SecuritySkeptic.COM: Dave Piscitello's Security Journal

This page uses style sheets created by Ruthsarian Labs

Thu, 05 Apr 2007 00:00:00 00, 606

VODcaster, a syndication and publishing tool for the Mac OS

At Fred Avolio's suggestion, I tested VODcaster, a program that automates the process of creating a syndication feed for videos and podcasts that is iTunes compatible. VODcaster is a wonderful example of focused software development. It does one thing and does it intuitively and well. To create your podcast feed, you create a channel by naming an XML file for the feed and identifying the web site URL and the directory at the site where you'll store the feed and media files. Drag a media file (e.g., podcast MP3s) to the VODcast table and fill in descriptive information (Podcast Title, Description, Author, Date), then click PUBLISH. Upload the files to the directory you identified on your web server. Done!

VODcaster does have some frills. You can preview the media files from VODcaster, and record videos directly into VODcaster from any camera attached to your Mac.

My VODcaster created podcast feed is http://www.securityskeptic.com/podcasts/podcastfeed.xml.

Visit Two Canoes to download VODcaster.

Archived at http://www.securityskeptic.com/arc20070401.htm#BlogID606 by Dave Piscitello

Wed, 07 Mar 2007 00:00:00 00, 600

Kismac for the Mac OS X

KisMAC is a powerful wireless LAN discovery, security, and network assessment utility. Like the more familiar iStumbler, KisMAC provides information about the WLANs within range of your WLAN adapter card that can be more helpful for identifying available networks and diagnosing common wireless deployment problems. But while iStumbler provides monitoring and analysis capabilities, KisMAC has all that iStumbler offers plus a formidable set of security penetration and testing features. With KisMAC, you can generate de-authentication and encryption key cracking attacks. You can also locate radio sources by integrating a GPS receiver.

KisMAC works with a number of PCMCIA WLAN adapters that can be operated in monitor mode. It will work with Airport and Airport Extreme adapters on the MacBook, but not with the driver that Apple ships. It's easier to get the developer code and compile a driver for use with KisMAC than to find one. To compile a driver, you'll need to install Apple's Xcode developer environment and then get the Kismac source. A secure way to get the source is to use the Subversion Client (I talked about Xcode and Subversion Client (svn) in blog#592). Start a Terminal session and type the following:

/usr/local/bin/svn co https://svn.binaervarianz.de/kismac/trunk/ kismac-source

Verify the source using the KisMAC fingerprint found at the web site. Go to the directory to the directory where you downloaded the source (in my case, I found it in kismac-source) and type ./compile.command to create your own KisMAC.app. You'll find this app in a subdirectory in kismac-source. Since I have an Intel MacBook Pro, I found mine in /build/universal.

Launch KisMAC, identify the driver and mode (active, passive) from Preferences and experiment with KisMAC's many features, as I'm doing on my local WLANs. KisMAC's author, Michael Rossberg acknowledges his software is not for novices. It's also not a utility anyone should use frivolously. Before you use Kismac, make certain that you won't violate your organization's AUP or break applicable laws.

Archived at http://www.securityskeptic.com/arc20070301.htm#BlogID600 by Dave Piscitello

Tue, 06 Mar 2007 00:00:00 00, 599

Notebook coolers for Intel-based Mac "cook" books

It's common knowledge that Intel MacBooks generate LOTS of heat. Using a software called Temperature Monitor, I have measured Core CPU temperatures in excess of 180° F from my MacBook Pro. Overheating is an omnipresent problem, especially when running graphics-intensive applications. Persistent heating can cause permanent and expensive damage. Having my MacBook Pro shut down unexpectedly and observing that the surface of the notebook could easily warm my coffee were sufficient warning signs. I needed a notebook cooler!

I was somewhat skeptical of the results I'd get if I used an external notebook fan. All the reviews I read were either inconclusive or too good to be true. I finally decided to try the Vantec Lap Cool series of notebook coolers, largely because I found more positive reviews online than negative.

I'm really pleased with the results from my Lap Cool 2 trials. This notebook cooler draws power from my MacBook through a USB port (or an external P/S), and the two adjustable fans routinely keep my laptop between 15-20° cooler than when the laptop runs with internal fans alone. The notebook cooler has 4 legs and you can rest the laptop at an inclined or flat orientation. It also has a 4-port USB 2.0 hub so it can double as a docking station. The fans aren't noticeably noisy but my office has many switches and security appliances with extremely noisy fans so I'm not the best judge.

The Lap Cool 2 is probably light enough to travel for some folks, but it's a bit large and cumbersome for a Spartan traveler. Vantec makes a Lap Cool 3 that's much lighter and smaller, but it still does an adequate job. For under $20, it's a bargain and a no-brainer purchase.

My only gripe with both products is that the plastic fan blades are very fragile. I broke one when I forgot that the fan was attached to the MacBook and it took a header from my desk to my carpeted office floor. The unit still runs months later, absent a single blade.

Archived at http://www.securityskeptic.com/arc20070301.htm#BlogID599 by Dave Piscitello

Mon, 26 Feb 2007 00:00:00 00, 592

Migrating to Mac: Exploring OS X network assessment utilities

I had many reasons to begin migrating my "production" computing and networking to an Intel MacBook. I wanted a laptop that could run multiple Operating Systems as painlessly and transparently as possible. I had used BSD in the past to host my first firewall (TIS Gauntlet). I dreaded the thought of mucking with Vista as long, frequently and hard as I had XP. I shouldn't whine overly much about my XP-erience since I earned a nice living freelancing articles on XP security and performance. And frankly, I still felt separation anxiety every time I saw my trusty MacSE slumbering safely in its original packaging in the corner of my attic.

Over time, I've accumulated dozens of network assessment and security utilities for Windows XP, so initially, I chose a migration path of least resistance. I installed XP on my MacBook using the Parallels Desktop, downloaded the Win32 installers and replicated my tool kit.

I've had time to learn more about Mac OS X. To explore the world of network assessment utilities that complement many popular Open Source network and security utilities with Mac's friendly UI, you'll need to install several important software packages: X11, Xcode, MacPorts (a.k.a. DarwinPorts), and Subversion client (svn).

Both the X11 window system and Apple developer code platform (Xcode) are self-installing packages provided by Apple. I found copies on the OS X Install Disc 1 that comes with any Mac. Xcode Tools is in its own folder. You'll find X11in the Optional Installs package on the same disk. Yes, it's really there, you have to scroll to the bottom of the Install Disc window to see it.

The MacPorts (formerly the DarwinPorts Project) provides users with an easy way to install over 3000 open source applications that have been "ported" from a developer's original OS platform (some Linux, BSD platform) to MacOS X (and the rest of the Darwin OS family). What's a port? A port is a set of instructions (typically a file) that can be used to automate a software (source) download and compile. The port identifies compile time options, whether any patches are available that should be applied to compile or upgrade the software; generally speaking, the port enumerates all the commands that the automation must perform to correctly install the software. You'll find a complete set of instructions for installing DarwinPorts at Darwin Ports or MacPorts. Well, almost complete. You should also be aware that the current versioning system (CVS) client installed with DarwinPorts uses rsync to selfupdate its database of application ports so you'll need to open a port of a different kind to use this port, namely RSYNC/873:-)

Once you have DarwinPorts installed, you can search the list of networking utilities available as ports.

Subversion is an open source project that aims to improve on CVS. As I began building my utilities tool kit, I discovered that some applications I wanted were more commonly referenced and easily obtained using this client.

UNIX versions of networking utilities including nmap, netcat, nessus, openSSH, openVPN, tcptrace, etc. are available. This are often "the original work". In some cases, the functionality is improved because better drivers are available for Linux/BSD than for Windows, or they can be readily compiled from source.

In my future blogging, I'll describe utilities I chose to fill my tool kit and my experiences installing them.

Archived at http://www.securityskeptic.com/arc20070201.htm#BlogID592 by Dave Piscitello

Dave Piscitello is president and principal consultant at Core Competence, Inc.. A 30-year network, Internet and security veteran, Dave provides advisory and consulting for security and broadband access companies, *SPs, and Fortune 100 companies. An enthusiastic writer, Dave has published books on Internetworking and VoIP Security, and has written hundreds of articles, product reviews, and editorials for print and online publications, including BCR, Network World, Infoworld, WatchGuard Technologies' Live Security, SecurityPipeline, Network World, ISSA Journal, ENISA, and Information Security Magazine. Dave is currently a Senior Security Technologist at ICANN. He serves on ICANN's Security and Stability Advisory Committee and is a member of the APWG. Dave maintains a personal security blog at www.securityskeptic.com .

The Security Skeptic