Cool Tools: Rescue CD 3.11

Thanks to F-Secure for putting out this cool tool;

Now it is time to release the new Rescue CD for which we put out the beta some time ago. We decided to update the version number to 3.11 since we added a couple of useful utilities to the CD image. Otherwise this is the same version as is available on our Internet Security 2010 installation CD.

Take a look a the release announcement and download here.

Possible SSH 0-day vulnerability? And a couple of semi-helpful iptables tips.

Update 07/08/2009: This is starting to sound less and less like a 0-day and more like a single administrative error or lapse. Either way it's a warning; don't be lax with your SSH access. SSH is for the most part secure, but there's always the chance that it can be exploited.

Update 07/07/2009: SANS is also as vexed with the lack of info on this issue as everyone else I've contacted.  They're a great place to watch for more data as it becomes available.  If anything new happens I'll also update here, but I'll probably get it from SANS myself.



I'm sorta loathe to report this, since I don't have anything to substantiate it other than rumors flying on web hosting bulliten boards and Twitter, but there is word of a 0-day SSH vulnerability floating around.

Translated Rumor

Translated Rumor Source

I have no more information on this than that, other than hearing that several hosts are locking down SSH also.

So I've been running around tonight locking down my visible servers.

This is actually good practice for the most part.  SSH is a powerful service, so any vulnerability to it tends to get magnified in importance very quickly, and also as information on the vulnerability spreads attacks multiply quickly.

The fix is simple; block SSH access to untrusted IPs.  At this juncture even if it upsets your clients, you might want to until more information trickles out about the status of this vulnerability.

If you want an easy way to create and test some new iptables rules, you can do what I do (no warranties, etc).

1. do an 'iptables-save > ~root/tmp_iptables'


2. edit ~root/tmp_iptables and add the following lines before the line that says COMMIT.  Substituting the IPs and hostnames I have added for your own of course.
   -A INPUT -s 10.0.0.1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s my.devlab.ca -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j DROP



3. do a 'cat ~root/tmp_iptables | iptables-restore' and cross your fingers

If things have gone horribly wrong, and I have led you down a terrible path, cutting off your SSH access, you can either console in and re-do that same process, but taking out the SSH rules, or you can have your service provider console in, or reboot the box.   The nifty thing about this method is that it's not a permanent change to your server.  It will only last until your next reboot, unless you have some process that automatically saves any iptables rules you put into place.

Recompress gzipped files as bzip2

Just a quickie. No warranties of course ;)

Recompress gzipped items as bzip2

Handy if you need to conserve space in an archive.

for i in `ls *.gz`; do gunzip $i && bzip2 `echo $i | sed s/\.gz//` && echo "finished $i" ; done;

TweetDeck for Ubuntu Linux

[caption id="attachment_4243" align="alignleft" width="300" caption="TweetDeck for Ubuntu Linux Screenshot"][/caption]

TweetDeck is a pretty fancy (perhaps the most fancy!) Twitter client for your desktop that I have come across.  It has nearly all the features I'd want out of a Twitter client.  It also runs under Adobe Air, which means it is portable cross-platform (to a point, I guess).  I use it when I'm not on the iPod Touch on Mac OS X, and it's great.

Adobe Air is now available for Linux, and I have installed it on my Ubuntu Linux 8.04 workstation, and it works for the most part, although it seems to be a bit of a hog, and it seems to, um, "disappear".   The notifications show up at the upper right, so I can regrab the window from those when it does go missing.

[caption id="attachment_4242" align="alignright" width="150" caption="soooweeee!"][/caption]

Here's a thing; when I went to download TweetDeck the downloader told me I required Flash Player 10.0.15.3.  I don't know if I have that or not (don't really care to troubleshoot it under Linux at the moment) but I had a copy on my iMac.  I snagged that .air file and it managed to install via the Adobe AIR Application Installer in my Gnome dropdown menu.

• TweetDeck


• Adobe Air for Linux