Posts

Showing posts from October, 2016

MacOS X Mystery (Challenge)

(Maybe my MacOS X expert friends will know the answer.) This is a mystery that I cannot seem to figure out.  I think its a bug in the operating system, but I cannot seem to figure out the solution, or even explain the behavior to my satisfaction. Occasionally, a shell window (iTerm2) will appear to "forget" my identity. For example: % whoami 501 That's half right... The same command in other window is more correct: % whoami garrett Further, id -a reports differently: The broken window: % id -a uid=501 gid=20(staff) groups=20(staff),501,12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh) The working one: % id -a uid=501(garrett) gid=20(staff) groups=20(staff),501(access_bpf),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),...

Security Advice to IoT Firmware Engineers

Last Friday (October 16, 2016), a major DDoS attack brought down a number of sites across the Internet.  My own employer was amongst those affected by the wide spread DNS outage. It turns out that the sheer scale (millions of unique botnet members) was made possible by the IoT, and rather shoddy engineering practices. Its time for device manufacturers and firmware engineers to "grow up", and learn how to properly engineer these things for the hostile Internet, so that they don't have to subsequently issue recalls when their customers' devices are weaponized by attackers without their owners knowledge. This blog is meant to offer some advice to firmware engineers and manufacturers in the hope that it may help them prevent their devices from being used in these kinds of attacks in the future. Passwords Passwords are the root of most of the problems, and so much of the advice here is about improving the way these are handled. No Default Passwords Th...