Can Hackers Cause Your Local Sewage Plant To Run Backwards ?

 Computing, Security  No Responses »
Jan 132013
 

Perhaps.

But it is a lot more complex than the mainstream press would have you believe. That story above is effectively about researchers using a specialised search engine to find what is effectively the login banner of SCADA systems … that is those systems that control utilities such as sewage plants, power systems, etc. What is not so widely publicised is that the same researchers warned about these insecurities as far back as 2010, so the latest warning by the US government is a bit lackadaisical.

On the other hand the discovery of what is effectively login banners is just that – login banners. Whilst this is pretty poor practice, it does not necessarily mean that the bad guys can get into the relevant systems. Attaching critical systems directly to the Internet is something that really should not be done, but is often done because :-

  • It has probably long been the practice to attach such systems up in such a way that work can be carried out from home. In the past, it would have been via a dial up modem. Making such systems available on the Internet makes such insecurity more visible, although dial up modems themselves are not necessarily secure.
  • Attaching the systems directly to the Internet is the kind of laziness that comes from a desire for convenience. Only services that everyone on the Internet can legitimately make use of should be directly on the Internet. Attaching “work from home” services should be done via some sort of gateway service, such as a VPN system, but that requires more work.
  • On occasions, such systems are connected directly to the Internet in an emergency for convenience – such as getting a vendor to look at some problem. And of course once connected, it tends to stay connected. Amazingly enough, it often seems that the customer needs to jump through hoops for the convenience of a vendor rather than the other way around.

Of course gateway systems themselves can be vulnerable especially given the problems we have with weak passwords.

Earlier I mentioned that just because a SCADA system can be reached from the Internet does not mean a bad guy can break into it to cause damage. Well, that is true enough but most experts think that SCADA systems are riddled with security issues including default passwords left unchanged, etc. Pehaps as poor as the Internet was back in the early 1990s.

It is a strange thing, but it seems that vendors who sell us stuff do not seem to pay much attention to security until bad guys start attacking them and exposing their vulnerabilities.

So we have a situation where SCADA systems are directly connected to the Internet, and many of those SCADA systems are vulnerable in some way. Does this mean that bad guys are going to break in and destroy the utilities ?

Well, perhaps. But on previous occasions, the bad guys have broken in just to look around. As someone remarked to me recently, the bad guys are busy making money and unless they see a way to make money from insecure SCADA systems they will leave alone. Of course there is always the issue of cyber-terrorism where the bad guys are less interested in money and more in making a point of some kind or another.

But should you worry about the security of SCADA systems? Probably not. After all, why worry about something you have no power over? Should I worry about the security of SCADA systems – definitely (as you may have guessed my work involves security). Anyone in the information security business should be looking at their own SCADA systems and wondering whether they are protected properly.

Modern Low-Level Keyboard Mapping for Linux

 Linux  No Responses »
Jan 112013
 

Customising keyboard maps in Linux is somewhat … confused with lots of different tools and layers to perform the same task. There are a number of tools for performing some form of keyboard mapping, but the most common ones have some disadvantages :-

  •  xkb (which is the modern X way), and xmodmap (which is deprecated but conveniently has a very simple syntax for dealing with a single key) both work fine for ordinary keys but cannot do anything with “unusual” keys not passed into X. Just look online for just how many people have trouble with multimedia keys not being recognised.
  • The PS/2-specific tools of dumpkeys, loadkeys, and setkeycodes which work fine, but are somewhat reluctant to help out with USB keyboards.
  • Plus the desktop environment you are using may well have its own idea of how the keyboard will be used (GNOME has a nasty tendency to grab the menu key away from me).

There is fortunately another way which is rather difficult to find information about. Which is the reason behind this posting of course.

This “other method” is to use the generic input system to perform the keyboard mapping which has certain advantages over other methods. Most of the information to do this came from a README file contained within the source code.

The Example Keyboard

To demonstrate keyboard mapping, it is helpful to have an example keyboard with custom mappings to play with. Many of the keyboards I use this for are rather complex with many mappings, but I also have a mini keyboard with relatively few mappings :-

Original Key new function
Esc Lock screen
`/~ Esc
Caps Lock Control
Insert Delete
Delete `/~

No great mystery as to why I want my keyboard mapped this way – I’m just fussy about keyboards.

The Basic “Tool”

In fact there is just one tool – /lib/udev/keymap – which performs all of the relevant tasks. Before it can do anything, it needs to be provided with the path of the relevant input device. This is easiest done from the console (rather than in X) as root. The easiest way of identifying the device is to unplug the keyboard, reboot the machine, and :-

# ls /dev/input/e* > /var/tmp/old.list
[Plug in keyboard]
# ls /dev/input/e* > /var/tmp/new.list
# diff /var/tmp/old.list /var/tmp/old.list
> /dev/input/event13
> /dev/input/event14

If you are lucky, there will be just one new input device. If not, you will have to try each one in turn. The first job is to record the keycode of each key to be customised in turn. To do this, it is necessary to run keymap with the input device and the “-i” option, and each keystroke will result in some output :-

# /lib/udev/keymap /dev/input/event13 -i
Press ESC to finish, or Control-C if this device is not your primary keyboard
scan code: 0x70029   key code: esc
# /lib/udev/keymap /dev/input/event13 -i
Press ESC to finish, or Control-C if this device is not your primary keyboard
scan code: 0x70035   key code: grave
scan code: 0x70039   key code: capslock
scan code: 0x70049   key code: insert
scan code: 0x7004C   key code: delete

A key can be mapped temporarily using keymap. But before that a list of possible key names is useful to have; there is one to be found in /usr/include/ :-

# grep KEY_ /usr/include/linux/input.h | less

The relevant name would be the part that follows the “KEY_” converted to lower-case.

# /lib/udev/keymap /dev/input/event13 0x70035 esc

But that is rather a temporary solution; it is better by far to create a file containing the necessary mappings to be automatically applied :-

# cat /tmp/custom-filco.map
0x70029 screenlock
#	Original: key code: esc
0x70035 esc
#	Original: key code: grave
0x70039 leftctrl
#	Original: key code: capslock
0x70049 delete
#	Original: key code: insert
0x7004C insert
#	Original: key code: delete

Making The Mappings Permanent

The first step is to obtain some details to uniquely (or as much as possible) identify the keyboard. Run :-

# udevadm info --export-db > /tmp/udev-db.txt

And look through the output for the input device you previously used. Look for a ID_VENDOR_ID and ID_MODEL_ID that you can use.

Next add a rule to /lib/udev/rules.d/95-keymap.rules along the lines of :-

ENV{ID_VENDOR_ID}=="04d9", ENV{ID_MODEL_ID}=="2011", RUN+="keymap $name custom-filco.map"

Once this is working you may want to add it to your version of custom-filco.map as a comment to preserve it for use after upgrades; alternatively you may wish to create a new file that will not get overwritten.

Before activating the new rule, remember to copy /tmp/custom-filco.map into /lib/keymaps/custom-filco.map. And again keep another copy in a safe place to preserve.

As to how to activate, a reboot is probably the simplest way.

Getting Started With Awesome

 Computing, Linux, Working Notes  No Responses »
Dec 312012
 

This has been updated for Awesome 3.5

I have long been interested in tiling window managers, which would seem to offer the flexibility I crave. But switching is painful when you want your machine to be as functional as much as possible. On at least two occasions I have switched … and very quickly switched back when problems were encountered.

So just for the fun of it, I have decided to give it another go … in a way that can be gradually worked into functionality.

But first, what exactly is a tiling window manager? Well a conventional window manager works with overlapping windows where windows can stack on top of each other and overlap. A tiling window manager on the other hand uses tiling to maximise the size of every displayed window.

Or in other words, if you want to make the maximum use of space on your screen, a stacking window manager usually asks you to manually move and resize windows yourself whereas a tiling window manager does it all automatically. Although with a tiling window manager, you will need to rotate amongst different tiling layouts to suit.

Tiling window managers tend to be keyboard driven rather than mouse driven, but this is merely an aspect of their implementation.

A Testing Environment

The key to setting up any window manager gradually over time without losing an existing working environment, is to create a separate display which a new window manager can control. This can be quite easily accomplished with a nesting X server, which is provided by the xserver-xephyr package.

As to the choice of window manager, the title of this post gives away the secret – Awesome. Of course the same method works for other window managers too.

The first step is to install the required packages :-

sudo apt-get install xserver-xephyr awesome awesome-extra

The next step is to create a simple shell script to start the nested X server. This basically starts the nested X server with a sensible screen size, and sets the $DISPLAY environment variable so that any further X programs are directed to communicate with the nested X server. The nested X server simply starts up as a standard window within which Awesome operates. The script looks like :-

#!/bin/sh

Xephyr -ac -reset -screen 1280x1000 :1 &
export DISPLAY=:1.0
sleep 5
awesome --config ~/src/site/etc/awesome/config.lua

The sleep command in there is to wait until X has settled down before trying to manage it … without this, it is possible that awesome will fail to open the display (on a slower laptop it worked without; on a faster desktop it did not). The parameter to awesome is to set the preferred location for the configuration file (which I will describe next), although you can leave it out to use the default.

Don’t start it yet! Before doing that, copy the default configuration file to the specified location so you have something to work with :-

cp /etc/xdg/awesome/rc.lua ~/src/site/etc/awesome/config.lua

It’s All In The Repository

The custom configuration file I specified just happens to point to a directory and file within the working copy of a Subversion repository. Using a repository for configuration files has all sorts of benefits; not least of which is to reverse “poor” choices made along the way. Whilst describing how to get one set up is beyond the purpose of this post, it is well worth doing.

Of course if you are working with a repository, it is important to remember to commit changes at every stage :-

% svn add ~/src/site/etc/awesome 
A         /home/mike/src/site/etc/awesome
A         /home/mike/src/site/etc/awesome/config.lua
% svn commit ~/src/site/etc/awesome -m "Awesome: Initial Configuration from default"
Adding         src/site/etc/awesome
Adding         src/site/etc/awesome/config.lua
Transmitting file data .
Committed revision 166.

I won’t be documenting every single commit, but they are all in there!

It is also helpful (at this stage) to create a symlink between the default configuration directory (~/.config/awesome) and the working copy of your repository. The configuration directory can probably be changed, but one thing at a time!

Status Bar Size

One of the annoyances I remember from the last time I played with Awesome, was the tiny size of the status bar. It is all very well maximising the size of the main screen area, but some of us have high resolution screens and tired old eyes! Within the config.lua file (or whatever you named your file), look for :-

mywibox[s] = awful.wibox({ position = "top", screen = s})

And change it to add a height parameter :-

mywibox[s] = awful.wibox({ position = "top", screen = s, height=32 })

The exact choice of size is of course down to personal preferences! However changing the size also means changing the font would be wise :-

awesome.font = "LMSans10 10"

Making the font too much larger will result in some display oddities … at least for now.

Adding A Title Bar

In theory, there is no need for a title bar with a tiling window manager, but I guess I am a little too conventional as a window without a title bar still looks a little weird to me. Plus my shell prompts stick useful bits of information into the window title bar and I would really rather hang on to that extra information. Still, drawing title bars on windows turns out to be really simple … just find the existing code to do so and :-

local titlebars_enabled = true

Some appearance tweaks and indeed messing around with the unnecessarily large number of buttons could be usefully accomplished, but for now this is fine.

 

Themes

Of course messing around with the appearance of a window manager is probably best dealt with using themes (if they are supported). The default configuration file I worked with included enabling beautiful via :-

require("beautiful")
beautiful.init("/usr/share/awesome/themes/default/theme.lua")

It is easier to tinker with themes with a configuration file you can edit, so I copied this theme.lua to the configuration directory named as default-theme.lua, and changed the configuration :-

-- beautiful.init("/usr/share/awesome/themes/default/theme.lua")
beautiful.init(awful.util.getdir("config") .. "/default-theme.lua")

I also removed the previous section’s font setting and set the same font within the new configuration file :-

theme.font = "LMSans10 10"

To cope with the larger font, I also increased the width of each menu item :-

theme.menu_width  = "300"

Although this width does depend on having an appropriately sized screen, and not having too many levels to your menu (if it gets too wide, the extra levels don’t appear neatly).

And finally I commented out the command used to set the background … having a background image for a tiling window manager (which is designed to utilise the whole screen) is a touch unnecessary. And I don’t particularly like the default image :-

--theme.wallpaper_cmd = ...

For now I will leave the colours alone … the defaults may not be perfect but are not sufficiently irritating to spend time on right now. But the details of how to change colours of various components can be found in the theme file we have created.

Disabling Layouts

Personally I believe that you can have too much of a good thing, and choosing between the rather large number of different possible layouts that Awesome makes available is one of those. To reduce the number of possibilities, simply comment out some of the possibilities when setting the “layouts” variable in the configuration file :-

layouts =
{
    awful.layout.suit.floating,
    awful.layout.suit.tile,
    --awful.layout.suit.tile.left,
    --awful.layout.suit.tile.bottom,
    --awful.layout.suit.tile.top,
    awful.layout.suit.fair,
    --awful.layout.suit.fair.horizontal,
    awful.layout.suit.spiral,
    --awful.layout.suit.spiral.dwindle,
    awful.layout.suit.max,
    --awful.layout.suit.max.fullscreen,
    --awful.layout.suit.magnifier
}

Which you command out does not matter so much, and indeed you may very well change you mind at a later point.

A Menu

Whilst the menu built into Awesome has undoubtedly many advantages, I already have a somewhat adequate menu built up over years that relies on myGtkMenu. Whilst changing this menu could well be sensible, it does also seem sensible to keep it around during the transitional period. To do so is simply a matter of replacing certain bindings :-

 -- {{{ Mouse bindings
 root.buttons(awful.util.table.join(
-    awful.button({ }, 3, function () mymainmenu:toggle() end),
+    --awful.button({ }, 3, function () mymainmenu:toggle() end),
+    awful.button({ }, 3, function () awful.util.spawn("/opt/bin/myGtkMenu /home/mike/lib/root.menu") end),
     awful.button({ }, 4, awful.tag.viewnext),
     awful.button({ }, 5, awful.tag.viewprev)
 ))

If you hadn’t guessed, I’ve started using diffs to show the changes where it makes sense; if you cannot read diffs, this page is probably not for you.

That bit replaces the root window, but not the status bar menu :-

 mylauncher = awful.widget.launcher({ image = image(beautiful.awesome_icon),
-                                     menu = mymainmenu })
+--                                     menu = mymainmenu })
+                                       command = "/opt/bin/myGtkMenu /home/mike/lib/root.menu" })

My own menu has some issues in that it doesn’t yet have anything to control awesome itself. But is good enough to get started with.

Final Word … Or Not!

And that is it! Or at least it is enough to be getting on with.

Aren’t Those Key Legends Dumb?

 Keyboards  2 Responses »
Dec 222012
 

Take a good hard look at your keyboard. Right Now.

Ignoring the symbols themselves, although there’s a good long rant as to just why the pipe symbol (‘|’) has to be a shifted key, there’s quite a few oddities on the keyboard. At least if you get a chance to think about it. Not so much in what they do, but in their names.

BackSpace
If you are old enough to remember typewriters, printing terminals, or even certain exotic terminals which implemented “backspace” properly, this label is always a bit grating. Why? Because a backspace does not delete anything, but is a way of overwriting symbols to generate other symbols – you could always write a cent symbol by entering ‘c’ followed by a backspace and finally a ‘|’ to get a ¢What we see when we press the backspace key today could be more accurately described as ‘delete last character’, or rubout (as used on some old keyboards). So the backspace key should really be the “Rubout” key.

Delete
And whilst we’re in the region of deleting characters, what about the “delete” key? What is it supposed to be deleting? The character under the cursor ? The word under the cursor ? The line? The next line? Well we know what it is, but that is no reason not to make the key legend more explicit.What about “Delete Next” ? This gives an alternative for “Rubout” as “Delete Prior”.

Enter/Return/Carriage Return
Again, if you go back to the distant past and dig out an old clunky typewriter you will find a large key at the right of the keyboard that would cause the roll containing the paper that the letters were printed onto, to shoot back to the right [corrected] and move up one line. This was the carriage return. And of course it makes no sense for our modern keyboards to have a key labeled after a physical action that no longer exists.Some have a key labeled “Enter” in addition to “Return” (or sometimes instead of “Return”), but what does that mean? Enter what? The next line? There have been keyboards in the past with a more sensible “New Line” key, but that trend did not take.

Does it not make more sense to label the key after what it does rather than it’s historical purpose? What do we use the “Return” key for these days? Well it’s either to start a new paragraph, or to do the command we have just typed (into a command-line shell). So what about “New Paragraph/Do” ?

Alt Gr
Also known as Alt Graphics which originally was a key for composing box graphics, but is now used for producing alternate graphemes from the keyboard such as ©, ™, Ä, etc.
Or perhaps more explicitly, it produces symbols that be produced by the keyboard normally not available.So why not simply label the key after what it produces? Such as “Symbols” ?

The “splat” (Windows)
There are two problems with the Windows key. Firstly why is it an icon when the rest
of the keys are text-based? It is not as if the other non-symbol keys do not have suitable “icons” such as ⎇ for Alt. Use either icons or text; personally I prefer text.Secondly there is the problem that the Windows key is specific to Microsoft Windows; even within Apple’s perfumed prison, the tendency has been to move from vendor-specific (open Apple symbol) to generic (“Command”).

That is not to say that it is a poor idea in general – there is a lot to be said for a key to be used for generating short-cut commands to control the computer as a whole. A “computer command” key as opposed to an “application command” key (or “Alt”).

There are a few other oddities too, and it is quite possible that I will get back and update this post with incoherent rantings about those too.

Information Security As Medieval Town Defence

 Computing, Security  No Responses »
Dec 132012
 

I have been thinking a fair amount about Information Security recently; probably because I am in the middle of a SANS course which is rather more interesting than most IT courses I have been on. As I was walking in this morning, I was pondering how I would explain what I do to a distant ancestor. Not exactly the easiest of tasks given that what we do involves what would seem to be magic to someone from the distant past.

But an analogy did occur to me: What we do is somewhat similar to the militias that used to protect walled towns and cities in the medieval era; particularly during periods of the medieval era when central authority was somewhat lacking. Such as England’s “Anarchy”.

In the distant past (and in some cases, not so distant past), towns could be at risk of being sacked by brigands for profit or for some “military” purpose. Those living in towns were obviously somewhat reluctant at this possibility, and in many cases would arrange for protection by hiring soldiers to protect them; the defences would often include city walls, a militia (paid or voluntary), etc.

Which is somewhat similar to what we do – we’re the soldiers hired to protect the “town” (a company or some kind of institute), and we build town walls (firewalls), and other defences. Obviously it is easy to take the analogy too far – we don’t get to fire crossbows at our attackers. But neither is it completely inaccurate, or indeed uninteresting.

Today we expect our central governments to arrange physical protection for us – we don’t expect to need to organise a militia to protect our cities; neither do we expect to held up at gun point to turn over our valuables. Yes there are exceptions, but they are sufficiently unusual that they are greeted with astonishment. And yes some companies with especially high value assets do arrange for additional protection over and above what is usually provided by the state.

But when you compare physical security with information security, it becomes apparent that we are still in the medieval era when it comes to information security. States are only just beginning to look at “cyberwarfare” and offer little other than advice to individuals or organisations looking for protection; it is common to hear that the police are simply not interested in looking at an issue unless the costs are less than £1 million.

If someone suffers financial harm through a phishing attack, our standard response is to blame them for being “stupid”. Whilst most phishing attacks do involve someone doing something stupid, it seems odd to blame the victim – who would blame the victim of a mugging?

Similarly when an organisation has some attackers break in, steal a whole bunch of database files which in turn contain tons of clear text passwords, or hashed passwords, we blame the victim. How could they be so stupid as to not protect that data? After all, it costs more to be careful.

So perhaps I could explain what I do as being an old warrior who has settled down in a town and runs the local militia.

Now if you’ll excuse me, it’s time for bed – time to hang up the crossbow and take off this horrible chain mail.

 Older Entries  Newer Entries