PortBunny 1.0 has been released; a tool I mentioned just a few days ago. I run Ubuntu 7.04 on my laptop and wanted to try PortBunny on it.

michael@orion:~/Desktop$ tar xfz PortBunny-1.0.tar.gz
michael@orion:~/Desktop$ cd PortBunny-1.0/
michael@orion:~/Desktop/PortBunny-1.0$ make
make -C /lib/modules/2.6.20-16-386/build M=/home/michael/Desktop/PortBunny-1.0 modules
make: *** /lib/modules/2.6.20-16-386/build: No such file or directory. Stop.
make: *** [all] Error 2

Dang, I thought I had the linux-kernel-headers installed. It is easy to check if the installation is complete by looking for the existence of /lib/modules/2.6.20-16-386/build. If it is not there, it needs to be properly installed. The command ‘uname -r’ will display the current kernel version. In the command below, those are accent marks (or ticks).

sudo apt-get install linux-headers-`uname -r`

After that, a “make” and a “make install” succeed and PortBunny happily port scans whatever I point it at. It had no problems scanning the few boxes on my network as long as I didn’t have any active firewalls running, i.e. a firewall that shuns me after a threshold of port connection attempts. Good stuff!

The Winter Scripting Games 2008 are right around the corner, starting February 15. Last year, these “games” gave me the kick in the pants to try out Microsoft’s PowerShell scripting, and I must say it might be one of the better skills I acquired through last year; something I could use both at home and at work.

I plan to participate again this year in the PowerShell division(s), but I see they are also including Perl in the games this year. I think I will try to put the most effort into the Perl section since I’m horribly rusty with it.

So check it out, give them a try, and pencil in those dates to save some evenings for devoting some time to the challenges.

There continue to be a good number of live cd distros available with a security slant. Here are some links, although some I’ve not even booted into yet to check out.

Russix is a wireless pen-testing live cd that appears to make the most common wireless penetration tasks surprisingly automated.

Hex 1.0.2 is a platform for network security monitoring.

Deft v3 is a self-explanatory live cd: Digital Evidence and Forensic Toolkit.

Honeywall 1.3 appears to be a data capture installer. This isn’t a live cd, but rather an installer that should be run on an empty or expendable hard disk.

Various other firewall installs are also available as usual. IPCop 1.4.18, pfSense 1.2 RC3, SmoothWall Express 3.0, m0n0wall 1.3b7, Untangle.

A lot of attention in the Linux world goes to accessing Windows partitions (NTFS) in Linux. From Hackosis, I’ve recently been pointed to Windows tools that can access Linux partitions. This can be useful if you dual boot and have multiple file systems on the same local disk (or if you mount another disk onto a system, although I’m not sure why anyone would want to mount a Linux disk on a Windows system… I guess backups and even Windows-only forensics tools might be some reasons).

Linux Reader allows read-only access to ext2 and ext3 from a Windows system. Ext2 Installable File System will allow read and write access to ext2 from a Windows system.

Videos from the 24th CCC have been posted. I highly recommend Toying with Barcodes by FX. It is nice to think about the various ways technology around us can be extremely vulnerable to tampering, and barcodes are ripe. I’m sure this is old news to many tinkerers (hackers), but FX does an excellent job highlighting many issues.

Black Hat USA 2007 videos are also up.

Tunak Tunak Tun is an infectious music video. Some of the dance moves occur in WoW.

I do read a few non-security blogs, and sometimes they offer sage advice. A post by Samuel from WakeUpLater.com (if you freelance/work-for-yourself you can wake up later) has a few excellent points (although I will argue his title doesn’t match the text).

The title of the post is Stop Reading Blogs: Go Create Something. I know from all of the blogs and sites I read regularly, I get such a huge influx of cool things and tools to use, that I end up trying out less than if I just had a shorter queue and more time to try them. My gmail box is overflowing with stuff to check out from the past year. Reading blogs is helpful, but I’m the last person to ever say I know Topic FGH just because I read about it online. I think I’ll make a point this year to start culling my list of useful blogs that I read, or at least organize them in a more tiered fashion from Must Read to Only If Bored.

The post also goes into writing, Stephen King, and reading. I really love this, and I do have a special place in my heart for reading and writing. Find a space that is yours and free of distractions. Get something done. Get started and the hard part is then behind you. Do it for yourself, not others. (If you do it well, the part about the others will find its own place.)

This past year has been the first time I’ve had an apartment to myself, and I’m now pursuing outfitting the second bedroom to be my little workspace conducive to all of my geeky endeavors.

Mike Rothman picked a theme. Even shrdlu picked a theme. Should I lay early claim to “Aenima” by Tool?
Some say the end is near.
Some say we’ll see armageddon soon.
I certainly hope we will.
I sure could use a vacation from this
Bullshit three ring circus sideshow of freaks.

No, I’m not quite that negative at the moment. Being at work and not having a legit means to browse my music collection, I’ll have to put this topic on hold and listen for a candidate song over the next few days or week…if I even do come up with something interesting.

I’m not big on generalizations, but let’s face it, they happen. I clicked through to a ComputerWorld article on how Generation Y are the biggest users of our libraries. Neat. This prompted the question: “What the hell is a Generation Y person?” I was born in ’77, so I’m on the nebulous border between designations, but from reading a rather interesting article on Wikipedia for Generation Y, I tend to fall more into Y due to my technological inclininations. Labels aside, it is at least interesting to see how the workplace culture is changing with a generation of young people, whom I still consider myself to be a member of.

I watched fabs’ presentation on Advanced Port Scanning at the 24c3 (that looks like a heckuva venue!), so thought I would poke around and see if Port Bunny had been released yet. Basically this should be a simple TCP port scanner that can scan faster than nmap; the presentation goes into the reasons why. It doesn’t look like the tool is out yet (and I’m patient so will wait for the official release in January), but I did find a post from FX on the Recurity Lablog about retrieving faxes off a spent thermo transfer ribbon from a fax machine. Information hides in interesting places!