If this trailer isn’t the funniest thing you’ve seen all week, I want your life.

Got my report back from the administrator — and yes, they’d been rooted. Another reason why it’s important to watch for security updates and such! Good luck to them as they reconstruct their servers. I thought about simply moving my SSH to a different port, but then I realized that it was actually more helpful to see these attacks and warn their domain administrators.

Additional interesting information about the ssh probes can be found here. Looks like exactly what I thought, another script kiddie special. I found additional probes yesterday and contacted the source box’s owner to determine whether he is aware of the problem or not. I would bet that if I hear back from him, it would be a good indicator that he’s got a rogue user or has been rooted; silence in this case would arouse my suspicion that he’s at fault. Tbye, I sincerely hope I hear back from you soon.

Today’s dumbass script kiddie award goes to:

<

p>sshd:
   Invalid Users:
      Unknown Account: 2 Time(s)
   Authentication Failures:
      unknown (202-6-75-195.safenz.net.nz ): 2 Time(s)
-----
Failed logins from these:
   guest/password from 202.6.75.195: 1 Time(s)
   test/password from 202.6.75.195: 1 Time(s)

Unmatched Entries
Illegal user test from 202.6.75.195
Illegal user guest from 202.6.75.195


<

p>My guess is somebody recently posted an extremely long-in-the-tooth probing script on one of the “l33t h4x0r” IRC channels or newsgroups. Wow, you guys are really impressive. Now go get your cookies and milk, it’s past your bedtime already.

Not much happening today, but here’s a nice picture of my family:

<

p>

<

p>I’m constantly amazed by how little I miss Microsoft Windoze.

Recently, Linda Ronstadt had a bad experience at the Aladdin in Las Vegas. Her comments supporting filmmaker Michael Moore apparently had many guests very upset. While personally I don’t see what’s to be so upset (or surprised) about in her comments, Moore’s letter to Aladdin CEO Michael Timmins is more ignorant than I would have expected from him.

<

p>”What country do you live in?” Moore asked. “Last time I checked, Las Vegas is still in the United States. And in the United States, we have something called, ‘The First Amendment.’…For you to throw Linda Ronstadt off the premises because she dared to say a few words in support of me and my film, is simply stupid and Un-American.” (This is directly from the linked article above.)

<

p>Erm, Mike, you need to refresh your memory of high school civics. The First Amendment protects speech against encroachment by the government, not by private companies or someone on whose property you’re performing. This is not an issue of censorship, it’s one of censure. The Aladdin (and its guests) are free to show their displeasure however they want, and Ms. Ronstadt is also free to show hers by never performing there again if she doesn’t want to. That’s how commerce works. I’m sure with a firm grasp on the facts of national sociopolitics like that, “spreading the truth” must come very easily to Moore.

I once went to the National Archives with a coworker, who had to look up a document for her boss. When you arrive at the Archives you have to surrender any containers, and usually unnecessary outerwear like a jacket or coat. When you get in the room to retrieve a document, there are small pieces of paper for note-taking and special pencils (I think they were red, but I’m not sure I recall completely). Guards patrol the areas to ensure no one removes documents, and you are required to certify when you leave that you didn’t remove anything from the archives. At least, that’s how it was in the mid-1990′s; I doubt it’s changed much since then.

<

p>And that’s just the public area, not the secure reading room for classified documents.

<

p>So if anyone has any doubts about the Sandy Berger story, and you haven’t been to the National Archives, take it from me: There is absolutely no possibility that Berger’s theft of the documents in question was not purposeful. It is beyond any stretch of reason that one can “inadvertently” remove anything from the National Archives. Most likely he stuffed the documents in his clothing (“inadvertently”? Please) to avoid detection, since it is unlikely he would be patted down or otherwise searched upon exiting.

<

p>I would like to know to what extent he retains any security clearance. It’s my understanding that at least some of the documents he removed were classified. If he does not possess both a security clearance and a need-to-know for that particular information, he’s in violation of Federal law and thus should be prosecuted just like anyone else who did the same thing.

<

p>I have zero tolerance for liars. If this is the kind of person John Kerry uses as an “advisor,” he should be ashamed instead of sympathetic. The character of a man is described in large part by those with whom he surrounds himself, a lesson which Kerry either never learned (which is bad), or hopes we ignore (which is worse).

This morning I sat down to get my e-mail, which includes server logs mailed to me daily from most of my machines around the ‘net. I found that some fugnut had been trying to SSH into one of my servers from the University of Geneva (yes, Switzerland). At least that was his last hop; who knows whence he actually originated. In any case, he only tried to get in with lame usernames like test and guest before he finally gave up.

<

p>This scenario illustrates why it’s important to practice good security on your Linux boxes, especially if they have full-time broadband connections to the Internet. Unfortunately, security on Linux and UNIX systems is practically a field of study unto itself, but at least the basics are easy to achieve. Here are some hints to get started, but by no means is this exhaustive, nor intended for security experts. You can find a lot more information on the Web or in books such as Practical UNIX & Internet Security by Garfinkel, et al. (3d ed., O’Reilly).

• Use a distribution that uses good default settings for security, and installs a firewall “out of the box.” Fedora Core is an example, but use whatever suits you best.
• Use good, strong passwords for all users. A good password is long (at least 8 or 9 characters), and mixes uppercase and lowercase letters, numerals and punctuation symbols. Bad password: mysecret. Good password: 2sTrnG!4u.
• Turn off all services that you do not need. Examples of things you can safely turn off are portmap, nfslock, and (used for NFS services); sendmail (only used if you are running a mail server for your own domain); httpd, vsftpd and xinetd (only needed if you are running specific Internet services). Things you should always turn off include rlogin, rsh and telnet, which will be off if you turn xinetd off; if you leave xinetd running make sure these services are disabled!
• Make sure X11 is not listening for incoming TCP connections, which can sometimes be exploited by knowledgeable ne’er-do-wells. In your process list (run ps -axw for example) you should see your X server running with the argument -nolisten tcp.
• Check your logs! If you use a facility like logwatch you can have these mailed to your account by editing the /etc/aliases file and having root‘s mail sent to some other address. Run newaliases when you’re finished editing to apply the changes.

<

p>Test your own box using tools on the Web like ShieldsUp!! which will scan your box for open ports. Or if you have a friend who’s also into UNIX/Linux or security, trade IP addresses and try your hand at investigating each other’s security. (Make sure your friend is trustworthy, and remember the Golden Rule at all times. Don’t squander your friendship by being a smartass ? say, by erasing some of his data.) Have fun!

Annoying telemarketer call of the week:

<

p>My wife and I give to a number of state and federal charitable organizations. Typically the process begins several times a year with a call from a fundraising telemarketer with a request. If the organization is one whose cause we support, has good standing at give.org and/or we’ve given to them before, usually we pledge. Like most people we usually give in the $35-50 range per drive per charity, which means we end up giving quite a bit by the end of the year.

<

p>It’s somewhat irksome when the telemarketer requests that we send our pledge back immediately upon receipt. Sometimes we have a lot of donations to fill at one time because they tend to come in waves, and our budget doesn’t usually accommodate sending them all back at once. But we strive to respond within the month, or within 30 days at the very least. My wife informs me that the telemarketing company makes more if the pledges come in faster, which frankly doesn’t concern us in the least. I think the charities should let these telemarketers know that they are really starting to cheese off their regular contributors like ourselves. I mean, isn’t it enough that we’re giving? Don’t tell me to do it on your timetable, please.

<

p>In any case, last night I got a call from one of these telemarketing yoyos, telling me that they hadn’t received my pledge. I was busy cleaning up the dishes and kitchen after dinner, and my wife was feeding Ethan, who was a bit fussy for no particular reason. “I don’t believe my wife has sent it back yet,” I said, completely truthfully. (She takes care of mailing all the bills as part of her duties as domestic goddess.)

<

p>”Could you check on that for me?”

<

p>”Well, no, I can’t right now, but I’m sure that we’ll have it in before the end of 30 days, like we always do.” (I’m under no misapprehension that this woman, nor the company she works for, has any records concerning our previous giving schedule. But I figured it would be helpful to point out we weren’t skipping out on a commitment.)

<

p>”If you could just check on that, then I wouldn’t have to bother you…”

“You don’t have to bother me at all, because I’ll be sending it in at some point in the next week.”

<

p>That was the end of the conversation, but I think next time I should follow my wife’s advice and tell them that we had the pledge ready to send in the next day, but due to their annoying phone calls, we’ve decided not to give at all. I guess I’d probably call the organization itself and make a complaint too, in the hopes that they (as the customer paying the telemarketing firm) would lobby for the company to change its procedures. Fat chance, right? >sigh<

Had a great gig with Leah on Saturday at Andy’s in Chestertown, MD. Our audience was fantastic and this is a wonderful venue for quality original music from around the region. I’m still a little exhausted since I started on a sleep deficit Saturday morning and never really caught up throughout the weekend. Thank goodness for coffee!