Can’t help but feel a little smug

Smug

BBC NEWS | Technology | Hi-tech criminals target Twitter

Only those using Microsoft Windows are vulnerable to infection from these malicious programs.

It perhaps aught to read “… and are stupid enough to download unknown material” as well?

emacs Tramp on Windows

Updated Oct/08

I am using emacs with the tramp extension to edit files on a remote server using ssh. I had to pull in various hacks to get it to work so I hope these notes might help others.

1. Install Emacs for Windows and Cygwin with OpenSSH
2. Upgrade emacs Tramp to the latest version. This is best done using Cygwin bash and Cygwin make (in particular ensure that –with-lispdir and –infodir options are set correctly when running configure).
   • Handy tip — leave the tramp build directory hanging around. When you next upgrade Emacs it’s just make install (providing you use same directory names)
3. Ensure that the Cygwin bin directory is on the Windows system path
4. At the Cygwin bash prompt test ssh connection to your host
5. Generate public/private keys and upload to the host
6. Test ssh again to see if public authentication works (it did not for me because it had been disabled by the UNIX admin)
7. Configure emacs to use tramp
(require 'tramp)
;;(setq tramp-debug-buffer t)
;;(setq tramp-verbose 10)
(setq tramp-auto-save-directory "c:\\tmp")
(setq tramp-default-method "plink")
8. Start emacs and test connection (C-x C-f) using cygwin ssh/scp/sftp. If it works skip to step 14. I had issues so I continued with step 9
9. Install the Putty program suite
10. Test the connection using putty
11. Ensure the Putty install directory is on the system PATH
12. In emacs visit the host (C-x C-f) using the method ‘plink’. If that does not work you are on your own (but see troubleshooting below)
13. If the public keys worked in ssh then import your OpenSSH keys into Putty
14. Use emacs bookmarks to save your common host locations

Troubleshooting:

1. Getting rid of the “Couldn’t find exit status of `test -e …” error message by deleting ~/emacs.d/tramp file. This clears cached settings as documented at http://www.nabble.com/Emacs-tramp-troubles-with-old-Sun-tt13607411.html.
2. If Tramp and Emacs does not work for you try these alternatives:
   1. Vim has a netrw plugin
   2. Both FileZilla and WinSCP have options to edit a file from the remote file system which then invokes a local Windows editor of your choice.
   3. jEdit has an ftp plugin that supports sftp and bookmarks

YMMV

With many thanks to all the folks on the web who documented their experiences and Michael Albinus on the tramp-devl mailing list.

Sage advice from Tim Berners-Lee

BBC NEWS | Technology | Web creator rejects net tracking

a warning for young people about putting personal data on these sites.

“Imagine that everything you are typing is being read by the person you are applying to for your first job. Imagine that it’s all going to be seen by your parents and your grandparents and your grandchildren as well.”

I’m putting this here mainly for the benefit of my son, although he is very responsible online. Hopefully it will be a useful reminder for everyone else as well, including me.

Thanks to my father for sending me the link.

Duh! Network security 101…

BBC NEWS | Business | Boeing 787 hit by security fears

Boeing has been ordered to ensure passengers on its new 787 Dreamliner jet cannot hack into the flight system and take control of the plane.

I wonder which idiot at Boeing didn’t ensure there was an air gap between the passenger and avionic networks on the new 787? My customers on the ground have been using such a simple approach for many, many years.

If I was being unprofessional and bitchy I might even suggest it must have have a been a Microsoft security consultant.

Powered by ScribeFire.

Notes from Securecon

Last week I attended SecureCon. Here are a few rough notes:

• At an attendance cost of $0 it was stunning value for money
• Damn Vulnerable Linux is a really useful sample of cracking tools and information for the professional
• Security attacks continue to get worse and there is serious money involved
• Defence in depth (firewalls, OS patches, bandwidth throttles, user education, VLANS to separate traffic types, security zones, policies and policy updating, continues testing, application architecture and design for security,….)
• Assume everything is evil, including traffic from your own network
• Protect the data
• Constant demands for new functions and access mitigate against closed security (e.g. Javascript is about to get access to the local file system)
• New devices (e.g. mobile devices) and new services (in particular VOIP) increase the attack surface, sometimes by an order of magnitude.

A great Christmas present for the cracker in your family

Damn Vulnerable Linux – The most vulnerable and exploitable operating system ever – DVL Overview

Damn Vulnerable Linux (DVL) is a Linux-based tool for IT-Security

Been playing with this at SecureCon this morning, loads of fun and a great resource for security testing and training.

But do remember what your mummy told you about running around with scissors…

Powered by ScribeFire.