SamuraiNet Blog

As a nano user I often get flack from those around me who use Vim about not having syntax highlighting. So, after taking this for some time I decided to find a way to add syntax highlighting to nano and to my surprise, it is actually already built in and simply not enabled.

Here is the simple, step-by-step process:

1. Copy the /etc/nanorc file to ~/.nanorc (depending on your distribution this file may be located elsewhere)
2. Open ~/.nanorc with your favorite text editor (in this case, odds are good it’ll be nano)
3. Find the commented lines beginning with “include”
4. Uncomment for the languages you want to have syntax highlighted in

Amazingly simple. I’m actually rather surprised it wasn’t enabled by default, but I suppose in the spirit of being a tiny text editor (hence the name) the overhead was left to an “as needed” basis.

There are a few languages not already included, but you can simply add them in yourself. I wanted to add PHP and found this link. The syntax files themselves are also editable. Allowing you to add in rules or change syntax colors.

Virtual machine’s use unique MAC addresses to access the internet. This article provides a listing of their identifiers so that you may asertain whether or not a particular machine is within a Virtual machine. http://blogs.techrepublic.com.com/networking/?p=538&tag=nl.e102

Botnets are no new threat and neither is the way they are used. The article shows some statics on just how powerful they are and what sorts of damages they are doing. The second link provided is from SANS and discusses a proactive, rather than reactive way to deal with the possibility of infection. The final link provided shows how bot herders are using their destructive potential to make money. With such a lucrative business in place it puts more and more pressure on security professionals to take the next step in securing their systems. http://www.sourcewire.com/releases/rel_display….9472&hilite= http://isc.sans.org/diary.html?date=2008-06-14 http://www.technewsworld.com/story/The-….Con-Game-63357.html

Again we find proof that hackers are compromising government systems and using the data attained to raise problems. What is possibly more disturbing is the government’s continuing lax efforts to deal with the issue at hand. It seems that just pushing it under the carpet is the defacto method of dealing with these problems, when the correct approach should be to deal with the problem at the source. Here we see that Chinese hackers actually managed to gain access to dissident lists and actually managed to find the people on those lists. http://ap.google.com/article/ALeqM5g….ZaBwez4_gq7mwD918ATTG0

Mozilla’s Firefox 3 was supposed to come packaged with “private browsing” a “no digital trail” method of surfing the net, however; because of the amount of code affected by this options it has been released without this feature. http://news.cnet.com/8301-10789_3-9967829-57.html

That’s cookies times three… or perhaps Third party cookies. Not the world’s greatest pun, but all the same a decent intro. In this posting I will explain third party cookies and why they are bad as well as provide a method to deal with these pesky cookies without destroying your “website experience.

What are cookies and what are “third party” cookies?

Cookies are small bits of information stored on your computer. Web-sites place tracking information in these cookies to remember who you are, if you’ve logged in, in the case of shopping carts, what you’ve purchased, and all sorts of other useful information. Most of this information is not publicly accessible, even with physical access to the machine because the information is stored server-side; however, the Session ID or other information is stored within the cookie. (This is what allows “session hijacking” with XSS.)

Cookies come in all shapes and forms: first party cookies, third party cookies, session cookies, etc. A first party cookie is issued by the site you are visiting and is only accessible by that website. For example, when you visit my blog, samurainet.org issues you a cookie to keep track of if you’ve logged in and for the “unique visit” counter. Only samurainet.org can access this cookie and it’s information and thus makes it a first party cookie.

A third party cookie can be issued by any web-site and subsequently can be accessed by any web-site. The main purpose of these are for tracking users and advertising. These cookies are not important to the operation of web-site, unlike first party cookies that may be carrying your Session ID.

Managing cookies with FireFox.

Firefox provides settings for cookie management. You will find these settings in Firefox’s advanced configuration. There are three settings that I will discuss here, network.cookie.cookiebehavior, network.cookie.p3plevel, and network.cookie.p3p. Each contains values that can be modified to affect the overall behavior of Firefox when dealing with cookies.

Network.cookie.cookiebehavior - This controls how the browser allows cookies. ( values: 0 - allow all, 1 - allow first party only, 2 - disallow all, 3 - allow cookies based on the P3P policy)

Network.cookie.p3plevel - This specifies the P3P acceptance policy when Network.cookie.cookiebehavior is set to 3. (values: 0 - Low[afafaaaa], 1 - Medium[ffffaaaa], 2 - High[frfradaa], 3 - Custom)

Network.cookie.p3p - This specifies the custom P3P policy. The policy specifies 8 positions with 4 separate values that I will explain below.

Selecting the policy for you.

The P3P (Platform for Privacy Preferences, a W3C project) policy dictates the handling of both first and third party cookies from sites of various levels of trust. The trust is based on what the web-site claims to be doing with your information and cookie information. As a personal rule, I distrust even reputable web-sites and prefer to keep cookies for as short a time period as possible.

P3P gives four possible values ( A - accept, D - downgrade to a session cookie, F - flag, and R - reject) for cookie management as well as 8 various scenarios for the cookie to fall under. The P3P cookie “byte” is structured as followed. (Taken from the Mozillazine.org web-site)

1. First party cookies from sites with no privacy policy
2. Third party cookies from sites with no privacy policy
3. First party cookies from sites that collect personal information without permission
4. Third party cookies from sites that collect personal information without permission
5. First party cookies from sites that collect personal information only with permission
6. Third party cookies from sites that collect personal information only with permission
7. First party cookies from sites that don’t collect personal information
8. Third party cookies from sites that don’t collect personal information

Firefox has built-in cookie management that ranges from blank policies (in the cookiebehavior) for accepting all, rejecting all, or accepting only first-party cookies as well as pre-built P3P policies of Low (accept all and flag suspicious third party), Medium (flag all suspicious first and third party, and accept the rest), and High ( flag suspicious first party, reject suspicious third party, accept all others and downgrade third party that collect personal information.) [I have used suspicious to refer to positions 1-4 since the site either claims no privacy policy or is collecting information without permission.]

That sure is a lot to process, but are those policies good? That really depends on if they suit your needs. My policy is a custom policy, meaning I have set cookiebehavior’s value to 3 as well as p3plevel’s value to 3 (custom). I have then specified the following p3p value: DRDRDRDR. Very simply I downgrade all first party cookies (meaning they will be deleted when I close Firefox) and I reject all third party cookies, regardless of where they came from. This provides me blanket protection against third party cookies, since I don’t care about advertising and I don’t want to be tracked. Also, it provides me the ability to still use all web-sites normally, but stops them from tracking me beyond one session (at least by using cookies.)

References:

http://kb.mozillazine.org/Network.cookie.cookieBehavior

http://kb.mozillazine.org/Network.cookie.p3p

http://forums.mozillazine.org/viewtopic.php?p=2576901

http://kb.mozillazine.org/Network.cookie.p3plevel

http://www.clicktracks.com/insidetrack/articles/first_v_third_cookies.php

http://www.w3.org/P3P/

Restrictive passwords make cracking more difficult by requiring that users use a wider range of characters; however, can restrictive password policies actually decrease time required to crack? This blog goes into the math behind it. http://lukenotricks.blogspot.com/2008/03/more-on-counting-restrictive-password.htm

Mozilla has a new campaign to break the world record for number of downloads in 24 hours. They have even gone to allowing people to pledge downloads, to be sure they accomplish their goal. This is an interesting marketing campaign. http://www.spreadfirefox.com/en-US/worldrecord/

In a previous post (America’s Cyber defense or lack there of) I pointed out problems with foreign hackers and our government. Here are two articles as a semi-continuation of the saga. http://www.scmagazineus.com/Potential-security-breach-by-China/article/110790/ http://www.thehindubusinessline.com/2008/06/04/stories/2008060451781200.htm

If you are considering being in the IT field or are looking to hire new IT staff, this article is well worth a read. 30 items that IT staff should know. I don’t agree with all 30, but the list itself is something to be looked at and will help you evaluate yourself or potential staff. http://www.infoworld.com/article/08/06/02/23FE-how-to-fire-IT-staff-skills-list_1.html

After battling with an .htaccess problem all day long I ended up at this article. It didn’t solve my problem, but is a great source of information on all things .htaccess. http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/