True Crypt

Free open-source disk encryption software for Windows Vista/XP, Mac OSX and Linux that allows you to


- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed ( pre-boot authentication).
- Encryption is automatic, real-time ( on-the-fly) and transparent.
- Provides 2 levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography) and hidden operating system.
2) No TrueCrypt volume can be identified (volume cannot be distinguished from random data).
- Encryption algorithms : AES-256, Serpent and Twofish. Mode of operation:XTS

Mozilla Recommends Upgrading from Firefox 3.0.x to 3.5.x

Over the next few days, users of the latest version of Firefox 3.0 will see an information pop-up advising them to upgrade to version 3.5 of the browser. According to a developer blog from Mozilla, the pop-up informs users that Firefox 3.5.2 is twice as fast as Firefox 3.0.13 and includes new features. Previously, in order to stumble upon the new version, Firefox 3.0 users needed to specifically search for updates.

The information pop-up offers users the option of downloading Firefox 3.5 immediately, downloading it later, or skipping it completely. Although the pop-up informs users of potential add-on incompatibilities, users will only find out whether updates for their installed add-ons are available after upgrading to the new version of Firefox. The Mozilla development team says that 90 percent of add-ons have either been updated for version 3.5, or new version have been created

A new fascinating Linux kernel vulnerability

Source code for a exploit of a Linux kernel vulnerability has been posted by Brad Spengler (Brad is the author of grsecurity). I have to tell you right now – this was one of the most fascinating bugs I've read about lately.

Why is it so fascinating? Because a source code audit of the vulnerable code would never find this vulnerability (well, actually, it is possible but I assure you that almost everyone would miss it). However, when you add some other variables into the game, the whole landscape changes.

While technical details about this are a bit complex, generally what's happening can be easily explained. The vulnerable code is located in the net/tun implementation. Basically, what happens here is that the developer initialized a variable (sk in the code snippet below) to a certain value that can be NULL. The developer correctly checked the value of this new variable couple of lines later and, if it is 0 (NULL), he just returns back an error. The code looks like this:

struct sock *sk = tun->sk; // initialize sk with tun->sk
…
if (!tun)
return POLLERR; // if tun is NULL return error

This code looks perfectly ok, right? Well, it is, until the compiler takes this into its hands. While optimizing the code, the compiler will see that the variable has already been assigned and will actually remove the if block (the check if tun is NULL) completely from the resulting compiled code. In other words, the compiler will introduce the vulnerability to the binary code, which didn't exist in the source code. This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland – and this finally pwns the box. There are some other highly technical details here so you can check your favorite mailing list for details, or see a video with this exploit on YouTube at http://www.youtube.com/watch?v=UdkpJ13e6Z0. Brad was able to even bypass SELinux protections with this and LSM.

The fix for this is relatively easy, the check has to be done before assigning the value to the sk structure.
Fascinating research that again shows how security depends on every layer, and how even very expensive source code audit can result in missed vulnerabilities.

System Monitoring With Atop

Atop is a useful tool that displays system load information alongside process information in a similar style to top.

As in the screenshot below illustrates, the top window shows system-level information and the bottom one process information.


The lines in the top window show:

* PRC: Total CPU time in system and user mode, total number of processes and of zombie processes, and the number of processes that exited during the polling interval. The default polling interval is 10 seconds. Use 'i' to change it interactively or 'z' to pause it.
* CPU and CPL: CPU utilization and load (averaged over 1, 5 and 15 minutes).
* MEM and SWP: Amount of memory and swap space that is available and where it's allocated. vmcom and vmlim show how much virtual memory space is committed and what the limit is.
* DSK: disk utilization. avio shows the average number of milliseconds per request.
* NET: Network utilization for the TCP layer ("transport"), the IP layer ("network") and each interface.

All of these use color to indicate if there are any problems.

The bottom window shows active processes (use 'a' to toggle showing all processes). 'g' shows the default process information, or use 'm' to show memory information. VGROW and RGROW on the memory information screen show the increase in virtual and memory usage during the polling interval; check the man page for further information about other columns. Note that you can also kill a process from here by hitting 'k'.

There are various other top-alike programs out there for other resources. Try iftop, for example, to take a look at your network interface statistics! Or htop to get top information in colour and with scrolling.