This week I’ve been testing Gbridge.  Gbridge is a (currently free) extension to Google’s Gtalk network service for Windows 2000/XP/Vista/7.  Installed as an agent, it will automatically create a VPN tunnel between other computers running Gbridge and logged in under the same gTalk account.   You can also  extend the VPN to Gtalk friends by  invitation. Gbridge also has some nifty features such as folder synchronization, remote desktop share (VNC), automatic backup, live browsing, chat, and tunneling of RDP and other TCP/UDP protocols.  Gbridge also integrates with Google Apps accounts, making it easy to create VPN within organizations that utilize Google Apps.

APPLICATION SUPPORT: I tested several applications over Gbridge such as RDP, NetBIOS shares, FTP and even a little NMAPpery — everything worked like a champ.  Gbridge has built in firewall functionality, allowing you to allow/block traffic to and from other Gbridge clients logged in under your gTalk account as well as specific firewall rules for connections to other gTalk friends’ computers.

THROUGHPUT:  Gbridge will, like many p2p platforms, try to establish direct connections between Gbridge clients, even if behind a NAT device using some UDP NAT traversal tricks.  If for some reason it cannot traverse the NAT device(s), it will use Gbridge servers as a proxy, or you can manually setup port forwarding.  In my testing between my house (7Mb DSL) and the office (10MB fiber) I got a respectable 2.5Mb throughput using CIFS copy and about the same using the built in SecureShare HTTP copy.  Not bad for NAT traversal.

SECURE SHARES: Want to share a folder or group of folders out to your gTalk friends?  Not a problem.  The Gbridge pointy-clicky interface allows you to share a folder with other PCs logged in under your gTalk account; individuals friends accounts; and apply file filtering rules and additional password protection.  Very nifty for a quick file transfer or leeching.

AUTOSYNC and BACKUPS: Quickly becoming one of my favorite functions.  Setup a SecureShare on one or more of your GBridged computers, and you can “AutoSync” it at will.  Great for syncing work/home files or pwning a headless server.  Not as elegant as ncat, but workable and everyone allows access to google servers these days.  Backups work much the same way — a one-way sync of a SecureShare.  Fast and easy DR/COOP.

CAVEATS:  if you have a host firewall or Host-based intrusion prevention service like eEye Blink, be sure you pre-configure rules to allow gBridge to do its thing.  When I was testing the utility, I forgot to disable the firewall service before I left for work and as a result when I tried to connect from the office, the connection failed because Blink was popping up dialogs on my home PC asking if it should allow the inbound connection.

http://www.cigital.com/justiceleague/2010/08/16/software-security-crosses-the-threshold-in-2009/

Gbridge is a free software that lets you remotely control PCs, sync folders, share files, and chat securely and easily. An extension of Google’s gtalk service, Gbridge automatically forms a collaborative, encrypted VPN (Virtual Private Network) that connects your computers and your friends’ computers directly and securely with patented technology. Gbridge has many unique features.

DesktopShare(VNC): Access your computer desktop remotely or share your desktop with your friend from anywhere in the world. Gbridge automatically traverses firewalls and NATting routers without the need for configuration!

SecureShare: Securely share files among your own computers, so you can remotely access your files, e.g. play mp3 , with ultimate privacy.   Securely share files to your designated friend, so the selected friend can instantly view the auto-generated photo thumbnails and slideshow remotely. No web upload/download needed!

AutoSync: Transfer large files and synchronizing folders to and from anywhere has never been easier. AutoSync supports auto-schedule, auto-resume, incremental transfers and no size restrictions!

EasyBackup: Setup an auto-recurring backup of your important folder to a local or remote PC is as easy as 1-2-3!

1. Droid X (Birdman method) - http://alldroid.org/Default.aspx?tabid=62&g=posts&m=6151&#post6151
2. Droid X (1-click) http://alldroid.org/Default.aspx?tabid=40&g=posts&t=553 and download DroidXRoot.zip

Who is behind Data Breaches?

• 70% resulted from external agents
• 48% caused by insiders
• 11% implicated business partners
• 27% involved multiple parties

How do breaches occur?

• 48% involved privilege misuse
• 40% resulted from hacking
• 38% utilized malware
• 28% involved social tactics
• 15% comprised physical attacks

What commonalities exist?

• 98% of all data breached came from servers
• 85% of attacks were not considered highly difficult
• 61% were discovered by a third party
• 86% of victims had evidence of the breach in their log files
• 96% of breaches were avoidable through simple or intermediate controls
• 79% of victims subject to PCI DSS had not achieved compliance

Jump over to Verizon for the report: http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

Everyone loves to post things to their Twitter account. Every day, people post things about the minutiae in their lives, from where they had lunch to what their kids are doing. People also are using services that allow them to post photos of these things. Because after all, a picture is worth a thousand words and isn’t limited to 140 characters. This seems great, but did you know that for a lot of folks, whenever they post a photo of their lunch or kids, also included in their thousand words are details about their exact location of where they took the photo?

Now, we love Twitter and posting photos of our lunch, however, we don’t feel that enough people realize what kind of data they are posting, albeit inadvertantly. By posting this information, they are allowing their movements to be recorded and analyized by anyone: from a government to a nosy neighbor. After analyzing your photos, someone could find out:

• Where you live
• Who else lives there
• Your commuting patterns
• Where you go for lunch each day
• Who you go to lunch with
• Why you and your attactive co-worker really like to visit a certain nice restaurant on a regular basis

“Dominator I” sounds more like a monster truck than a collection of small boxes that collectively erase 20 years of relatively secure wireless phone service, doesn’t it? Alas, what you’re looking at here is a convenient, plug-and-play solution for exploiting the hard work the world’s hacking community has put into cracking the A5/1 encryption used on GSM networks in Europe and the US over the past few years. The system consists of two nondescript white boxes, two directional antennas that you’ll point in the direction of your victim, and a laptop that you can use to get a glimpse at all of the phones currently connected to your nearest cell site and record up to four active calls simultaneously — and if you’re more of the text messaging type, Dominator I’s got you covered there, too, with full access to SMS.

Products can typically solve a narrow problem, but if you lead the security function at a large organization, narrow problems are rare. Problems are connected to other problems and surrounded by all the fun issues of ownership and stewardship and cooperation and accounting that make our lives rich and rewarding. (You may detect a tiny hint of sarcasm here, although it’s mixed with a larger portion of sincerity.)

Think of IT…er, management information systems…er, data processing back when it was all Big Blue over SNA. Costs were high and innovation was relatively slow. When the CIO voice became prominent—a business person running the IT shop based on the needs of the business, not the availability of whatever the vendors decided to put out—that’s when IT started to enable and contribute to systemic change and improvement.”

Amen brother.

http://www.csoonline.com/article/564963/Listening_In

• Security Architecture Cheat Sheet
• Troubleshooting human communications
• Security Incident Survey Cheat Sheet for Server Administrators
• Initial Security Incident Questionnaire for Responders
• How to Suck at Information Security

Full paper here .  iSecPartner’s recommendations are good.  However, while comprehensive and technically accurate, I think it would be beneficial to have an accompanying set of “triage” recommendations (Use GPOs to disable LANMAN hashes; perform egress filtering and alerting; never EVER EVER login with admin credentials – use sudo or runas; migrate to token based authentication).

1. Theft (not accidental loss) is the biggest vector both in terms of # of incidents and total records compromised
2. The endpoint, NOT the datacenter, is your weak link

The picture is a bit different with respect to financial information and PII (application and endpoint security), but time after time we’ve shown that if I can pop your desktops, I can use them to pop your datacenter.

Screencap of the phish email

If you view the mail headers, you’ll see that the email was bounced off (yet another) open .edu relay, copeland.udel.edu.  Update your blacklists – in this case, MXLogic didn’t catch it.

eMail headers

• built a USB MultiPass (I call it my U3-SwissBlade) with gParted, CloneZilla and several other nifty tools
• broke the RAID on my Maxtors
• Resized my partitions to fit on the 128G SSDNow using gParted
• Installed my SSDNow as my primary SATA drive
• used CloneZilla to do a disk-to-disk partition copy from the Maxtor to the SSDNow (this took a few tries since I had failed to move all partitions to the right after resizing and free up slack space — you really CAN’T get 160G onto a 128G drive!)
• Went through a few boot sequences until I discovered that my fstab was referencing root by UUID and thus GRUBbooting from the SSDNow and immediately mounting the old Maxtor for the rest of the OS Load.  Grrrrrgggggggggggh.  (Note, get confortable with the vol_id utility so you can find the unique UUIDs for all your drives and update your fstab to use UUIDs instead of device sequence numbers like sda, sdb, etc).
• uuidgen
  tune2fs /dev/sdb1 -U <numbergeneratedbyuuidgen>
  verify with vol_id /dev/sdb1
  vol_id /dev/hdaX

Performance is excellent.  My VMs load near instantly and no more disk thrashing.

I put one of the SSDNows in my old Dell D630 and it has made significant improvements in performance as well.  I may get another year or two out of this laptop after all.  Well worth the $230 I spent.

I’m interested in getting a SSDNow V+ to see if the write performance justifies the increased cost, but not until I do some benchmarking of my system to see if I am write-bound or not.

SYSLINUX 3.72 2008-09-25 EBIOS copyright (cc) 1994-2008 H. Peter Anvin
Unknown keyword in configuration file: UI
Could not find kernel image:  linux
boot:

FIX:   Use a current syslinux or syslinux.exe (version 3.82 at the time of this writing, download here) to re-prep the USB stick:

Where z: is the drive letter of the USB drive.  This will install the newer version of syslinux on the USB drive and resolve those keyword issues.

syslinux z:

Ingredients:

• 12″ thin crust
• 6 oz finely shredded mozarella
• 5 oz pizza sauce (or tomato sauce)
• 1 roma tomato, halved and sliced into 1/8″ slices
• 1/4  red onion, sliced in 1/4″ rings and quartered
• 1/4 cup pepper rings
• 1/3 green pepper, diced
• 2 TBsp Feta cheese
• Sliced Pepperoni
• 8 oz Chorizo, cooked, crumbled
• 8 oz spicy Jimmy Dean sausage, cooked, crumbled
• 1/2 cup mushrooms, sliced
• 3 cloves garlic, minced
• 3 pieces thick cut bacon, crumbled
• 2 Tbsp  capers
• 1 jalapeno, seeded, halved and sliced

1. Preheat oven to 450
2. Spread sauce on crust to within 1/2″ of outer edge
3. Evenly distribute mozarella
4. Evenly spread all other ingredients (meat first, then veggies, then feta cheese)
5. Cook in 450 degree oven for 9 minutes

Remove pizza.  Let cool for 7 minutes.  Slice.  Serve.  Enjoy.

1. Go into the application’s Options (i.e. click the Office Button  and select “Options”)
2. Select “Advanced” from the navigation pane on the left.
3. Find the “Show add-in user interface errors” checkbox and unselect it.
   
4. Click the OK button.

Outlook operates a little differently:

1. Start Microsoft Office Outlook.
2. On the Tools menu, click Options.
3. In the Options dialog box, click the Other tab, and then click Advanced Options.
4. In the Advanced Options dialog box, select Show add-in user interface errors, and then click OK.
5. Click OK to close the Options dialog box.

Welcome!
Note: During your chat session, Delta agents may be able to view your delta.com transactions. Additionally, chat conversations are recorded and monitored by Delta Air Lines.
Please wait while we contact the next available agent…
You are now speaking with Morris!
Morris: Hi! My name is Morris. How may I help you?
Morris: Hi! How may I assist you today?
Steve Goldsby : I just checked in online, and tried to print my boarding pass . When I do, I get a “page not found” error from the website. If I go back to my itinerary and try to “reprint” boarding pass, I get the same “page not found” error. Can you fix this or email me my boarding pass in PDF format so I can print it and avoid the lines at the airport? SkyMiles #: <xxxxxxxxxxxxxx>
Morris: Steve, I apologize for the inconvenience you faced on Delta.com; please give me a moment while I look into the matter for you!
Steve Goldsby : thanks.
Steve Goldsby : i also notice the flight is oversold. if you have seats on an ealrier flight, I would be happy to consider an earlier flight.
Morris: Let me check that for you. Just one moment.
Morris: I see on your reservation that you have already checked in, be rest assured you will get a print of the boarding pass at the airport.
Steve Goldsby : right. i don’t want to wait in line.
Morris: I will not be able to send a print of the pass via chat.
Morris: Did you receive my last response?
Steve Goldsby : i did.
Steve Goldsby : since the flight is oversold, is there an option to move to an earlier flight?
Morris: On the seat map I see that two seats are available 33 B and 36 F.
Steve Goldsby : okay. when i checked in the website said:
Steve Goldsby : Your flight is oversold. Delta is seeking volunteers with flexible travel plans to exchange their seats for compensation. Go ahead and check in below. If interested in volunteering see your gate agent at the airport.
Morris: To check in, print your boarding card and check your bags online, please go to our home page, click on the Itineraries and Check In under the tab Traveling and Check In, retrieve your reservation with your name and the confirmation number or ticket number, on the trip details page you will see the area at the top that says Check In, please click on that link and follow the instructions. You will also be able check in your bags online.
Steve Goldsby : I did that. website returns this error page at the “print boarding pass” page
Steve Goldsby : Requested Page Not Found The requested page could not be found on delta.com: * We may have removed the page or changed its web address. * Bookmark or link you clicked on might be incorrect. * Web address may have been mistyped. Recheck it to make sure it’s correct. How to Find Your Page: Use our Search tool to help you find what you’re looking for, or start again from our home page. If you still need assistance, try our Live Chat option with a customer service representative, or contact us for help.
Steve Goldsby : so I contacted you  for help.
Morris: please call our Online Customer Support Desk at 1-888-750-3284 and our Representatives will be glad to help.
Steve Goldsby : What’s the vector victor? Roger roger.
Steve Goldsby : i’ll call customer support.
Morris: Is there anything else I may help you with?
Morris: Thanks for choosing Delta have a nice day.
Morris left the chat.
Your chat has ended.  Thank you for speaking with us.
Please help us improve our service by clicking on the following link to take a short survey: CLICK HERE

emailaddress@<br>icsinc.com  to   emailaddress@<em>icsinc.com

Easy fix is to change the following line in goorecon.rb

response.scan(/[\w.-]+@<b>#{target}/o) { |t|

to

response.scan(/[\w.-]+@<[^>]+>#{target}/o) { |t|

This will keep the code flexible enough so that if google ever changes the highlighting tag (formerly <b> but now <em>) to some other html tag, goorecon will still correctly draw out emaill addresses.