Kail Linux 2.0 – It’s Hear

So Kail Linux 2.0 is finally here, pen tester rejoice and don’t forget the script kiddies. One thing that anyone has used Kail for a long time and even going back to the day when it was called BackTrack Linux is its use of Gnome 2 for BackTrack then Gnome 2 Fail Back in Kail. It seems that Kail has gone for a full Gnome 3 expenses with some tweaks. The tweak that everyone will notes is the new menu, as you can see in the image below.

Screenshot from 2015-08-16 20:00:27

It took a little while to re-learn where all the tools where but once I got uses to the menu, I loved it.

So apart from the tweaks, its the Kail Linux we know and love. But with a updated GUI.

So if you find your self needing a good environment to pen-test in or a good computer forensics environment, I can’t recommend Kail Linux 2.0 enough

Final thoughts just because you can install Kail Linux, it doesn’t make you an automatic hacker. With tools like Kail comes great responsibility.






Solutions To The Hard Open Sources Questions

So, I thought I would share my thoughts today about the issues, In people when you talk open sources and why it is important.

The question I most often get asked is “Where is the money to be made in open sources software?”

I do think that this is one of the most complicated of all the answers to give, because yes there are some projects that don’t make any money, but then there are some like Red Hat Linux that make lots of money. The money is to be made in us the user supporting software and using it in places that otherwise would have picked an proprietary solution. I think the hardest thing, that we face in that the person you might run into in the street just wants their software to run and for them not to think about it, No I don’t think we will get these people to be running Linux Or BSD on their own systems at home, but systems that the interact with outside we can make run open sources. A good example of this is POS systems (Point of Sales systems) the cash register in your local super market. Most POS systems that are currently running Microsoft Windows XP, now if you have not followed the cases in the USA of what happened to Target here will be a (link). Now I don’t think you will stop security breaches by using a open source, but with people that uses the software and that deploy the software just being able to review the code its going to make for a better system. That is where we will change the world.

The other question that follows “Where is the money to be made in open sources software?” is normally “Where is the support?”

The support comes from people in the community, now this is where I think that the open sources software needs to pick their shit up… Because I am sorry guys and girls, we are a grumpy bunch or elitist, and that is the buggiest thing that holding us back, frankly we need to pick up our shit. Good example I can sight is there was a operation systems I had a few questions for the devs and I was meet with a head dev telling me “Fuck Off! Go and read the wiki if you find a bug submit a patch!” Now I get it, lots of us don’t get paid for the work we do, but at some point we where new, and that is what I think we forget. And that is one thing that proprietary software has, they have to be nice because at the end of the day they are getting your money. I think this is something we really need people step-up and say to these people they are being assholes.

The finally question is “What is to stop people, adding code to spy on you?”
Nothing, but the community. Because lots of people are looking at the code, it will stop people from being able to add bad code, that does not always happen but it is less in open sources world unlike proprietary software, because who knows what they have added.

Linux Mint 17.2 – Has got it all alright, Good bye Windows

So these past weeks, we all know Windows 10 came out, unless you are living under a rock of causes. After dual booting for many years and using Linux as my main desktop and for anything that really doesn’t run well under Wine or PC Gaming I have used Windows 7. So this week I decided to download the newsiest version of Linux Mint and to say I am happy with Linux Mint is a understatement. I have used Linux Mint in the past but, I feel that 17.2 has nailed it. This is the first time I have installed a fresh with little to no configuration, in the past with most mainstream Linux distribution I have had to spend hours tweaking out my graphics drive, anyone that runs a laptop hybrid graphics and is a Linux user knows, it can be really painful to get working just right. This time I installed the Nvidia 3.31 and had access to both graphics cards with no configuration. In the past, I have had to tweak parts of the Nvidia 3.31 driver to get it running. And when I say running it was not very stable.

I have been using Linux Mint now for one week and in the whole week, And this whole week, the only thing I needed to switch into Windows for was using Microsoft Access 2007. I am currently trying to switch over to Kexi for my rapid database application development.

This has been a long time coming for me. I have been using Linux now ten years, but this is the first time I have felt the time was right to completely leave Windows behind. With all the information that has been leaked these past years, It has made me question the trust I once had for Microsoft, and with the information that I have read over the past forty-eight hours just on the privacy settings that you need to find threaten screens. Call me crazy but, my spidey senses is tingling, Why I hear you say, I am finding it really odd that Microsoft are just giving Windows 10 away for the first year, something smells, or I just could be reading into this, but with the NSA and the spying and with Microsoft being sighted in documents, Microsoft willingness to help the NSA. Or Maybe I am Just High.And the other key factor, sources code… After the last few years, I have wanted to know what my software is doing on my system, and Microsoft don’t offer sources code to review so unless decompile Microsoft code there is no way to know what is going on in the background. And plus decompile is proprietary code, does have legal issues.

So why am I so, as the days and months drag on, I will see if this was the right choose.

But as you have seen above, I have chosen to switch to Linux more full time as a security measure, but that was not the only reason that I made the switch. The other reason is Microsoft unfriendly to developers that don’t wish to live in the Microsoft Visual Studies, and for someone like myself that using languages like python more and more, I find Windows has lots of stability issues, this could be down the the version of python for Windows. Personally I find that with Linux, I am not stuck with the programs with buggy code, it simply doesn’t through unknown errors or if it does throw a error it is normally down to my system missing a package, and simply install what is missing and carry on doing what I was doing.

Hackers, Hackers Everywhere – And why we should care but not really about all these car hacks

If you have been living under an rock for the last few days, you may have missed the news that Chrysler have recalled 1.4 million cars due to a software volubility that allows a person to crack into your cars on boarded computer and take control every system that is inside.

Read I don’t want to say this isn’t an problem because, really it is an huge problem but not as bad as the mainstream news is wanting us to believe. For one attack that is effecting Chrysler verticals an attack needs access the main USB port. I personally haven’t seen much more information about the attack in this point in time of how the attack works, but I had to bet on anything they would be using a buffer overflow attack and then injecting code into the cars on board computer, but sadly it could be even more simpler than that.

I think it is time that devices such as cars, source code should be available. I do understand intellectual property, but it is time we had access to this type of information. Because if more eyeballs are looking at the code we might not have these problems may become fewer. But sadly, I don’t see any company that has code that is part of a intellectual property allowing it to happen. The future we approach more and more we will see this type of attack, we need to come up with a way to deal with these problem responsibly.

Remember the news want us to be afraid, but as everyone should a bit of research even if you have no idea about the topic in the begin will always come out understanding more than you did.

And remember the news wants you to believe that everyone and everything is out to get you. But really that isn’t true.

Community VS Individual

So today I thought that I would write a post about an topic that has been in my mind for a long time, there is no easy way to explain it in a single sentence. So I am just going put text to screen and type, and just see where it goes.

As a kid I remember this one class that I had to take “Community Studies” and I remember reading in the text book we had, that community are like gears on a cog, but wait I thought if one part of the cog breaks the whole cog stop function. But if we apply this to life, it never seems to work, but why? Well simply put people don’t care and government are never willing to help the individual become a function member again of there community,

So where, am I going with this. Well as you the reader sit around think about all people in your community, that seem to have fell through the cracks, but maybe if we help them and government offer services that help the individual and not using a services fits maybe 10% of people. But to help individual cost too much is what most say, but I really do disagree with that, think about if everyone had the same access to the same services, rich or poor, how much richer society, but sadly that is a cynical  the rich need the poor to stay poor, because if we didn’t have poor there would be no need to rich.

So how would we pay for this task

Well simply put we would all have to learn how to share…. And there is the problem, humans don’t like to share.

Or we can help other out, if someone is picking through trash to find a meal, why not buy them some small goods, it could mean the world to an single person just to have something that is not another trash.

The government or the rich are not going to be the one’s that help us, we are by acting as an community that helps the individual. And by being able to see that yes that community is important but it is individuals that make are our community and if we start helping all members we can make an better community.

So final words, if you see someone that needs help, stick out your hand as it might be the only friendly hand that person has seen. And by sowing the seeds of kindness we can start to change this world hopefully for the better.

Edit: These rules also apples not just for humans but also are animal friends, as they also need our help.

The Physical Side Of Security That Is Often Forgotten “USB Ports”

The last few years network security has been an big factor for enterprises, that have technology in there company that connects to an network. But what is often forgotten in this world is physical protection ageist attacks. The last few years have seen the creation of tools like the USB Rubber Ducky, that is able to provide information or inject code into an target computer in an matter of seconds. In the last few years I lost count the number of enterprises that have computer or laptops sitting untended, where the anyone could simply work in, inject there payload and leave before anyone was aware that anyone was anywhere near that target devices. Something to think about, Yes one could look down the USB ports, and server monitor ports, but easily that can be spoofed. So what can be done, to stop an attack access to an USB port, for one don’t leave PC or Laptops in places where there not attended at all time, make sure there is an pare of eyes on them at all times. So what if you don’t have that option well, simple answer is get an hot glue gun and put glue in all the ports. Extreme yes, but effective.