Saturday, June 21, 2008

Redmond and Reading

Redmond Trade Center
<== Redmond Town Center

So, I said I would be going to Redmond, and it was great! It was about 62° F all week, and only rained a little. The people I met were very friendly, and I had a good time. Everyone made me feel very welcome.
New Friends

New Friends ==>

I made several new friends while I was there (some of the pictures didn't turn out so well - I am still learning how to use this new camera). I look forward to working with them!

After a week there, I was then scheduled to go to Microsoft UK for my orientation (or NEO as its called internally). This was very informative, and I have to say, Microsoft has the most amazingly comprehensive orientation and career planning systems I have ever seen (or even heard of).

TVP
<== Thames Valley Park

I am actually still in Reading right now, and it's delightful. I am very much looking forward to my move, which I think we are planning for July now. It's funny; I was running around with my hosting manager on Monday, and in the hall, lo and behold, who do I see? A GOON!! He graciously invited me to his pad where I enjoyed dinner with YET another Goon and his family! They were incredibly gracious, and I appreciated the hospitality.
Everywhere Goons!

Goons are everywhere ==>

Soon I'll be heading back to the states for the final push to move the fam to Reading. I am more pumped than ever!!
Posted by at No comments:

Vista and Bluetooth Headsets

I had trouble getting my Motoroloa H375 working with my IBM Lenovo X61 Tablet (which has a dual core 64 bit Centrino Pro CPU and I have Vista Enterprise 64bit installed). I did a lot of research, and saw a lot of work-arounds, and here is what worked for me:

The problem: I could pair my laptop with my bluetooth headset, but Vista would demand drivers for the H375 on each reboot. The headset did not show up as an available audio device, and was categorically pissing me off.

1. I downloaded the Lenovo System Update utility which updated my Bluetooth drivers for the integrated BT in the Lenovo ("ThinkPad Bluetooth with Enhanced Data Rate")

2. I then Googled "widcomm vista 6" per Dave's suggestion on this page (bluetooth 2.0 + vista x32)

3. I extracted the driver archive and went into the "Win64" directory and ran "Inst.exe"

4. I was then notified that new drivers had been installed, which included a stereo audio gateway, and a hands-free profile

5. I was also prompted by Skype that two Bluetooth services were trying to use it, and I had to permit this in the events in the main Skype interface (Just click on each link you see at the top, and select the "Permit" checkbox)

6. At first I was getting no love, but I picked up the headset, and pressed the "Talk" button, and I got a System Tray notification that a BlueTooth device was trying to pair with my laptop, and I was prompted for the code. I put in "0000", and my H375 was available in my Skype profile to be used as Speakers and Mic. A quick test call was 100% successful!!

7. I also noticed there were a LOT more tabs in the Bluetooth profile tool (Audio, Dial-up, PIM Interfaces, & Share)

(*Note: don't forget to check "Control Skype(TM) calls using a hands-free device" option in the Audio tab - this was selected by default for me, but I had seen this caution in another FAQ somewhere.)

No go forth and play WoW and chat without disturbing the people in the hotel room next door (despite the fact they kept you up all night the night before with their bafoonery).
Posted by at No comments:
Labels: , ,

Sunday, June 1, 2008

Off to Redmond

So, my official start date with Microsoft is tomorrow. I am really looking forward to this change, and we are excited about moving to the UK. I am flying to Seattle tonight to meet some of the team. A new adventure has begun...
Posted by at No comments:

Saturday, April 26, 2008

Allow myself...

It occurred to me after my Debian SMTP/AUTH/TLS blog that perhaps I should have introduced myself first. I have been at Foundstone for about 3 years as a principal consultant, and before that I was at Internet Security Systems (ISS) for about 5 years, and various places doing contract work before that. Mostly, I get paid to break stuff which is a pleasant departure from supporting, or even designing stuff... While at work I have had assignments ranging from the somewhat odd ("Hey, we just want you to hang out for 6 months and learn the network and look around.. talk to folks.. err.. yeah...") to the more straight forward ("Let's see how much control an attacker could gain over the network with no prior knowledge and a hot network jack - Oh.. you already have Domain Admin you say... =( ").

You might see me in Vegas towards the end of July each year. I am on staff for Defcon and Blackhat, and I have participated at Toorcon (*waves at Tim and Hikari), Shmoocon (<--don't love me anymore), and Phreaknic (shouts to Bro. Skydog and Bro. Decode, and the Lady Merlin [oh-ex-oh]).

And now that I've made a complete infantile fool of myself... peas out... =)

Carric Dooley
Meatshield
23B Goon Security Squad, Las Vegas, NV
"Buy this goon a beer!"
Posted by at No comments:
Labels:

Debian Sendmail SMTP Auth and TLS

So, after pulling out my hair for a week, I wanted to note down my journey of pain with getting my domain moved after my colo pulled the plug a little early on me. I read about 20 different bits and pieces of blogs/faq's out there and nothing had all the info in one place.

Overview
First off, I'm not a Debian guy. I was quite frustrated by this new challenge, but it was not my choice. It was my lot to just make it all work when my co-lo pulled the plug on us. If you see something that should have been obvious because you ARE a Debian guy, please feel free to email me your contempt and ridicule at carric@/dev/null. (for i in self; do debian != like; done)

I wanted to have SMTP (with AUTH), IMAP, and POP all over TLS/SSL. Why? Well, IMAP lets you leave your mail on the server so you can check it from anywhere (all you need is an IMAP client), SMTP with AUTH lets you authenticate to the server so you can send mail regardless of your IP address, and the TLS/SSL component protects your passwords while in transit (provided you are not the victim of an MITM attack.. this is a topic for another blog)

Daemons
Sendmail - apt-get it and then you will want run 'sendmailconfig'; run that command before you try any ".mc diddling", then go through the sendmail.mc after u have run it once to add things if needed:

<--- snip --->
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`redirect')dnl
FEATURE(`mailertable')dnl
FEATURE(`smrsh')dnl
FEATURE(`sasl')dnl
include(`/etc/mail/tls/starttls.m4')dnl
<--- snip --->

What this is doing is reading "m4" files from (mostly) /usr/share/sendmail/cf/. Look in there and add FEATURE lines for the things you want. In the cf dirs, you will see file names like "sasl.m4", "starttls.m4", and "smrsh.m4", etc.

Dovecot imapd/popd - The apt-get install was pretty straightforward EXCEPT for

<--- snip --->
auth_username_format = %n
<-- snip --->

Until I set this line this way, it was trying to hand "user @ domain.com" instead of just "user" to PAM - no worky..... I highly suggest upping the debug options (mail_debug = yes) in the dovecot.conf until you get it working so you can see what the hell is going on in /var/log/mail.log. That was really the breakthrough for me.

saslauthd - THIS is what ties authentication through IMAP, POP, and SMTP to your local user accounts via PAM (so this is indeed what you want to use over passwd or shadow when choosing authentication mechanisms). MAKE SURE YOU DON'T SKIP: apt-get libsasl2-modules. OMG!! I spent hours trying to figure out why the hell a valid account couldn't authenticate. It was like it didn't understand what I was sending ... (SURPRISE!! It didn't understand what I was sending...) I did NOT see this step anywhere on my "man-page/howto" pilgrimage.

Spamassassin - I may actually remove this. Within the first 5 days or so, I had gotten around 2,000 e-mails (maybe 40 were actually real), and this is with Spamassassin running. I didn't do any customization to the install, it was pure defaults, but what I find REALLY cuts down the spam is the dnsbl feature in sendmail. Read Jeff's stuff:

http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html

He appears to be updating VERY frequently, so you won't be putting in servers that haven't updated since 2002 (be careful!!). If the blacklist isn't updating, don't use them. This trimmed down the e-mail volume from about 400+/day to, well.. I haven't had it running like this long, but the "you have mail" dings frequency on my e-mail client have dropped DRASTICALLY. Here are the servers I'm using in April 2008 (yes, I got them from that site above - EPIC SHOUTZ to Jeff Makey!!):

FEATURE(`dnsbl', `dul.dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dul.dnsbl.sorbs.net/"')
FEATURE(`dnsbl', `sbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
FEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')

What I learned
What I learned is that all the required info doesn't live in one place - not to make all the components work seamlessly, that is. It was a challenge, so hopefully what I posted will fill in some of the missing pieces. In retrospect, it was just a couple of tidbits, that were kind of hard to google (google: "#*$%ing sendmail not working like I want gonna snap"). Feel free to mail me if you run into similar issues, and I'll try to help.

carric_*at*_com2usa.com

P.S. Spammers; please die. As a friend of mine says, "I hope your legs grow together!"
Posted by at No comments:
Subscribe to: Posts (Atom)