| Thursday, 28 March 2002, 2:00 pm Tags: |
One of the keys to computer security is monitoring key system files to see if they’ve been secretly modified. (See this CERT note for more information.) To that end I run a nifty little utility from Brian Hill called Checkmate on my Macs. Last night Checkmate found traces of an intruder on my iBook.
Three files had recently been changed: sshd, slogin, and du. The first two are for secure login to my system, the last is a unix tool called disk usage, used to check how full the drives are. An innocuous (and little used) system file like du is a good place for a hacker to store a trojan horse program. Modifying sshd and slogin is a well-known way to capture the root password (see Mike Chandler’s post on the message boards). I hadn’t changed either program recently, nor had any system updates. The modified files were clear evidence of an intrusion on my system.
There was no evidence of tampering in the system logs (no surprise there – any hacker worth his salt would have fixed that), but I quickly changed all my passwords, replaced the effected system files, and checked all my security settings.
What surprises me is that I have always considered this system to be basically secure. I run the built-in FreeBSD firewall, ipfw, on it all the time. I used Brian Hill’s Brickhouse to configure it and I’m pretty sure I tightened everything down. At home it’s sitting behind two NAT servers, my Linksys router and an Airport which should make the system hard to see on the net. At work it’s on the firewall protected corporate net (no idea how secure THAT is however – I know of at least one successful hack on it – but I have to think it’s at least as secure as my own system). My iBook passes the ShieldsUp test with flying colors (all green). nmap shows all ports closed.
The weak link is the Airport wireless network. I can only think that someone got in through the wireless LAN either at home or, more likely, at the studio. 802.11b security is notoriously weak. But I use Airport everywhere and I’m just not willing to stop. (OK I’m a wireless LAN addict – I admit it.)
I probably should reformat the hard drive and reinstall everything from scratch, but it’s just too much work. There’s nothing on here that’s particularly private, and the firewall prevents the system from being used in a DDOS attack. So I’m just going to continue as before, making regular backups of my data, and keeping an eye out for other suspicious activity.
I guess the moral of all this is that, even with reasonable precautions, any system is hackable. I don’t think the average user can be expected to do more than run a firewall and cross his fingers. And that means that hackers will continue to have free run of the net. We’ll just have to learn to live with them. Like cockroaches. But it’s good to remember that they’re out there, and that there are some things we all need to do to keep them at least a little in check.
| Tuesday, 26 March 2002, 7:21 pm Tags: Leoville |
So many people complained about the prices of the items in the store (and I agree they are high) I’ve decided to cut them to $2 over the Cafe Press wholesale price. In other words, there’s $2 profit per item.
For those of you who (over)paid for items, send me a note and I’ll gladly refund the difference. My apologies for the inconvenience.
I do appreciate the response to the Leoville store. It’s not going to be a great money maker (I’ve earned about $60 so far) but it does help pay for the expenses of running the web site. And I think it’s nice to be able to offer the items for the folks who want ‘em.
| Saturday, 23 March 2002, 9:52 pm Tags: Leoville |
I’ve decided to try setting up a little Leoville store with a few items people have asked me for. I’ve got an autographed mug in there, boxer shorts, sweatshirts, and so on. I can’t put copyrighted TechTV images on it, so there’s no Screen Savers mug – even though that would be a bestseller – but there’s some other fun stuff.
The store is powered by Café Press. They do all the printing and fulfillment, for which they take the lion’s share of the money, but I’ll make a few bucks per item.
Let me know how you like the quality of the items, and if there’s any other Leoville merchandise you’d like to see in there.
| Friday, 8 March 2002, 8:55 pm Tags: Blogging |
The sweetest words in the English language are “catchers and pitchers report.”
Even sweeter, I’m on my way to Scottsdale with my seven year-old son for Spring Training. OK it’s not really for Spring Training, but I am doing a talk and book signing at the Scottsdale Arts Festival on Sunday, so I decided to go down a day early to watch a Giants game (I hope I can get tickets – they’re sold out!).
I used to work at the Giants flagship radio station, KNBR in San Francisco. In fact, I was the president of the station’s Giants fan club when the Giants won the pennant in the earthquake year, 1989. The station did shows from Scottsdale’s Pink Pony restaurant every Spring, but I was always stuck at home. In fact, I’ve never been to Spring Training. I can’t wait!
Henry’s pretty darn excited, too. He’s looking forward to the game, but he’s more interested in whether the hotel has a pool and video games in the room. His idea of a perfect vacation is room service and Super Mario Brothers.
He is more interested in baseball these days since we discovered he can really wallop the ball. I’ve been pitching tennis balls to him to prep for his coach pitch league which starts next month and the kid is a natural. Figures. I guess athletic ability skips generations. My dad was a pretty fair ball-player in college, and I have no skills at all. But I do love the game and can’t wait to share a warm spring day in Arizona with my boy.
| Saturday, 2 March 2002, 4:49 pm Tags: Blogging |
Our new lambs are arriving today. I’ll put up the Lamb Cam so you can see them. (Please keep your eyes peeled for predators, too. They’re very small and we’re worried about dogs and coyotes going after them.) The lambs are still on the bottle. They’re bummers – lambs that were rejected by their mothers. These are Suffolks and are quite cute I’m told.
After a brief hiatus, it’s back on the road for me. Next week I’m going to Arizona for the Scottsdale Arts Festival. I’ll be talking and signing books (if they can get any – they’re in short supply) on Sunday.
I’m returning to Scottsdale on April 29 to give the keynote at the ITactics 2002 conference. If you’re a computer training or help desk professional I hope you’ll attend.
And Patrick and I have scheduled a personal appearance in St. Louis on May 18. We’ll probably be at the same CompUSA we went to last year. That was the best attended event we’ve ever done, with nearly 2000 fans, so I look forward to some fun this time. And Steak ‘n’ Shake, too.
Swag
