Category Archives: Projects

Yubikey!

Today I my Yubikey arrived in the mail, which is a hardware token (what you have) used for multi-factor authentication. It is by default tied into their cloud web authentication service, allowing you to authenticate a device via a OTP over simple RESTful APIs. They have a number of libraries, and plugins, one of which is for WordPress, allowing for two-factor authentication to login to the blog.

For those of you who are extra paranoid, they also provide libraries to parse the OTP responses to host your own validation server, and you can generate your own keys to store on the device (it stores up to 2). It can be configured to generate driver-less (well, HID keyboard) Yubico OTP, static passwords (for long, passwords), HMAC-SHA1 responses.

I’ve decided to use the HMAC-SHA1 challenge-response configuration on the second slot for a guarded data store, where the data is encrypted by the HMAC response to a given challenge, and on each decryption, re-encrypted with a a different challenge-response pair. This will allow for the Yubikey to enable network-less protections. From there I’d like to extend that to the existing Linux FDE Yubikey solution. I certainly will be standing on the shoulders of giants in terms of my contributions, but I hope they will be well received.

 

Peace and chow,

Jacob

libAnomaly GCC4 Update

During my thesis research, I came across a very useful library for machine learning and anomaly detection: libAnomaly. While it hasn’t been updated in years, the papers published (see site for list) are of interest to me. When I attempted to compile the library to play around with, the build failed due to GCC4 being more strict than previous versions, I found a number of other posts from people trying to build the library with similar problems, so I thought I’d fix the errors (there are still plenty of warnings) and upload it so others wouldn’t have to duplicate the effort. You can download the source from here.

 

Peace and chow,

Jacob

Long Time No Post

It’s been quite a while since I’ve posted here, and to my devout readers I apoligize. As many of you know, this has been my last semester of my undergraduate studies, so I have been very busy over the past few months. This post will hopefully act as a dump of what I’ve been up to and what I will be doing until my next post.

Things I did:

  • Developed a method for calling parts of functions to minimize/obfuscate programs
  • Worked with Ryan on OSP to get a web based cluster management system integrated into the cluster administration page
  • Played with return-to-libc attacks and got them working on the latest version of Ubuntu Linux

Things on the horizon:

  • Working full-time for AIS
  • Traveling to Iceland for 3 weeks
  • Working on a computer security textbook
  • Running a marathon in August

It is very weird to me to think that today is the last day of classes for me as a traditional full-time student. I’ve been going to school since I was 5 and it is very weird to think that come August I will not be returning to the classroom as my primary past-time. I am excited to travel and get away from the normal swing of things for a while to reflect on the new changes in my life, and excited to begin working, especially due to the extra leisure time after work.

Peace and chow,

Ranok

Open Server Platform Version 0.3 Released!

Today I finally got around to going through and testing the RC for version 0.3 of Open Server Platform. Everything seemed to work as planned, except for a few known issues that will be fixed in the next release, which should be coming down the pipe soon.

Improvements:

  • Added replication nodes to increase fail-safe reliability
  • Added commands to the administration console to stop and live migrate applications
  • Can use configuration files to assist in the start up of OSP
  • Many bug fixes and documentation updates
  • The HTTPd servlet example now supports large files and the HEAD command

So, please check it out and let me know what you think!

Peace and chow,

Ranok

Back in the Groove

After taking off the afternoon due to a migraine, and napping for a few hours until it passed, I was looking over some old projects, and decided to get motivated to work on my various Erlang hackery projects. I checked out a fresh copy of Open Server Platform on my new computer, and decided to hack on it some more. There are a number of loose ends I’d like to tie up before the 0.3 release, but, before I could get down to coding, SVN get my so frustrated that I could no longer deal with it and switched to git, creating a new repository on Github. I will keep the Google Code repository the ‘defacto’ repository, where the safer code gets committed, but use Github for the more bleeding edge development due to it’s simplified branching and merging (among other things).

In the new git setup, I have two branches (aside from master, which follows the SVN repository): otp and no-otp. The no-otp version is currently the stable code that runs just fine, but doesn’t take advantage of Erlang’s OTP framework. The otp branch is the more cutting edge OTP aware version, which I hope to fully migrate to soon. With full support for OTP, I should be able to use an already existing distribution platform, and more battle tested redundancy.

This evening, I fixed a long standing bug in the example HTTPd where the server would crash when opening large files due to a shortcut I took with first implementing the server. Originally, the server would read the entire file into a string and then send that to the client, as you can probably see, there is a problem when the server tries to read in a 3.9 GB file (my test file). Now, my servlet takes a much more sane approach, read in the file 1 kilobyte at time, sending that to the client before reading more. This new approach works perfectly, though I had to add some messiness for handling CGI/PHP files and different MIME types. I also added support for the HTTP HEAD command.

Peace and chow,

Ranok