A simple incident taxonomy

Yesterday I learned about the International Nuclear Event Scale. Given this tool nuclear accidents are characterized in a 7 degree scale as follows:

7 – Major Accident
6 – Serious Accident
5 – Accident with Wider Consequences
4 – Accident with Local Conswquences
3 – Serious Incident
2 – Incident
1 – Anomaly
0 – Deviation (No safety significance)

Uppon seeing the scale I thought that it could be useful for characterizing cyber incidents too. Yeah I know, like we do not already have enough incident taxonomies. But I like it anyway.

mail hosted at Google, web server elsewhere

This post aims to cover two sets of questions that frequently appear on Serverfault:

“I have the email of my organization hosted at Google and the web server at a hosting provider. When the web server sends email (when a form is completed for example), email is received by everyone except when the recipient is in our domain. Then sendmail tries to deliver locally and not over at Google”. Or, “certain recipients, including Google, reject email from the web server (or servers withing our LAN) as spam”.

There are answers at Serverfault recommending the use of ssmtp in order to forward all sending email via Google, but this requires SMTP authentication and a password saved in a file.

For the purposes of this post the domain example.com will be used.

Configure SPF for example.com

SPF is framework that allows the domain name owners notify the world who they believe the appropriate servers sending mail on behalf of their domain are. Google support pages note that the SPF record should at least be in the form of v=spf1 include:_spf.google.com ~all. However, it is also needed that server.example.org be able to send email on behalf of example.com. So the appropriate record becomes:

v=spf1 a:server.example.org include:_spf.google.com ~all

Note: example.org is not the same domain as example.com

Configure sendmail for server.example.org

example.com is included in /etc/mail/local-host-names, which means that server.example.org treats this a local domain and will try to deliver locally, instead of Google. The following additions to the sendmail configuration file (sendmail.mc) take care of this:

LOCAL_CONFIG
Kbestmx bestmx -T.TMP

LOCAL_RULE_0
R $* < @ example.com. > $*
    $#esmtp $@ [$(bestmx example.com. $)] $: $1 < @ example.com. > $2

The line is broken in two for readability. As always remember that the LHS and the RHS of the rule are separated with tabs and not spaces. So do not copy-paste. Build and install sendmail.cf, restart sendmail and check.

I would welcome additions on how the same can be achieved with postfix or exim.

“Mr. Watson – Come here – I want to see you.”

“The telephone, Bell’s most ambitious gadget yet, reached this stage on March 10, 1876. On that great day, Alexander Graham Bell became the first person to transmit intelligible human speech electrically. As it happened, young Professor Bell, industriously tinkering in his Boston lab, had spattered his trousers with acid. His assistant, Mr. Watson, heard his cry for help—over Bell’s experimental audio-telegraph. This was an event without precedent.”

[via: The Hacker Crackdown]

Number 3, a pipe dream

20110308077 — Number 3, a pipe dream, 2011/03/08

(previous) (next)

Παναιτωλικός

The story of Server 54

I’m sure I’ve blogged about this before, but I cannot find it right now. Anyway the following tweet:

Beaker RT @etherealmind: Existential Angst 4 Network Engineers: If a Network Device isn’t Monitored, does it really exist? < Does when it goes down

brought to my attention by @DrInfoSec triggered my memory to recall the story of Server 54. A story that I reproduce here thanks to the Internet Archive:

The University of North Carolina has finally found a network server that, although missing for four years, hasn’t missed a packet in all that time. Try as they might, university administrators couldn’t find the server. Working with Novell Inc. (stock: NOVL), IT workers tracked it down by meticulously following cable until they literally ran into a wall. The server had been mistakenly sealed behind drywall by maintenance workers.

Digging a little bit more, one can find a few more discussions on Server 54.

Never press the “Send” button

This is one of the most useful pieces of advice ever given to me, and it happened 15 years ago:

– Never press the “Send” button when you are angry. Get up from your chair and take a walk instead.

15 years ago I pressed the button. Then N.P. came to me with the advice above. Thank you N.P.

Αναβολή του τελικού κυπέλου στο Μπάσκετ

Επαναφέρω παλαιότερη πρότασή μου: Να γίνει στη Μελβούρνη (ή στη Νέα Υόρκη). Αν θυμάμαι καλά έχει παιχτεί Ιταλικό Super-Cup στη Νέα Υόρκη.

→ “Τελικός χωρίς… ομάδες“

Δύσκολοι καιροί για whitehats

Ο Νόμος 3917/2011 έχει πλέον δημοσιευτεί. Υπάρχει ήδη σχολιασμός για το τι σημαίνει για τον πολίτη. Ας δούμε όμως μια μικρή λεπτομέρεια

Άρθρο 11 (Ποινικές Κυρώσεις)

1. Όποιος, κατά παράβαση των διατάξεων του παρόντος κεφαλαίου, λαμβάνει γνώση των δεδομένων που διατηρούνται από τον πάροχο διαθέσιμων στο κοινό υπηρεσιών ηλεκτρονικών επικοινωνιών ή δημόσιου δικτύου επικοινωνιών, τα συλλέγει, αποθηκεύει, αντιγράφει, αφαιρεί, μεταφέρει, αλλοιώνει, βλάπτει, καταστρέφει, μεταδίδει, ανακοινώνει ή με άλλο τρόπο τα επεξεργάζεται, τα καθιστά προσιτά σε μη δικαιούμενα πρόσωπα ή επιτρέπει στα πρόσωπα αυτά να λάβουν γνώση των εν λόγω δεδομένων ή τα εκμεταλλεύεται με οποιονδήποτε τρόπο, τιμωρείται με κάθειρξη μέχρι δέκα ετών, αν η πράξη δεν τιμωρείται βαρύτερα από άλλες διατάξεις.

2. Αν ο δράστης των πράξεων της παραγράφου 1 είναι νόμιμος εκπρόσωπος ή μέλος της διοίκησης ή υπεύθυνος ασφάλειας δεδομένων ή εργαζόμενος ή συνεργάτης του παρόχου ή τελεί τις πράξεις αυτές κατ’ επάγγελμα ή κατά συνήθεια ή απέβλεπε σε οικονομικό ή άλλο αντάλλαγμα, τιμωρείται με κάθειρξη μέχρι δέκα ετών και χρηματική ποινή από 55.000 μέχρι 200.000 ευρώ.

3. Αν από τις πράξεις των παραγράφων 1 και 2 προκλήθηκε κίνδυνος για την ελεύθερη λειτουργία του δημοκρατικού πολιτεύματος ή την εθνική ασφάλεια, επιβάλλεται κάθειρξη και χρηματική ποινή από 55.000 μέχρι 300.000 ευρώ.

4. Αν οι πράξεις των παραγράφων 1 και 2 έχουν τελεστεί από αμέλεια, επιβάλλεται φυλάκιση τουλάχιστον δύο ετών.

Όχι άλλα αντικίνητρα. Υπάρχουν ήδη αρκετά όπως υπάρχουν και ανάγκες για κόσμο.

“All models are wrong, but some are useful”

And then there are models which are not useful at all (emphasis mine):

“consider an all-OSS world in which each company offers consumers exactly the same shared code as every other company. By definition no company can then compete by writing more OSS code than its rivals. This lack of competition suppresses code production for the same reason that cartels suppress output.”

Or to put it in other words, because companies compete within a common code base, they contribute less and less code into the project because they run the risk of losing a future contract to a competitor using code they have submitted.

The authors of this study are advised to read the history of the X Window System whose development closely follows their model. X is universal in the Unix world (commercial and open source systems who try to converge by being POSIX compilant (another hint here)), never faced lack of contributors and contributions or even stewardship and whenever stagnated new branches forked and pushed it forward. And while the authors seem to think that Open Source has been with us for the last 20 years, X was born in 1984. In fact we’ve had Open Source software since the very beginning of software.

* The quote used in the title of this post is attributed to statistician George Box.

Update: After this post and a discussion on twitter, Gregory Farmakis performed a mind experiment.