?

Log in

No account? Create an account
Linux Community's Journal
 
[Most Recent Entries] [Calendar View] [Friends View]

Friday, October 18th, 2002

Time Event
8:45a
Polinux?
Secure Linux desktop begins shipping to UK police force
A pilot scheme which could see police forces throughout England and Wales switching to Linux desktops has kicked off with delivery of the first systems to the West Yorkshire force...

...It is however the approach and architecture of the system that is most interesting... The user-facing part of the system consists of an ultra low cost machine being supplied by the Telford office of Taiwanese company GCI, price £299, including a smart card reader.

These clients connect via VNC to the business end of the system, which can include legacy Windows systems, making it easier for customers to transition to open source. The clients themselves are 'stateless,' so a user can log on with their smartcard from any machine on the network, and get immediate access to their personal desktop, which includes Openoffice. For police work this has clear advantages, because it potentially makes mobile connectivity a lot easier.
The reason I have trouble imagining this is that, traditionally, computer systems provided to the police (or any government body) in the UK have to be (a) completely unreliable and (b) vastly overpriced. A Linux-based system would make meeting these criteria more of a challenge. I guess they'll have to screw it up in some other way....
2:06p
Disk Choking up my mp3, web browsing, hlds, things like that.
I was always curious,
Why does untarring a file just choke your linux machine?

Why does a lot of file loading seem to choke the linux box?

This article explains it a bit
http://kerneltrap.org/node.php?id=465

Pre-emptiveness -> Out the door
blah!

I remember when the linux kernel was the best. its become far from it, and useless for audio and video projects (to my experiences with lately.)
5:23p
remote kernel exploit?
just fyi- some of you may have read about this on one of the mailing lists, some of you who are more 'underground' may have heard the rumors of it, but http://www.linuxsecurity.com/articles/intrusion_detection_article-5933.html
is a copy of a post to a mailing list where a guy picked up some funny traffic on the ids and then removed the funny acting box from the network and when he rebooted he found a binary in the /tmp directory that preports to be a remote kernel exploit for linux (oops, maybe linus dropped the ball here [as if ptrace wasnt bad enough]), the post itself isnt really informative itself, but this was brought up on irc by a friend of mine who is trying to figure out what exactly the program does. When run the binary prompts for a password, and as some of the more educated users might think, why not 'strings' the binary and find the password, well the binary is encrypted with a program whose name i cant remember [some of you might now, its called 'burn' something or something (http://www.phrack.com/show.php?p=58&a=5 phrack paper over runtime binary encryption, this program is at least based off ideas presented in that paper), so being encrypted it is obviously that strings wont pop out the password, and obviously there will be no debugging symbols present to run it through gdb. Luckily that isnt the end of things. my friend is debugging it and it is quite a complex program, 74 procedures [anyone familar with exploits will know that is a large number of procedures] of those, 44 has no 'ret'/'leave' instructions and thus overlap with other procedures [my thought was that this might be the result of some form of optimization and that those functions will never reach leave/ret regardless of how flow is passed), of those 74, several appear to be trash procedures
i.e.
0x01234567 call 0x01234567

some appear to have no use, but actually might, i.e.

push $0x41
pop %eax
inc %eax
leave
ret

[think int $0x80 or similar which uses eax as a parameter]
and so on and so forth, so literally this is a 40k encrypted puzzle.
[10k w/o the encryption]

so with that said, to me it seems like this is part of project mayhem and its meant to be smoke in mirrors, i mean why would your system spit out a valueable remote exploit on reboot? i can see a rootkit, or i dunno, 30 valid procedures [possibly more if some are optimized], seems to be alot, but mabe the box was being used to scan/hack other boxes out there. Anyways whats your opinion?

fyi.
my friends page with more info is here ->
http://www.securityhacker.org/

<< Previous Day 2002/10/18
[Calendar]
Next Day >>
About LiveJournal.com