News archive August 2011 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2011-08-30 (#) 8 years ago
Het valse beveiligingscertificaat voor *.google.com wat zeer waarschijnlijk gebruikt werd voor het afluisteren van gmail verkeer door de overheid in Iran is dus een Diginotar certificaat.

Berichtgeving via onder andere Iran kan Gmail aftappen door Nederlands certificaat - webwereld en Overheidsites gedupeerd na aftappen Gmail - nu.nl. Hoe een 'via inbraak in een computersysteem verkregen' certificaat eindigt in een server bij een ISP in Iran die alle verkeer daarlangs omleid is iets wat vast onder andere de AIVD zich afvraagt.

Een detail wat mij opvalt is dat het valse certificaat de X509v3 Subject Alternative Name verkeerd gebruikt:
            X509v3 Subject Alternative Name:
                email:admin@google.com
In het goede (.. hoop ik) certificaat is dat:
            X509v3 Subject Alternative Name: 
                DNS:*.google.com, DNS:google.com, DNS:*.atggl.com, DNS:*.youtube.com, DNS:youtube.com, DNS:*.ytimg.com, DNS:*.google.com.br, DNS:*.google.co.in, DNS:*.google.es, DNS:*.google.co.uk, DNS:*.google.ca, DNS:*.google.fr, DNS:*.google.pt, DNS:*.google.it, DNS:*.google.de, DNS:*.google.cl, DNS:*.google.pl, DNS:*.google.nl, DNS:*.google.com.au, DNS:*.google.co.jp, DNS:*.google.hu, DNS:*.google.com.mx, DNS:*.google.com.ar, DNS:*.google.com.co, DNS:*.google.com.vn, DNS:*.google.com.tr, DNS:*.android.com, DNS:*.googlecommerce.com
Maar wat natuurlijk verifieerbaar moet zijn, de key identifier. Van het foute certificaat:
            X509v3 Subject Key Identifier:
                07:4A:7D:16:27:32:28:D1:E3:01:31:05:0D:B0:CA:8D:E9:E1:7F:ED
En het goede certificaat:
            X509v3 Subject Key Identifier: 
                72:1F:13:DF:BF:E2:E7:9B:62:A0:89:DE:F6:8D:AD:E9:3A:CC:CC:B2
vanaf meerdere plekken krijg ik dezelfde fingerprint.

Nu nog het duidelijk publiceren van deze fingerprints, ook van bijvoorbeeld mijn.ing.nl:
            X509v3 Subject Key Identifier: 
                CC:14:12:CD:FA:A1:54:57:75:AA:69:8E:03:11:57:95:DF:0D:86:A6
Het is eigenlijk best eng dat een google search op deze string maar 2 hits geeft. Waarom staat deze informatie niet onder elk bankafschrift van de ING?

Update: Nu vermakelijk: de Koninklijke Notariële Broederschap was blijkbaar niet blij met de uitleg over een "Notary" bij de uitleg van Jacco de Leeuw over certificaten en wenste een disclaimer. Omhoog scrollen voor een goede uitleg over certificaten.

Tags: ,
2011-08-29 (#) 8 years ago
Vandaag e-mail van de Gall & Gall: blijkbaar heeft iemand in de winkel bij het kopen van een Gall & Gall kaart een e-mail adres van mij opgegeven en krijg ik nu de bijbehorende "informatie". In de welkomst e-mail staat ook het kaartnummer, wat tezamen met het e-mail adres voldoende is om op de Gall & Gall kaart gegevens site in te loggen, waar ik kan zien wat de verdere gegevens zijn die degene die de kaart heeft aangevraagd heeft ingevoerd. Leuke gegevens voor wat social engineering ... ("Ik bel namens Gall & Gall met een enquete.."). Spammen en slecht omgaan met persoonsgegevens passen wel bij elkaar.

Ik heb maar even het e-mail adres aangepast naar een abuse-adres passend bij de hosting van gall.nl.

Tags: , ,
2011-08-29 (#) 8 years ago
Lots more interesting stuff on the F-secure weblog, such as Analysis of MBR File System Infector - F-secure weblog. This article has helped me understand the whole deal about the Torpig/Mebroot infection which I hear about at work.

Tags: , ,
2011-08-29 (#) 8 years ago
A real Internet worm attack active again, giving me lots of tcp/3389 attempts in the firewall logs.
Aug 28 10:49:54 greenblatt kernel: [2779836.731355] FW reject: IN=ppp0 OUT= MAC= SRC=87.126.80.33 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=18577 DF PROTO=TCP SPT=2150 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Aug 28 10:49:54 greenblatt kernel: [2779836.932856] FW reject: IN=ppp0 OUT= MAC= SRC=87.126.80.33 DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=18701 DF PROTO=TCP SPT=2150 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Aug 28 11:11:33 greenblatt kernel: [2780369.772706] FW reject: IN=ppp0 OUT= MAC= SRC=184.22.73.103 DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 
Aug 28 15:37:32 greenblatt kernel: [2786904.189671] FW reject: IN=ppp0 OUT= MAC= SRC=60.190.1.15 DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=256 PROTO=TCP SPT=6587 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 
Described in detail at Windows Remote Desktop worm "Morto" spreading - F-secure weblog.

Found via Worm spreading via RDP - The Register.

Tags: , ,
2011-08-28 (#) 8 years ago
This evening I hooked up the radio scanner to the UHF TV antenna to see if using that might get me one of those '35 cm pirates' which should be active in the 856 - 862 MHz and 865 - 868 MHz ranges which is UHF TV channel 69/70. So the preamp should work.
IEC 169 connector or Belling-Lee connector
IEC-169-2 connector, picture by Colin from Wikimedia commons (CC-BY-SA license)

It took a bit of searching through the junkbox to find parts for a cable to get from the output of the UHF TV antenna (through the power inserter) which is a Belling-Lee connector (as shown in the picture) to the input of the scanner which is a BNC connector.

My guess is these transmitters would be active on a Sunday evening. But, the only thing I heard in wide FM mode was a wireless headset.

Tags: , , ,
2011-08-28 (#) 8 years ago
Wardriving results 6 May - 19 August 2011: 5820 new networks with GPS locations according to WiGLE.

Tags: ,
2011-08-27 (#) 8 years ago
I like having a look at The Onion and the last few days I keep running into their 'experimental' paywall. According to statements by Michael Greer, the Onion’s chief technology officer at The Onion's CTO: Our paywall experiment is just that - Nieman Journalism Lab most visitors should never notice it:
the vast majority of Onion’s readers — the thousands of people who share funny headlines with their friends — “will never even notice,”
I guess I read 'too much' The Onion because I noticed. Oh well, too bad, The Onion is funny, but not $29.95/year funny.

Tags: , ,
2011-08-23 (#) 8 years ago
It's too tempting not to try it when William Hepburn's Worldwide Tropospheric Ducting Forecasts for Northwest Europe show interesting conditions: going to the top floor of the house and doing a DVB-T service scan. But no real 'DX' reception. At the same time I let the DAB+ receiver do a service scan and it found the T-DMB / DAB service on 216.93 MHz (VHF broadcast 11A) from Hilversum. The only working service (for me) is the 3FM radio station: The pure one mini receiver has no DMB support at the moment and points me at www.pure.com/upgrade. Where I don't see the option to buy the DMB license code.

Tags: , , ,
2011-08-22 (#) 8 years ago
Commentaar achtergelaten voor stichting DigiRadio:
Ik heb recent zelf gewinkeld voor een DAB/DAB+ ontvanger. Eigenlijk wilde ik er ook een met L-band support om echt 'toekomstvast' te zijn maar toch kwam ik uiteindelijk terecht bij een pure one mini die dat niet ondersteund. Bij contact met pure hierover (of ze in ieder geval hun informatie zouden willen verbeteren) kreeg ik (ook) als antwoord dat L-band ondersteuning bij hun eigenlijk uitgefaseerd wordt. Andere aanbieders lijken ook weinig L-band ondersteuning te hebben als je als potentieel koper goed zoekt (bijvoorbeeld de Sagean radio's via Conrad.nl hebben ook allemaal geen L-band support).

Als de L-band de toekomstige plek is van lokale radio zal de slechte ondersteuning in ontvangers zorgen dat de overstap daarvoor nog problematischer is dan nu al optreed met de aankomende overstap van de commerciële radio zenders.
Rondbladeren in het aanbod op sites waar het gegeven of L-band ondersteuning aanwezig is wel te vinden is zoals digicomparison DAB+ and DMB Radio (DMB-A) Radios laat zien dat L-band ondersteuning vaker niet dan wel voorkomt in het huidige aanbod.

Update: De stichting DigiRadio is het met me eens, en de invoering van programma's in de L-band is vertraagd. Dus geen vraag naar L-band ontvangers want geen content.

Tags: , ,
2011-08-22 (#) 8 years ago
Vanmorgen deed het ineens 'klik' en toen zaten we in een verdachte stilte op het werk, zonder computers en kamerverlichting. Grote stroomstoring. Dan is er weinig over om te doen behalve eens rustig buiten gaan staan kijken of iemand weet wat er aan de hand is en of het nog lang gaat duren. Uiteindelijk was de storing van 10:15 tot 13:26 volgens Stedin op twitter. Opvallend is dat die twitter feed informatiever is dan de officiele storingen pagina van stedin waar je ook nog eens niet kan deeplinken naar de versie voor Utrecht.

Een ontruiming was bij ons niet nodig omdat we in een gebouw zitten zonder enge dingen zoals zuurkasten die zonder ventilatie een gevaar voor de omgeving gaan vormen.

Berichtgeving:

Tags: ,
2011-08-22 (My cow-orkers think one week of microsoft server 2008r2 training will make me want to become a microsoft...) 8 years ago
Google+Koos van den Hout : My cow-orkers think one week of microsoft server 2008r2 training will make me want to become a microsoft certified professional. Nah...
2011-08-20 (#) 8 years ago
The printer at home is multifunctional: it can have duplexer jams, manual feed jams and general paper jams. Maybe I should create an alias aperjam for the printqueue so I can enter:
$ lpr -Paperjam
and have the right expectations.

Tags: ,
2011-08-17 (#) 8 years ago
In een interresante combinatie van spooknota en IPv6: Spooknota’s voor IPV6Register. Het lijkt er op dat je uiteindelijk betaalt om een informatiesite over IPv6 te mogen bezoeken.

Tags: , ,
2011-08-14 (#) 8 years ago
Bij het testen van de nieuwe wardrivebox kom ik onderstaande netwerk tegen. Dit toont gelijk aan waarom een 'hidden SSID' niet werkt, binnen 10 seconden is de link tussen probe en hidden ssid gemaakt.
Sun Aug 14 18:23:22 2011 Found new probed network "Ga_zelf_internet_halen" bssid 00:22:69:xx:xx:xx
Sun Aug 14 18:23:32 2011 Found new network "<no ssid>" bssid 00:0C:F6:xx:xx:xx Crypt Y Ch 0 @ 0.00 mbit
Sun Aug 14 18:23:32 2011 Associated probe network "00:22:69:xx:xx:xx" with "00:0C:F6:xx:xx:xx" via data.
Maar naast deze omschrijving is de security ook WPA2, dus je kunt het niet zomaar misbruiken.

Tags: , ,
2011-08-14 A second wardrivebox build 8 years ago
A friend asked me to help him get his own wardrivingbox going. I had a harder time doing this than expected, so I decided to retrace the steps.

He had installed ubuntu 11.04 on it from usb stick. This wouldn't boot, the grub setup was al wrong. Fixing the grub setup still left it non-booting.

This time I had the Heavy Duty Boot Environment available to help me, since the alix.1c / alix.1d boards are quite capable of PXE booting. This didn't turn everything into a simple install-party as the via_rhine drivers in anything but the most recent linux distro give issues. So the complete pxe load via network works fine but after that the network drivers don't work, making it impossible to do an OS installation which I can reproduce.
Read the rest of A second wardrivebox build

Tags: , , ,
2011-08-14 (#) 8 years ago
A very weird keyboard in my Xorg startup log:
(II) config/udev: Adding input device Burr-Brown from TI               USB Audio CODEC  (/dev/input/event4)
(**) Burr-Brown from TI               USB Audio CODEC : Applying InputClass "evdev keyboard catchall"
(**) Burr-Brown from TI               USB Audio CODEC : always reports core events
(**) Burr-Brown from TI               USB Audio CODEC : Device: "/dev/input/event4"
(II) Burr-Brown from TI               USB Audio CODEC : Found keys
(II) Burr-Brown from TI               USB Audio CODEC : Configuring as keyboard
(II) XINPUT: Adding extended input device "Burr-Brown from TI               USB Audio CODEC " (type: KEYBOARD)
It is an input device (of the audio kind) but I wouldn't call it a keyboard in any shape or form.

Tags: ,
2011-08-12 (#) 8 years ago
Still going on a whole week after I first noticed the weird traffic:
[2230749.018713] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60425 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
[2230751.519582] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60425 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
[2230782.825706] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60430 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 
[2230795.672690] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60433 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
[2230796.876014] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60433 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
[2230800.794671] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:9062:b89e:e90e:5a07 DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=60433 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Still 6to4 behind the same IPv4 address 93.188.145.225 which is funny: according to whois it is a Wimax address range, which would usually mean somewhat dynamic addresses. The variation in IPv6 source address is due to the IPv6 privacy extensions in use.

Tags: ,
2011-08-12 (#) 8 years ago
Bijzondere ergernis met TNT post: we kregen vandaag een pakketje en we waren niet thuis. Kan gebeuren op zich. Omdat er getekend moet worden voor ontvangst is het ook niet bij de buren afgeleverd. Vervolgens staat er op het afhaalbericht dat het afgehaald moet worden op een 'afhaalpunt' niet al te dichtbij en dat op www.tntpostpakketservice.nl de openingstijden van het afhaalpunt te vinden zijn.

Helaas. Ik heb flink door de site gezocht maar nergens kan ik iets vinden over afhaalpunten en openingstijden ervan.

Gelukkig krijg ik als suggestie bij zoeken op de website al de optie 'Klacht' en bij Overige klachten PostNL is de website een van de voorkeuzes.

Tags: ,
2011-08-11 (#) 8 years ago
I'm browsing offerings of DAB radio tuners. Not because a lot of radio services are available already, but I am interested in transmission technology and somebody has to be the first.

Currently I should be able to receive the public radio stations and a thematic station (Radio Top 2000) according to T-DAB netwerk van de Publieke Omroep. Frequencies have been allocated for the commercial radio stations and they will use DAB+ according to T-DAB+ netwerk van de publiek regionale, de landelijke en niet-landelijke commerciele omroepen

There is not a lot on offer. Nothing in the physical shops I see, some offerings in webshops. But technical details are really sparse in the webshops. A simple detail like 'DAB+ support' which is needed to be a bit future-proof, or which frequencies can be received. Licenses have been given out in the Netherlands for Band III VHF (174-240 MHz) and L band (1452-1492 MHz). There is a frequency allocation for local radio stations in the L-band, but it will take years before anything happens there. If I invest any money in this experiment, I want it to be future-proof.

I looked at the following: Lots of information about DAB at Digital Audio Broadcasting - Wikipedia

Ideal would be to have an interface for my laptop to receive DAB/DAB+ metadata and audio so I can scan services even at other locations, but there is nothing available at the moment. It seems the hardware developed for DAB receiving and monitoring hardware with Linux support has been discontinued.

Maybe I need to get involved with Hx2 radio and work to add a DAB transmitter for the next hacker conference in the Netherlands on an 'event' and/or 'experimental' license. There is a complete toolchain for generating DAB/DAB+ radio streams using Linux at Open digital radio. Funny: transmitting DAB+ with Linux is easier than receiving it.

Update: Carefully browsing the manuals for all the products in the DAB-radio's category at conrad.nl shows me none of them supports L-band DAB. I predict L-band local radio (for which there is a frequency allotment, see L-band planning lokale omroep - radio-tv-nederland.nl) will have a very difficult start when most receivers can't receive them.

Update 2011-08-15: Browsing some on-line sellers found the answer for a simple DAB/DAB+ and Band III / L-Band capable DAB radio: The Pure One Mini. But in order to buy it with the right powerplug and the right firmware I had to shop via Germany. Simple solution ... Pure One Mini Tragbares Radio (DAB/DAB+/UKW-Tuner, 1,6 Watt RMS) schwarz - Amazon.de.

Update: And now I discover there is a Dutch webshop which offers DAB+ radio's, including Pure models. For the next person looking: De radiowinkel.

Update 2011-08-16: No the Pure One Mini is NOT L-band capable. I thought I checked thoroughly, but I guess I assumed something wrong.

Update 2011-08-18: I asked Pure technical support about making the listings clearer for L-band support. The answer is that L-band support is being phased out, but radios sold to countries where L-band is in use will support it. Too bad there is no Pure Netherlands website (yet).

Tags: , , , , ,
2011-08-10 (#) 8 years ago
Following the mp3 stream from Hx2 radio Hackerspaces signal from the Chaos communications congress and I suddenly notice something:
$ host broadcast.sonologic.net
broadcast.sonologic.net has address 82.94.245.7
broadcast.sonologic.net has IPv6 address 2001:888:2156::2:2:9
All available via IPv6.

Tags: , ,
2011-08-06 (#) 8 years ago
And again the English 'news' paper The Sun doesn't think facts should get in the way of a story: Internet is 20 years old today - thesun
TODAY is the 20th anniversary of the invention of the internet by British scientist Sir Tim Berners-Lee.

He came up with the idea in a research paper on March 13, 1989.

Sir Tim gave it to his boss at the CERN nuclear research centre, who called it "vague but exciting".

The first website was built at the lab in Switzerland and went online in 1991.
Even one of the comments beneath the story mentions the error.

Tags: ,
2011-08-05 (#) 8 years ago
Lots of weird firewall log entries the last hours:
Aug  5 20:14:29 greenblatt kernel: [1979778.811312] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:f018:413b:114c:558e DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=57475 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug  5 20:14:32 greenblatt kernel: [1979780.010928] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:f018:413b:114c:558e DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=57475 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug  5 20:14:38 greenblatt kernel: [1979782.469487] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:f018:413b:114c:558e DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=57475 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug  5 20:15:48 greenblatt kernel: [1979814.822653] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:f018:413b:114c:558e DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=57480 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug  5 20:15:51 greenblatt kernel: [1979816.011978] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:f018:413b:114c:558e DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=72 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=57480 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Aug  5 20:15:57 greenblatt kernel: [1979818.396778] FW reject: IN=ppp0 OUT= MAC= SRC=2002:5dbc:91e1:0009:f018:413b:114c:558e DST=2001:0980:14ca:0042:0000:0000:0000:0018 LEN=68 TC=0 HOPLIMIT=120 FLOWLBL=0 PROTO=TCP SPT=57480 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Those addresses are the 6to4 range with 93.188.145.225 as IPv4 source. But I can't find any mention of the IPv6 range or that IPv4 address in any logs. And I wouldn't know why some machine would try to access smb services on idefix.net from the outside.

Tags: ,
2011-08-05 (#) 8 years ago
I was digging in apache 2.2 to see if SSLRequireSSL would enable me to make sure locations within the webserver that require passwords would always use SSL without having to duplicate the entire vhost config. And I found a working setup which allows me to give those locations once. On the port 80 server is the specific config:
<VirtualHost *>
        ServerName octagone.idefix.net
        ErrorLog /home/httpd/octagone/logs/error_log
CustomLog /home/httpd/octagone/logs/access_log combined

        AddHandler cgi-script .cgi
        ErrorDocument 403 /youwanthttps.cgi

        Include special/octagone
</VirtualHost>
And on the port 443 server:
<VirtualHost *:443>
        ServerName octagone.idefix.net
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key
        ErrorLog /home/httpd/octagone/logs/ssl_error.log
        TransferLog /home/httpd/octagone/logs/ssl_access_log

        Include special/octagone
</VirtualHost>
The shared bit:
        DocumentRoot /home/httpd/octagone/html

        <Directory /home/httpd/octagone/html>
                Options Indexes ExecCGI
                AllowOverride None
                Order allow,deny
                allow from all
                IndexOptions FancyIndexing
        </Directory>

        <Location /test>
                AuthName "Koos z'n Doos beheer"
                AuthType basic
                AuthUserFile /home/httpd/data/sitemanagers
                AuthGroupFile /dev/null
                Require valid-user
                Satisfy All
                SSLRequireSSL
        </Location>
Now an access to http://octagone.idefix.net/test/ will throw a 403 error. I created a simple youwanthttps.cgi which changes this to a temporary redirect to the https equivalent:
#!/usr/bin/perl -wT

use strict;

use CGI qw/:standard/;

my $query = new CGI;

my $redir='https://octagone.idefix.net'.$ENV{"REQUEST_URI"};

print $query->header( -type => 'text/html', -status=> 302, charset=> 'UTF-8', -location=> $redir );

print <<EOF

Go <a href="$redir">here</a>.

EOF
;

The downsides are:
  • Other reasons for a 403 error will also see the redirect. But they will get the 'original' 403 error on the https side again.
  • This does not mix with Satisfy Any which you use for example because you want a restricted IP or a username/password because then SSL will just be one of the constraints to satisfy.
The other option is to change the 401 (authentication required) handler to do the redirect. I'm also testing that. That would combine better with the Satisfy Any directive which is used in some places in the webserver where I want to implement this.

Ok, this works too. One slight downside to this approach: when the client still has the username/password cached, it will present those and the server will never use its 401 handler. But those sessions will die out soon anyway.

In the end I configured the server with the '401 handler' trick. One upside: I did not need to sprinkle SSLRequireSSL statements, so even the restricted content with address check or username/password check continue to work.

Tags: , , ,
2011-08-05 (#) 8 years ago
From the latest blackhat conference: Flying Drone Can Crack Wi-Fi Networks, Snoop On Cell Phones - Andy Greenberg - The Firewall - Forbes magazine. A bit of a sensationalist article, but the flying platform makes a lot possible and the described attacks on wifi and GSM are not new.

DIY Spy Drone Sniffs Wi-Fi, Intercepts Phone Calls - Threat level - Wired is less sensationalist and a better description. And the latest is at the Rabbit-Hole - DIY UAVs for Cyber Warfare – Wireless Aerial Surveillance Platform where the makers of this plane tell about their progress.

I would not mind having a plane like this flying around with an airborne version of the wardriving box. More a 'warflying box'. There is some mention of running kismet on the W.A.S.P.

For as far as I can find 'serious' model plane flying in the Netherlands requires some training and having a view of the plane, which a drone like the one above doesn't have. If you ask model airplane clubs you have to be a member to be allowed to fly a model airplane at all, but opinions outside those clubs are that light planes are permitted (up to a certain height) with permission of the owner of the land where you take of and land.
Update 2011-08-06: An interesting related story: Murdoch accused of operating illegal US air force with
The Daily may be in breach of FAA regs regarding "operations of unmanned aircraft in the National Airspace System". As Forbes notes, the FAA requires wannabe drone pilots to have an airworthiness certificate for their "Unmanned Aircraft System" (UAS) and an "experimental certificate" which limits them to "research and development, marketing surveys, or crew training".
Reading the referenced article FAA Looks Into News Corp's Daily Drone, Raising Questions About Who Gets To Fly Drones in The U.S. notes the huge difference between hobby and commercial use:
Hobbyists are basically free to use drones as long as they keep them under 400 feet. At this point, civil and commercial use of drones is only allowed for research and development purposes. “Not for compensation or hire” says one FAA notice. To get government permission to use a drone (for non-hobby purposes), a private entity has to jump through hoops including getting an airworthiness certificate — meaning the thing is safe to fly — and an experimental certificate, approving the planned use of the unmanned system (uses are currently limited to research and development, marketing surveys, or crew training).
So Murdoch papers can have wet dreams about using something like the W.A.S.P. for news reporting but will find heavy resistance.

Tags: , , ,
2011-08-03 (#) 8 years ago
Sometimes just trying to post a simple comment on a website can lead to a programming project (just another one for the long long todo-list). I tried to post a comment on a blogspot.com blog and the option I wanted to use is OpenID for which I have set up phpMyID in the past. But this gave interesting errors from phpMyID:
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/koos/public_html/MyID/MyID.php on line 1145
With debugging on, it seems the openid_assoc_handle is used as a session identifier to remove, which is (to me) weird. As the phpMyID page says, development is stopped so this error will probably not be fixed. I may have triggered it by previewing my comment a number of times.

The next option was to respond 'with a google account' but that actually means 'with the google blogspot identity' which links for me to http://www.blogger.com/profile/13366290473700859526 which tells absolutely nothing since I don't use blogspot. I added a link to my homepage since that's where stuff really gathers.

In the long run, I'll have to run a better OpenID provider. No I am not going to use some on-line provider, I want the OpenID url to stay http://idefix.net/.

Tags: , ,
2011-08-02 (#) 8 years ago
De fraudeurs die nog 'money mules' zoeken om hun gestolen geld te verplaatsen weten niet helemaal zeker wat money mule werk nu precies oplevert:
0-2h@semblog.com      extra inkomen € 2924 per maand
0-carlm@accomline.com extra inkomen € 2.310 per maand
0-1939-4789choopan@cmg.co.th extra inkomen € 2943 per maand
0-s.mail@ftnet.dk     extra inkomen € 2929 per maand
0-ka@young-world.com  extra inkomen € 2.912 per maand
0-8-15.home@bbdo.at   extra inkomen € 2.635 per maand
Ik weet het wel: je mag alles terugbetalen en je hebt er heel veel last van als je daarna nog iets met een bank wil. Niet dat banken de meest klantgerichte instituten zijn, maar je hebt ze toch nodig in het dagelijks leven.

Tags: , ,
2011-08-02 (#) 8 years ago
Big surprise yesterday: UPS logistics is able to do a 'deliver to neighbour' on a residential address. Since we have nice neighbours in the street a package was delivered there and we found the note to pick it up. That is quite an improvement over having to go to some warehouse in a far away industrial area only reachable by car.

In the package: two Amazon Kindles. Yes, we're going e-book! The main reason is quite simple: on cycling holidays books are a serious part of the weight we drag along. Having the entire library as a lightweight (240 gram) e-reader is nicer.

One effect is that I think I want to add something with editions / versions of books to detail pages about books on virtualbookcase so it is visible when a book is available in a kindle version. This has already been on my mind for UK/US versions (which happened for books like Harry Potter and the Half-Blood Prince (UK version) / Harry Potter and the Half-Blood Prince (US version). Ideally, I'd like to link all versions of the same book so I can show all reviews together. And as an added bonus I could show availability of hardback / paperback / kindle versions at places like amazon. But that will take some serious programming time...

Tags: , , ,
2011-08-01 (#) 8 years ago
Another load of attempts to get e-mail accounts at work with a phishing scam. And while diagnosing headers to notify sites with accounts with stolen credentials I noticed a pattern I've seen before: authenticated smtp sessions from charter.com IPs.
from 24-183-196-50.dhcp.jcsn.tn.charter.com [24.183.196.50]
from 97-81-17-250.static.gwnt.ga.charter.com ([97.81.17.250])

Tags: , ,
2011-08-01 (#) 8 years ago
I haven't hacked a script to auto-copy to my homepage what I post to my gplus account, so this one by hand:

Signal of the end of an era (and confirming that the phishers keep up with our e-mail migration): the latest e-mail address phishing sites are an imitation of outlook web access. No more squirrelmail phishing...

Tags: , ,
2011-08-01 (Signal of the end of an era (and confirming that the phishers keep up with our e-mail migration): the...) 8 years ago
Google+Koos van den Hout : Signal of the end of an era (and confirming that the phishers keep up with our e-mail migration): the latest e-mail address phishing sites are an imitation of outlook web access. No more squirrelmail phishing...
2011-08-01 (#) 8 years ago
'High resolution' GIF images used to be one of the ways to advertise for BBSes. High resolution then meaning 640x480 pixels for 'high resolution scans' and 320x200 for 'video capture'. A set of those BBS ads is collected at BBS Ads by matbergman, showing what was interesting back then. Puppies, pirates, cars, raytracing, male models, kittens and naturally ladies in bikinis.

Tags: , ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.044724 seconds.