SSH
Latest
Juniper Networks finds backdoor code in its firewalls
One of the reasons corporate users and the privacy-minded rely on VPNs is to control access to their networks and (hopefully) not expose secrets over insecure connections. Today Juniper Networks revealed that some of its products may not have been living up to that standard, after discovering "unauthorized code" in the software that runs on its NetScreen firewalls during a code review. Pointed out by security researcher "The Grugq," the backdoor has been present since late 2012 and can only be fixed by upgrading to a new version of software just released today.
Windows will make it easier to remote-control Linux PCs
In case there was any doubt that Microsoft's war against Linux is (mostly) over, the company just offered another olive branch. The company has revealed that its PowerShell team is working on support for the Secure Shell protocol and shell sessions (aka SSH) to make it easier for Windows- and Linux-based PCs to connect to and remotely control each other. While SSH has been an option in the Windows world, Microsoft's Angel Calvo says there have been "limited implementations" so far -- this would simplify things and give you "tight integration" with Windows that wasn't feasible before. It's too early to tell when the feature will be available, but it's at least in the cards.
Adafruit launches Raspberry Pi Educational Linux Distro, hastens our hacking
The Raspberry Pi is already considered a hacker's paradise. However, that assumes that owners have all the software they need to start in the first place. Adafruit wants to give the process a little nudge through its Raspberry Pi Educational Linux Distro. The software includes a customized distribution of Raspbian, Occidentalis, that either turns on or optimizes SSHD access, Bonjour networking, WiFi adapter support and other hack-friendly tools. The build further rolls in Hexxeh's firmware and a big, pre-built 4GB SD card image. Before you start frantically clicking the download link, be aware that the "educational" title doesn't refer to a neophyte's playground -- Adafruit still assumes you know enough about Linux and Raspberry Pi units to be productive (or dangerous). Anyone who was already intrigued by the Raspberry Pi by itself, though, might appreciate what happens when it's tossed into a fruit salad.
DARPA-backed Power Pwn is power strip by day, superhero hack machine by night
Call the Power Pwn the champion of white hat hacking. Underneath that Clark Kent power strip exterior, there's a Superman of full-scale breach testing that can push the limits of just about any company network, whether it takes 3G, Ethernet or WiFi to get there. Pwnie Express' stealthy sequel to the Pwn Plug ships with a Debian 6 instance of Linux whose handy hacking tools are as easy to launch as they are tough to detect. There's just one step needed to create a snoop-friendly Evil AP WiFi hotspot, and the box dodges around low-level NAC/802.1x/RADIUS network authentication without any help; in the same breath, it can easily leap into stealth mode and keeps an ongoing encrypted link to give do-gooders a real challenge. The hacker doesn't even need to be in the same ZIP code to crack a firewall or VPN -- the 3G link lets the Power Pwn take bash command-line instructions through SMS messages and doles out some of its feedback the same way. While the $1,295 device can theoretically be used for nefarious purposes, DARPA's blessing (and funding) should help keep the Power Pwn safely in the hands of security pros and thwart more than a few dastardly villains looking for weak networks.
The iPad as an IT professional's tool
John Welch over at Ars Technica wrote a wonderful post about using an iPad as a system administrator's tool, noting that Apple's tablet is "an addition, not a replacement" to the many tools that IT pros currently use to complete their daily tasks. Welch brings up points that I discovered when I first started taking my iPad along on client visits -- the size is right, the battery life is wonderful, and it's much more handy than a laptop or an iPhone. Note-taking, for example, is much easier to accomplish on the iPad, and it's possible to prop up the iPad for easy reading at a distance instead of squinting at a small screen. Welch notes that he's able to easily analyze data from Cacti or Nagios with just a glance, keeping an eye on how things are doing. With Welch's iPad, there's no waiting for a laptop to start up every morning. Most devices can be monitored in the aforementioned Web-based systems, he has email to catch messages about systems going down, and once a problem is found, he can "get a lot done over SSH." Welch uses Prompt (US$7.99) as his SSH client of choice, perfect for logging into Mac or Linux servers and desktop machines. For other sysadmin tasks, Welch has some concerns. There's no iPad analogue to Apple Remote Desktop, for example, although Windows network admins have a wonderful tool available in WinAdmin ($7.99). Apple hasn't released any management tools for Mac OS X Server that run on the iPad, but there are some limited third-party tools available such as Server Admin Remote ($9.99). Still, there's a good-sized market for sysadmin tools for the iPad, and if Apple doesn't step up to the plate to deliver them, Welch hopes that third-party developers will. If you're a system administrator who uses an iPad regularly at work, let us know in the comments what tools you use or would like to see.
'Monster Cat' 30,472-core supercomputer can be yours for $1,279 an hour
Nicknamed after the magical "Nekomata" cat of Japanese nightmares, Cycle Computing's monstrous new supercomputer can now be yours to rent for the low price of $1,279 an hour. By fusing together the face-melting power of 3,809 eight-core Amazon AWS Elastic Computer 2s, the company was able to create the world's 30th fastest computer with 30,472 processor cores and 27TB of memory -- primarily used for complex modeling rather than Facebooking. Components of the beast hide out in three of Amazon's EC2 data center lairs located in California, Virginia and Ireland, and communicate using HTTPS and SSH encrypted with AES-256 to keep its secrets safe and secure. Compared to the company's previous 10,000-core offering ($1,060 / hour), the new version is far more powerful and minimally more expensive, mostly because it uses spot instances (where customers bid on unused EC2 capacity) rather than pricier reserved instances. Good on you Cycle Computing, not everyone has access to a Jeopardy champ.
Use SSH scripts to share Safari tabs between two Macs
Our own Brett Terpstra developed two SSH scripts that let you share Safari browser tabs between multiple Macs. This method is perfect for those Mac users with an iMac or a Mac Pro as their main work machine and a Mac laptop as a secondary machine for checking email, instant messaging or light browsing. You know the scenario - an email with your updated project timetable lands in your inbox which is running on your MacBook. You open it in a tab and want to send it your Mac Pro where you have been immersed in work-related research all morning. This pair of tab-sharing scripts lets you do just that. The scripts run over SSH to pull the browser tabs from the front Safari window on one machine to another when the two Macs are on the same network. The scripts can be run remotely, but there are not too many scenarios that prompt you to sync tabs from your home computer while you are working remotely. The procedure requires you to setup keyless SSH between the Macs and to modify or create a ~/.ssh/config file on each machine that will receive the tabs. You also have to setup a remotetabs.rb script on the machine that is the source of the browser tabs and the getremotetabs.rb on the recipient machine. If SSH files and config files pique your interest, then point your browser here for all the nitty-gritty details. What are you waiting for? Roll up your sleeves, flex your scripting skills and start sharing Safari tabs back and forth between your Macs.
Prompt from Panic does SSH on iPad and iPhone
Prompt from Panic is probably not an app you'll download just to muck around with and then forget. An SSH client is one of those things you either need and use a fair bit, or not at all. Described by developer Panic as "a clean, crisp, and cheerful SSH client: it helps you when you need it, and stays out of your way when you don't," early reviewers seem to like it a lot. Panic says the app is "for system administrators, web developers, movie-style hackers ('Let me just TCP/IP into the UNIX port!'), or any person who needs to connect remotely and type some magic." It seems reasonably priced at US$4.99. Let us know if you've tried it. [Via Macgasm]
Hackers increasingly using telnet for attacks, port 23 looking younger than ever
You can't always just hang around waiting for the next big Microsoft security update. Sometimes you have to go and make your own destiny -- even if it means probing a few dusty ports. That's apparently the mantra of modern hackers who are, according to Akamai, increasingly looking back at telnet as a means to gain unapproved access to systems of all shapes and sizes. Admins of course should be relying on SSH for such remote shell access, far more secure, but apparently many like to keep port 23 open for old time's sake. Green-screen nostalgia is, apparently, a dangerous thing.
Terminal Tips: More reliable SSH connections to your Back to My Mac hosts
Back to My Mac is a feature of MobileMe that allows you to connect remotely to your Macs. Usually this is for screen-sharing or file-sharing through the Finder, but you can also connect via SSH. In the Terminal app (found in /Applications/Utilities/), you can connect via Shell » New Remote Connection, then click the "Secure Shell (SSH)" item, then the computer you want to connect to under the "Server" column. But what if that doesn't work? In that case, I have two suggestions for you: first, use SSH v2 and IPv6. Perhaps it's best to show you the command and then explain it: ssh -2 -6 imac.luomat.members.mac.com -v The "members.mac.com" is consistent for all users. "luomat" is my MobileMe username. "imac" is the hostname of my Mac. See System Preferences » Sharing if you don't know what your computer's name is, or to change it. The "-2" tells SSH to only try SSH protocol version 2, and the "-6" tells SSH to only use IPv6 addresses. The "-v" tells SSH to be "a little" verbose in its output. That part is optional. You could also use -vv or -vvv if you want more verbosity. So far, this method has given me even more success than my DynDNS hostname, which I described before. Before you worry about the security implications of giving people my MobileMe hostname, I should mention that it seems to be impossible to connect to BTMM hostnames unless you are connecting from another computer that is logged into that same MobileMe account. If you have spaces in the computer's name, they are usually replaced with "-" and punctuation is ignored. So, "John's iMac" becomes "Johns-iMac" in the SSH command. Marco Arment also figured out that if you have a period in the hostname or MobileMe username, you should escape it with a \ so that "john.doe" becomes "john\.doe" when you are connecting via SSH. Of course, to be able to connect to your remote Mac via SSH, you must have enabled "Remote Login" under System Preferences » Sharing.
iSSH updates, supports multitasking and port forwarding
One must-have app for me with any smartphone is a decent SSH client; I wouldn't move over to the iPhone until I was sure it had one. When Zingersoft's iSSH came along and I was able to kick its tires a bit, I knew I could safely move my life over to the iPhone. RSA/DSA key import support, an X11 client ... what more could I want or need? Well, Zingersoft answered me with its latest update, officially released a few days ago. In this update is multitasking support, allowing you to keep connections open in the background for up to ten minutes on compatible devices. And because there's now multitasking capability, the update allows one to setup port forwarding tunnels. If you don't have access to a VPN server to pass through firewalls in order to gain access certain systems, the port forwarding feature of iSSH is a godsend. As for the ten minute timeout, that's only to be expected. Though, I'm assuming all one has to do to reset the timeout counter is occasionally switch back to iSSH and back out again. iSSH is a universal iPhone and iPad app, currently available for US$9.99 in the app store.
Linksys router turned into smartphone-controlled doorman (video)
Working for a large company comes with a lot of baggage, the least of which is an RFID security badge. For those small companies who can't afford such extravagantly wireless door key solutions there's another option: this DIY project completed by a team of developers at Sunlight Labs. It all centers around a Linksys WRT54GL, a Linux-based wireless router that, with a little firmware hackery and a bit of wiring, was tethered into the office's door release buzzer. The team then went about allowing SSH access to the router and created Android and iPhone apps that instantly connect to the device and open the door, authenticated by a PIN and a unique ID assigned to each device. Users can also deliver their PIN via SMS or a simple phone call to open the door. Elegant, impressive, open source, and one less thing to forget on a Monday morning when groggily heading to the office.
SSH and the case-sensitive username in Snow Leopard
Mac OS X 10.6 Snow Leopard introduced a lot of under-the-hood changes and many are not very obvious. One such change is to the authentication requirements for logging in remotely via SSH. In 10.5 logging in remotely via SSH was a pretty standard affair. In 10.6, however, security has been beefed up a bit to require case-sensitive login credentials. While this requirement has already been imposed on passwords, Snow Leopard now requires a case-sensitive user name as well. In other words, when logging in via SSH, Snow Leopard differentiates between the username "aron" and "Aron." This threw me for a loop for quite some time and is another one of the numerous reasons I have held off upgrading my Mac mini to 10.6.
iPhone worm author really goes to work
While you have to go to quite some lengths to be vulnerable to it, jailbroken iPhones have been under fire for susceptibility to a particular SSH-based type of worm that has seen a lot of press lately. One of the developers, Ashley Towns, who helped to get the "rick" rolling, as it were, has just announced his employment at an iPhone game firm. Sophos is reporting that he'll be taking up shop at mogeneration, the developer responsible for such hits as Xumii [iTunes link], a cross-social networking communication app, and Moo Shake! [iTunes link], a farm-based activity game for kids. It is an interesting turn of events given that mogeneration even reported on the topic of Ashley's now-infamous rickrolling iPhone worm. I personally think that there is a lot of potential for coders of malware to embark on legitimate careers as developers coding for good. However, I don't favor the thought that malware developers are essentially getting 'rewarded' for their dangerous work. There is nothing from mogeneration to imply that Towns was hired based on the notoriety of his SSH-based worm, but I can't help thinking that there are other, more talented iPhone developers who have stayed below the radar by not writing malware. I want to know what you think. Should developers of intentionally malicious software be given a clean slate and a new life? Or perhaps should they be feeling the effects of the law's very long arms? [via Techmeme]
Protect yourself from SSH-based iPhone worms
The internet has been ablaze with reports of jailbroken iPhones being infested with worms. The exploit takes advantage of unwitting jailbreakers who install OpenSSH on their iPhones via Cydia without taking into account all of the impacts on security. The most notable, and now famous, hole in this theory is that every iPhone ships with the same default password for both the all-powerful "root" user as well as the more-restricted "mobile" user. Not surprisingly, Apple has officially commented on the situation noting that "the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software." It is pretty clear from Apple's statement their feelings on the jailbreak community and its effects on the iPhone and iPod touch. Luckily, if you need to have OpenSSH installed on your iPhone (who doesn't want a remotely-accessible, full UNIX terminal in their pocket?), there is a pretty simple solution to this problem that will prevent this breed of infestation from ever reaching your iPhone. Remember, this only affects jailbroken iPhone owners who have installed OpenSSH... Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC). Type "login", you will be asked for a login name which should be "root" then a password which should be "alpine". Type "passwd" then tap return, you will be asked to type the new password. Tap return and type the new password again. Repeat this same process for the "mobile" user by replacing "root" with "mobile" in step 3. Also, when using passwd to change the password for "mobile" you may be asked the old password which would be "alpine". It is not necessary to use a different password for "root" and "mobile" but if you're highly security conscious, it wouldn't hurt. The second half of this post includes a screen image of my exact process working successfully on OS 3.1.2 with an iPhone 3GS. In addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use. Obviously, having SSH disabled (or not installed) is the best defense against worms of this sort. Got any other iPhone security tips? Let us know in the comments!
Jailbroken iPhones exposed to second worm, this time malicious
As inevitable as the sun rising in the East and setting in the West, an innocuous iPhone worm has been transformed into a malicious bank details-stealing virus. The second recorded iPhone infection operates on exactly the same principles as the first, as it targets jailbroken handsets with SSH installed, but this time adds the ability for the hacker to remotely control and access the phone. By throwing up a purported ING Direct login page, he (or she, or they) can collect your online banking credentials and, presumably, all the cash they are supposed to protect. Presently isolated within the Netherlands, this outbreak may spread further still, as it is capable of infecting other jailbroken iPhones on the same WiFi network.
Dutch hacker seeks out jailbroken iPhones for fame and fortune
Jailbreaking an iPhone certainly brings many benefits, but it's also fraught with some peril, as amply demonstrated by a Dutch hacker who decided to go snooping around for vulnerable jailbroken iPhones in the Netherlands. While he apparently didn't actually swipe personal information or cause any damage, he was able to find some jailbroken iPhones with SSH running, which allowed him to display a message saying "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now!" A noble gesture of a white hat hacker? Not exactly, 'cause that site demands €5 for the "fix" to let folks go back to using their phone securely -- or it did until the hacker apparently had a change of heart and posted the instructions for free, along with an apology for his misguided moneymaking scheme.
Dutch hacker accesses jailbroken iPhones, requests €5
Running a jailbroken iPhone has its risks, as a Dutch hacker has demonstrated. Specifically, he used a bit of port scanning to find jailbroken phones with SSH running in his native Netherlands. From there, he sent unsuspecting users a message that reads, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." The URL directs the users to Paypal and requests €5 in exchange for instructions that explain how to remove the hack. But how did he get in? By relying on users' forgetfulness. All iPhones have a default root password. Those who forget to change it are vulnerable to this very kind of attack. Asking for money is kind of a bummer but much less obnoxious that other things he could have done. The moral of the story is pay attention and be thorough when jailbreaking your iPhone. [Via Ars Technica]
Palm Pre data tethering is a go, Sprint be damned
Well, that was fast. Just a couple hours after we noted Palm warning against hacking webOS to allow data tethering on the Pre, the first set of instructions has popped up. It's not the cleanest hack we've ever seen -- you need to root your phone, enable SSH, and then configure your browser to run through a SOCKS proxy -- but it'll certainly get the job done in a pinch. Just don't go crazy, alright? We've got a feeling Sprint's watching Pre accounts with an eagle eye.
Meerkat 1.2, 100% more AppleScript support
If you work from non-secure networks (coffeehouses, airports, hotels, etc.), or if you've ever wanted to bypass a firewall (YouTube or TUAW blocked at work?) you may be familiar with SSH tunneling. It's come up more than once here on TUAW. It allows you to conduct your Internet business through a secure proxy and makes the process transparent (once you set it up, you don't have to think about it). It's typically handled via a shell command, but some GUI-based programs can make life a lot easier -- both for the less technically-inclined, and for those who want to handle multiple tunnels and automation. Enter Meerkat, the SSH tunnel tool with the friendly face. I mentioned Meerkat about a year ago, and apparently things have been busy at the Code Sorcery Workshop since that release. The latest version of Meerkat -- version 1.2 -- sports an array of new features, from AppleScript support to a command line utility, as well as improvements to existing features like Bonjour sharing and the tunnel editing interface. I've been using the previous version for quite some time now, and I can say that this version adds some great features to an already great application. AppleScript support means automation, and Meerkat plays well with location managers like NetworkLocation (a plugin is available on the Meerkat page), or any location manager which can run AppleScripts or shell commands. With such a setup, you can have your system automatically detect a change in networks and set up specific tunnels depending on your location. I won't go into the details of location managers right now, but it's something to look into for laptop owners on-the-move. Additional features, including Application Triggers, Bonjour support and automatic reconnect for dropped tunnels all make Meerkat a valuable tool. At a current price of $19.95US, Meerkat provides features for a spectrum of users, from the Tunnel Setup Assistant for newbies, to advanced automation possibilities for veteran SSH'ers. I'd be negligent if I didn't mention at least one similar app in the freeware realm: SSHTunnel is a nice, easy-to-use GUI for setting up and managing tunnels. It lacks some of the automation and integration capabilities, but is a definite must-see if you're not ready to fork out for something more full-featured. A trial of Meerkat is available for download, and a license can be purchased for $19.95US.
