Flying Ice, MySQL Antics, and Teenage Stupidity

It's been a while since I've posted so this will be a spattering of some of the interesting things I've encountered over the last several days. Sometimes you never realize how interesting life really is until you stop and look back on what has happened lately. So here's some of the headlines since my last post.

Flying Ice

Ever since I can remember knowing anything about the solar system, there have been nine planets. Well, not anymore. At least officially. A few days ago, at a meeting of top astronomists, phsycists, and general nut jobs somewhere in the European Union (Prague to be exact), whatever wacked out international body it is that makes those kind of decisions, voted to demote Pluto from its decades old status as a planet. In response, it suddenly disappeared into thin air (and I mean thin, this is space we are talking about). Clandestine scientists rushed to their encyclopedias, and to their horror, it no longer showed up there either. They quickly tried to reconvene to undo their dastardly doings, but it was too late. Pluto is gone forever (GASP!!!!).

Come on folks. Is that really gonna change the fact that Pluto is what it is and that's a planet. I mean, I'm fairly certain that the only people that went home and broke the last planet off their solar system model were the wack jobs that decided not to call it that anyway. On my way home from work, I listened to a piece on NPR (Yea, yea, I know. I'm still in my twenties and I listen to NPR. I also occassionaly watch documentaries and eat at Chuck-A-Rama, but no gray hairs yet.), which I found to be somewhat comical. Basically, the way it described the summit, there were so many blundering idiots arguing over how to define "planet" that the resulting resolution had a ton of contradictory statements, including a footnote that specified the 8 official planets, even though some of them didn't really fit the "official" definition. In the end, to avoid being ridiculed by the world for not being able to agree on something, they finally voted to accept the resolution, thereby turning Pluto into nothing more than a flying ball of ice (officially called a "dwarf planet").

Really, I want to know how this all got started anyhow. Rather than spend their time and public funding on actually furthering science, why not spend it arguing over how we can best nullify everything the world's school children have already learned about it. Sounds like a great use of scientific resources. Well, I'm not buying into this whole thing. Someday, when he's old enough, I am going to sit down with my boy Will and have a serious man-to-man talk about what really happened with the moon landing, and also what will surely by then have become one of the great mysteries of the universe. The fact that there really is a ninth planet and its inhabited by little cosmic midgets called plutonians.

MySQL Antics
Jer sent out an email today pointing me towards a very interesting posting about MySQL. It is an interview with MySQL CEO Martin Mickos where Guy Kawasaki asks him 10 questions about MySQL and its roots. Some of the enticing tidbits shared include how MySQL has been successful as an open source company, what types of customers they seek, who fixes their defects, and what are some strange and hefty uses of the database. Amazingly, Oracle's FAQ page utilizes a MySQL database! It was also interesting to hear about some of the massive clusters that have been utilized to leverage MySQL's simplicity and power. I was impressed with the way the company has modeled itself to take advantage of the many benefits of OSS and the community, while still being quite profitable at it. Definitely worth a read if you are at all interested in open source.

Teenage Stupidity

My final piece of happenings involves some fairly idiotic behavior on the part of a local teen. I was on my way to work the other day, and when I was only a few blocks away, I passed a pair of police motorcycles with their lights on who were stopped next to an SUV that had crashed into a vinyl fence surrounding an orchard. As I drove by I tried to determine what had caused it to careen off of the quiet residential street.

As I surveyed the scene, I noticed one of my coworkers (stuthewise) across the street snapping some digital pics. Upon arriving at work, I asked him to send me copies of the images. Check them out below.

The crash scene:

The fire hydrant across the street:

And that's where I thought the story ended. I figured someone must have had a seizure or something and passed out. Well, I was kind of right. A couple days later, my picture snapping friend pointed me towards a posting on the Daily Herald website describing what really happened. It reads:

UNCONSCIOUS DRIVER -- An 18-year-old Mapleton man passed out as he was driving Wednesday morning on 800 East at 1100 North. Two Orem police officers watching traffic in the school zone on 800 East reportedly witnessed Josh Tyler Kendrick, 18, drift off the road to the right and take out a fire hydrant, phone box and several mailboxes. Then his car veered sharply to the left, across oncoming traffic, and drove into a rail fence on the other side of the road. He became unconscious as he drifted off the road.

Orem Lt. Doug Edwards said there was evidence in the car that the driver had been inhaling computer cleaner, and was likely unconscious from those fumes. When police ran to his car to check him for injuries, he had regained consciousness and said "Wow."

Kendrick was booked into the Utah County Jail on charges of DUI, reckless driving and abuse of psychotoxic chemicals. He posted the $4,260 bail.

All I can do is quote Josh Tyler Kendrick by saying, "Wow." What an idiot. They are all around us, and as this lesson has taught me, much closer than you think. Good thing I was a few minutes late to work that day.

New feature planned for Microsoft: Learn to dance like a monkey!!

So, I guess alot of people have probably seen this before, and I have just been out of the loop, but I was hanging out with a couple of the IT guys at Doba the other day, and they showed it to me. It's one of the funniest things I've seen in a while. It is some footage of Steve Ballmer, currently CEO of Microsoft, apparently at some kind of MS pep rally or developers conference or something like that. There are actually 2 clips that have been gloriously combined into and amazing techno-dance music video. This guy has got to be a freakin' PR nightmare!

So here's the first two clips in their unaltered originality:
#1 - http://www.youtube.com/watch?v=bhUAr-P_39U - "Developers, Developers!" (Is he inside of a barbed-wire corral?!)
#2 - http://www.youtube.com/watch?v=wvsboPUjrGc - "Give it up for me!"

And now, the two together at last in all their glory:
http://www.youtube.com/watch?v=8zEQhhaJsU4 - Monkey Dance

Now I can see why he would say some like he did in the quote above. Clueless.

Accessing iTunes on Linux

I found a really slick tool today that I have found quite enjoyable thus far. Since my recent and wholehearted move to Ubuntu on the desktop, I have never really looked back. There are however a couple pieces of software not available to me now that I have made the open source change. One of these is iTunes, which currently only has Windows and an OSX versions. Well, there are plenty of amiable open source media players that would be fine for playing MP3's (although iTunes has very user friendly playlist management and library functionalities, so that's not really much of a downside. However, the real drawback comes when trying to listen to music shared out by other iTunes users. I had assumed this was fairly difficult without having an iTunes client. In fact, I was trying to figure out some way I could run iTunes inside of Wine. That was until today.

Enter ourTunes. This Java based iTunes client not only allows the user to view other iTunes shares on the network, there is the added bonus of also being able to download them in mp3 to the local HDD. Sweet!! And, since ourTunes is written in Java, i will run on anything with a JVM installed. With so many awesome tunes floating out there on the office network, I can now enjoy them on my Linux box without having to contrive some connived method of emulating the functionality. I had already used Synaptic Package Manager to download an appropriate JVM to be able to run Zend for my PHP development, so all I had to do was download the ourTunes jar file and fire it up, and I've been rockin' ever since.

HTTP Halitosis - Onion Routing

So I know there have been alot of articles, blogs, etc. that have covered anonymous web browsing, and so this may not be much news to alot of people, however, every time it comes up and I ask people if they are familiar with Tor, I get blank stares, so I figured it was worth mentioning. I have found it quite useful in the past, although not for the same reason as it was designed. More on that in a sec.

Tor is open source and is self-proclaimed "onion routing" software. Onion as in ogre (Shrek). Its got layers. The concept is fairly simple and works well. Hundreds of other open-source groupies all over the world voluntarily run the server version of Tor. You configure the client portion on your system, and when you run your browser through the local Tor proxy, the request gets routed through several of the Tor servers all over the world before it reaches the web server you are requesting. Each node in the "layered" request only knows about the node on either side, aka where traffic came from and where it is going, so it creates an anonymous connection. At least in the simplest sense of anonymous. Just don't forget about some of the cookie tracking features that many websites employ, Google being the most notable of those (I assume that's the only search engine you use. If not, get a clue!). For more on that, and how to avoid it, check out this site.

Now, I can't say that I really worry too much about being watched by Big Brother, or anyone else for that matter, at least as far as my web surfing goes, so I haven't really used Tor for anonymous surfing much, although I do find the technology very interesting. I have however used it quite frequently to test the external facing aspects of various websites and server configurations I have developed. Since it often provides an international IP address, and at the least, a remote US one, it is perfect for testing services as they appear to the rest of the Internet. On top of that, it is alot safer than using one of the many free anonymous proxies that exist out on the web.

Ubuntuliciousness aka Bye Bye Billy

So I finally decided the other day I was sick of having to run the Windows gauntlet and I would give Ubuntu Linux a try. This came after trying to get Gentoo Linux to correctly install in a dual boot environment on my Compaq R3030. I really like Gentoo because it is so configurable and can be set up to load really quickly, I kept running into issues with Grub failing to install correctly, so I popped in the Ubuntu live CD and let 'er rip. In a matter of minutes, it had installed itself on the previously partitioned space and lo and behold, Grub came up completely free of issues! To my amazement, I also found the apt-get functionality used for installing and updating packages to be very efficient and the few minor hitches I had were fairly simple to overcome with a quick trip to the Ubuntu forums.

The one exception to that has been getting my wireless card to function properly, so I have been tethered to the wall, until I can get that working. I think it has something to do with the hardware shutoff button that I have on my laptop, so if anyone has any ideas, let me know. I've tried several things, but nothing works yet.

At any rate, inspired by the success on my laptop, I made the move at work and am now running Ubuntu on my desktop there. To be honest, now that I have it set up, I really don't miss Windows one bit. I have tried several Linux distros over the years, and Ubuntu really has dazzled me since it is so easy to update and navigate. It certainly helps to have some advanced Linux know how, but I really think they have succeeded in making a big leap to provide something viable for the desktop for the Linux novice. I am even pleased with how well OpenOffice integrates with documents saved in MS Office formats. Oh, and I can't say enough about how well that Evolution (the default email application) integrates with Exchange. Really, the list goes on.

In addition to my move to Ubuntu, I have also been playing around with VMWare Server, which VMWare started giving out for free not too long ago. There is a slick Linux distribution of the software that I was able to install with relative ease. Unfortunately I haven't been able to completely untether myself from Windows, since I have been doing some penatration testing on our network and require a few Windows only tools. VMWare however, has provided an outsanding solution to that problem, and since Doba provides me with a fairly beefy development machine, I have no problem running the Windows VM on top of my Ubuntu install.

So, after all the different flavors of Linux I've tried over the years, and despite my initial skepticism of diving into yet another, evolution has proved itself as this latest mainstream distro has won me over with its vastly improved characteristics. So much so, I think from now on I'll spend most of my time outside of Redmond.

Blackhat Recap

So I made it home tonight after spending a couple days out in California following Blackhat, so its time for my final recap. My last Blackhat training session was "Advanced Database Security Assesment" put on by a couple guys from NGS Software, and as I mentioned in the previous post, its first day didn't really live up to expectations. Well to be honest, neither did day 2, but it was still worthwhile. The presenters were both fairly entertaining, there were just too many technical difficulties to really get a good flow, including the fact that the VMWare demo images they gave us used British keyboard layouts and were incompatible with our US laptops. I am going to take the course materials and go through them again (and this time hopefully I can get alot of the demos to work), because there was alot of good stuff in there, they just didn't have much in the live demo department.

I was mostly interested in the MySQL material they presented, and they covered all of the major database implementations, so most of the material wasn't MySQL related, but there were some good gems in there. These included a couple of key MySQL authentication vulnerabilities: mainly one that allows the password hash to be used for authentication (if local network access is available, it can easily be sniffed off the wire) by patching a custom MySQL client. Chris Anley (who was not one of the session presenters), is the primary MySQL researcher at NGS, and has written some fairly interesting white papers if you are interested in MySQL security, the most notable of these being "Hack Proofing MySQL".

At any rate, the most interesting MySQL vulnerability is the hash authentication that can be done by modifying and compiling a custom client. This exists within the 4.0.x source tree and can be exploited by adding the following function into the password.c file in libmysql:

void use_hash(ulong *result, const char *password) {
if( strlen( password ) != 16 )
return;
sscanf( password, "%081x%081x", &(result[0]), &(result[1]) );
return;
}

Then, inside the scramble method, the following line should be removed (or commented out):

hash_password(hash_pass,password);

And replaced with the following line:

use_hash(hash_pass,password);

The client can then be recompiled and used to authenticate to the server using the password hash instead of the actual password.

In addition to this nifty trick, I also found out about a really neat tool called Absinthe, which can be used to exploit a SQL injection vulnerability to automatically enumerate the entire contents of the target database. Once you have located a vulnerable parameter, you just specify a few settings and let fly, and it will return all available database contents by automatically discovering tables and attributes.

If you have any specific questions for me regarding my thoughts on Blackhat (unfortunately I didn't stay to attend the briefings), or any of the material covered, please leave me a comment or contact me directly. I am usually on AIM during most normal hours.

And, on another note, due to my vacation eating habits, the fitness challenge is pretty blown and I'm probably as fat as ever.