One of my old reported vulnerabilities was published: CVE-2014-8733

CVE-2014-8733: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8733

It was fun to work with Hadoop security in 2014… This vuln was a tricky one because I was responsible for Hadoop managed service platform security, and our clients had SSH access to Hadoop cluster nodes in some cases.

If I remember correctly, fix wasn’t easy – required release of new CDH version which moved configuration parameters between files (world readable access was required for Hadoop client to function). And then, several months later, it reappeared again after another patch.

Shell script – waiting until specified day/time

I participated in a project in which job scheduling logic was completely implemented in shell script (it was a small project initially, and then it has grown in time). One of tasks was to enable scheduler script to wait until a specified time to run a job. Surprisingly, search in Internet did not bring anything that would look simple and elegant enough. There were bunch of quite complex solutions which did not really address my requirements and would be too hard to maintain for support teams in future… I came up with my own solution for this after reading Linux manuals, which I wanted to share.

It appears, ‘date’ utility is very flexible in terms of definition and representation of time. For example, user can supply target date/time in a string, using words like ‘Today 9am” or “Thursday 12pm” etc. In combination with ‘sleep’ command, I was able to achieve the desired functionality with required precision (seconds). I ended up writing this simple bash function:

#-[ wait_until ]------------------------------------------
# Waits until a given day/time
# $1 - target time/date in 'date' command format, e.g. "Today 13:00"
wait_until()
{
echo "Waiting until $1..."

TIME_TARGET=$( date -d "$1" +%s )
TIME_NOW=$( date +%s )

if [ $TIME_NOW -lt $TIME_TARGET ]; then

        TIME_WAIT=$( expr $TIME_TARGET - $TIME_NOW )
        echo "Waiting time: ${TIME_WAIT} seconds"
        sleep ${TIME_WAIT}s

else
        echo "Target time is already in past. No waiting required..."
fi
}

Use is very simple:

wait_until "Today 1pm"
#... some code ...
wait_until "Tomorrow 6am"
#... some code ...

etc…

Hope it helps someone who will be looking for this solution in Internet, just like I did before I had to write it :)

ESXi and Kali weekend

Installed Kali Linux in my virtual lab this weekend – just to make a snapshot of currently available packages and, as usual, steal a couple of ideas for my own pentest Linux VM. Two ideas I will never steal from Kali are Safari Icon for Firefox and use of Gnome 3.

Last weekend’s small DIY project

I really enjoyed this. I know it does not look like much, but I am very happy about this little project: I finally learned how to solder properly and lead-free, and I now understand AVR microcontrollers architecture and specifics. What’s left is to finish power optimization and start periodically add different sequences for LEDs and different reactions to button clicks.

And I also learned about powering small devices and about Joule Thief / step-up regulators, induction, surface-mount and PCB design/ordering (however, these are not used in this project)

Github:
https://github.com/samoylenko/avr_s1

schema

Whoa! Debian Linux works amazingly good at my hardware!

When I said my last goodbye to Windows, I thought it will be Ubuntu to become my new primary home operating system – I had it for a couple of years in past, with very very good experience for both me and my wife, don’t even remember why I switched back to Windows. Probably because I disliked what they did to Gnome, or the switch to Unity, or Il-2 Sturmovik did not work well with Wine, or all three together and lack of time to deal with it – so I thought I’ll pay Microsoft to make all decisions for me… I really don’t remember now. But for me, it was always clear that Ubuntu is the best Linux distribution for desktop hardware because of its superior support for drivers and firmware. I prefer Debian at my virtual desktops and Ubuntu again at servers, both hardware and virtual.

So I removed Windows 10 and installed Ubuntu, and spent a couple of days playing with it – everything worked well, but I was really missing my Debian XFCE customized desktop experience to which I am used to. And I decided to try Debian at my laptop. I was sure I won’t be able to get it work with my wifi card, or cardreader, or something else… I was so surprised that everything worked out of the box! And the install went smooth, over wifi, and everything was just great! The biggest surprise, however, was that Debian appeared to work much better with my Microsoft (hehe) Bluetooth mouse than Ubuntu. Hibernation, suspend, sensors etc work without any problems as well.

It’s been almost a week, and I am very happy with Debian as my primary OS now. I am very confident it will stay, and I am not switching back to Windows or even Ubuntu any time soon – I have an old EEE-PC with Debian installed for around 2 years already (for kids to play) which I was periodically checking and updating, and was amazed of how good and stable it is.

I only had to do two things to make it happen:

  1. I used unofficial Debian installer with non-free firmware support to install it at my laptop.
  2. I had to manually add my touchpad configuration to enable all the fancy multi-touch etc:


Here’s a screenshot of my Debian desktop:

Screenshot - 08232015 - 11:53:48 PM

Farewell, Windows

I’ve got Windows 10 at my laptop around 3 weeks ago and was testing it since. I do like the new design, and the OS itself is definitely better than any previous Windows version, including 7. And all of my life I’ve always been a Windows guy, preferring Linux only in server or virtual environments. But I just can’t leave all the privacy concerns be. I hate the idea someone is constantly watching what I am doing and where I am going. And I can’t bear the fact that Microsoft can scan my hard drive or sneak on me through my webcam anytime they want. It’s gone way too far.

When they announced the free upgrade, I knew it will be something serious and users will have still have to pay, but in some different way. Well, now we know what it is… Sorry, Microsoft, I am not buying this anymore.

Three years ago, when I wanted to refresh my software development skills and learn something new on a professional level, I was choosing between C# and Java, and I really wanted it to be the former given all of my previous experience, but the price of Visual Studio and MSDN subscription was astronomical, and everything was restricted to only one OS and one vendor while for Java everything was free and cross-platform. The choice was obvious and now I am a Java programmer in addition to my other skills.

Now it’s my home desktop operating system’s turn, and the choice is obvious as well…

Goodbye, Windows, taking your last picture for memories:

1

Hadoop without Kerberos – simple attack examples

In this post, I am going to illustrate that it’s practically impossible to protect any data in Hadoop clusters without Kerberos (‘Secure mode’) enabled. I hope this will help admins and security folks see that Kerberos is the only way to make Hadoop more or less secure – without it, there is no authentication in Hadoop at all. But as you can see from my previous posts about Hadoop, even with Kerberos enabled, there are still very serious challenges, so Kerberos is just a start, not the final solution.

At this time, I will focus on the most important component of Hadoop ecosystem – HDFS, Hadoop’s distributed file system which is used to store all data in Hadoop in most cases.

Continue reading

hadoop.security.auth_to_local examples

In my previous post “An important Hadoop security configuration parameter you may have missed” I was talking about importance of the hadoop.security.auth_to_local configuration parameter and promised to provide some solutions using this parameter.

I want to focus on a couple of practical use examples in this post, and if you want to learn more about this, here are links to the existing documentation:

Continue reading

Solution for Lenovo ThinkPad problem with sleeping mode in Windows 8.1

upd: Even better solution is to use the latest Windows 8.1 ISO which can downloaded using the following Microsoft’s tool. It instantly detects the video adapter and installs the required driver.
http://windows.microsoft.com/en-us/windows-8/create-reset-refresh-media

This seems to be a standard problem for many Lenovo laptops: after Windows 8 enters sleeping mode, computer does not wake up – all the lights and fans are on, but display remains always black, until reset.

Support forums did not help much – people talk about this problem for a couple of years already, some advice updating BIOS, but this did not work in my case. Only the stock image from Lenovo Recovery CDs seemed not to have this problem (but did have Superfish and stuff ;-) )

Solution appeared to be quite easy – I just needed to install the latest Intel HD Graphics Driver :) That’s it. Here’s the location of this driver:
https://downloadcenter.intel.com/download/24785/Intel-Iris-and-HD-Graphics-Driver-for-Windows-7-8-8-1-64-bit

It just seems that Lenovo System Update software does not update this driver automatically.

1

 

Kaspersky Antivirus appears to became just another bloatware nowadays

So much disappointed… After all these years I finally decided to buy Kaspersky, and appeared it became just another bloatware now. Guess the folks don’t care about their firm’s karma anymore…