Category Archives: Security

Security

Podcast: RSA Conference HT-106

Leave a comment

I am co-presenting session HT-106: “There’s No Patch for Social Engineering” at the RSA Conference this March in San Francisco, based on language pattern analysis of email messages:

Urgent/Confidential–An Appeal for Your Serious and Religious Assistance: The Linguistic Anthropology of ‘African’ Scam Letters

A sneak preview of the session can be heard in a podcast just posted to the conference site.

I also am presenting DAS-108: “Top Ten Breaches”, a session that gives an in-depth look at breach data and investigations to illustrate how best to manage security for current threats.

Hope to see you there.

Poetry, Security

Trepidation of the Spheres

2 Comments

Helen Sharman, Britain’s first astronaut.
Source: The Guardian, Alamy Stock Photo
An information security post about poetry today, based on Valediction Forbidding Mourning by John Donne

AS virtuous men pass mildly away,
And whisper to their souls to go,
Whilst some of their sad friends do say,
“Now his breath goes,” and some say, “No.”

So let us melt, and make no noise, [5]
No tear-floods, nor sigh-tempests move;
‘Twere profanation of our joys
To tell the laity our love.

Moving of th’ earth brings harms and fears;
Men reckon what it did, and meant; [10]
But trepidation of the spheres,
Though greater far, is innocent.

The above metaphor gave me pause. The point seems to be that an inter-planetary event has far more significance yet is less stressful than an event on earth. Donne clearly wants it to be this way, to make a point about quiet goodbyes.

I suspect that if you tell someone that a “sphere” event is likely (e.g. meteor strike) they will find as much or more trepidation than events happening on earth. On the other hand, Donne perhaps knew this and was really implying that the greatest impacts are the least frequent and thus should not be feared with the same intensity (profanation) as frequent ones of less severity. He continues:

Dull sublunary lovers’ love
‘Whose soul is sense’cannot admit
Of absence, ’cause it doth remove [15]
The thing which elemented it.

But we by a love so much refined,
That ourselves know not what it is,
Inter-assur’d of the mind,
Care less, eyes, lips and hands to miss. [20]

Our two souls therefore, which are one,
Though I must go, endure not yet
A breach, but an expansion,
Like gold to aery thinness beat.

If they be two, they are two so [25]
As stiff twin compasses are two;
Thy soul, the fix’d foot, makes no show
To move, but doth, if th’ other do.

And though it in the centre sit,
Yet, when the other far doth roam, [30]
It leans, and hearkens after it,
And grows erect, as that comes home.

Such wilt thou be to me, who must,
Like th’ other foot, obliquely run;
Thy firmness makes my circle just, [35]
And makes me end where I begun.

Clever imagery within a poem of managing risk. The legs of the compass — one static as the other one roams and more erect when they are together — is a beautiful metaphor for continuity.

Security

Host Monitoring: Osiris Build for Windows

1 Comment

Perhaps you want a host integrity monitoring solution for windows? Here is a simple recipe to compile the free Osiris agent on windows for windows (so “make test” will work).

Ingredients:

  1. NSIS
  2. Active State Perl
  3. MinGW
  4. MSYS
  5. OpenSSL

You can get these all from shmoo as a single convenient build kit, or download individually using the links above. The build kit is stable, but the individual items are likely to give you more recent releases.

Install all five in the order listed with the defaults, except for MSYS. Change the installation path of MSYS from the version number to just “c:\msys”. When MSYS asks for the MinGW installation path, enter “c:/mingw”

To compile/install OpenSSL, follow these steps:

  1. Unpack the tar file. It might be most convenient to put it below the c:\msys directory
  2. Open the “Configure” file (you can use vi in MSYS but Wordpad may also work) and comment out or delete the following line: “$IsMK1MF=1 if ($target eq “mingw” && $^O ne “cygwin” && !is_msys());”
  3. Type “perl Configure mingw” to run the Configure script
  4. If successful, you will see a “Configured for mingw” message and you should have openssl.exe in the apps directory and two lib files (libssl.a and libcrypto.a) at the toplevel
  5. Type “make test” to verify the build (this will take a while)

To compile/install Osiris, follow these steps:

  1. Download and unpack the Osiris 4.2.3 source. It might be most convenient to put it below the c:\msys directory
  2. Start MSYS (Use the shortcut or C:\msys\msys.bat -norxvt)
  3. Change into the c:\msys\osiris… directory
  4. Type ./configure with the following options:
    –with-ssl-dir=/c/msys/openssl… –with-root-dir=/c/msys/osiris… where “…” is the full pathname and –with-osiris-user=osiris or whatever user it will run as
  5. Once the configure is done type “make”
  6. To reduce the size of the installer use strip: “strip src/cli/osiris.exe”; “strip src/osirisd/osirisd.exe”; and “strip src/osirismd/osirismd.exe”
  7. Open explorer and right click on C:\msys\osiris-4.2.3\src\install\windows\osiris_install.nsi, and choose “compile installer”

Tada! Your Osiris agent should be ready to deploy on windows hosts. It will be in the osiris-4.2.3\src\install\windows directory.