elblogg » security

e-valg

elzapp — Fri, 06 Mar 2009 10:14:36 +0000

Regjeringen vil visstnok ha elektronisk valg i enkelte kommuner i 2011, og har startet en anbudsrunde på levering av e-valg-løsning. Det som er litt interessant i denne saken er at så godt som alle teknologer er skeptiske, og advarer mot e-valg, samtidig som ingen kan gi noen god begrunnelse på hvorfor vi skal ha det. Den eneste begrunnelsen jeg har sett, og som jeg kan komme på selv, er at opptellingen vil gå raskere. Det kan i neste runde gjøre at en kan gjøre mer show ut av valgnatten på TV, siden valgresultatet kan komme før folk legger seg for kvelden. Videre kan kanskje det føre til et større engasjement for valget. Men her er det mange hvis og kan, dessuten mener jeg det er feil vektor å angripe manglende valgdeltakelse på.

Videre må man ta høyde for at det finnes en del teknofober, og generellt folk som ikke klarer å bruke datamaskiner, nærmest uansett hvor intuitivt og enkelt en prøver å lage det.

~~Det er ikke snakk om valg over internett, og bra er det.~~ Det åpnes også for at en skal på sikt ha stemming over internett. Det er nok sikkerhetskomplikasjoner med e-valg om det ikke går over internett om ikke en skal utsette seg for risikoen ved å gå over internett i tillegg.

Valg skal være anonyme og korrekte, dette er, når en snakker om datasikkerhet to motstridende faktorer. Dvs, ikke direkte, men i og med at de fleste mekanismer for å sikre korrekthet baserer seg på identitet for verifikasjon. Det blir dermed vanskelig å verifisere korrektheten ved dataene selv uten at dataene sendes over internet, og umulig å sikre anonymitet, korrekthet og ikke minst en person – en stemme når det stemmes over internett.

Jeg mener det ikke foreligger tilstrekkelige fordeler ved å benytte seg av elektronisk valg til at en skal risikere våre demokratiske rettigheter på dene måten.

Men dersom det skulle ende opp med at vi ender opp med elektronisk valg, må det være et absolutt krav om at programvaren og maskinvaren som benyttes er fri(prog), slik at det i allefall kan verifiseres at programvaren og maskinvaren gjør akkurat det den skal.

Mer om e-valg:

Aktivitet på twitter

New howto: Using apache to create an authenticated proxy

elzapp — Wed, 04 Mar 2009 11:44:50 +0000

I just wrote a description on how you can use apache to create an authenticated proxy ahead of your development server, or other http-based servers that doesn’t provide authentication themselves.
You can find it under the docs-section or by clicking here: Using apache to create an authenticated proxy.

How to make wordpress easy upgradeable

elzapp — Mon, 31 Mar 2008 17:02:13 +0000

The first thing I have to say about this is keep your worpress up to date at all times! Skipping a release will not only make you vulnerable to hackers, but also make it more difficult to upgrade later. But this, of course is something you already know, lets see what we could do to make it easier to manage this.

Wouldn’t it be nice if you had a distribution system for wordpress?
Actually, you have! You can use Subversion to install wordpress, and upgrading later is as easy as just switching repositories, if you follow static versions, or svn update if you install from trunk.

This makes upgrades a 4 step procedure (you can cut it down to 2 if you like to live risky, or if you don’t use custom plugins):

Disable all plugins
run svn sw http://svn.automattic.com/wordpress/tags/2.5/
go to your wp-admin, and update database (one click operation)
Enable your plugins again

As mentioned, you may skip the first and the last point.

See wordpress.org for more info, on how to switch from a tarball installed wordpress to a svn-installed wordpress, or performing a fresh install from svn.

Upgraded wordpress again

elzapp — Sun, 30 Mar 2008 13:12:43 +0000

This time from 2.3.3 to 2.5 using subversion. It was dead easy! Though I find the user interface a bit confusing, I’m very happy to have found a way to keep the blog up-to-date in an easy way.

It is very cool to be able to manage photos and galleries inside wordpress too

w00t?

elzapp — Tue, 25 Mar 2008 12:30:34 +0000

Today I noticed this in my access.log:

^?View Code APACHE

67.19.113.154 - - [24/Mar/2008:16:02:10 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"
65.111.181.35 - - [24/Mar/2008:20:02:22 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"
67.19.113.154 - - [24/Mar/2008:20:15:38 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"
67.19.113.154 - - [25/Mar/2008:00:26:37 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"
67.19.113.154 - - [25/Mar/2008:04:37:39 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"
...
67.19.113.154 - - [25/Mar/2008:08:52:25 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"
67.19.113.154 - - [25/Mar/2008:13:05:07 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 363 "-" "-"

What goes on here?
All these requests fail, ofcourse, but in addition to the obvious (404), the client also doesnt supply a Host: header for their HTTP/1.1 requests

update

It is safe to assume that this is an attempt to hack me in some way, DFind is appearantly some kind of security scanner^ref. The same IPs are also bruteforcing some URLs (like /phpmyadmin etc..) looking for somthing fun to poke around with.

Faked secuirty patch

elzapp — Thu, 29 Jul 2004 13:30:31 +0000

I received this mail today:

FROM: "Microsoft Corporation Public Assistance" 
TO: "Customer" <>
SUBJECT: Latest Security Pack

MS Customer

this is the latest version of security update, the
"July 2004, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
 - MS Internet Explorer, version 4.01 and later
 - MS Outlook, version 8.00 and later
 - MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest opportun=
ity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found=
 on the Microsoft Technical Support web site.

http://support.microsoft.com/

For security-related information about Microsoft products, please visit the=
 Microsoft Security Advisor web site

http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond=
 to any replies.

----------------------------------------------
The names of the actual companies and products mentioned herein are the tra=
demarks of their respective owners.

This is the text/plain mime-version of the mail. It had a colorful microsoft-look-ish HTML version too.

Of course i knew this mail was a fake, furthermore gmail gave me this message:

An attachment named “pack1919.exe” was removed from this document as it constituted a security hazard. If you require this document, please contact the sender and arrange an alternate means of receiving it.

Please remember: Microsoft NEVER send security-mail if you’re not registered at their site for receiving such mail. And they NEVER ever send attatchments with it.

It seems this is a variant of the W32/Gibe@mm (W32/Gibe@mm, WORM_GIBE.A, W32/Gibe-A, I-Worm.Gibe, W32/Gibe.A@mm, Win32.Gibe.A, W32/Gibe@MM) worm. Although the name of the attachment, the greeting line and the subject of the message doesnt match the description at securityresponse