SCADA Honeypot

I really like the idea of a SCADA honeypot. John Strand live-demoes a SCADA Honeypot. It uses several services which can later on be used to demonstrate (and lure an attacker) the life inside a SCADA universe.

You can download the SCADA Honeypot from here.

From the scadahoneynet site:

[The] goal of this project is to provide tools and to simulate a variety of industrial networks and devices. We see several uses for this project:

  • Build a HoneyNet for attackers, to gather data on attacker trends and tools
  • Provide a scriptable industrial protocol simulators to test a real live protocol implementation
  • Research countermeasures, such as device hardening, stack obfuscation, reducing application information, and the effectiveness network access controls.

Windows 7, continued

Well, so far I’ve been quite happy with Windows 7. It doesn’t crash on me, it’s just there. Even hibernation works like it should (which it never, ever did with any Linux version).

But, on the other hand, I’ve been forced (…) to do a complete reinstall because I could not upgrade Visual Studio Professional to SP1. Because it had conflict somewhere in the Web devel with Office Home & student. Because of that it totally abandoned upgrading to SP1.

Ok, then just uninstall office, do SP1, and reinstall Office and do Office SP2.

Nope. It would not, because it could not uninstall because of some half-successful, but not quite, install of SP1.

Ok, I’ll uninstall VS, and then upgrade Office to SP2. Oh wait, it could not uninstall VS, because of some half installed web devel thingy which could not complete.

That sucked.

But, I would not abandon my conversion from Linux to Windows in a mere week and a half. Usually it takes about two months before I get really fed up with everything and throw the towel in the ring.

No, I did a total reinstall of Windows 7, with Office (professional trial), VS Professional, OneNote (which, for some reason that totally eludes me, is included in Home&Student, but not in Professional. I guess OneNote is not professional than to use), Kaspersky Internet Security(thanx for giving a voucher for a year free Kaspersky, great for tests like this) and TortoiseHG.

It took less than four hours, which is quite good. It didn’t take as many reboots as it used to. About four, if I remember correctly. Which is very nice. In the four hours I also BitLocked the 100GB drive in my laptop, so all in all, that wasn’t that bad an experience and I could get to work on it after four hours. An ubuntu install takes less time, but before I can actually go to work, it takes about the same amount of time (getting window managers set up, install all the freaking packages I forgot, etc.).  Hmm, that’s not very fair of me, because the windows machine is not quite ready yet. I don’t have emacs. It always takes a while to get emacs working properly on any platform. But that’s for another day.

At the end of this day, I’m still a happy camper, while writing this post in Windows Live Writer. That is, if I’m successful at actually posting this.

In the mean time my verdict so far:

  • coolness: 7/10 (it looks ok, but aero gets old really fast)
  • crashes: 10/10 (none, so far)
  • reinstall: 1/10 (if I have to reinstall to get a setup working again, that’s bad. Really bad).
  • wonkyness: 7/10 (Win7 doesn’t really get in your face, which is good, but the jury’s still out on the actually liking of the Libraries. That feels, well, we’re still out on that one)

Flexible keyboards

IMG_4194 IMG_4196

I’m a very happy user of the ‘old’ Sun Type 7 keyboard. Actually, I’m hoarding them, since, Oracle is going to kill the Sun hardware business and the Type 7 is one of those keyboards with all the keys in the right place. Control is left to ‘a’ and backspace is not in the top row, but one below, just above the ‘return’. In order words, I’m a sucker for keyboards and I’m really sensitive to their touch and feel and click and whatever there is to them.

Today I saw someone mysteriously put a silicone keyboard (it flappy and flexible, but no brand label to be seen) in my room and I had to try it. Actually, I’m trying to type on it for this blogentry. And, I’m not really a happy customer. Let me count the ways in which this board does not suck:

  • It’s very cool to fold away your keyboard when you’re not using it.
  • It has an uncounted number of shift keys. Well, there are four.
  • It’s featuring (sort of) in Die Hard IV.
  • It feels nostalgic.
  • You can spill stuff on it.
  • It fits in you backpack, or even the side pocket of your cargo pants.

Ok, that was the good stuff. Now for the less convenient stuff.

  • It stinks, as in, it has an awful plastic smell about it.
  • It stinks, because I’m actually trying to type less, because I’m prone to mistype on this thing a lot.
  • It gives me carpal tunnel syndrome with just using it for the past half hour.
  • It is very wobbly, even when I put it on a sturdy surface area.
  • Did I mention it has four shift keys? And two space keys, but you can still touch them without any reaction? It even has keys on them without any label at all.
  • It has windows keys on it, but more keyboards do, so I will not hold it against it.
  • It doesn’t have a brand label on it, so it must be crap. Otherwise, someone would put a label on it to say that they’re responsible for it. Probably they’re quite scared of someone suing them into oblivion.
  • The control key is broken.

So that’s it. Unless you want to look really cool and like you’re in Die Hard 4, get it. Otherwise, give your wrists and hands and the rest of your body some rest and stay away from it.

Coolness: 7/10 (hey, it’s in Die Hard Four) (but it does not glow in the dark)
Function: 3/10 (with working control: 4/10)
Weight: 8/10 (it’s very light)
Space: 10/10 (it takes up almost no space in your backpack. That’s good).
Total: 5/10. If function is not good, forget it.

Windows 7 installation

I’m an avid user of anything UNIX related: linux, freebsd, opensolaris. I even tinkered around with SCO Unix and Microsoft Xenix (but that was a rather long time ago). But, for some unknown reason I find myself longing to install a windows version.

I’ve used WinXP for a good two months, got fed up that I didn’t get any productivity out of it, and installed a linux distro on my laptop again. Same for the homeserver which was running Win 2003 server at a point in time.

It was that time of year again, so I started installing Windows 7 on the trusty laptop. And all of a sudden it has to go do production within two days of installing. I exploded in an absolute frenzy just to get everything that I might need on the road in there: UMTS connectivity (works), ssh client (two, both work), office (2007, works, duh) (as a sidenote, I love OneNote). And finally to top it all off, a virusscanner/personal firewall thing.


It didn’t work, which kind of beta, final release, from whichever firm, it would not work. The resulting install gave me a headache, as the error messages were quite strange. “Unknown error #0x80040201 occurred”. But this night (two days of tinkering and throwing things out of windows and almost throwing in the towel and installing Ubuntu again (I had to become productive again, and secure as well)) I had a light bulb over my head:

Get rid of EFS.

The Encrypting File System (EFS) is a good, sound, well implemented way to have your own files encrypted and no-one will be able to read them, unless you give them permission. Not even SYSTEM can read them.

I’ll repeat that again.

Not even SYSTEM can read them.

If you start a decompression of an EFS encrypted file, the contents will be encrypted as well. In an awful lot of cases this is exactly the behaviour you want. Because you decompress the file, you do not automatically give everyone access to it, now do you? You can do the installation all right (setup.exe does not complain). But SYSTEM cannot read the resulting files. SYSTEM needs to be able to read the files, because they’re drivers, for crying out loud.

If you remove the encryption of the downloaded installer, everything installs fine, like before, but now SYSTEM can read the files. Yay.

Therefore one piece of advice: do not use EFS on your preferred download location, then you can install the resulting stuff to your heart’s delight.

So, I feel quite good about this, now it finally works. I’m running trend micro now, we’ll see if I’ll buy after the trail, or that I’ll be running ubuntu again.