Unix: Rooting out the kits

 Rootkits are both tricky and stealthy, but there are still some things that you can do if you suspect that one of your Linux system has been infected. After all, a rootkit is going to be doing something if it's to be of any value to the miscreants that deployed it. In addition, its authors will have had a hard time trying to engineer their tools to avoid everything that detection tools are going to throw at it to identify and remove it.

The bad news is that detecting rootkits takes far more insight than noticing and identifying your typical virus. Many are designed to resemble device drivers so that it's possible for them to run at a more privileged level in the operating system. Rootkits often replace a keyboard or network driver, for example. The way that modern operating systems are broken into distinct privilege "layers" and numerous modules, loaded when needed and each of which manages a distinct function within the OS, makes this possible.

Sometimes root kits will replace commands such as netstat, du, find, ifconfig, netd, killall and lsof while they will just provide support for other malware -- allowing it to run undetected or providing access to the system through backdoors. The flexibility and modularity of operating systems is, thus, also something of a "weak link" as far as security is concerned.

When you suspect a rootkit has been installed on a system, the first thing you need to decide is what the first step ought to be. Some will say that you should immediately detach it from your network, isolating it for further analysis. Others will say that you may lose valuable insights into what the rootkit is doing if you move too quickly. Besides, depending on the role the system is playing, pulling it off the network could have drastic implications if provides a critical service. On a well designed network, your critical services will be set up in such a way that you can roll them over to another system.

If your aim is to learn as much as you can about the rootkit, rebooting the system might be a bad idea. The rootkit might be one that is confined to memory and your evidence may be gone if you reboot too soon. In any case, this – how to proceed when a rootkit is suspected -- kind of decision is one that should be made long before you have to act.

You should consider detaching from your network and, at some point, shutting down the system and booting in single user mode. The key question is what's more important -- figuring out what happened or getting the system up and working again. If you must get it online again as quickly as possible, are you prepared to make an image of the infected system for analysis? If you can, that image might provide you with important insights after the fact.

It's a good to have a rescue CD or DVD on hand so that you can look at an infected system (or a potentially infected system) without depending on tools or commands that are installed on the system.

Source  http://www.itworld.com/security/348584/unix-rooting-out-kits

Use OS X services to reveal or open file paths

Apple's Spotlight offers a quick way to find user files and resources like applications or system preferences. However, it does not locate items in the system folder or in hidden folders, though at times you might need to access them. This limitation may be especially cumbersome to deal with if you are troubleshooting a problem in OS X or helping someone do so, meaning you may need to ask them to locate a specific hidden file and remove it or modify its contents.

For some system resources you can simply navigate through the Finder; however, in its default view the Finder does not show a number of hidden files and folders such as the user library. So, for example, if you tell someone to access his or her user library to locate the Fonts folder, since the user library is hidden he or she might instead erroneously access the global library at the root of the hard drive.

Even if you are familiar with standard Unix file path notation and direct someone to open the ~/Library folder, if that person doesn't know what the tilde character means then he or she might go to the wrong directory in the Finder.

To get around these potential areas of confusion both for yourself and when instructing others, you can make use of some services and features in OS X that make possible quick access to any file or folder based on a typed path you provide, which can help avoid confusion and make it straightforward for anyone to open a specified Unix-compliant path.

The first option is to use the system's contextual services: if you have a full Unix-compliant path typed out, then you can simply highlight it, right-click the selected text, and then choose either Open or Reveal from the Services contextual menu, and the system will then display the item in the Finder or try to open it with its default handling application.

For example, you can triple-click the following folder path examples or otherwise select each in its entirety, and try opening the items in the Finder (note that if you use the Open service the system may ask for confirmation before opening the path):

If you come across a file path as part of an instruction for tweaking your system or troubleshooting it, you can use these services to access it by selecting the file path and right-clicking in this way. Additionally, if you are attempting to help others access parts of their systems and you know the exact file or folder path they should use, then you can likewise send it to them and have them perform this procedure to quickly open it.
Open and Reveal services in OS X

These contextual services are built into OS X and should be enabled by default, but if they aren't then they can be enabled in the Services section of the Keyboard system preferences, under the Keyboard Shortcuts tab.

While useful for opening a full file path from a text document or Web page, these options are also convenient in other areas. If you are a power user and access the Terminal regularly, then you probably have a number of file paths listed in your command history that you previously acted upon. If you need to open one of these paths in the Finder, you can use these services to quickly select and open it.

A last and related way to navigate through a full file path is to use the OS X Go to Folder feature that is available in the Finder's Go menu (and can also be invoked by pressing Shift-Command-G). With this option, you can copy a full file path or even a partial one with respect to the directory of the current Finder window, and then paste it in the Go to Folder field instead of using the Open or Reveal services, which should open it for you in the Finder. For example, select and copy any of the file paths listed above, and then paste it in the Go to Folder field to have the system open it in the Finder.

Source  http://reviews.cnet.com/8301-13727_7-57568990-263/tip-use-os-x-services-to-reveal-or-open-file-paths/

I.B.M. Slims Down Its Big Data Offerings

 I.B.M. is cutting the price on its least-expensive Power server computers by 50 percent, to under $6,000. The pricing move is one of a series of hardware and software announcements on Tuesday intended as a strategic push more broadly into the fast-growing market for Big Data technology and to tailor offerings for smaller businesses.

The overall market for Big Data technology — hardware, software and services — is projected to increase to $23.7 billion by 2016, from $8.1 billion last year, according to IDC, a market research firm. Every major technology company including Oracle, EMC, Microsoft, SAP Hewlett-Packard and SAS Institute, as well as an entire generation of start-ups, is chasing the opportunity to supply the tools of advanced data analysis and discovery to business.

I.B.M.’s Power servers run the company’s Power microprocessors. These chips were originally designed for big computers using I.B.M.’s proprietary version of the Unix operating system, AIX. Over the years, the company has developed specialized chips using the Power technology for other markets like video game consoles. The I.B.M. chips can be found in the game machines made by Sony, Nintendo and Microsoft.

The I.B.M. Power servers also run Linux, the open-source version of Unix. And Linux is the preferred operating system for much Big Data software, notably Hadoop, the foundation layer that manages many distributed, data analysis applications.

But the hardware challenge for I.B.M. is that most Hadoop software is running on industry-standard servers, powered by chips from Intel or Advanced Micro Devices.

The price cut helps make the case for Big Data computing on I.B.M. Power servers, which are designed to juggle many computing tasks efficiently and reliably, a potential advantage in the data-analysis market. “I.B.M. is bringing the actual price down to be very, very competitive,” said Jean S. Bozman, an analyst at IDC. “And they have to do it.”

The lower price is also a bid for the small- and medium-size business market, as these companies seek to adopt Big Data computing. “This brings the entry point down quite a bit and opens the way for more businesses to use Power technology as a preferred environment,” said Steven A. Mills, senior vice president for software and hardware systems at I.B.M.

One small company looking at using the I.B.M. technology for advanced data analysis is Westside Produce, which harvests, packs and markets cantaloupes for growers in California. The company, with 15 full-time employees and many seasonal contract workers, already runs its accounting, inventory and operations-management software on an I.B.M. Power server.

But Justin K. Porter, director of technology at Westside Produce, said his company would like to be able to more closely track and analyze all kinds of data, including harvest practices, weather patterns, shipments, melon sizes, and prices paid by specific supermarket chains and distributors. The goal, he said, would be to fine-tune operations and marketing to trim waste and improve profits.

“It’s definitely something that we’re going to look into,” Mr. Porter said.

Source  http://bits.blogs.nytimes.com/2013/02/04/ibm-slims-down-its-big-data-offerings/

Stephen Watt, a.k.a. “The UNIX Terrorist,” to Keynote Infiltrate Con, April 11-12 - First Public Talk Since Conviction in World’s Largest Financial Cyber-Heist

 It was the biggest identity theft case in U.S. history - between 2005-2007, 170 million credit card numbers were stolen from Heartland Payment Systems, TJX and other national companies. The operation - known as Get Rich or Die Tryin’ - was led by convicted hacker Albert Gonzalez. But the U.S. Attorney’s Office would later convict former rogue DefCon speaker and Wall Street programmer Stephen Watt of complicity in the crime for writing the packet-sniffing program “blabla” that was used by Gonzalez.

Now, after two years of incarceration in SeaTac Federal Detention Center, a $171.5 million restitution and still on probation, Stephen Watt a.k.a. ‘The UNIX Terrorist’ will be giving his first public talk at this year’s Infiltrate offensive security conference in Miami Beach, April 11-12, 2013.

“We’re happy that Stephen’s lawyer was able to get him approval to keynote at this year’s conference,” said Dave Aitel, CEO of Immunity Inc. and organizer of Infiltrate. “Stephen has a formidable reputation as a programmer and an original thinker, and we’re looking forward to his talk on the criminal justice system as it pertains to com-puter crime. This talk is especially relevant given the recent death of Aaron Swartz, who also faced the same prosecutor as Stephen.”

The title of Watt’s keynote presentation is, “Turning Down an Offer You Can’t Refuse.”

“My talk will be a journey through the legal system; essentially, what to expect if you don’t snitch on your friends,” said Watt. “I’m going to tell people the truth about what it’s like to be prosecuted under today’s computer crime laws - from the overzealous tactics of prosecutors to the near-impossibility of thriving in a post-conviction life. Federal litigation exponentiates fines and sentences by stringing endless amounts of charges together. Most notably, in the case of file-sharing charges. So basically, this talk will cover everything from pretrial, to the courtroom, prison and probation.”

On probation since February 2012, Watt is currently prohibited from using a non-Windows operating system on his government-monitored laptop. He’s also banned from using an iPhone or Android device. “I’m allowed to use a BlackBerry, but they’ve told me ‘there’s just too much you can do on an iPhone,’” he said.

In spite of the severity of his punishment, Watt never benefited financially from his involvement with Gonzalez. While in prison, he also turned down a movie studio offer to option his life story for the big screen. Eric Eisner has since optioned the rights to Rolling Stone’s story on the group, “Hackers Gone Wild: The Fast Times and Hard Fall of the Green Hat Gang.”

Watt remains an opponent of computer vulnerability disclosure and the commercialization of exploit development. He has since developed a passion for discussing matters such as free speech, as well as prosecutorial and investigative tactics as they apply to cybercrime cases.

Stephen Watt’s keynote isn’t the only noteworthy talk at this year’s Infiltrate. Here is a preliminary list of other talks at this year’s conference:

        Chris Eagle – Keynote Speaker
        Esteban Guillardoy - Jurassic Jar: Their World. Our Rules.
        Miguel Turner - Exfiltrate: Efficient Blind SQLi
        Matias Soler - The Chameleon: A Cellphone-Based USB Impersonator
        Alberto Garcia - Enterprise Malware, There Is Always a Way. (DNS/DNSSEC)
        Sergey Gordeychik - Siemens Under the X-Ray
        Ling Chuan Lee and Lee Yee Chan - TTF Font Fuzzing and Vulnerability
        S.A. Ridley and Stephen Lawler - Advanced Exploitation Of Mobile/Embedded De-vices: The ARM Microprocessor
        Josh Thomas - NAND-Xplore -> Bad Blocks = Well Hidden

The conference will also include advanced training classes for professionals:

        Unethical Hacking - Immunity’s most popular class focuses on teaching the fundamentals of Windows x86 exploitation by having students write exploits. This class attempts to teach a strategic approach to attack and penetration that goes beyond “penetration testing” to model how a real attacker targets your company. It’s recommended students be familiar with x86 assembler, some reverse engineering, debugging and Windows memory management.
        Immunity Master Class - Fun with modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to take the Master class.
        Web Hacking - A favorite among developers as well as infosec professionals, this class focuses on understanding common web hacking techniques by having students exploit vulnerable systems.

ABOUT INFILTRATE

Now in it’s third year, Infiltrate (http://www.infiltratecon.com) is an exclusive offensive security conference for the infosec community, focused on advanced hacks, exploits and all things offensive. Organized by Dave Aitel and Immunity Inc., the conference is April 11-12, 2013 at the Fountainbleau Hotel in Miami Beach. Past speakers at Infiltrate include Charlie Miller, Andrew Cushman, Thomas Lim, Dan Rosenberg, Cesar Cerrudo and Jon Oberheide.

For the original version on PRWeb visit: http://www.prweb.com/releases/prweb2013/1/prweb10349836.htm

South Africa: Mobile Ubuntu - a Unix Powered Smartphone

Mark Shuttleworth, South African IT millionaire and Open Source Champion recently announced and demonstrated the planned release of the Linux-based Ubuntu operating system (OS) for smartphones. The Canonical boss revealed that future devices will not only run the new mobile OS, but will also boot the desktop variant of Ubuntu when docked to a keyboard, mouse and monitor. This would mean that you will literally be able to use your phone to power your PC.

It is planned that you would be able to install Ubuntu on most Android devices, and although it is a totally new OS (not just an Android skin), because it is built on Linux in the same way that Android is, there should be no problem installing it on modern Android phones.

Visually the phone interface is very clean and makes no use of permanent buttons, instead the system is totally gesture-based and different functions are triggered by swiping the phone from sides or top or bottom, similar to Windows 8. From an overall design perspective, Ubuntu looks to offer a pretty dynamic home screen experience that's quite a bit different to Windows Phone, Android, or iOS. It's focused more around recently used content - like contacts you've spoken to recently, music you've added, and apps you've used - rather than a static grid of content.

During his keynote address earlier this year, Shuttleworth continually referred to 'emerging' markets as the battleground on which an Ubuntu Phone would fight it out for impact... "It's this sector, the low-end, that the battle for the hearts, minds and hands of the less tech-savvy will take place."

However, while Canonical has plenty of experience hosting cloud-based services and app stores (a major hurdle for new entrants to the mobile space), it doesn't have a great track record in bringing physical products to market that use its software. Hopefully, application developers will take the lead in ensuring a stream of new and exciting applications.

So, although a low-cost platform has appeal for handset manufacturers, there's hardly a shortage of them to choose from right now, with Firefox OS and Tizen being the most recent examples of what can be achieved by fully embracing and supporting HTML5.

An Android alternative

Carolina Milanesi, mobile analyst at Gartner, feels that there is place in the marketplace for an alternative platform to Android.

Source  http://allafrica.com/stories/201301210607.html

Sr. Unix Administrator (Indians only)

Saudi Networkers Services - SNS Group

Our client is looking for a Senior Unix Administrator having no less than 10+ years experience, IBM P-Series preferably Indian nationals, a 6 month contract extensible based in Egypt.
Package is lucrative and availability should be within a month or so.

Skills

Unix Administrator - 10+ years experience, IBM P-Series, clustering experience, managing an environment of 80-100 LPARS, + AS/400 LPARS, Performance and Management etc.

Company Profile

Saudi Networkers Services (SNS) is a Telecommunications, Oil & Gas and IT Consultancy Services Provider, founded in 2001 and has excelled ever since in providing the biggest multinational companies in MENA regions with very high standards of quality service in the recruitment field.

Today, SNS Group is one of the leading consultancy services providers with more than 1500 employees worldwide, ISO 9001:2008 certified company and is highly regarded.

Source  http://jobs.emirates247.com/en/job/?xid=1918997

Migration from Unix to Linux and Cloud are key driving factors for our business”

Arun Kumar, General Manager, Red Hat India, talks to KTP Radhika about their growing middleware business and the business opportunities in open source Cloud.

 You have made a few acquisitions in the recent past and tried to diversify business. Where do you stand now?

Till 2006, we were a single-product firm offering Red Hat Linux enterprise solution. After acquiring JBoss, open source application server in 2006, we got a whole set of middleware products. JBoss stands as the most popular middleware application available in market today. In 2008, we bought Qumranet, a software company offering desktop virtualisation kernel-based virtual machine (KVM) technology. In Virtualisation, KVM is a very important open standard-based choice for companies and enterprises. Last year, we acquired Gluster, which has Cloud storage and big data services. Recently, we took over FuseSource, a provider of open source integration and messaging from Progress Software Corporation and business process management (BPM) technology developed by Polymita Technologies. We have gone from a single-product solution provider from a broad portfolio to the middleware stack and to Cloud computing. We have been diversifying our portfolio for quite some time, working with the open source development community and through major acquisitions.

 What are the key verticals driving growth for Red Hat?

Globally, government, telecom and the BFSI sectors have been the biggest adopters of open source solutions. In India too, the trend remains the same. The government is an integral part of our business in this market. Apart from the central government, many state governments are also adopting open source solutions. Indian CIOs are looking for cost effective and open infrastructure solutions, and Red Hat is committed to address these growing demands for open source solutions in Indian enterprises by ourselves and also through partners.

Migration is one of the key aspects of our business globally and in India. Many companies, who are still working with Unix-based servers and infrastructure, are now migrating to the Linux platform. We see a big opportunity in this shift from legacy infrastructure to commodity architecture. Red Hat is working with those customers to help them migrate to a commodity architecture. While enabling migration, we will also help them virtualise. Once they virtualise, it will be easy for them to move to Cloud. In India, there is also a much bigger opportunity in greenfield infrastructure especially in the public sector.

How is your middleware business catching up?

After the Linux stack and the infrastructure stack, the middleware is what most customers are evaluating more seriously from an open source perspective. The main reason for this is the cost factor. Open source middleware can be made available at the fraction of cost than the proprietary stack. Globally, many customers, who have deployed proprietary stacks have shifted to JBoss. We are seeing that trend in India as well. Red Hat, as an open source company is bound to help customers in this migration. We explain to them the architecture, migration plans, risks in migration and so on. In the middleware space, we have to take maximum care since it actually touches business applications.

Further, integration remains a key driver for the adoption of middleware technology. Rising mobile phone connectivity, Cloud and hybrid infrastructure and the explosion in data are bringing in new requirements for integration technology. This is exerting huge pressure on existing systems. Today, the opportunity for integration middleware software is evolving from traditional solutions that focus on foundational integration capabilities to higher-level integration capabilities. These include business rules management and BPM. Red Hat has already provided a foundational integration offering with JBoss Enterprise SOA Platform as well as a business rules management offering via JBoss Enterprise BRMS. Complementing these, existing products with additional technologies and talent like SOA and BPM acquired from FuseSource and Polymita will help us enhance position in the enterprise middleware marketplace.

CIOs are now looking forward to Cloud for enhancing efficiencies. What are Red Hat's offerings in this space?

Cloud is going to be universal. We have very specific cases where Cloud has helped CIOs. Cloud promises commodity architecture, interoperability, IT-on-demand and is highly scalable. These factors are there with open source architecture as well. Open source provides high interoperability since it publishes the source code. Linux also has a highly scalable architecture, and provides interoperability. We work on a subscription-based model. Open source Cloud software is widely used today on commodity servers, so it is a natural evolution to leverage open source for Cloud computing on commodity storage.

Over the past 12 months, we announced two solutions on Cloud. One is CloudForms, which is an open hybrid Cloud-management framework. Another is OpenShift, a Platform-as-a-Service (PaaS). We also have introduced a port for OpenStack for which the preview is on. The Cloud world is evolving everyday. In Open source Cloud, it is all about where the developers are. We are seeing a huge rush in the developing community. We are actually monitoring all the activities in there. We are actively involved in this space and it is one of our focus areas for the next three years.

Source  http://www.expresscomputeronline.com/interviews/1086-migration-from-unix-to-linux-and-cloud-are-key-driving-factors-for-our-business