While compiling socat-2.0.0-b5 on cygwin (Windows) I got a few errors and here’s how I fixed it:
xioopts.c: In function 'applyopts_single':
xioopts.c:3998: error: 'struct single' has no member named 'fd1'
xioopts.c:4000: error: 'struct single' has no member named 'fd1'
make[1]: *** [xioopts.o] Error 1
Edit the file xioopts.c in your favorite editor and replace ‘fd1’ by ‘rfd’ in both lines (3998 & 4000). That fixed this error but then I got my next error.

xio-ip.c:480: error: structure has no member named `ipi_spec_dst'
Edit xio-ip.c and comment out the entire snprintf statement in xio-ip.c line 480.

Continue compilation and it should now work fine.

As can be seen from the recent “xz attack” discovery that there nation states have realized that this is likely the “best” vector to impact large-scale systems in big organizations. With the cloud computing providers being the “source of computing” for most large corporations today, we should anticipate that a larger portion of the attacks will fall into this category. Also, just like “sleeper cells” in traditional espionage, such “sleepers” may exist in numerous OSS projects. Does that mean we should stop using open source – hell no. All that means is we just need to be careful. Can we detect these attacks? It’s tough to detect but yes we can detect them by good ol’ school, telemetry and observability.

But that’s not what this blog post is about. I think the most interesting bit from the xz attack for me was that the libraries that get harder to debug and decode are much juicier targets. How does that matter? The ML libraries that are super popular like pytorch and tensorflow and others are quite hard to compile out of bound from scratch. Such libraries can have interesting attack vectors which allow nice pickle compromises. I say “nice” because the family of insecure deserialization has existed in CWE since 2006! It’s older than many other issues and will continue to exist.

My only hope is that maintainers of core ML projects such as PyTorch, Tensorflow, keras and others start showing a slightly higher level of paranoia and build reproducibility so the supply chain attacks can be avoided on such harder to debug libraries.

I was using the vpnc the other day on my Backtrack 4 R2 system to log in to VPN. I noticed that there was nothing that would give me the status of whether or not the tunnel was up. So I wrote a small one-liner to help me:

while [ `ps aux |grep vpnc|grep -v grep|awk '{print $2}'` ] ; do printf "Connected\r"; done


I installed KUbuntu “Breezy Badger” on my new Laptop (Dell Inspiron 700m) but none of my java based tools seemed to be working.

The errors I was getting were as follows:

** ERROR **: file ../../../src/libjava/jni/gtk-peer/gnu_java_awt_peer_gtk_GtkImage.c: line 572 (createRawData): assertion failed: (data_fid != 0)

aborting…

The trick is to use the Sun JVM and not the gcj (GNU Java Compiler). Apparently in Debian threads (on which KUbuntu is based) has this error in gcj-4.0. They promise that it will be fixed in version gcj-4.1 (which comes with gcc-4.1).

So follow these steps to get burp / paros etc working:
1. Goto java.sun.com and install the latest jvm for linux. Choose an appropriate location, mine was installed on /opt/jdk1.5.0_06/.
2. rm /usr/bin/java /usr/bin/javac /usr/bin/javah. (you remove symbolic links in /usr/bin which point the version of java to /etc/alternatives).
3. Create new symbolic links

# cd /usr/bin
# ln -s /opt/jdk1.5.0_06/bin/javac javac
# ln -s /opt/jdk1.5.0_06/bin/javah javah
# ln -s /opt/jdk1.5.0_06/bin/java java

Now you should be good to go!

-Rajat.

If you want to find out the components of a site’s certificate the following commands will help you.
If you want to find if the certificate is signed with the weak MD5 signature algorithm:
$ echo | openssl s_client -connect webserver.example.com:443 2>/dev/null | sed -ne ‘/—–BEGIN CERTIFICATE—–/,/—–END CERTIFICATE—–/p’ | openssl x509 -text | grep “Signature Algorithm”| gawk ‘{print $3}’

$ echo | openssl s_client -connect 167.155.38.24:443 2>/dev/null | sed -ne ‘/—–BEGIN CERTIFICATE—–/,/—–END CERTIFICATE—–/p’ | openssl x509 -text | grep “Exponent”

I’ll be attending the Shmoocon in Washington, DC from Feb 6th-8th. Hope to see all you h4X0rs out there!

Another trip to the national parks of US. This time in Arizona State! The Grand Canyon in AZ, USA lying on the Colorado Plateau in Northwestern Arizona is a blistering (not because of heat, though) example of soil erosion caused over more than 4000 years by Colorado river.
We organized a trip of 8 people in a Toyota Sienna. It turned out to be a fantastic van and it could easily carry the load of all the eight people and still not run out of steam like we did on the trail.
We reached the Canyon at around 7:50 am on the Saturday morning after an 8 hr drive. But getting apermit at such a short notice in summer is really difficult. So we ended up with no campgrounds in the Mather campground as well as the Backcountry CBG campground (Bright angel creek, just 0.5 miles from the Colorado river). So we first went to 10-X Campground just near the Grand Canyon Airport. This campground is on first come first served basis and takes only 10 bucks for a day. Anyway, we did not have too many choices with the campground so we had to take whatever spot we got.
Then at around 11:30 am we started on the Bright Angel Trail. According to the canyon officials the worst times to take the trails is between 10:00 am to 4:00 pm. But the brave souls that we were, our enthusiasm and inexperience with Canyon led us to believe our valor more than we had! So we began the trail with a backpack carrying water and food for each person. Every man for himself!
But we met a volunteer on the way who advised us that unless we were Marathon runners (which we are not by any stretch of imagination) going to the Plateau Point and coming back on the same day is not advisable. The thoughts that he put into our minds germinated into a tree of doubt which we could not climb.
We could reach only the 3-mile point and climbed back up. But as it turns out we had made almost 70% of the elevation and most of the inclining hike. Had we continued the further trail was not at all steep. But this is hindsight or may be a case of sour grapes or maybe a case of inflated self-esteem !?!!
Then after coming back exhausted from the trail we set up our tent and after some food went off for a well-deserved siesta. The next day after lot of deliberation from Gandhe and Sardar we made it again to the Canyon to look at the points on the South Rim itself. After going afound in the bus we saw most of the points and then headed back to LA with the same reverse route (64 S – 40 W – 15 S – 10 W)!
-Rajat.
My homepage.