The BFC Computing Weblog: Category Open Source

Anti-Virus on Voting Machines

Bill McGonigle — Mon, 25 Aug 2008 21:10:00 -0400

There’s been much made of the revelation that Diebold voting machines run an install of McAfee Anti-Virus, and that it’s caused trouble with the voting software.

The arguments against it typically boil down to:

Your voting machines shouldn’t be use for anything else
Your voting machines should be secured against anybody installing software on it
You can’t verify the operation of MAV so it could possibly tamper with votes
You should be running an operating system which is not so easily infected

Those arguments all have merit, but skip the fundamentals - the software image on a voting machine should not be running on read/write media, that is hard drives. If that basic criteria isn’t met, AV software might actually be a good idea, but missing the fundamentals is no excuse for dirty hacks.

I build my first appliance computer that could run from a CD in a CD-ROM drive in 2002. It’s neither new nor a difficult concept. When you need things to be secure, in that case under HIPAA regs, in this case for votes, you mount your media device (hard drive, flash memory, etc) with the ‘noexec’ flag, and then no software installed on the read/write media can be run from that media. Since you can’t write to the CD, software can’t be run from there either. You provide a stripped down OS image to make doing any more than the minimum very difficult, certainly requiring physical access to the machine.

This isn’t to say your machine shouldn’t be kept secure - of course it should, and the BIOS needs to be correctly configured (many of you know the security problems with certain BIOS configurations) - but read-only media and a good Q/A process obviates the need for anti-virus software. Certainly some software selection choices can make this difficult, but any good architecture starts with the requirements and works towards software selection, not the other way around. Assuming good security is a requirement.

Sun Java for CentOS 5

Bill McGonigle — Mon, 11 Aug 2008 23:03:00 -0400

Unfortunately the GNU java in CentOS 5 is too old to run modern Java code. So, you need to install the Sun version in many cases, and the jpackage method is typically the best way to do that. Two problems, though:

They don’t have an RPM that represents the current Sun version
Their version doesn’t work well on CentOS due to CentOS RPM bugs

If you don’t have them already installed, you need the RPM development tools. Something like:

yum -y install rpm-build rpmdevtools

should be sufficient. (note: I’m assuming you’re root. Most of this can also be done with a local RPM build tree and sudo, but is beyond the scope of this article).

As of this writing the current security release of the Java JDK is 1.6u7, which you can get here. Pick 32-bit linux (the only type I tested) get the linux non-RPM version, and put the downloaded ‘.bin’ file in /usr/src/redhat/SOURCES.

Now, download my updated spec file and put it in /usr/src/redhat/SPEC. If you’re on a Fedora platform or CentOS fixes their version of rpm you might want this non-CentOS spec instead. This latter one builds everything just fine on CentOS but there are UnixODBC link errors due to the rpm bug.

Now, build Java with:

cd /usr/src/redhat
rpmbuild -ba SPEC/java-1.6.0-sun-centos-5.spec

This will take a while. You should wind up with a bunch of RPM files in RPMS/i586/, like this:

-rw-r--r-- 1 root root 43085836 Aug 11 22:48 java-1.6.0-sun-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root    35903 Aug 11 22:48 java-1.6.0-sun-alsa-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root 10473773 Aug 11 22:48 java-1.6.0-sun-demo-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root 21709383 Aug 11 22:48 java-1.6.0-sun-devel-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root  1259794 Aug 11 22:48 java-1.6.0-sun-fonts-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root    26057 Aug 11 22:48 java-1.6.0-sun-jdbc-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root   807126 Aug 11 22:48 java-1.6.0-sun-plugin-1.6.0.7-1jpp.i586.rpm
-rw-r--r-- 1 root root 17692845 Aug 11 22:48 java-1.6.0-sun-src-1.6.0.7-1jpp.i586.rpm

Use yum to install them like this:

cd RPMS/i586
yum --nogpgcheck localinstall java-1.6.0-sun-*.rpm

It should find dependencies, something like this:

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 java-1.6.0-sun-alsa     i586       1.6.0.7-1jpp     java-1.6.0-sun-alsa-1.6.0.7-1jpp.i586.rpm   79 k
 java-1.6.0-sun-demo     i586       1.6.0.7-1jpp     java-1.6.0-sun-demo-1.6.0.7-1jpp.i586.rpm   15 M
 java-1.6.0-sun-devel    i586       1.6.0.7-1jpp     java-1.6.0-sun-devel-1.6.0.7-1jpp.i586.rpm   36 M
 java-1.6.0-sun-fonts    i586       1.6.0.7-1jpp     java-1.6.0-sun-fonts-1.6.0.7-1jpp.i586.rpm  2.0 M
 java-1.6.0-sun-jdbc     i586       1.6.0.7-1jpp     java-1.6.0-sun-jdbc-1.6.0.7-1jpp.i586.rpm   69 k
 java-1.6.0-sun-plugin   i586       1.6.0.7-1jpp     java-1.6.0-sun-plugin-1.6.0.7-1jpp.i586.rpm  1.6 M
 java-1.6.0-sun-src      i586       1.6.0.7-1jpp     java-1.6.0-sun-src-1.6.0.7-1jpp.i586.rpm   18 M
Installing for dependencies:
 java-1.6.0-sun          i586       1.6.0.7-1jpp     java-1.6.0-sun-1.6.0.7-1jpp.i586.rpm   68 M
 libXp                   i386       1.0.0-8.1.el5    base               23 k
 unixODBC-devel          i386       2.2.11-7.1       base              739 k
 unixODBC                i386       2.2.11-7.1       base              832 k

And yum should download and complete without errors.

Now, make sure that this new version of Java is set to be the default with:

/usr/sbin/alternatives --config java

and enjoy current java. Hopefully it won’t be long before Sun gets its code freed so next time you can just ‘yum -y install sun-java’.

First Open Source iPhone App Killed?

Bill McGonigle — Mon, 04 Aug 2008 16:49:00 -0400

Apple has pulled the popular iPhone application BoxOffice from its store without informing the author or responding to his queries.

Some have speculated that it might be at the behest of the data provider (Fandango) but the author clarified, “i’m in talks with fandango right now, and they’re thrilled with my app”.

Another possibility is that the terms of the iPhone SDK were violated by the publication of the source code for BoxOffice, which necessarily discloses parts of the iPhone API to third parties.

For those wondering if Apple was actually going to enforce the non-open-source aspect of its NDA, this may be the test case that will decide the issue.

Complete Deniability

Bill McGonigle — Thu, 10 Jul 2008 19:51:00 -0400

I’ve written before about the limited usefulness of plausible deniability, especially in relation to software like TrueCrypt, a hard drive encryption program.

The gist of plausible deniability with TrueCrypt is this: You have multiple encrypted hard drive partitions. When your enemy forces you to reveal your keys, you reveal the low-cost key, and the enemy sees some data that he doesn’t care about and sends you on your merry way. The ‘real’ stuff you want to hide is still hidden.

This works if two conditions are true:

The enemy doesn’t know you employ a product with plausible deniability
The enemy can merely detain you

If those conditions aren’t true, you’re in big trouble. Say a violent group gets you and your data. They know TrueCrypt has plausible deniability, and they really want your data. You’re going to be tortured until they get what they want, it’s that simple, and ugly.

Now, the worst possible scenario is that you can’t give up ‘your data’ because it doesn’t exist. But only you know that. The bad guys think you have it and they know you have plausible deniability. You’re completely screwed.

For this reason I’ve been against plausible deniability systems for defending against all threats (yes, TrueCrypt would still be fine from hiding that porn you have stashed away on your home PC).

This changed when Cal Harding introduced the concept of Complete Deniability. That is, you can prove that you have no more plausible deniability.

Here’s how it can work: With TrueCrypt, you could have a utility that, once inside a locked data set, could be given a set of keys and ensure that those keys account for all readable data and all blocks of the storage device. Because TrueCrypt is open source, the bad guys can trust this utility to verify that you’re no longer hiding anything. They can review the source and compile it themselves, if they wish.

But, good news for you, you get to go home. Because even bad guys don’t like to waste their time and you’re not otherwise terribly interesting. Odds are you’re not getting your laptop back once the bad guys find your porn bank, though.

PICT Abandoned by Apple

Bill McGonigle — Mon, 07 Jul 2008 19:30:00 -0400

I was cleaning up my hard drive today and found some screenshots I took of websites on 9/11, in Apple PICT format. Less than 7 years later, those PICT’s aren’t viewable on OSX in the Preview application (the standard image viewer). Seeing as this OS came out in 2005, it was likely abandoned then. At the time I was running the latest version of Mac OS 9, judging by the screenshots.

So, less than 4 years of support for that presumably very common file format.

I’ve converted the pictures to PNG (Using Photoshop 7, which can parse them), which as an industry standard open format ought to be recoverable for some time to come.

This has been reason #687 to avoid proprietary file formats.

Fonality Astroturfing FreePBX?

Bill McGonigle — Fri, 27 Jun 2008 11:49:00 -0400

Have a read here and boggle in disbelief.

I used to run Trixbox on my PBX; I started when it wasn’t a commercial product, and Tim did a great prezo on it for SLUG. When they required registration to run the software I became very uncomfortable. When I couldn’t administer my PBX one day because their server was down, I switched to Elastix, and I couldn’t be happier - I should have done it sooner; it’s a superior product.

If you’re still sitting on the fence, this behavior from Fonality is likely to knock you square off it. That Fonality relies so heavily on FreePBX only makes it so much more inconceivable. Assuming this is true, only the dismissal of the individual involved could regain any trust the community once had in Fonality.

Oh, and BTW, a FreePBX backup and restore makes it fairly simple to switch from Trixbox to Elastix.

Barracuda Moves Against Trend Micro Bogus Patent

Bill McGonigle — Tue, 24 Jun 2008 18:44:00 -0400

After reading about Barracuda moving to invalidate a bogus patent Trend Micro filed for on virus-scanning at an e-mail gateway (many of my clients depend on this technology) in January, I sent Barracuda the following note:

-----Original Message-----
From: Bill McGonigle [mailto:bill@bfccomputing.com] 
Sent: Tuesday, January 29, 2008 12:24 PM
To: legal@barracuda.com
Subject: possible SMTP prior art - TFS

From:

http://groups.google.com/group/comp.mail.sendmail/
browse_frm/thread/3cee3dc93ea81690/a8cd75d669fbd6b7?lnk=st&q=smtp+virus+scan#a8cd75d669fbd6b7

Its pretty functional - gateways between any/all MS/MAIL,
WP-OFFICE, CC:MAIL, SMTP, UUCP, MCI-MAIL. It does uuencode
and MIME attachments (configurable per address or domain
wildcard) and international characters. It can also virus
scan attachments on the way through the gateway, and access
can be controlled on a user by user basis!

(message dated July 25th, 1995).

It looks like it's still around in some form from foxT:
   http://www.tfstech.com/

Good luck,
-Bill

I never heard back more than a quick “thanks!” from Dean Drako, CEO of Barracuda, but today, I read they’ve moved ahead with this strategy and Goran Fransson, developer on TFS, is a new open source ally.

Dean writes of Goran, “We greatly appreciate the time that Goran Fransson took in coming forward to share this very important piece of prior art,” Drako says. “We believe that his testimony is instrumental in our case against what we believe is an unjust patent claim by Trend Micro against Barracuda Networks and the open source ClamAV project. In our view, Goran is an open source hero.”

Full disclosure: I’ve sold completely open solutions, based on postfix/MailScanner/clamav/sqlgrey against Barracuda’a blackbox appliances, but I’m glad they’re fighting against Trend Micro’s abuse of the system.

Solving 'function "lexize" already exists with same argument types' in PostgreSQL

Bill McGonigle — Thu, 19 Jun 2008 16:22:00 -0400

If you run across:

function "lexize" already exists with same argument types

in PostgreSQL, when adding tsearch2 to a database, even when you’ve created a fresh new database, you probably have a corrupt copy of tsearch2 in your template1 database, which is used to create your ‘fresh’ database.

To fix this, copy the uninstalltsearch2.sql somewhere temporarily (on a Fedora-derived OS it’s at: /usr/share/pgsql/contrib/uninstalltsearch2.sql) and remove the BEGIN; and END; transaction statements from the file, then run it against your template1, ala:

psql template1 < /tmp/uninstalltsearch2notransaction.sql

and it will go through and delete all of tsearch2. Expect some failure messages if it’s partially deleted already, this is normal.

Now you can load tsearch2 into your new database without complaints.

Flash Vulnerabilty In The Wild

Bill McGonigle — Tue, 27 May 2008 20:18:00 -0400

Ouch.

Every flash-enabled web browser without a Flash-blocking feature (ala NoScript) is vulnerable to remote compromise.

Having this much exposure completely controlled by one proprietary 3rd-party closed-source vendor is bad for the ecosystem. There’s a Free Flash clone underway, but it’s not good enough to replace Flash for many sites that require Flash, and many sites now require Flash.

Please, website designers: Stop hurting the web. Make sites that can be used without Flash, and add all the glam you want around it. Because Flash isn’t an open standard this problem will always exist. AJAX and SVG can accomplish all or most of what Flash can do, and any talented designer can figure these out.

Update: Adobe has updated their info, and it appears the very latest version (9,0,124,0) is not exploitable, thus this is not zero-day, and I didn’t need to publish this article. Title was: “0-Day Flash Vulnerability In The Wild”.

Microsoft Back For More Yahoo!

Bill McGonigle — Mon, 19 May 2008 20:45:00 -0400

Sure enough, Microsoft has come back and offered to buy only part of Yahoo! this time (the part it cares about, obviously). This doesn’t prove my conjecture that it only cares about Zimbra, but it sure doesn’t rule it out!