ABOUT
New e-learning materials released
The new Shell Control Box e-learning 3.4 material has been released. The release contains:
- RDP TS Gateway
- Citrix ICA
- Credential store (Lieberman ERPM)
- Permission quesry
- Advanced statistics
- Telnet SSL és VNC SSL
- HTTP és HTTPS
- Real-time monitoring.
The new syslog-ng Store Box 3.1 e-learning material has been released. The release contains:
- syslog-ng SQL source
E-learning materals are available here:
[.] MoreBusy Q1-2
I have just fixed Q1-2:
- 20/02: Óbudai Egyetem, presentation
- 28/02-01/03: SCB training, English
- 4-5/03: BCZA training
- 7-8/03: CEBIT, Hannover
- 12-13-14/03: syslog-ng PE, SSB training
- 25-27/13: BCZE1 training
- 27/13: Óbudai Egyetem, presentation
- 5/04: ZSKF, presentation
- 12/04: BME AUT, presentation
- 15-19/04: SCB, syslog-ng PE and SSB training (English)
- 19/04: ZSKF, presentation
- 22/04: PTE presentation (Pécs)
- 24/04: Óbudai Egyetem, presentation
- 26/04: BME AUT, presentation
- 3/05: este ZSKF, presentation
- 15-17/05: syslog-ng PE, SSB training
- 6-7:/06 BCZE2 training
- 20-21/06: SCB training
You can register for the training here. It’s gonna be fun!
[.] MoreRoss Anderson’s Security Engineering 2nd Edition is freely available.
Ross Anderson has been released Security Engineering 2nd edition for free. Respect! Thank you Ross! You can find the his post here and you can download it here, However it is free, please buy it if you can afford. (I bought one). Thanks for the good news for Zoli Kincses!:-D
[.] MoreUbuntu for smarphones
A few days ago Ubuntu announced the new mobile platform. At this moment there are not enough info about it. At least they have a website, but it is for the marketing. I have some ideas, maybe it is interesting:
- Success of the platform lays on the enough amount of applications. Most of these apps are developed by start-ups in garages. It is a real challenge for them to port their app to another platform: Android, iOS, Windows 8, Blackberry and Ubuntu. Firefox is coming soon and do not mention elder systems. This is more than enough! I liked the WebOS solutions: there was a full emulator, that runned a PalmOS therefore WebOS could run PalmOS applications natively. It is said, that webOS is a history.
- Will Ubuntu be free enough? Open enough? Or just like Android is? (Purposive sarcasm:-) I do not thing there will be as strong free software community as there is on desktops. We have different days. I do not vision it will never be, but not yet.
- Strong hardware is a requirement. As the original vision is that you mobile can be a desktop with a docking station, strong hardware is a must. Today it is not a huge problem, there is a strong development of multi-core, low consumption mobile CPUs. A 4-core mobile today is reality. On the other hand I would like to see how nowadays monolit application running on such device for example LibreOffice, Firefox, Thunderbird és Evolution.
- Quality of the OS and the applications? Unfortunately I am less and less satisfied with the Desktop Ubuntu’s quality.
- Customizability. Mobile vendors like Android, because the can customize it. That is why it is not possible to upgrade Android on elder phones (who on earth would buy newer phones?:-) That is the reason of existence of “after production firmwares”. I would prefer if Ubuntu would solve this problem. I don’t like to be forced to hack my phone if I want a newer OS.
These are my first thoughts. I am sure Ubuntu has though over it before it entered the market. Now we have just wait for the outcome.
[.] MoreTrainings in numbers
All trainings are over this year. This year we issued 170 training certificates for 126 people as lots of people have! Most of the students attended the SCB course (59). The second most popular course were the Zorp training (59 BCZA and BCZE students and 8 SR certs). The rest are SPE and SSB students.
After the trainings 59 student has passed the exams, so they are already certified users or engineers of Balabit products. Please note, that taking the exam is completely optional and independent from the training (we use an online exam application, so you can take the exam later in a comfortable chair at home). 
You do not have to take any exam at the and of the training, however it is possible.
Most of the trainings are located in Budapest, Balabit HQ, however we had some on-site training upon request. This year I gave lectures mostly in Europe: Düsseldorf, Paris, Istanbul and Hannover, but this year I have visited Tegucigalpa (capital city of Honduras). I am quite a world-traveler now with a massive experience.
I have just seen the statistics of Balabit certificates in the past 10 year and I find a big improvement. For the chart-freaks I made bar-chart. Here you go:
We also scheduled 2013 Q1-2 training program. Please visit our website! We have less dedicated training days because most of the trainings are available in e-learning format (read my previous posts). We have lots of ideas and plans about improvement of the e-learning stuff. Stay tuned I will inform you here.
[.] MoreChinese lottery in da house!
A few day ago Revuln a maltese security company has published a 0-day exploit in Samsung SmartTV’s firmwares. The remote root exploit have a complete control on a TV: download USB media history, install any app, share drives etc. Some ideas come to my mind:
- It’s not surprising! This is only a PC, why shouldn’t be there any bug? These companies are optimalize costs (as each) therefore they use Linux or BSD as a base. That is the reason why there are alternative firmwares (SamyGO, OpenLGTV) and I think they will be as wide spread as alternative router firmwares (OpenWrt, DD-Wrt stb.) or post-production firmwares for smarphones (eg. CyanogenMod). Is just want to enlight it is not a rocket sience to hack an alternative OS or find bugs in the factory default. Known hardware, known OS. No difference.
- Do no panic! There is a little change a real attack. These TV-s are sitting behind a router/NAT. That is true, these routers are not over-helmed (lot’s of default passwords etc), and thats limits the point where an exploit can run. You need an internal acces, where the exploit can run. Probably you hack the heigbour’s wifi if he is listening to loudly the Gangnam Style.
- Turn off your TV. If it is off, there is no network connection. I have just tried to nmap my smart TV, but noone is is home who can turn it on. It’s high time to add wake-up-on lan feature!
- Surprise! I can imagine a virus that scanns the victims’s lan and if it finds a smart TV, it installes a surpise app.
- Any code can run on it! As it is a PC, anything can run on it which runs on your Desktop PC.
Years before there was a theory. It assumes that all chinese home can run a code that breaks RSA keys. In this case we can calculate the time if RSA key recovery. There is even an RFC: 3607. I feel like the time of cinese lottery has arrived literally (it’s far already here in technical meaning).
Reference: ReVuln – The TV is watching you
[.] MoreE-learning trainings in the air!
Our SCB, SSB and syslog-ng PE trainings are available in e-learining form. Training packages contain:
- Presentations with notes
- Exercises
- Summary questions and answers
- Links to the Administrator Guides
- Screencasts in ogg video (without sound)
- Example configurations
Trainiees can learn usage of our products on their own (evaluation licese and install guide is included).
During the training we offer maximum 3 webex consultancy if required.
With the e-learning trainiers can learn using Balabit products on their own.
Trainings are available here.
Happy learning!
[.] MoreFirst newpaper turnout
Presentation: SCB from the point of auditors’s view
Conference: Business&Technology 2012 @Siófok @Hungary
08/03/2012: Business&Technology 2012 @Siófok. I was presenting about process stability and system logging. The presentation was okay, but unfortunately only a few people attended it. I really regret it, because in our session a lot interesting prezentations were hold. I would emphasize Mr. Tamas Gaidosch’s presentation about connection of security and money issues. Thx.
[.] More
