Archive for March, 2006

Selling out

March 29, 2006

A supposedly authentic Enigma is up for grabs on eBay. The current bid stands at $13.5k, which is strange ‘cos I thought something of this rarity would go for much much more. Millions even. Its the three rotor variety and ships all the way from Germany.

Gah, my day is ruined.

Update: … going twice … SOLD! to the creepy looking fed in the corner for $67,480.29.

Posted in Crypto | No Comments »
Tags:

Tuttle man Taylor

March 29, 2006

Prabath’s recent post on the now infamous City Manager of Tuttle (home of the 2003 Heisman Trophy winner) grappling with the concept of operating systems in a paranoid fit of cluelessness had me in stitches for the better half of the morning. Jerry Taylor, the Tuttle man in question, a self professed computer professional of twenty years, has demonstrated to very good effect how NOT to ask for help.

You gotta give it to Jerry, he’s a bold bold man. Not only did he threaten a leading developer of a well meaning distro, he’s also decided to take on The Register. It all amounts to some very entertaining reading.

A Tuttle - that’s what its called now, and they’ve been filling inboxes the world over for decades. Finally, a name for the beast.

Posted in General | No Comments »
Tags:

Since I found Serenity

March 26, 2006

Just finished watching Firefly, and I think its just an absolutely brilliant show. I love the ruggedness, the fusion of the past and the present and of course the cast. Its not your typical run-of-the-mill squeaky clean space opera. In one scene, Captan Mal Reynolds gets into a duel over Inara. A duel, people. With swords. The setting is year 2517. Don’t think I blame the good old Captain, Inara sure packs a whole lot of pretty in that tiny little frame. But I digress. I love the twists, and the plots are beautifully woven, characters are well thought out and developed - I just loved it. Its almost 3am and I feel a strong urge to start watching it again from the beginning. Its a damn shame the show was canceled. Bet the nice folks at Fox were smoking something particularly nasty that day.

Don’t forget to check out the FireflyWiki.

Posted in General | 5 Comments »
Tags: ,

Virtual Private Networking

March 20, 2006

I’m sure most of you would have had to mess around with VPNs at some point of your lives. Sometimes, VPNs can turn nasty and bind you to an OS that hinders your free spirit. But thanks to IPSec, that doesn’t always have to be the case. For instance, assuming your place of work has set up Cisco based VPN concentrators, connecting to it using Linux is quite simple with the help of vpnc. Cisco, being somewhat of an opensource friendly hardware manufacturer, has released their vpn client software for Linux as a free download so long as you use it with their products. vpnc on the other hand, is an opensource alternative, very easy to configure, and a delight to work with.

Once again, its just a matter of

apt-get install vpnc resolvconf

Then you need to add the following lines to /etc/vpn/vpnc.conf:

IPSec gateway XX.XX.XX.XX
IPSec ID MegaCorpNetwork
IPSec secret ThisIsAPlaintextPassword
Xauth username myuserid

The gateway is the IP Address of the VPN concentrator. If your trusty MIS department has already setup the Cisco VPN client on Windows (such as in a dual booting scenario in my case) you can extract this information from the profile file that gets created. It should reside somewhere in the neighbourhood of “Program Files”, under the Cisco VPN Client installation folder, and within the Profiles subdirectory. There’s one small caveat, the group password, that corresponds to the “IPSec secret” field in vpnc.conf, is usually “encrypted” on Windows. But have no fear, for it can be undone. This is a well known flaw, and the group password encryption is practically redundant. I recommend that you download the C program and run it locally instead of using the form on the web page to decrypt it.

Once you have the plaintext, plug it into your vpn.conf.

Also, vpnc requires TUN/TAP device driver support in the kernel, but the good news is that it comes standard with most distributions. At least the ones I’ve tried out so far. If not:

modprobe tun

Failing which, you’d need to do a bit o’ kernel compilin’.

That out of the way, you’ll also need resolvconf to setup your /etc/resolv.conf so that you’ll be able resolve hostnames properly on the various networks you’re connected to. Later on, if you find out that your hostnames aren’t resolving, /etc/resolvconf/interface-order is probably a good place to start troubleshooting.

Depending on the version of vpnc you’re are using, you can connect to the vpn by either using vpnc, or vpnc-connect. Although I noticed that the latter has been deprecated in most recent versions, but the following should work no matter which version you use:

vpnc /etc/vpnc/vpnc.conf

If you have a static xauth password (which btw, is a very very bad idea) you could either hardcode it in vpnc.conf (again, bad idea) or have it prompted by not specifying in the config file as shown in the sample above. For added security, xauth authentication shouldn’t be relied upon solely, and should be complemented with some form of two-factor authentication for maximum security.

If all goes according to plan, you’ll be prompted with a legal disclaimer from the network you’re connecting to and all the routes will be automatically set up.

To log off from the vpn, simply issue vpnc-disconnect, and you’ll be back to where you started from.

Posted in Crypto, Playing Around | No Comments »
Tags: , , , ,

Hut 8, Bletchley Park

March 18, 2006

Came across the M4 project a couple of days ago while doing some much needed digging. Its simply a distributed effort to crack 3 enigma messages encoded in (what is believed to be) “Shark”, the formidable naval cipher which uses four rotors as opposed to “Dolphin” that uses just three. You can find a good study of Enigma here, here and and a not so good one right here.

You can download a neat multiplatform client that utilizes your idle cycles to crack Shark. Very much in the spirit of seti@home, with the only difference being that this time around, the effort seems worthwhile. <smirk>

I was hooked on Enigma ever since I first read Singh’s Code Book. Then I just HAD to read Robert Harris’ thriller and of course, watch the movie that came out of it. Loved them all. I don’t know what it is about Enigma, whether its the stories surrounding it, the effort it took to crack it, the genius behind it, but I find it all extremely and excruciatingly fascinating.

Hey there Echelon. Readers, say Hi to Echelon.

Posted in Crypto | 2 Comments »
Tags: , , ,

The Onion Router

March 14, 2006

I recently tried out TOR for the first time as this has been something in my TODO list for a while. It was just a matter of

apt-get install tor privoxy

Adding the following line in /etc/privoxy/config

forward-socks4a / localhost:9050 .

And starting the tor and privoxy services. Next, setup your applications to use tor and privoxy to proxy your connections and route it through the tor networks, effectively hiding your trails and stripping HTTP header information that could be used to track you. The latter is handled by privoxy.

Tor provides a socks proxy that listens on port 9050 and privoxy is a filtering web proxy listening on port 8118 that can be used by your web browser. Privoxy routes the HTTP traffic through tor and handles DNS requests securely. Using plain old socks through tor for HTTP browsing is not very effective because DNS requests can leak, and blow your cover. Enter privoxy.

If you’re using lynx, you can configure it to use privoxy by setting the http_proxy environment variable to “http://localhost:8118″. Wget and curl can also be configured this way. If you’re not sure, set both http_proxy and HTTP_PROXY variables and your http client should hopefully use either.

On firefox, the proxy settings are availble in preferences, connection settings. Set all proxies to localhost on port 8118 and select SOCKS v4. There’s also a neat firefox plugin called SwitchProxy that can be used to easily torify your browsing experience.

Once you’re connected to tor networks, visit this link to verify whether you really ARE anonymous. It will recognize whether your traffic is coming from a recognized tor exit node.

The only gotcha at the moment is that only tools capable of using SOCKS and HTTP is capable of anonymizing your traffic through tor, the rest is routed normally through more insecure channels. This problem can be easily subverted using tools such as socat, which having discovered it recently, I think is a very powerful tool which can be used for a wide range of applications. Think netcat for sockets. More on that in a later rant.

Posted in Playing Around | 1 Comment »
Tags: ,

Square One

March 12, 2006

As some of you probably already know, I’m a drifter. Every now and then I like to start clean on a fresh slate and get rid of the old baggage. But this time, I’d like to try out something different to what I’m used to. I’m Anuradha Weeraman and this here is my blog.

Posted in General | No Comments »