patrik.cqure.net

Last weeks OpenSSL issues in Debian based distributions didn't go unnoticed for most of us. The introduction of openssl-vulnkey screwed up the Network Manager based OpenVPN GUI as it does no longer properly supply the underlying daemon with the passkey correctly.

Running OpenVPN from the command line now asks for the password three times as seen below:

Tue May 20 19:37:12 2008 /usr/sbin/openssl-vulnkey -q /home/user/openvpn/key.pem
Enter pass phrase for /home/user/openvpn/key.pem:
Enter pass phrase for /home/user/openvpn/key.pem:
Enter Private Key Password:

There is a incorrect but working workaround suggested at Ubuntu launchpad:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/230197/

It suggests replacing openssl-vulnkey that is intended for checking x509 certificates with openvpn-vulnkey used for checking OpenVPN shared static keys. Replacing openssl-vulnkey with /bin/true works just as good as the suggested workaround at launchpad but obviously removes the intended check for blacklisted keys as well.

So check your keys using openssl-vulnkey, replace any keys needing replacing, make a backup of openssl-vulnkey and replace it with /bin/true TEMPORARLY. If your interested in monitoring the activity of the bug, become a subscriber at the link above. If not wait for the security update and make sure to apply it ones it's released.

Posted by Patrik in Ubuntu | No Comments

I've been looking at the sweet small Asus Eee PC's for quite some time now. I have had a hard time deciding whether to wait for the 900-series or buy the ones that are available in stores now. Giving it some thought I decided to wait for the new ones AND buy one now What can I say it's a small pink beauty and so far I love it.

Read the rest of this entry »

Posted by Patrik in Ubuntu | No Comments

Have you ever found yourself calling your collegue to show them your mad skills during an application test. Just to seconds later realize that you're a Teletubby as session information got mixed up between browsers and you actually achieved nothing?

Read the rest of this entry »

Posted by Patrik in Testing | No Comments

In addition to fixing some walls in our kitchen I have had the chance to work on some old tools today. First I fixed MSSQLScan so that it now handles running out of sockets and timeouts much better. Then I also had the chance to do the last touch-up on a tool (DBPwAudit) I had previously worked on that can be used to scan databases for weak passwords. DBPwAudit has an architecture that allows it to scan new databases by simply dropping a JDBC driver in the right directory and creating som simple rules in a rules.conf file. Be sure to check it out at http://www.cqure.net

Posted by Patrik in Tools | No Comments

fails miserably. I'm guessing other distributions shipping with the 2.6.24 suffer from the same problem. The trouble starts when the installer tries to build the vmxnet network driver.

The error I'm getting is:
In file included from /tmp/vmxnet-only/vmxnet.c:36:
/tmp/vmxnet-only/vm_basic_types.h:161: error: conflicting types for ‘uintptr_t’

I found the following web page that hosts a number of patches and pre-patched sources solving the problem. http://projects.tuxx-home.at/?id=vmware_updates

Posted by Patrik in Ubuntu | No Comments

.... since a while a go. I know some of the people I meet have not heard of it so I am helping to spread the word.

"The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks."

Posted by Patrik in Uncategorized | No Comments

Yet another tool that does not work out of the box on Hardy. If you're experiencing the following error message

/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib/libcairo.so.2)

Well... simply run the following command (at your own risk) and you should be all set
sudo rm -f /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1

Posted by Patrik in Ubuntu | 1 Comment

Why would anyone want to encrypt theire drives with random keys? Well the whole drive wouldn't be that suitable perhaps but the swap and tmp partitions could. Looking at the man page for crypttab suggests the following setup for a randomly encrypted swap:

cswap /dev/sda6 /dev/random swap

This all looked great until I rebooted the system to find it stopping at "Starting early crytpo disks". Looking into this further revealed a problem in cryptsetup which I have filed as a bug in Launchpad: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/223072

The work-around is to use a keyfile as for any other partition on the system.

Posted by Patrik in Ubuntu | No Comments

One of the first things I noticed in Ubuntu Hardy Heron was that the key agent failed to load any other keys than the first one id_rsa. Having quite a few keys with more or less complex password this was not a pleasant surprise. Somebody obviously found this out before me, however a fix never made it into the main release. BUT there is a workaround documented in launchpad;

https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/195908

Basically it tells you to run the following commands. I have tested it and it works great.

mkdir ~/.gnome2/keystore; for i in ~/.ssh/*pub; do key=$(basename $i .pub); echo -e "[default]\npurposes=ssh-authentication" > ~/.gnome2/keystore/${key}.keystore; ln -s ~/.ssh/$key ~/.gnome2/keystore/; done

Posted by Patrik in Ubuntu | No Comments

I have had a somewhat bumpy start with the Hardy 8.04 LTS release. This is obviously not good for my reputation at the office trying to convince our last user (you know who you are) to migrate over to Ubuntu....

I'll start with some good news though as most of the problems I had in the past with Gutsy,  that were directly related to the crappy HP 6910p Notebook I have, are gone. I don't really think the notebook is that bad... just the BIOS which after an upgrade to F.10 can't be downgraded ..... Everything was working so good BEFORE the upgrade. I guess some of us never learn "Don't fix what aint broken". So for any of you experiencing flaky sound, instable wireless interface and non working DVD-burner you might have a better experience with Hardy.

However, I have been noting some problems that I'll document in the next few articles...

Posted by Patrik in Ubuntu | No Comments