On Hacking: Larsson’s Folly

Posted on December 7, 2011 by bryon

This post is a brain tangent that fired off this past week when I was listening to NPR’s On The Media. The specific segment, The Chiquita Phone Hacking Scandal, examines the current News of the World phone ‘hacking’ case and illegal and unethical journalistic practices in the light of the historic “Chiquita Phone Hacking Scandal”. The segment is worth while and I highly recommend listening to it if you have a few minutes (or you can read the transcript here).

At any rate here is a nice little synopses: Chiquita was doing bad things and the Enquirer published the findings of reporter Mike Gallagher. Unbeknownst to the Enquirer, Gallagher had ‘hacked’ Chiquita’s phone systems and this fact was revealed after the publication. The result, “The Enquirer fired Gallagher, relocated its editor, agreed to pay Chiquita millions of dollars, apologized repeatedly and recanted the stories.”

The take away nugget is this, summarized by Kelly McBride of The Poynter Institute:

The lesson is when your methods for gathering information are dishonest, the information you gather is suspect. And that case is the perfect lesson in that. No one has challenged the findings of the newspaper. Yet, nobody talks about that as a great investigative piece. They talk about it as an ethical scandal.

Okay, so that all makes sense. But then I had a secondary thought and which gave me flashbacks to Steig Larssons Milenium Trilogy (The Girl With the Dragon Tattoo, The Girl Who Played With Fire and The Girl Who Kicked the Hornets’ Nest): In each book, the main character hacks into the antagonists machines and the information she gathers almost becomes a deus ex machina saving her and the rest of the journalist protagonists. This is great for a fictional story and it draws attention to the ease and power of information gathering. However, I do not think Mr. Larsson addressed the seriousness of how screwed they all would be if their ‘informant’ was actually revealed to be a hacker, illegally gaining access to the information.

If I were to give a take away it would be that, all fiction aside, hacking will never save your ass, it will burn it.

Namecoin on Ubuntu 11.10

Posted on November 26, 2011 by bryon

So I setout to try a setup of Namecoin, the sibling to Bitcoin that is used for name/value storage and is the foundation for the dot-bit project. The dependencies were not explicitly laid out in the README so I wrote up the things I found I needed. Hopefully someone else doing the same thing will not have to do as much searching as I did.

Setup: namecoin version 0.3.24.64-beta
Target: Ubuntu 11.10 (x64), Amazon EC2 (Server) and Desktop

Install

sudo apt-get install git build-essential libssl-dev \
libdb4.7++-dev libboost-dev libboost-system-dev \
libboost-filesystem-dev libboost-program-options-dev \
libboost-thread-dev libglibmm-2.4-dev
git clone git://github.com/vinced/namecoin.git
cd namecoin/src
make -f makefile.unix USE_UPNP=

I built my install list from the headers that were missing from a mostly generic 11.10 install. The list of the errors I came across are below. Shoot me a line if anyone comes across other packages that need added to the list.

If you get this far you can start running namecoind which is well documented here: Post Install

Compilation error:

In file included from auxpow.cpp:4:0:
headers.h:37:28: fatal error: openssl/buffer.h: No such file or directoy
compilation terminated.

Solution:

sudo apt-get install libssl-dev

Compilation error:

In file included from auxpow.cpp:4:0:
headers.h:43:20: fatal error: db_cxx.h: No such file or directory
compilation terminated.

Solution:

sudo apt-get install  libdb4.7++-dev

If that fails …
For some reason libdb4.7++-dev is not in the 11.10 server repositories, probably because the 4.7 and 4.7++ dev libraries have some conflicts. My workaround was to get 4.7++ and then manually install the 4.7++-dev.deb from launchpad. This is unstable and apt-get -f install will remove 4.7++-dev but for the compilation I didn’t have any extra issues. When I ran the install on my desktop 11.10 libdb4.7++-dev was in the repositories so you only get this error 11.10 server .

wget http://launchpadlibrarian.net/66419156/libdb4.7%2B%2B-dev_4.7.25-10ubuntu1_amd64.deb
sudo dpkg -i --force-all libdb4.7++-dev_4.7.25-10ubuntu1_amd64.deb

Compilation error:

/usr/bin/ld: cannot find -lboost_system
/usr/bin/ld: cannot find -lboost_filesystem
/usr/bin/ld: cannot find -lboost_program_options
/usr/bin/ld: cannot find -lboost_thread
/usr/bin/ld: cannot find -lgthread-2.0

Solutions (respectively) :

sudo apt-get install libboost-system-dev
sudo apt-get install libboost-filesystem-dev
sudo apt-get install libboost-program-options-dev
sudo apt-get install libboost-thread-dev
sudo apt-get install libglibmm-2.4-dev

Resources used:

Bluish Coder

Painfully accurate response

Link

Painfully accurate response: http://bash.org/?3936

A quick fix to Email Alerts in Artillery 0.1.5

Posted on November 1, 2011 by bryon

I needed to quickly add this (the third line) line to /var/artillery/src/email_handler.py in order to get Email Alerts to work in Artillery 0.1.5. Once the mail() method was visible to the email_handler all was well in *nix honeypot land. I see that monitor.py also has email sending abilities but I haven’t delved into the code enough to see what cases Artillery calls one over the other. Either way thanks to @dave_rel1k for a great tool!

import shutil,time,thread
from src.core import *
from src.smtp import * # give the email_handler mail() access

bryogenic.com

Shiny Things

On Hacking: Larsson’s Folly

Namecoin on Ubuntu 11.10

Install

Compilation error:

Solution:

Compilation error:

Solution:

Compilation error:

Solutions (respectively) :

Resources used:

Painfully accurate response

Link

A quick fix to Email Alerts in Artillery 0.1.5