to query the server

- Fire up Address Book and go to the Preferences (Command + ,). Select the LDAP tab.

- Hit the "+" to add a new server.

- In the "Server" field complete the hostname of your Exchange server or Active Directory domain controller in the case of larger companies.
- In the "Search Base" use the information that you retrieved from "ldapsearch" earlier. It will be in the format DC=company,DC=com.
- Choose "Simple" authentication.
- "User Name" should be your normal Windows logon.
- "Password" again, your Windows password.

Step 3: Searching your Global Address list.

- Address Book will automatically query the server whenever you search for a name.

This will also happen whenever you type new addresses into Mail.app when composing emails.

Hope this helps!

Thursday, January 03, 2008


I am very pleased to report that some feedback I sent was featured on the Security Now! podcast.
There are some podcasts that I make a genuine effort to keep up with and a lot of those come from Leo Laporte's brilliant TWiT network.

Just search the shownotes of show 124 for "Stephan Buys" to read my suggestion regarding private browsing by manually managing cookies in Firefox, alternatively listen to the audio also provided through the link or subscribe to the show using iTunes.