tag:blogger.com,1999:blog-74175513818442982452024-03-13T21:23:14.225-07:00LABrat.com - Chris Grant's rantsBlogging the ongoing challenges in information security, news of tech, the geek world and sometimes other random musings on the experiences of life.Chrishttp://www.blogger.com/profile/05257222772910088784noreply@blogger.comBlogger105125tag:blogger.com,1999:blog-7417551381844298245.post-14214897926280415912020-12-13T00:01:00.000-08:002020-12-13T00:01:09.103-08:00Modern Problems Require Modern Solutions: Split-Tunnel Client VPNs<div><font face="arial">Spent some time lately thinking about the approaches to corporate client VPNs, during a time of a pandemic, which has changed how a number of companies are operating. Namely, organizations are relying on their ability to remotely enable their workforce. To do this efficiently, there are modern strategies and tactics built into products engineers and management should be familiar with in order to achieve the best end user experience, and most efficient use of remote access to the company's information assets. Turns out, good end user experiences will also create both network performance increases, and potential cost savings.</font></div><div><font face="arial"><br /></font></div><div><font face="arial">Chris</font></div><h2 style="text-align: left;"><font face="arial">VPNs as an Enabler</font></h2><div><span style="font-family: arial;">Virtual Private Networks, or VPNs, by their nature, are designed to protect network traffic from a network or individual machine, to another remote machine, or network. VPNs have been around for a long time, supporting and securing corporate network communications from laptops, desktops, and remote offices back to the main office or data center. </span></div><div><font face="arial"><br /></font></div><div><font face="arial">In the case of a <i>client VPN</i>, you're connecting your desktop/laptop to the corporate network, so you and your machine can work just like it did in the office.</font></div><div><font face="arial"><br /></font></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><font face="arial">Yes, desktops can VPN too, especially in the days of 100% WFH because of Covid quarantining and "safe distancing". Companies are just as likely to ship a desktop to a person's home to establish a home office when people are WFH.</font></div></blockquote><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">So let's walk through the progression of remote access solutions, and what's possible today, selective split tunneling.</span></div><h2 style="text-align: left;"><span style="font-family: arial;">Remote Access Solution #1: Decentralized Broad Internet Access Creates Problems</span></h2><div><span style="font-family: arial;">Back in the day...companies didn't have high bandwidth connections, to the home office, or to the Internet. Given that, Network Admins wanted to only Corporate traffic to come back to Corporate networks, allowing users to use the local Internet connections for general Internet access. This is called "split tunneling" because you're splitting the VPN tunnel to allow network traffic outside the VPN, to access local or Internet resources. This saved on Corporate expenses around Internet bandwidth, and other overhead in managing people's Internet traffic.</span></div><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">There are potential problems with deciding routing for Internet traffic at the client level. Say you only route "company" traffic back to the company over a VPN. Or, in the case of a remote office, say you access the Internet using the local office connection, and you only route "corporate" traffic back to the "home office". Something like this:</span></div><div><br /></div><div style="text-align: center;"><img alt="Understanding Split Tunneling" class="n3VNCb" data-noaft="1" jsaction="load:XAeZkd;" jsname="HiaYvf" src="https://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/Resources/Images/screenshots/arun_022%20split%20tunneling.png" style="height: 219.192px; margin: 21.0541px 0px; width: 433px;" /></div><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">The problem with this configuration is primarily that there </span><span style="font-family: arial;">may not be the same Internet controls, like URL filtering or other network security monitoring controls in place in each remote office, or on each client, to protect the company's assets from compromise.</span></div><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">Short-sighted companies without cybersecurity guidance frequently chose this configuration to save on costs and "create network efficiencies". </span></div><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">Companies with information security expertise would tend to gravitate to solution #2...</span></div><div><span style="font-family: arial;"><br /></span></div><h2 style="text-align: left;"><span style="font-family: arial;">Remote Access Solution #2: Centralizing Network Security Monitoring is Popular</span></h2><div><div><font face="arial">This is the model we've been using since 1995, at least. </font><span style="font-family: arial;">Here's a basic example of what a traditional corporate VPN looks like because of the aforementioned issues with decentralized Internet access. </span></div><div style="text-align: center;"><img alt="Split Tunnel VPNs Improve Performance of Cloud Apps for Remote Workers | Techtron" class="n3VNCb" data-noaft="1" jsaction="load:XAeZkd;" jsname="HiaYvf" src="https://www.petri.com/wp-content/uploads/sites/3/2020/04/Figure1-4.png" style="height: 189.594px; margin: 35.853px 0px; width: 433px;" /></div><div><span style="font-family: arial;">In this example, the VPN Gateway is typically at your Corporate HQ/Data Center, and you get access to both local resources and the Internet, including all your SaaS providers like Office365, or Service Now, or Zoom, or WebEx, etc. </span></div></div><div><span style="font-family: arial;"><br /></span></div><div><div><span style="font-family: arial;">The advantage to this is primarily n</span><span style="font-family: arial;">etwork controls and visibility, since all traffic from the client comes back to the centrally managed, on-premise corporate information security controls. This includes things like</span></div><div><ul><li><span style="font-family: arial;">Network traffic monitoring through IDS/IPS</span></li><li><span style="font-family: arial;">Basic firewalling, blocking general network access to both local networks and the Internet, since you won't know whether or not the laptop is in a hostile airport or hotel network or an unmaintained home network. </span></li><li><span style="font-family: arial;">Category-based and specific URL blocking/permissions/reporting</span></li><li><span style="font-family: arial;">"next gen" firewall application security capabilities, monitoring application layer traffic</span></li><li><span style="font-family: arial;">network monitoring for data loss prevention (DLP) capabilities</span></li></ul><div><br /></div></div></div><h2 style="text-align: left;"><span style="font-family: arial;">Remote Access Solution #3: Selective Split Tunneling</span></h2><div><span style="font-family: arial;">As corporate software solutions have evolved to more Software-as-a-Service (SaaS) models, more of what we use in the day-to-day has moved to web-based, Internet-based service and software portals, companies have been moving to add more Internet bandwidth, adding SAML-based authentication, and providing more scrutiny and assessment of SaaS providers who provide business essential services.</span></div><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">Cyber-mature organizations will see a new way forward, to move beyond the Standard Corporate VPN, to enable both efficient use of network and Internet traffic, as well as maintaining expected and required cybersecurity controls.</span></div><div><span style="font-family: arial;"><br /></span></div><div><span style="font-family: arial;">This is still called VPN Split Tunneling, but is more appropriately called, Selective Split Tunneling. Here's what this looks like, from a Cisco WebEx perspective:</span></div><div><span style="font-family: arial;"> </span></div><div><div style="text-align: center;"><img alt="Dynamic Split Tunneling – a COVID-19 Best Practice – Security of Everything" class="n3VNCb" data-noaft="1" height="199" jsaction="load:XAeZkd;" jsname="HiaYvf" src="https://wolandcom.files.wordpress.com/2020/03/02-split-tunnel.png" style="background-color: transparent; height: 215.181px; margin: 23.0594px 0px; width: 433px;" width="400" /></div><span style="font-family: arial; font-size: xx-small;"><div style="text-align: center;">From: <a href="https://woland.com/2020/03/30/dynamic-split-tunneling-a-covid-19-best-practice/">https://woland.com/2020/03/30/dynamic-split-tunneling-a-covid-19-best-practice/</a></div></span></div><div style="text-align: center;"></div><div style="text-align: center;"></div><div></div><div style="text-align: center;"><span style="font-family: arial; font-size: xx-small;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;">And, from a SaaS industry perspective, *ALL* of the high bandwidth SaaS application providers are going to recommend split tunneling Corporate VPNs for their services. I've seen this from Zoom and O365, as well. </span><span style="font-family: arial;">Here's the O365 guidance.</span></div><div><span style="font-family: arial;"><br /></span></div><div style="text-align: center;"><span style="font-family: arial;"><img alt="Implementing VPN split tunneling for Office 365 - Microsoft 365 Enterprise | Microsoft Docs" class="n3VNCb" data-noaft="1" height="224" jsaction="load:XAeZkd;" jsname="HiaYvf" src="https://docs.microsoft.com/en-us/microsoft-365/media/vpn-split-tunneling/vpn-split-tunnel-example.png?view=o365-worldwide" style="height: 243.258px; margin: 9.02079px 0px; width: 433px;" width="400" /></span><span style="font-family: arial;"><br /></span></div><div style="text-align: center;"><span style="font-family: arial; font-size: xx-small;">From: <a href="https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-split-tunnel?view=o365-worldwide">https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-split-tunnel?view=o365-worldwide</a></span></div><div><span style="font-family: arial;"><br /></span></div><h2 style="text-align: left;"><span style="font-family: arial;">The controversy; dogma, NIST and current realities</span></h2><div><span style="font-family: arial;">If anyone has a rub with this design, its typically because dogma would have you believe split tunneling is risky behavior. May older information security frameworks, based on a compliance regimen, still prescribe that spilt-tunneling opens organizations up to additional risk. T</span><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;">raditional guidance on this topic is probably 10-15 years old. </span></div><div><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;"><br /></span></div><h4 style="text-align: left;"><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;">"Thou shalt not split tunnel VPNs!" </span></h4><div><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;"><br /></span></div><div><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;">That guidance was fine when VPNs only had two settings: no split tunneling, and only split the tunnel for specific networks you want to run through the VPN. But times have changed.</span></div><div><br /></div><div style="text-align: left;"><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><b>Modern problems require modern solutions</b></font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><br /></font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial">These days VPN capabilities are more robust and more capable, allowing for split tunneling for Zoom or Office 365, or other SaaS solutions. Companies should do this *if, and only if* a company is assessing their SaaS solutions for cybersecurity controls prior to their use. "Trust but Verify".</font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><br /></font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial">Allowing SaaS traffic to operate outside of the Corporate VPN should only minimally increase risk. The top SaaS solutions should care about and are taking actions to protect their traffic (Zoom was challenged on this point for a while in 2020, though, to be transparent). As a part of your own Vendor Risk Assessment, you should validate that a vendor is encrypting traffic between your clients and the SaaS provider.</font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><br /></font></span></div><h4 style="text-align: left;"><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial">But, but, but, you can't see or stop "bad" traffic!</font></span></h4><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><br /></font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial">Sure, you may not have network monitoring. You have to check your assumptions and ask yourself if you really have that visibility today. Do you intercept SSL? Would you intercept Zoom calls? Would you intercept WebEx? My bet is no.</font></span></div><h2 style="text-align: left;"><span style="background-color: white; color: #333333; font-family: arial;"><span style="font-size: large;">Conclusion</span></span></h2><div><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;">I'd argue there's less reason, and little risk, to push full SSL-enabled web traffic through a VPN to partner organizations where the controls have been evaluated and understood, with contracts to enforce them. Yes, partner compromises happen (ahem Target), so it's highly dependent on the situation, but it seems like we should be taking a risk-based approach and not be just repeating dated dogma.</span></div><div><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;"><br /></span></div><div><span style="background-color: white; color: #333333; font-family: arial; font-size: 16px;">What points did I skip over, or miss? Or do you interpret differently? Comment below. Let me know what you think.</span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><br /></font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial">Chris</font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><br /></font></span></div><div><span style="background-color: white; color: #333333; font-size: 16px;"><font face="arial"><u>More info:</u></font></span></div><div><span style="background-color: white; color: #333333;"><font face="arial">How to configure Cisco gear for split tunneling for O365, WebEx and Zoom: <a href="https://community.cisco.com/t5/vpn/split-tunnel-webex-outlook365-zoom/td-p/4049533">https://community.cisco.com/t5/vpn/split-tunnel-webex-outlook365-zoom/td-p/4049533</a></font></span></div><div><span style="background-color: white; color: #333333;"><font face="arial"><br /></font></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-66581911347693884532020-08-24T11:16:00.003-07:002020-08-24T11:16:54.860-07:00Fixing Steam 0 bytes available disk space issue when removing a drive from the system<p></p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /> Ran into an issue this weekend, so I'm memorializing it here. <p></p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieyY4gKsNxnmH19ASfwVmnQd5cFx-kllianQVmHLQNbyAjQ-aIeNy_djR9jEMo4hy8Ggw5VX-4dcrvFWt0UzyvhMJyB6ZvjRY_jzWXMJxyG25v7WvXGOevYrqCp3EY1jCztcDzMTBajnk/s740/SteamCapture2.PNG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: center;"><img border="0" data-original-height="597" data-original-width="740" height="264" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieyY4gKsNxnmH19ASfwVmnQd5cFx-kllianQVmHLQNbyAjQ-aIeNy_djR9jEMo4hy8Ggw5VX-4dcrvFWt0UzyvhMJyB6ZvjRY_jzWXMJxyG25v7WvXGOevYrqCp3EY1jCztcDzMTBajnk/w328-h264/SteamCapture2.PNG" width="328" /></a>I had two drives in my system, one SSD for the OS and one high capacity spinning drive for secondary, slower storage. The second drive is where I put my Steam Library.</p><p>I pulled the drive this weekend to put into another machine I'm using for temporary file storage while I migrate Synology servers (longer story). This 1TB drive was holding my Steam Library.</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9BBEkkCtxLZC9H6PfXUQVqWZFhGSgHNX0x0e6DbBpXNFOwGVl1Z-uVohc8wFJFafFfB7129a45iloznLJxlZAch3S8zrPQa1uGUvMq4WHMEE2e3IOYs6c7e4uNV8qa0RdMK3q76tx0Qo/s638/SteamCapture.PNG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: center;"><img border="0" data-original-height="237" data-original-width="638" height="122" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9BBEkkCtxLZC9H6PfXUQVqWZFhGSgHNX0x0e6DbBpXNFOwGVl1Z-uVohc8wFJFafFfB7129a45iloznLJxlZAch3S8zrPQa1uGUvMq4WHMEE2e3IOYs6c7e4uNV8qa0RdMK3q76tx0Qo/w326-h122/SteamCapture.PNG" width="326" /></a><br />I went into Steam, and Steam recognized that the SteamLibrary folder was no longer present and set the default back to the C:\ drive. I thought I was all good.</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM_IFglGCEz9-HqVUzCTwJSpOvse7lSXWIYFiPiJTnC0Vh8QKTt23_PVS9ojJfilZgOGFRfrz_jTcw9wLGuuHau0V7hKTzPaS5-qeY95uaxoNhANEXYaTPSZeB4XbS4ZAZ9TwQ5s_lvHs/s2048/unnamed.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: center;"><img border="0" data-original-height="1536" data-original-width="2048" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM_IFglGCEz9-HqVUzCTwJSpOvse7lSXWIYFiPiJTnC0Vh8QKTt23_PVS9ojJfilZgOGFRfrz_jTcw9wLGuuHau0V7hKTzPaS5-qeY95uaxoNhANEXYaTPSZeB4XbS4ZAZ9TwQ5s_lvHs/w328-h246/unnamed.jpg" width="328" /></a>Fast forward a week and I have picked up a used NVidia card, and wanted to test it out. Went to download/reinstall the game and Steam says there's "0 bytes available" even though there's no other Steam folder, and the DEFAULT is set to the C:\ drive.</p><p><br />Here's what I did, that wasn't covered by other posts and threads I found: </p><p><br />1) Go to Steam <b>Settings</b></p><p>2) then <b>Downloads</b></p><p>3) then click <b>Steam Library Folders</b></p><p><br />4) then <b>right-click </b>on the directory shown and click on <b>Make Default Folder</b>. (yes, yes, even though it says it's already the default)</p><p>5) then <b>right-click </b>on the directory again and click on <b>Repair Library Folder</b>. Steam will restart.</p><p>You're done. Try installing games again.</p><p><br /></p><p><br /></p>Unknownnoreply@blogger.com17tag:blogger.com,1999:blog-7417551381844298245.post-87349954963645519432020-01-26T19:49:00.004-08:002020-01-26T19:49:48.787-08:00Synology, Mac OS X, OpenVPN and TunnelblickI'm putting this here so it shows up in your chosen search engine more easily.<br /><br />If you have a Synology NAS, have the VPN Server installed, configured OpenVPN and use an Apple Macbook with OSX with Tunnelblick as your VPN client, you've probably seen this message:<br /><blockquote class="tr_bq">
Warning: This VPN may not connect in the future. The OpenVPN configuration file for 'Undercity OpenVPN' contains these OpenVPN options: 'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5 You should update the configuration so it can be used with modern versions of OpenVPN. Tunnelblick will use OpenVPN 2.4.4 - OpenSSL v1.0.2n to connect this configuration. However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.</blockquote>
<div>
All you have to do to ensure compression is enabled, through the config file is to replace one line in the ovpn config file you're using. Replace the line with</div>
<div>
<div>
<blockquote class="tr_bq">
comp-lzo</blockquote>
</div>
with <blockquote class="tr_bq">
compress lzo</blockquote>
<div>
You won't have the warning message show up in the Log window after that.</div>
<br />Chris </div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-16095233315562371892018-03-13T16:41:00.001-07:002018-03-13T16:41:55.738-07:00LABRAT graffiti up and down Puget Sound<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgze6H0MJ7NIiTJPrK3XNN9JYLT8iX96QemJvXgfJ7mozY2QNycg-WhU68J6BpX21dHoZHW9TmTQygdisuSp6et9u9AudX0xdUK_JIudA-d9Yqf8NhThlwiVIjgqbjyQt3P85RCHczcroE/s1600/LABRATKNATSgraffitiLaceyWA.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1080" data-original-width="1080" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgze6H0MJ7NIiTJPrK3XNN9JYLT8iX96QemJvXgfJ7mozY2QNycg-WhU68J6BpX21dHoZHW9TmTQygdisuSp6et9u9AudX0xdUK_JIudA-d9Yqf8NhThlwiVIjgqbjyQt3P85RCHczcroE/s200/LABRATKNATSgraffitiLaceyWA.jpg" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Rail bridge over I-5 South with<br />
LABRAT KNATS graffiti.</td></tr>
</tbody></table>
Living in Puget Sound over the last decade, I've noticed tagging and graffiti with LABRAT or LABRAT KNATS across bridges downtown, by Lacey (picture below, the site of the recent train derailment) and down to Olympia, Washington (State).<br />
<br />
To be clear, this graffiti is not mine, or is it associated with me. Just in case there was any question... (ha ha, lol)<br />
<br />
(photo credit: Wikipedia)<br />
<br />Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7417551381844298245.post-87347433316998007772018-03-13T16:38:00.000-07:002018-03-13T21:30:38.029-07:00Synology Let's Encrypt SSL certificate failure and ASUS AC68USo...I was running my own SSL cert from a free SSL certificate provider SSLForFree.com but thought I'd try the built in capability of my Synology DS413J to provision one from Let's Encrypt for free.<br />
<br />
I walked through the menus to find the Control Panel, Security, and Certificates tab. Once I walked through adding/replacing a cert, I receive this error:<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifuSpzzoMHszyrzUCCNwvKhpsxBBJcUEw12IBxXcerUeu04OtCFaXjmpBg7Jczt0D214mQ9v_ob6OMybmMx3DcWYN_9Fzjpb6IhFbiVwDxqZP8HtUPtYU7HqwT8bDqOcgYvobFnXpdXRg/s1600/SynologyLetsEncryptCertIssue.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="368" data-original-width="650" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifuSpzzoMHszyrzUCCNwvKhpsxBBJcUEw12IBxXcerUeu04OtCFaXjmpBg7Jczt0D214mQ9v_ob6OMybmMx3DcWYN_9Fzjpb6IhFbiVwDxqZP8HtUPtYU7HqwT8bDqOcgYvobFnXpdXRg/s320/SynologyLetsEncryptCertIssue.PNG" width="320" /></a></div>
<br />
For clarity, this is what it says:<br />
Get a Certificate from Let's Encrypt<br />
<br />
Failed to connect to Let's Encrypt. Please make sure your DiskStation and router have port 80<br />
open to Let's Encrypt domain validation from the Internet. All the other communications with<br />
Let's Encrypt go over HTTPS to keep your DiskStation secure.<br />
<br />
I originally was thinking my router, an Asus AC68U, wasn't capable of forwarding port 80 because it uses that port for the web interface. Turns out that later software updates fixed this issue and is now able to pass the traffic from outside:80->Synology:80. All good.<br />
<br />
I made sure Web Station was running. And it still failed.<br />
<br />
Turns out, I think the biggest issue was that even though the screen suggests you should just use your top TLD, you really need to put in your full FQDN in both the domain name and the alternative subject name fields.<br />
<br />
Then the wizard worked like a charm.<br />
<br />
Good luck!<br />
ChrisUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-71928334731592446912016-11-25T21:33:00.002-08:002018-03-13T23:49:36.627-07:00Kenwood TK-890 Amateur Radio Mod (repost)(Now reposted/moved to my site focused on ham radio, <a href="http://www.zebrasrunningwild.com/" target="_blank">ZebrasRunningWild</a>. cg)<br />
<br />
I'm a ham radio operator and have been since 1987, when I got my Novice ticket in rural South Dakota (SD) at 14 years old. It's been a fun hobby, even though I took a break from roughly 1993-2013. So...to the point...<br />
<br />
I went to the Mike and Key Ham Fest down in Puyallup, WA in the spring of 2015. Before I showed up there, I had been thinking about a GMRS license and radios for the family. I picked up a Kenwood TKR-820 repeater, already programmed to the GMRS repeater frequencies.<br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtQJo9V2wgau0W7cSdFqpX0x6rt9sJCqkMU_b64d1EdutjCwNmhGuKIyISiNM2daPNC20TQP5G7lPK03lMQU74xuIYZr-m1IIe7fhLlFm9iGbYsXA5JwOFccG0AwuUNNvhizH3BUHXiKM/s1600/KenwoodTK690790890ControlHeads.JPG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtQJo9V2wgau0W7cSdFqpX0x6rt9sJCqkMU_b64d1EdutjCwNmhGuKIyISiNM2daPNC20TQP5G7lPK03lMQU74xuIYZr-m1IIe7fhLlFm9iGbYsXA5JwOFccG0AwuUNNvhizH3BUHXiKM/s200/KenwoodTK690790890ControlHeads.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Kenwood TK-790/890 control head options, basic and advanced.</td></tr>
</tbody></table>
I also picked up 4 Kenwood TK-890 radios. I got a "good deal". They didn't come with microphones, but I didn't see that as a big deal...while I was at the ham fest. Once I got home, I found out differently. This particular breed of radio, as a result of the genius of Kenwood, doesn't have a standard microphone plug. As a result, microphones cost $65+ each. And the aftermarket doesn't make them. Stupid. I found a lot of 7 on eBay, for a reasonable price, so now I'm in action.<br />
<br />
Anyway, this is a repost of an article I found on a blogspot post about how to tune the TK-890 to the high end of the 70cm ham bands. That article has since disappeared and the blogspot site is no longer in existence...so, I'm reposting the content here. (Thankfully, PDF'ed the article!)<br />
<br />
<u>Original article:</u><br />
(from <a href="http://sparqi.blogspot.com/" target="_blank">Wirelessness blog</a> from <a href="https://twitter.com/w6dtw" target="_blank">W6DTW</a>, originally at http://sparqi.blogspot.com/2013/05/tk-890-amateur-radio-mod.html)<br />
<br />
Over the past weekend a friend of mine asked if I would help him convert his Kenwood TK-890 mobile to work on the ham bands. I wasn't sure how successful we'd be, since most every online search came up with at best little information or at worst flat out statement saying "Nope, can't be done." As it turns out, it can't be done. Kudos to Time K for his <a href="http://forums.radioreference.com/kenwood-forum/219592-tk-890-450-470-split.html" target="_blank">notes posted to Radio Reference</a> [cg, I also placed the relevant content at the end] which gave enough hints to make this happen.<br />
<br />
In general this is how it went. My friend wanted his radio to work on the Bay-Net repeater system, which operates 443.225 with a +5 MHz TX split. TX was fine, but RX was giving a steady "beep-beep-beep..." which indicates PLL unlock.<br />
<br />
In the PLL section, under the copper foil, [cg, for the record, mine weren't) are three adjustment pots: A = TC302, B = TC303, and C = TC301. (Don't ask why they're out of order.) According to the Service Manual, Pot A sets the PLL for the low end of the receiver range, Pot B set the high end of the receiver range, and Pot C sets the TX PLL. The goal is to monitor testpoint CV with a voltmeter and adjust for minimum voltage during RX and TX. This requires reprogramming the radio's test frequencies to match the band of interest, so you'll need the [KPG-44] software and [KPG-4] cable.<br />
<br />
Once we had the PLL voltages minimized for RX and TX, I found that the radio's TX frequency was way off, so a frequency alignment was needed. This again required the [KPG-44] software - for some reason we couldn't get the radio in to Panel Test/Tune via the control head. It was easy enough with the KPG, once we realized you need to press "Enter" to lock the modified value.<br />
<br />
Other things like adjusting the BPF and checking deviations should be done. In the end, the conversation was very easy and the radio is working well on the UHF amateur band.<br />
<br />
[cg Adding this here, to make it more complete, and have information all in one place.]<br />
<u>From Radio Reference:</u><br />
From ramal121:<br />
"The VCO can be adjusted fairly easy with a volt meter. You just program your highest and lowest frequencies, monitor the VCO steering line voltage, check high and low (both TX and RX) and see if the voltage stays within specs. There are tweekers for both TX and RX to achieve this. And yes, if you lower your VCO's range, you will lose the top freqs, the VCO can only swing so far."<br />
<br />
From Tim K:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisaUD6ZrBbu2QxWuQe1b64I-h69wV2ApVEroh5wxqhsLfgqCfdJoh1grwRrp3GjQB-hhs5ZJ_g16S37E2koq7OH8_8VC099224CgE8rocFhzs2IR1M0q7CwkBN4i7eKZbERuXtpkeGrtI/s1600/TK890adjustment.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisaUD6ZrBbu2QxWuQe1b64I-h69wV2ApVEroh5wxqhsLfgqCfdJoh1grwRrp3GjQB-hhs5ZJ_g16S37E2koq7OH8_8VC099224CgE8rocFhzs2IR1M0q7CwkBN4i7eKZbERuXtpkeGrtI/s1600/TK890adjustment.png" /></a></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-64095139606395836442016-11-03T13:45:00.001-07:002016-11-23T14:45:07.672-08:00For the record...HP Elitebook 840 G3 BIOS update<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
HP, in their wisdom, decided that a standard laptop BIOS update should sound like you're bricking your device. So, I'm posting this here so it will get picked up by Google and people don't need to freak out as much as I did. My experience was I ran the BIOS update, the machine started beeping with the screen blank and then I panicked, trying to figure out what I should do. After a bit of work, I found out that this is completely normal for these laptops, for this BIOS update. It is not normal in the world of systems BIOS updates, by any means.</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
<br /></div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
Comment here if you have the same or a different experience.</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
<br /></div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Run BIOS update</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Warning about bitlocker being suspended temporarily.</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Update completes</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Machine reboots automatically</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Screen blanks</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- 2 long beeps, 2 short beeps x 5</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Reboot</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- 1 long beep, 2 short beeps</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- 2 long beeps, 2 short beeps x 4</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Reboot x 2</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Full, white screen notification of DXE update</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Reboot</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
- Back to Windows login</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
<br /></div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
Chris</div>
<div style="background-color: white; font-family: HPRegular, arial, sans-serif; font-size: 14px; line-height: 22px !important; padding: 0px;">
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-46051271272294661962016-06-14T20:53:00.000-07:002016-06-14T20:53:32.388-07:00Putting this here: Shuttle XPC Glamor Series SN68SG2 and Windows 10<span style="font-family: inherit;">I have a Shuttle XPC Glamor Series SN68SG2 that I've had for years. I originally built it in 2008 as a Windows Home Server box. </span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHxXq52AlZ0qBZQC6b6qAaUj5Dz2iwopv2yOLfI5EvS-7QT8mUymPhat3c1pHlT5CFDk10DqNHxm9C7EEegHM5Z7vNMpOU9XHEp7LHx88XqwXwyL8MESW5pz9jVTp0obhJWfSwxtZn1jo/s1600/p_sn68sg2_d_sm.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHxXq52AlZ0qBZQC6b6qAaUj5Dz2iwopv2yOLfI5EvS-7QT8mUymPhat3c1pHlT5CFDk10DqNHxm9C7EEegHM5Z7vNMpOU9XHEp7LHx88XqwXwyL8MESW5pz9jVTp0obhJWfSwxtZn1jo/s400/p_sn68sg2_d_sm.jpg" /></a></div>
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">As time has gone on, I turned into a workstation for mundane tasks, such as running the weather station interface software, or USB-to-Serial cables for programming the scanner, ham and GMRS radios.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">This went from Windows Home Server to Windows 7 to Windows 10 with the free upgrade. Since the upgrade to Windows 10, I've had issues with the Start Menu and Cortana. I tried a number of fixes, but nothing really worked. I even went so far as reloading the system with a fresh copy of Windows 10.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">I had just been resigned to getting the weather station software fired up and running and then not interacting with it until I needed to restart the software and computer.</span><br />
<span style="font-family: inherit;"><br /></span>
Turns out I think it's been a video driver related problem all along. I installed an older, alternative video card and the start menu is magically working again. I used an ATI Radeon X1300/X1550 PCIe video card that had two SVGA cables when it was on Windows 7 and it worked well. This video card doesn't have any valid or supported Windows 10 drivers...but since Windows 10 knows that, it kicked the video driver back to the generic, lower resolution driver.<br />
<br />
Start menu works like a champ so far and its been a couple days, which is a couple days longer than it had been working before.<br />
<br />
Given all that, I'll be on the hunt for a cheap and/or free low profile PCIe video card for this machine.<br />
<br />
Good luck!<br />
Chris<br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><br /></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-87850458725842762522016-03-07T13:07:00.000-08:002016-03-07T13:09:16.864-08:00Grant's Rants: "I got hacked on an airplane"...because you weren't paying attention.<h2>
Grant's Rants:</h2>
My initial reaction to <a href="http://www.usatoday.com/story/tech/columnist/2016/02/24/got-hacked-my-mac-while-writing-story/80844720/" rel="nofollow" target="_blank">the original story</a> of how a reporter was hacked mid-flight through an airline's GoGo wireless network was that reporters, by nature, tend to use less secure, consumer-focused systems. <a href="http://www.usatoday.com/story/tech/columnist/2016/03/05/steven-petrow-hacked-midair-gogo-american-airlines-earthlink/81309338/" rel="nofollow" target="_blank">With this update</a>, we understand with clarity that he is operating as an independent reporter. This wasn't a reporter for security issues, so this was just a reporter, even if he has a description like: <i>USA TODAY columnist Steven Petrow offers advice about living in the Digital Age."</i><br />
<br />
In the end, we can interpret this story as being one that was ripe for happening, and was trumpeted by an opportunistic reporter. We now know that he wasn’t focused on maintaining his own equipment or being concerned about information security issues until he was compromised, and then he made some money off of it by writing articles about his experience that are being shared widely.<br />
<br />
Let's look at the situation:<br />
<br />
<ol>
<li>He was using an older, deprecated email connection method (POP3). He set it up in 2002 and apparently hasn’t touched it since. Therefore, his email traffic could be picked up “in the air” and was entirely unencrypted. </li>
<li>He wasn’t using a VPN for his insecure email protocol. Again, his email traffic could be seen.</li>
<li>He was using unencrypted (public) WiFi. Frankly, any Public WiFi is as secure as any unencrypted WiFi network, home or otherwise. If the network connections aren’t encrypted, then others who are within listening range can see any app traffic that isn’t encrypted…like unencrypted POP3 to pull email.</li>
</ol>
<br />
He wasn't under the corporate umbrella of systems management and secure configurations, so he was left to his own devices (no pun intended). Petrow asked the security expert “'What else do I need to do?' He explained [the reporter] needed to regularly download software updates…” was shocking to read. Frankly, I was surprised it took this long for this reporter to be compromised.<br />
<br />
After writing this, there is blame to be spread around, though:<br />
<br />
<ol>
<li><b><u>ISPs and email providers should only provide encrypted methods for accessing email. </u></b>Why was unencrypted POP3 still allowed? I know the answer, because they didn't want to have additional support requests from their users.</li>
<li><b><u>OS vendors should do more to educate and encourage automatic updating for OSes. </u></b>Microsoft does a good job, on the initial install, and through occasional reminders. </li>
<li><b><u>App vendors should be encrypting network connections by default</u></b>, not by exception or an opt-in process. </li>
<li><b><u>App vendors should be building in automatic updates </u></b>and/or warnings about lack of upgrades. This is a win-win driving more business and securing the consumer. Apple App Store, Chrome and Firefox Automatic Updates were designed for the consumer with no ability to engage in this overhead. Turn it on and forget it. Never look back. Kudos to them. It is for self preservation, and other selfish reasons, typically, but it is moving the needle for consumers and consumer protection.</li>
<li>At this point, consumer VPN services are used widely for a) the paranoid, b) high school students trying to get around school content filters. <b><u>Maybe it's time for Consumer VPN services to take off. </u></b></li>
</ol>
<br />
This type of article in USA Today gives continued exposure and awareness to these basic issues to those people in hotels across the country, so that's good, but updating systems should be table stakes for anyone under 50, especially if you offer "advice about living in the Digital Age." He wasn't paying attention, was compromised and suffered embarrassment. Fortunately, this guy got a second chance to improve his security posture and get paid for his work instead of more serious consequences for his inaction.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-55006734262090490232014-09-24T11:56:00.001-07:002014-09-24T11:56:31.676-07:00Synology, StartSSL, OpenVPN and Tunnelblick<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; line-height: 18.2000007629395px; text-align: justify;">As I mentioned previously, I had switched my Synology box to have a real, live SSL cert from a trusted CA, StartSSL. That worked great for connecting via SSL to either the web console, or Chrome extension for Download Station. All worked swimmingly, until I discovered my OpenVPN connection wasn't functioning any longer. PPTP worked fine, but OpenVPN had issues. Turns out the Synology box, the OpenVPN server, and therefore, the OpenVPN client connection package, don't understand the StartSSL CA. Here was my process of discovery and resolution for this issue.</span><br />
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; line-height: 18.2000007629395px; text-align: justify;"><br /></span>
<br />
<div style="text-align: justify;">
<span style="font-family: LiHei Pro Medium, 儷黑 Pro, Microsoft JhengHei, 微軟正黑體, Arial, Helvetica, clean, sans-serif;"><span style="background-color: #fafaf8; line-height: 18.2000007629395px;">I tried re-exporting the config, changing the hostname to the new Internet-facing hostname. That didn't work. I re-exported the .crt files from the server and included them in the .tblk file to import into TunnelBlick. That didn't work.</span></span></div>
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; line-height: 18.2000007629395px; text-align: justify;"><br /></span>
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; line-height: 18.2000007629395px; text-align: justify;">Then I decided to go look at the client connection logs, which is where I should have started. Here's what they said:</span><br />
<blockquote class="tr_bq">
<span style="background-color: #fafaf8; font-family: Courier New, Courier, monospace; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">
2014-09-24 09:50:43 *Tunnelblick: openvpnstart starting OpenVPN<br />2014-09-24 09:50:44 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: /C=IL/O=StartCom_Ltd./OU=Secure_Digital_Certificate_Signing/CN=StartCom_Class_1_Primary_Intermediate_Server_CA<br />2014-09-24 09:50:44 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed<br />2014-09-24 09:50:44 TLS Error: TLS object > incoming plaintext read error<br />2014-09-24 09:50:44 TLS Error: TLS handshake failed</span></blockquote>
<br />
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">Researching this error, I found the following reference on the </span><span style="font-family: LiHei Pro Medium, 儷黑 Pro, Microsoft JhengHei, 微軟正黑體, Arial, Helvetica, clean, sans-serif;"><span style="line-height: 18.2000007629395px;"><a href="https://forum.synology.com/enu/viewtopic.php?f=173&t=84908&p=319506#p322059" target="_blank">Synology forums</a>:</span></span><br />
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;"><br /></span>
<br />
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">Here's how I fixed this problem:</span><br />
<ol>
<li><span style="font-family: LiHei Pro Medium, 儷黑 Pro, Microsoft JhengHei, 微軟正黑體, Arial, Helvetica, clean, sans-serif;"><span style="background-color: #fafaf8; line-height: 18.2000007629395px;">Get the StartSSL root CA cert (ca.pem) and the StartSSL Class1 cert (sub.class1.server.ca.pem) from <a href="http://www.startssl.com/certs/" target="_blank">StartSSL's web site</a></span></span></li>
<li><span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px;">Concatenate the StartSSL root CA with the StartSSL Class1 cert and save it as a new file. You can use cat in *nix to do this or notepad in Windows, or TextEdit in OS X. Order doesn't matter. It will look something like this, except much longer:</span></li>
</ol>
<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;"><span style="line-height: 18.2000007629395px;">-----BEGIN CERTIFICATE-----</span><span style="line-height: 18.2000007629395px;">MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW<br /></span><span style="line-height: 18.2000007629395px;">NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=</span></span><span style="font-family: Courier New, Courier, monospace;"><span style="line-height: 18.2000007629395px;"><br />-----END CERTIFICATE-----<br /></span></span><span style="font-family: Courier New, Courier, monospace;"><span style="line-height: 18.2000007629395px;">-----BEGIN CERTIFICATE-----<br /></span><span style="line-height: 18.2000007629395px;">MIIGNDCCBBygAwIBAgIBGDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW<br /></span><span style="line-height: 18.2000007629395px;"><span style="line-height: 18.2000007629395px;">Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1</span></span></span><span style="font-family: Courier New, Courier, monospace;"><span style="line-height: 18.2000007629395px;"><br />-----END CERTIFICATE-----</span></span></blockquote>
<div>
<br /></div>
<div>
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; line-height: 18.2000007629395px;">
On your Synology box, do the following: </span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<ol>
<li><span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">In Control Panel > Security > Certificate, you may see that your StartSSL cert is already installed, which was the case in my situation. If this is true, export your certificates, so you have a known good copy of your server.crt and server.key. This will be needed on the next step.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqgHJvRH-ZWGKTJ6brDoBTHZpNlf3ZaXlYkIfREmZ9C0wNP67fJXTB4b2k8zMlPbaJQTRl6sSmi5aGtKpZKYM5LFArAW-0aoHgx4lsKJwypP1ZVjSCzinzyD99gWQQg9Yjo34poJDy_sQ/s1600/Screen+Shot+2014-09-24+at+10.57.27+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqgHJvRH-ZWGKTJ6brDoBTHZpNlf3ZaXlYkIfREmZ9C0wNP67fJXTB4b2k8zMlPbaJQTRl6sSmi5aGtKpZKYM5LFArAW-0aoHgx4lsKJwypP1ZVjSCzinzyD99gWQQg9Yjo34poJDy_sQ/s1600/Screen+Shot+2014-09-24+at+10.57.27+AM.png" height="265" width="320" /></a></div>
</span></li>
<li><span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">Import your server.key, server.crt and the new ca.crt (or whatever you called it) file generated above as the intermediate certificate.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxBH2zkEAAEtbY-Sa7y6IKoowtYolNwqFujDTQpotK9HQUjt10hXjNL_yj4fpEsyi4Gc5sukQc0sx9NWWfhfC6tfGoY-InG-Yk1RILbdA_Bo9r63PpjqXl49KDPotz7BdYcxeEmBkozuo/s1600/Screen+Shot+2014-09-24+at+10.42.11+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxBH2zkEAAEtbY-Sa7y6IKoowtYolNwqFujDTQpotK9HQUjt10hXjNL_yj4fpEsyi4Gc5sukQc0sx9NWWfhfC6tfGoY-InG-Yk1RILbdA_Bo9r63PpjqXl49KDPotz7BdYcxeEmBkozuo/s1600/Screen+Shot+2014-09-24+at+10.42.11+AM.png" height="172" width="320" /></a></div>
</span></li>
<li><span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">This took a bit to import and restart the web server. </span></li>
<li><span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">Go into Package Center and find VPN Server. "Stop", then "Run" the VPN server.</span></li>
<li><span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;">Re-export the OpenVPN config and fix your client .tblk package for the clients.</span></li>
</ol>
<span style="font-family: LiHei Pro Medium, 儷黑 Pro, Microsoft JhengHei, 微軟正黑體, Arial, Helvetica, clean, sans-serif;"><span style="line-height: 18.2000007629395px;">After this, I was able to successfully connect using OpenVPN to my Synology box again. Woo hoo!</span></span><br />
<span style="background-color: #fafaf8; font-family: 'LiHei Pro Medium', '儷黑 Pro', 'Microsoft JhengHei', 微軟正黑體, Arial, Helvetica, clean, sans-serif; font-size: 13px; line-height: 18.2000007629395px; text-align: justify;"><br /></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-83233553183056019382014-08-21T07:15:00.003-07:002014-09-13T23:08:51.176-07:00Implementing a free StartSSL cert for Synology NAS<span style="font-family: Arial, Helvetica, sans-serif;">I have a plugin for Chrome called Download Station Extension (<a href="http://www.download-station-extension.com/">http://www.download-station-extension.com/</a>, also available for Safari and Opera) which allows me to tell my Synology NAS to download and initiate torrent downloads among other things. It is excessively handy.This extension supports all types of downloads that are supported by Synology's Download Station, </span><span style="font-family: Arial, Helvetica, sans-serif;">application developed by and built into the Synology base OS. (<a href="http://www.synology.com/en-global/dsm/home_multimedia_download_station">http://www.synology.com/en-global/dsm/home_multimedia_download_station</a>)</span><span style="font-family: Arial, Helvetica, sans-serif;"> . You can tell your Synology box to go download files quickly and easily</span><span style="font-family: Arial, Helvetica, sans-serif;">, including: </span><br />
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">BitTorrent (both .torrent files and magnet links) </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Usenet news NZB files </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">http, https, ftp, sftp and ftps downloads </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">YouTube videos </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Some supported filehosting websites </span></li>
</ul>
<span style="font-family: Arial, Helvetica, sans-serif;">The extension does this by logging into the "Download Station" app on your Synology using your. This is great, however, there is one significant caveat. The Download Station Extension will only use http until you have a trusted SSL cert installed. In order to protect the credentials to your Synology and use SSL/https, this plugin needs a certificate that is trusted by your browser. And in order to do that, you need to install an SSL certificate on your Synology NAS that comes from a real Certificate Authority (CA).</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif;">Now, to be clear, your Synology does have a SSL certificate already, but it's a "self-signed" certificate, meaning your server generated the certificate and it also validated it as being a good, trusted certificate. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://forum.synology.com/enu/viewtopic.php?f=36&t=21704&sid=823d2da6fe1e49e63679f6bed2c2234d" target="_blank">A post in the Synology Community Site</a> describes how to go the process of installing a free StartSSL cert, however it involved significant ssh command line work, operating with openssl directly. Turns out Steps 1-6 in this guide are no longer necessary. You could probably still do the requisite work through ssh/openssl, however, according to the Synology guide <a href="http://www.synology.com/en-us/support/tutorials/611" style="font-family: Arial, Helvetica, sans-serif;" target="_blank">here</a>, you no longer have to ssh into the box to generate a certificate signing request or process the certificate returned from an SSL cert provider. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><b><u>Based on that, here's what you need to do.</u></b></span><br />
<ol><span style="font-family: Arial, Helvetica, sans-serif;">
<li><a href="http://www.synology.com/en-us/support/tutorials/611" target="_blank">Go to the Synology guide</a>, and perform steps 1-7. Proceed to the next step.</li>
<li>Use the <a href="http://forum.synology.com/enu/viewtopic.php?f=36&t=21704&sid=823d2da6fe1e49e63679f6bed2c2234d" target="_blank">Synology Community Site post by GNOE Inc.</a> and perform steps 7-8.8 to generate the StartSSL-based (free) cert.</li>
<li><a href="http://www.synology.com/en-us/support/tutorials/611" style="font-family: Arial, Helvetica, sans-serif;" target="_blank">Go back to the Synology guide</a>, and perform the last steps on the page, 1-3.</li>
</span></ol>
<span style="font-family: Arial, Helvetica, sans-serif;"></span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><i>Make sure that the SSL certificate domain matches the domain you're using to access your NAS through the Internet. If the SSL cert and the domain don't match, you'll still get SSL cert errors and you won't get the benefits of this whole process.</i></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
Hope this guide helps!</span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Chris</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-6785515158669257032014-02-28T22:47:00.001-08:002014-02-28T22:47:31.413-08:00Moving a Windows 7 VM from Parallels 8 to VirtualBox 4.3 on OS X Mavericks using VMWare Fusion<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxC8rR78caeuDrktVjixMa1ADng252yoNSxS3Yfa6zXVHciw7OmNKoq4C0XOP5YMSvcBE6p7erp6oS1T5pZQ2QunKmILrT6Wj5EHnQi4UU2d5J3EriJKAXqI6PkwbBhN3LPhfGGYNYulE/s1600/275px-MacBook_Pro_situated_on_a_wooden_table.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxC8rR78caeuDrktVjixMa1ADng252yoNSxS3Yfa6zXVHciw7OmNKoq4C0XOP5YMSvcBE6p7erp6oS1T5pZQ2QunKmILrT6Wj5EHnQi4UU2d5J3EriJKAXqI6PkwbBhN3LPhfGGYNYulE/s1600/275px-MacBook_Pro_situated_on_a_wooden_table.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxC8rR78caeuDrktVjixMa1ADng252yoNSxS3Yfa6zXVHciw7OmNKoq4C0XOP5YMSvcBE6p7erp6oS1T5pZQ2QunKmILrT6Wj5EHnQi4UU2d5J3EriJKAXqI6PkwbBhN3LPhfGGYNYulE/s1600/275px-MacBook_Pro_situated_on_a_wooden_table.jpg" height="174" width="200" /></a></div>
My first Macbook Pro was a 1st Intel generation, early 2006 model, that I bought from someone local on Craigslist in 2009. (Example to the right.) I cut my teeth there and got used to the Mac-isms and the Apple-isms about running OSX. That machine was't going to run any virtual machines well, so I never installed VirtualBox, Parallels or VMWare Fusion. That machine wouldn't install anything newer than 32-bit Snow Leopard. No Lion and no Mountain Lion. This was frustrating enough, and then software application makers moved to 64-bit entirely, so then I wasn't able to run the software either.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
So, in early 2013, I bought a new Macbook Pro and now I had the horsepower to run VMs. Woo hoo!</div>
<div>
<div>
<br /></div>
<div>
Parallels pushes their marketing heavy on the Mac world. They have a lot of features, and seemed to have a lot of people who have used the product successfully. So I bought it too.</div>
<div>
<br /></div>
<div>
Fast forward to late 2013, and the release of Mavericks. Before I installed Mavericks, Parallels started warning me about Parallels 8 compatibility with Mavericks. I scoffed. All of the reviews said it ran just fine, and it has, but I have become increasingly resentful of having to shell out $50 for an upgrade, for little benefit. </div>
</div>
<div>
<br /></div>
<div>
So, I decided to try to convert my Win7 VM in Parallels to a Win7 VM in VirtualBox. I ran into a few issues. Here's how I did it successfully (I'll list what didn't work, after):</div>
<div>
<br /></div>
<div>
<h3>
Step 1) Shutdown the Parallels VM, not just sleep, actually shut the machine down.</h3>
<h3>
<br />Step 2) Convert Parallels machine (.pvm) to VMWare (.vmwarevm) virtual machine</h3>
</div>
<div>
To do this, you'll need to first, <b><i>download and install the VMWare Fusion trial</i></b> through the normal means. Here's a YouTube walkthrough:</div>
<div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/mgpfHsuI6iQ?feature=player_embedded' frameborder='0'></iframe></div>
<div style="text-align: center;">
<br /></div>
Next, once you get it installed, <b><i>choose to "Import"</i></b> an existing machine. This will make VMWare Fusion go look for existing virtual machines on the system. Of course, in this case, my Windows 7 Parallels instance exists, so it found it right away. (Not sure why it listed it as a "Recent Item", though.)</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Z2qJDUy7xcL_79chpj708-6jwyhKwycnfntHxfUHEynNmHUgz-mfMepXpmLkfnW2i4Z5TEcJwRngnXIiCiJVq59M8fk7a0v32C9hvtC6zQ3B9700KL5X1-WPJYYaV_qjkAZ-vbGNwVc/s1600/Screen+Shot+2014-02-18+at+12.11.17+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Z2qJDUy7xcL_79chpj708-6jwyhKwycnfntHxfUHEynNmHUgz-mfMepXpmLkfnW2i4Z5TEcJwRngnXIiCiJVq59M8fk7a0v32C9hvtC6zQ3B9700KL5X1-WPJYYaV_qjkAZ-vbGNwVc/s1600/Screen+Shot+2014-02-18+at+12.11.17+AM.png" height="298" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both;">
<b><i>Click on Continue.</i></b> You'll be asked what you want to call this new VM. It will use the same base name, but then provide the VMWare extension .vmwarevm for the new virtual machine. You don't really need the whole machine, I don't believe, but the process does create the .vmdk disk image inside the directory named YourNameHere.vmwarevm which we will need in the next step.</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCY9E1kAtSc925fDQ7oKl6Mmnou8DX_AlmaCoaGMemQ8jQh0DdVZoRjUBfuwREVRUhkjVcFnmpmOKOhX3U_OoweS94lkyiw7c0dnJo6EH1LKQ4EeCHw5zsmXZDdLL5E18Vq_FYEAsu7kk/s1600/Screen+Shot+2014-02-18+at+12.11.47+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCY9E1kAtSc925fDQ7oKl6Mmnou8DX_AlmaCoaGMemQ8jQh0DdVZoRjUBfuwREVRUhkjVcFnmpmOKOhX3U_OoweS94lkyiw7c0dnJo6EH1LKQ4EeCHw5zsmXZDdLL5E18Vq_FYEAsu7kk/s1600/Screen+Shot+2014-02-18+at+12.11.47+AM.png" height="217" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both;">
Of course, <b><i>click save.</i></b></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
At this point, I fired up the Windows 7 virtual machine under VMWare Fusion and everything went swimmingly. I just wanted to make sure the new disk image was viable. Because of that, and because I didn't want to create any other issues I didn't install the VMWare extensions. I simply shut the machine back down again and moved on to Step 3.</div>
<div class="separator" style="clear: both;">
<br /></div>
<h3 style="clear: both;">
Step 3) Convert a VMWare disk image (.vmdk) file to a .vdi file which VirtualBox understands</h3>
<div>
First,<b><i> install Oracle VirtualBox</i></b>. You can get it from here: <a href="https://www.virtualbox.org/wiki/Downloads" target="_blank">https://www.virtualbox.org/wiki/Downloads</a></div>
<div>
<br />
Second, we'll <b><i>convert the VMWare Fusion disk image in .vmdk format to VirtualBox-import-capable .vdi disk image using a VirtualBox utility called VBoxManage</i></b>.<br />
<br />
You'll need to run this command either from the directory that the .vmdk file is in, or you'll have to put in the full path to the .vmdk file. Mine was ~/Documents/Virtual Machines.localized/Windows 7.vmwarevm<br />
<br />
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"> VBoxManage clonehd --format VDI Windows\ 7-0.vmdk newimage.vdi</span></div>
<div class="p1">
<span style="text-align: center;"><br /></span></div>
<div class="p1">
<span style="text-align: center;">I then moved the .vdi image to my VirtualBox VMs directory.</span></div>
<div class="p1">
<span style="text-align: center;"><br /></span></div>
<div class="p1">
<span style="text-align: center;"> <span style="font-family: Courier New, Courier, monospace;">mv newimage.vdi ~/VirtualBox\ VMs/</span></span></div>
<br />
Third, <b><i>start up VirtualBox and set up a new VM</i></b> and choose an existing disk image.</div>
<div>
<br />
Here's the "New" screen:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUoY-NJJPt89uul_aU3HT2RDQeOFxX0ZFtPlnZLxDxyn9yfFKnXpouH5OyehkfhYXHVJQJhpYAugqrLTvk4sZfG1UbCs_lqh0hqo4ZXM6J4tXvtPPqJtHP88PWSt63HAg8Kiw-pEWBjxQ/s1600/Screen+Shot+2014-02-28+at+10.27.43+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUoY-NJJPt89uul_aU3HT2RDQeOFxX0ZFtPlnZLxDxyn9yfFKnXpouH5OyehkfhYXHVJQJhpYAugqrLTvk4sZfG1UbCs_lqh0hqo4ZXM6J4tXvtPPqJtHP88PWSt63HAg8Kiw-pEWBjxQ/s1600/Screen+Shot+2014-02-28+at+10.27.43+PM.png" height="238" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both;">
And this is the area where you'll <b><i>choose "Use an existing virtual hard drive file"</i></b>. You'll have to then find the .vdi file and it will end up populating the area below the radio button.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwj07ZLX1qx4DAwxC7usvEf4Jw79h233wlQtgXfkYVqwmtVrhJkDi9_TQJMfmJH3NEERF82788vXDsqq0qmSjAWi7946EC5_WTGAVkWfDgnACIPPpEx7_9RcsTfCBdyXjBvqX1sjsGPLk/s1600/Screen+Shot+2014-02-28+at+10.27.54+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwj07ZLX1qx4DAwxC7usvEf4Jw79h233wlQtgXfkYVqwmtVrhJkDi9_TQJMfmJH3NEERF82788vXDsqq0qmSjAWi7946EC5_WTGAVkWfDgnACIPPpEx7_9RcsTfCBdyXjBvqX1sjsGPLk/s1600/Screen+Shot+2014-02-28+at+10.27.54+PM.png" height="84" width="320" /></a></div>
<br />
<b><i>Click on Create.</i></b><br />
<br />
That's it. Fire up the new VirtualBox VM and install the extensions.<br />
<br />
Once you're satisfied with the fact that it booted and you're running Windows in VirtualBox on Mavericks on your Mac...you'll have to remove your Parallels instance. Windows will start barking that it is counterfeit. You'll have to reactivate your license on this VM.</div>
</div>
<div>
<br /></div>
<!-- Blogger automated replacement: "https://images-blogger-opensocial.googleusercontent.com/gadgets/proxy?url=http%3A%2F%2F2.bp.blogspot.com%2F-TpRRYH6rFjw%2FUwMKwoYT7KI%2FAAAAAAAAF00%2Fl_XobV-AtAY%2Fs1600%2F275px-MacBook_Pro_situated_on_a_wooden_table.jpg&container=blogger&gadget=a&rewriteMime=image%2F*" with "https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxC8rR78caeuDrktVjixMa1ADng252yoNSxS3Yfa6zXVHciw7OmNKoq4C0XOP5YMSvcBE6p7erp6oS1T5pZQ2QunKmILrT6Wj5EHnQi4UU2d5J3EriJKAXqI6PkwbBhN3LPhfGGYNYulE/s1600/275px-MacBook_Pro_situated_on_a_wooden_table.jpg" --><!-- Blogger automated replacement: "https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxC8rR78caeuDrktVjixMa1ADng252yoNSxS3Yfa6zXVHciw7OmNKoq4C0XOP5YMSvcBE6p7erp6oS1T5pZQ2QunKmILrT6Wj5EHnQi4UU2d5J3EriJKAXqI6PkwbBhN3LPhfGGYNYulE/s1600/275px-MacBook_Pro_situated_on_a_wooden_table.jpg" with "https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxC8rR78caeuDrktVjixMa1ADng252yoNSxS3Yfa6zXVHciw7OmNKoq4C0XOP5YMSvcBE6p7erp6oS1T5pZQ2QunKmILrT6Wj5EHnQi4UU2d5J3EriJKAXqI6PkwbBhN3LPhfGGYNYulE/s1600/275px-MacBook_Pro_situated_on_a_wooden_table.jpg" -->Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-10699101827504366732014-02-06T20:00:00.001-08:002014-02-06T20:04:35.445-08:00How to Install Metasploit on Mavericks 10.9.1 (in 2014)I've been struggling with getting Metasploit installed in my Mavericks (10.9.1) based MacBook Pro. The instructions I found weren't lining up with my experience, so I thought I'd write up my experience and how I was able to get it installed.<br />
<br />
My instructions are from my experience, but I got a lot of help from resources such as DarkOperator's instructions here:<br />
<br />
<a href="http://www.darkoperator.com/installing-metasploit-framewor/">http://www.darkoperator.com/installing-metasploit-framewor/</a><br />
<br />
He developed a script to a bunch of this work for you, however, I haven't tried it. I noticed that it is using an older version of ruby in the 1.9.3 tree.<br />
<a href="https://github.com/darkoperator/MSF-Installer/blob/master/msf_install.sh">https://github.com/darkoperator/MSF-Installer/blob/master/msf_install.sh</a><br />
<br />
<h3>
1. Install Xcode on Mavericks 10.9.1</h3>
<span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><span style="color: blue;"><b>Go to <a href="https://developer.apple.com/xcode/">https://developer.apple.com/xcode/</a> to download and install.</b></span> Move to Step #2, unless you want to read through my experience.</span></span><br />
<br />
Other sites will tell you to install the command line tools by using the command line (don't do this yet):<br />
<br />
<div style="text-align: center;">
<div style="text-align: left;">
<span style="font-family: Courier New, Courier, monospace;">xcode-select --install</span></div>
</div>
<br />
When you do this, it looks promising:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVdXzb92m_eH-nPyEHoMFqZMRLxm0GSGhz207H2Pt_wj8iZpEdVBgkywm_9faGm6FVyba8EH-g6kAOInWjM2_yOB_jOlSgwG6ap2WSquVXzwvgo5aVwbqfMInppWxC2C5sLb1rsySUn9M/s1600/Screen+Shot+2014-02-01+at+1.22.24+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVdXzb92m_eH-nPyEHoMFqZMRLxm0GSGhz207H2Pt_wj8iZpEdVBgkywm_9faGm6FVyba8EH-g6kAOInWjM2_yOB_jOlSgwG6ap2WSquVXzwvgo5aVwbqfMInppWxC2C5sLb1rsySUn9M/s1600/Screen+Shot+2014-02-01+at+1.22.24+PM.png" height="233" width="640" /></a></div>
<br />
But it will eventually fail with the following message:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-BIwguU1_xbsxAu1I0JQrDEoBW-mtMomus0w8fHeWc7TU2KpNnm-3xMTrymblTBSKuU4ddOd8LMahIBtPLENb_joYsbaDp9FhKtrhrIs4rBzz_CuzTbp-CG5m1xH4q2hIS_y3T3JMoEE/s1600/Screen+Shot+2014-02-01+at+1.22.58+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-BIwguU1_xbsxAu1I0JQrDEoBW-mtMomus0w8fHeWc7TU2KpNnm-3xMTrymblTBSKuU4ddOd8LMahIBtPLENb_joYsbaDp9FhKtrhrIs4rBzz_CuzTbp-CG5m1xH4q2hIS_y3T3JMoEE/s1600/Screen+Shot+2014-02-01+at+1.22.58+PM.png" height="211" width="640" /></a></div>
<div style="text-align: center;">
"Can't install the software because it is not currently available from the Software Update server."</div>
<br />
Other sites will also tell you that you need to check the "Command Line Tools" box in the XCode Preferences/Downloads tab. Notice it doesn't exist in XCode 5.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRQKNh5cHW-sfhiDP3flp6gIZZeAcLkzhcTMvM9LZVOjLrEMAul4OOe_uFeaW05SF1yXoEpyP2poy3surpEaQnjEcc9LfhWQOyoBnvVrk7CXs1Uo7vxm8qsgtTbbnKBjW3MzHR1XLNWpQ/s1600/Screen+Shot+2014-02-01+at+1.44.04+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRQKNh5cHW-sfhiDP3flp6gIZZeAcLkzhcTMvM9LZVOjLrEMAul4OOe_uFeaW05SF1yXoEpyP2poy3surpEaQnjEcc9LfhWQOyoBnvVrk7CXs1Uo7vxm8qsgtTbbnKBjW3MzHR1XLNWpQ/s1600/Screen+Shot+2014-02-01+at+1.44.04+PM.png" height="384" width="640" /></a></div>
<br />
Turns out, you don't need to install the command line tools, as they're included with XCode 5 (reading comments from this thread: <a href="http://www.computersnyou.com/2025/2013/06/install-command-line-tools-in-osx-10-9-mavericks-how-to/">http://www.computersnyou.com/2025/2013/06/install-command-line-tools-in-osx-10-9-mavericks-how-to/</a>) . Verify they're installed by checking for gcc and g++.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5nLrLjtm4X4MQGkrStYE79yrwHqjZO-j6Pf5ToD9VfgRrV1Nbk9s6UllCMbg_6umfYTCBjVFxFFzvlw1b3aCRB8-ef405PnCd2CoqD9NOa12SX7_rvunfQj8jR_qBhqDRYjtpof7uBC0/s1600/Screen+Shot+2014-02-01+at+1.18.24+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5nLrLjtm4X4MQGkrStYE79yrwHqjZO-j6Pf5ToD9VfgRrV1Nbk9s6UllCMbg_6umfYTCBjVFxFFzvlw1b3aCRB8-ef405PnCd2CoqD9NOa12SX7_rvunfQj8jR_qBhqDRYjtpof7uBC0/s1600/Screen+Shot+2014-02-01+at+1.18.24+PM.png" height="106" width="640" /></a></div>
<br />
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">CGMbPR:~ cgrant$ gcc -v</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Target: x86_64-apple-darwin13.0.0</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Thread model: posix</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">CGMbPR:~ cgrant$ g++ -v</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Target: x86_64-apple-darwin13.0.0</span></div>
<span style="background-color: #cccccc;"><br /></span>
<br />
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Thread model: posix</span></div>
<h3>
</h3>
<h3>
</h3>
<h3>
2. Install homebrew.</h3>
<b><span style="color: blue;">The install URL for homebrew has been updated, so use this on the command line:</span></b><br />
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></code>
<br />
<span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><b><code>
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"</code>
</b><code style="border: 0px; font-size: x-large; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></code></span></span>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;"><br /></span></code><br />
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">I did the following, so you don't have to. </span></code><span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;">If you tried to use the URL listed on many other guides, you'd see this:</span><br />
<span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6EyjMgZLtxZQ7-_ql0KnkTK__Kwl0QXRsm0jakjjaj6esC1LNaBxXVUpqN0Oub07TWeQD3uetg-txZx7qqg7RZRk18Hhn-SaUk7JxPRhR9jniPmPeruPciRnS1sexMJ5zAItVAWtZ2oQ/s1600/Screen+Shot+2014-02-01+at+1.17.30+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6EyjMgZLtxZQ7-_ql0KnkTK__Kwl0QXRsm0jakjjaj6esC1LNaBxXVUpqN0Oub07TWeQD3uetg-txZx7qqg7RZRk18Hhn-SaUk7JxPRhR9jniPmPeruPciRnS1sexMJ5zAItVAWtZ2oQ/s1600/Screen+Shot+2014-02-01+at+1.17.30+PM.png" height="245" width="640" /></a></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">CGMbPR:~ cgrant$ ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">-e:6: syntax error, unexpected '<'</span></div>
<div class="p1">
<span style="background-color: #cccccc;"><span style="font-family: Courier New, Courier, monospace;"></span></span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> ^</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">-e:7: syntax error, unexpected '<'</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><html></html></span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> ^</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">-e:9: syntax error, unexpected '<'</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> </span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> ^</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">-e:10: syntax error, unexpected '<'</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> </span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> ^</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">-e:10: syntax error, unexpected tIDENTIFIER, expecting end-of-input</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> </span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> ^</span></div>
<h3>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;"><br /></span></code></h3>
<h3>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">3. Install wget (and git, maybe?)</span></code></h3>
<div>
<span style="background-color: white; font-family: inherit;">Run this on the command line (no sudo required):</span><br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #cfe2f3;"><b>brew install wget
</b></span></span></div>
<div>
<span style="background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: 0px; font-size: small; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></span>
<span style="background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: 0px; font-size: small; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">I had installed the full installer for Mac OSX for the native Github client prior to starting this install, which I believe installed the command line versions of git, so I didn't actually run the brew version. I also didn't change the path to make the /usr/local/bin versions come first in the search path. It doesn't seem to have caused any issues yet. So, I didn't install brew-managed git, but if you wanted to or hadn't installed git yet you should execute this:</span><br />
<span style="background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: 0px; font-size: small; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></span>
<span style="background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: 0px; font-size: small; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: 'Courier New', Courier, monospace;">brew install git</span></span></div>
<h3>
<span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;"><br /></span></h3>
<h3>
<span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;">4. Install Ruby Version Manager (rvm) and ruby 2.1.0, apparently</span></h3>
<div>
<span style="background-color: white;">Run this on the command line (no sudo required):</span></div>
<div>
<span style="background-color: white;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">\curl -#L https://get.rvm.io | bash -s stable --autolibs=3 --ruby</b></span>
</div>
<div>
<span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;"><br /></span>
<span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;">This is what it looked like for me:</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDl9F2D4SrJLujAqwFGoNyXa5mlDD2Wtsqbtx5WwJ7a1DntigMBBH7yY5-1fOf7AUU52f8xWnIId5rsH7p2AoTxrTqxL5pZ9qcvfWUX958iL5RNQd1fXfKLeL2EYcRdJw1avY5c1VnIIY/s1600/Screen+Shot+2014-02-02+at+6.37.56+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDl9F2D4SrJLujAqwFGoNyXa5mlDD2Wtsqbtx5WwJ7a1DntigMBBH7yY5-1fOf7AUU52f8xWnIId5rsH7p2AoTxrTqxL5pZ9qcvfWUX958iL5RNQd1fXfKLeL2EYcRdJw1avY5c1VnIIY/s1600/Screen+Shot+2014-02-02+at+6.37.56+PM.png" height="592" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWOh-J_T8-R4fJQXenltF7-o3Dt0QdoU8O34v_FMJQH-8g16CEReUMA7m8Fi-LAyyhRuCQ2mHnxX31e3VP_Ecan8BnAqBFdalv5mynGE_-R7styrQwYU19GduJg9jkGGnBEEEQihL74BU/s1600/Screen+Shot+2014-02-02+at+6.38.13+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWOh-J_T8-R4fJQXenltF7-o3Dt0QdoU8O34v_FMJQH-8g16CEReUMA7m8Fi-LAyyhRuCQ2mHnxX31e3VP_Ecan8BnAqBFdalv5mynGE_-R7styrQwYU19GduJg9jkGGnBEEEQihL74BU/s1600/Screen+Shot+2014-02-02+at+6.38.13+PM.png" height="104" width="640" /></a></div>
<span style="font-family: Times, 'Times New Roman', serif; line-height: 1.6;"><br /></span>
<br />
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">CGMbPR:~ cgrant$ \curl -#L https://get.rvm.io | bash -s stable --autolibs=3 --ruby</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">######################################################################## 100.0%</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Downloading https://github.com/wayneeseguin/rvm/archive/stable.tar.gz</span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Installing RVM to /Users/cgrant/.rvm/</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> Adding rvm PATH line to /Users/cgrant/.profile /Users/cgrant/.bashrc /Users/cgrant/.zshrc.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> Adding rvm loading line to /Users/cgrant/.bash_profile /Users/cgrant/.zlogin.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Installation of RVM in /Users/cgrant/.rvm/ is almost complete:</span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> * To start using RVM you need to run `source /Users/cgrant/.rvm/scripts/rvm`</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> in all your open shell windows, in rare cases you need to reopen all shell windows.</span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"># Chris Grant,</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">#</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"># Thank you for using RVM!</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"># We sincerely hope that RVM helps to make your life easier and more enjoyable!!!</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">#</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"># ~Wayne, Michal & team.</span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><span class="s1">In case of problems: </span>http://rvm.io/help <span class="s1">and </span>https://twitter.com/rvm_io</span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">rvm 1.25.15 (stable) by Wayne E. Seguin <wayneeseguin gmail.com="">, Michal Papis <mpapis gmail.com=""> [https://rvm.io/]</mpapis></wayneeseguin></span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Searching for binary rubies, this might take some time.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Found remote file https://rvm.io/binaries/osx/10.9/x86_64/ruby-2.1.0.tar.bz2</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Checking requirements for osx.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Installing requirements for osx.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Updating system<span class="s2">.</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Installing required packages: autoconf, automake, libtool, pkg-config, libyaml, readline, libksba<span class="s2">.....</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Certificates in '/usr/local/etc/openssl/cert.pem' already are up to date.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Requirements installation successful.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #configure</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #download</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> % Total % Received % Xferd Average Speed Time Time Time Current</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> Dload Upload Total Spent Left Speed</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">100 9475k 100 9475k 0 0 661k 0 0:00:14 0:00:14 --:--:-- 1346k</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #validate archive</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #extract</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #validate binary</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #setup</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #making binaries executable<span class="s2">.</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #downloading rubygems-2.2.1</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> % Total % Received % Xferd Average Speed Time Time Time Current</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> Dload Upload Total Spent Left Speed</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">100 401k 100 401k 0 0 215k 0 0:00:01 0:00:01 --:--:-- 215k</span></div>
<div class="p4">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">No checksum for downloaded archive, recording checksum in user configuration.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #extracting rubygems-2.2.1<span class="s2">.</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #removing old rubygems<span class="s2">.</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #installing rubygems-2.2.1<span class="s2">............</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #gemset created /Users/cgrant/.rvm/gems/ruby-2.1.0@global</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #importing gemset /Users/cgrant/.rvm/gemsets/global.gems<span class="s2">.....</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #generating global wrappers<span class="s2">.</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #gemset created /Users/cgrant/.rvm/gems/ruby-2.1.0</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #importing gemsetfile /Users/cgrant/.rvm/gemsets/default.gems evaluated to empty gem list</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">ruby-2.1.0 - #generating default wrappers<span class="s2">.</span></span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Updating certificates in '/etc/openssl/cert.pem'.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">mkdir: /etc/openssl: Permission denied</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">cgrant password required for 'mkdir -p /etc/openssl': </span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Creating alias default for ruby-2.1.0.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Recording alias default for ruby-2.1.0.</span></div>
<div class="p3">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Creating default links/files</span></div>
<div class="p2">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"><br /></span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> * To start using RVM you need to run `source /Users/cgrant/.rvm/scripts/rvm`</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;"> in all your open shell windows, in rare cases you need to reopen all shell windows.</span></div>
<span style="background-color: #cccccc;"><br /></span>
<br />
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">CGMbPR:~ cgrant$ source /Users/cgrant/.rvm/scripts/rvm</span></div>
</div>
<div>
<h3>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;"><br /></span></code></h3>
<h3>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">5. Install the rest of ruby</span></code></h3>
</div>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">This first step took quite a while.</span></code><br />
<span style="background-color: #cfe2f3; font-family: 'Courier New', Courier, monospace; line-height: 1.6;"><b>rvm requirements</b></span><br />
<br />
<span style="font-family: inherit;"><span style="background-color: white; line-height: 38.400001525878906px;">Here's what it looked like for me:</span></span><br />
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQzoWshtyAG8Yxek6VnikK5hdwfwp3w5PVadSLhZJEDwe5SNdYk7uNdtlXbIZi8FwzV5isE24JCX-SePpe-vA_vDQ5-80QwglDU76y7XRwBFPMrkPRJsBGDq7qiFZ8dKTGWjt5yLImZ9M/s1600/Screen+Shot+2014-02-02+at+6.43.03+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQzoWshtyAG8Yxek6VnikK5hdwfwp3w5PVadSLhZJEDwe5SNdYk7uNdtlXbIZi8FwzV5isE24JCX-SePpe-vA_vDQ5-80QwglDU76y7XRwBFPMrkPRJsBGDq7qiFZ8dKTGWjt5yLImZ9M/s1600/Screen+Shot+2014-02-02+at+6.43.03+PM.png" height="170" width="640" /></a></div>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br />The guide I was looking at suggested I run the following, which I did.</span></code><br />
<code style="background-color: white; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Courier New, Courier, monospace;"><br /></span></code>
<code style="background-color: white; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Courier New, Courier, monospace;">brew install autoconf automake libtool libyaml readline libksba openssl</span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;">Everything was installed already.</span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipwh0BVFVysTEU4uNqiKbDTDOa921zv_XzAW6gibtykW0UQddC3mqxUDWawQHV5kXAHIL9AfSQ7bq4go-55VF8ZOiGE278fRsMK4mF8-no0ihbxD1kWmFGpBRY_YtUO2NC6fcoDHGL6p8/s1600/Screen+Shot+2014-02-02+at+6.45.23+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipwh0BVFVysTEU4uNqiKbDTDOa921zv_XzAW6gibtykW0UQddC3mqxUDWawQHV5kXAHIL9AfSQ7bq4go-55VF8ZOiGE278fRsMK4mF8-no0ihbxD1kWmFGpBRY_YtUO2NC6fcoDHGL6p8/s1600/Screen+Shot+2014-02-02+at+6.45.23+PM.png" height="120" width="640" /></a></div>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;">The next step was to run this command:</span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="background-color: white; font-family: Courier New, Courier, monospace;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="background-color: white; font-family: Courier New, Courier, monospace;">rvm install ruby-1.9.3-p392</span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;">I skipped this step because it looked like ruby-2.1.0 was installed earlier. (**Turns out ruby-1.9.3 is required for metasploit, although this isn't the most current version. I cover this later.**)</span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code><code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><b>rvm gemset create msf</b></span></span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigypmbDPsWNL6wFJ2VWnCI_ODWhQl9ESi9LiGYVhLLzcmNBVTZffLU86OHOH0lxpT9Rffg9I7tUTnXIwDHPry_dNuWtJlDQ5x8OXT9AoHdIWh3tmYtuOAUzSahheOqN_YPVNAYWi4kZeI/s1600/Screen+Shot+2014-02-02+at+6.58.40+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigypmbDPsWNL6wFJ2VWnCI_ODWhQl9ESi9LiGYVhLLzcmNBVTZffLU86OHOH0lxpT9Rffg9I7tUTnXIwDHPry_dNuWtJlDQ5x8OXT9AoHdIWh3tmYtuOAUzSahheOqN_YPVNAYWi4kZeI/s1600/Screen+Shot+2014-02-02+at+6.58.40+PM.png" height="74" width="640" /></a></div>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, 'Times New Roman', serif; line-height: 25.600000381469727px;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif; line-height: 1.6;">Other sites would have you run the following command, but looks like I have 2.1.0 installed so I modified it appropriately.</span></code><br />
<span style="font-family: Times, Times New Roman, serif;"><code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="line-height: 1.6;"><br /></span></code>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="line-height: 1.6;">Unused:</span></code></span><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="background-color: white; font-family: 'Courier New', Courier, monospace; line-height: 25.600000381469727px;">rvm use ruby-1.9.3-p392@msf --default</span></code><br />
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;"><br /></span></code>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">Changed, used:</span></code><br />
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"><b>rvm use ruby-2.1.0@msf --default</b></span></code><br />
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></code>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></code>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqkFbNfjkhasze-NGdEfecJx7J8pHJ9JAkVc3wZYQ7VtTL9xtF2nZrn_opn_iKCtCAuf-77pEB1Qq4QIbNZx1SoPZO4b9m-MhTzH59o14oLZ8tzkJ82fRoLHN-hxOHcfUbawwpaIv4SLg/s1600/Screen+Shot+2014-02-02+at+6.59.37+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqkFbNfjkhasze-NGdEfecJx7J8pHJ9JAkVc3wZYQ7VtTL9xtF2nZrn_opn_iKCtCAuf-77pEB1Qq4QIbNZx1SoPZO4b9m-MhTzH59o14oLZ8tzkJ82fRoLHN-hxOHcfUbawwpaIv4SLg/s1600/Screen+Shot+2014-02-02+at+6.59.37+PM.png" height="56" width="640" /></a></div>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></code>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">Verify the install with the following command:</span></code><br />
<span style="background-color: #cfe2f3;">
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><b><span style="font-family: Courier New, Courier, monospace;">ruby -v</span></b></code></span><br />
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><br /></code>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3YlgVPxxH6GjK4lXc86PfsOXaOZgpPfHtUQOd0AzOj8qte2CHIGaxsBJBz1EKm1tdO6DdgLFN47qt9Xhv1iNg36sC9ygDGAA0zwK0oGTJIc1Squy8zn8-Eu2gdiEYK-AclxMrrF1fpzc/s1600/Screen+Shot+2014-02-02+at+7.03.49+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3YlgVPxxH6GjK4lXc86PfsOXaOZgpPfHtUQOd0AzOj8qte2CHIGaxsBJBz1EKm1tdO6DdgLFN47qt9Xhv1iNg36sC9ygDGAA0zwK0oGTJIc1Squy8zn8-Eu2gdiEYK-AclxMrrF1fpzc/s1600/Screen+Shot+2014-02-02+at+7.03.49+PM.png" height="54" width="640" /></a></div>
</div>
<div>
<h3>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;"><br /></span></code></h3>
<h3>
<code style="background-color: transparent; border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">6. Installing metasploit</span></code></h3>
</div>
<div>
So, I did the following:</div>
<div>
<br /></div>
<div>
<span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><b>sudo su</b></span></span></div>
<div>
<span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><b>cd /opt</b></span></span></div>
<div>
<span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><b>git clone https://github.com/rapid7/metasploit-framework.git msf</b></span></span></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvtRA9YAGyGRFlmaC0rjuHbE7GY6_Epqz5lrheAzUQpU494VyRMFY0btNQd2vCXsORrNAGVJ7M3cLF1haecX5ttDy6lKP649zIG1wLgAmzUQ-ou7va7UuB1z4rwEnuIu1_yquehKAd2TI/s1600/Screen+Shot+2014-02-02+at+7.22.42+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvtRA9YAGyGRFlmaC0rjuHbE7GY6_Epqz5lrheAzUQpU494VyRMFY0btNQd2vCXsORrNAGVJ7M3cLF1haecX5ttDy6lKP649zIG1wLgAmzUQ-ou7va7UuB1z4rwEnuIu1_yquehKAd2TI/s1600/Screen+Shot+2014-02-02+at+7.22.42+PM.png" height="208" width="640" /></a></div>
<br />
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">CGMbPR:~ cgrant$ sudo su</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">sh-3.2# cd /opt</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">sh-3.2# git clone https://github.com/rapid7/metasploit-framework.git msf</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Cloning into 'msf'...</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">remote: Reusing existing pack: 232980, done.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">remote: Counting objects: 5, done.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">remote: Compressing objects: 100% (5/5), done.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">remote: Total 232985 (delta 0), reused 0 (delta 0)</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Receiving objects: 100% (232985/232985), 198.63 MiB | 436.00 KiB/s, done.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Resolving deltas: 100% (163073/163073), done.</span></div>
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Checking connectivity... done</span></div>
<br />
<div class="p1">
<span style="background-color: #cccccc; font-family: Courier New, Courier, monospace;">Checking out files: 100% (6515/6515), done.</span></div>
<h3>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;"><br /></span></code></h3>
<h3>
<code style="border: 0px; line-height: 1.6; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Times, Times New Roman, serif;">7. "bundle install" - ruby gems</span></code></h3>
As I understand it, running bundle install installs the necessary ruby gems. This didn't work for me out of the gate.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ZK8Oag5Ktfc91nRN3DaT1y4Tws9NKTkpAp5SkH4wfTmBQmWf8Ta6Bv32m9WJ-sunum9DanF1p3Lpvug611qh-mEPq6ZGjv6NgbNYpdzcDy8w5VGIWtx5TLz4wA1ZZnaB8s0QE__uvzc/s1600/Screen+Shot+2014-02-02+at+8.47.01+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ZK8Oag5Ktfc91nRN3DaT1y4Tws9NKTkpAp5SkH4wfTmBQmWf8Ta6Bv32m9WJ-sunum9DanF1p3Lpvug611qh-mEPq6ZGjv6NgbNYpdzcDy8w5VGIWtx5TLz4wA1ZZnaB8s0QE__uvzc/s1600/Screen+Shot+2014-02-02+at+8.47.01+PM.png" height="640" width="542" /></a></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKIDjjBZnsDUTcG4UQHCopMCQsiTTXpFpN0dpblKhPIyiMpM-RxV7J6ttAe8trpB-BZnBVuFi9hp9NV_bpvGai0A0tGt6F09qdJgHR5_RSj2X5hdTbXVKAWL8rKVkGav8XYfmv1il9-yQ/s1600/Screen+Shot+2014-02-02+at+8.47.17+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKIDjjBZnsDUTcG4UQHCopMCQsiTTXpFpN0dpblKhPIyiMpM-RxV7J6ttAe8trpB-BZnBVuFi9hp9NV_bpvGai0A0tGt6F09qdJgHR5_RSj2X5hdTbXVKAWL8rKVkGav8XYfmv1il9-yQ/s1600/Screen+Shot+2014-02-02+at+8.47.17+PM.png" height="122" width="640" /></a><br />
<br />
This is the error you get when you don't have Postgresql installed first.<br />
<br />
<h3>
8) Install and Configure Postgresql</h3>
<span style="background-color: #cfe2f3;"><b><span style="font-family: Courier New, Courier, monospace;">brew install postgresql --without-ossp-uuid</span></b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFVbBTKBHyIZWyeAHgamhNgxm3JpX6EV3DScTTcrJCr5vcVxIi9nyf0IjEsSjk_B82iWyqT6Qva0Ou-zGliJAxiv2pvGK4JPWlEmclE_F92F_OZGw0cdmcj3ZKQSpslsw6Bs5-4AHPydw/s1600/Screen+Shot+2014-02-02+at+9.33.04+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFVbBTKBHyIZWyeAHgamhNgxm3JpX6EV3DScTTcrJCr5vcVxIi9nyf0IjEsSjk_B82iWyqT6Qva0Ou-zGliJAxiv2pvGK4JPWlEmclE_F92F_OZGw0cdmcj3ZKQSpslsw6Bs5-4AHPydw/s1600/Screen+Shot+2014-02-02+at+9.33.04+PM.png" height="280" width="640" /></a></div>
<br />
As it told me to do, I ran the link command to start postgresql on login:<br />
<br />
<br />
<div class="p1">
<span style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;"><b>ln -sfv /usr/local/opt/postgresql/*.plist ~/Library/LaunchAgents</b></span></span></div>
<div class="p1">
<br /></div>
<div class="p1">
I then fired up postgresql</div>
<div class="p1">
<br /></div>
<div class="p1">
</div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">launchctl load ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist</b></span></div>
<div class="p1">
<br /></div>
<div class="p1">
You then need to create a user for metasploit to use for the database:</div>
<div class="p1">
<br /></div>
<div class="p1">
<b style="background-color: #cfe2f3;"><span style="font-family: Courier New, Courier, monospace;">createuser msf -P -h localhost</span></b></div>
<div class="p1">
<br /></div>
<div class="p1">
Then create a database called msf with msf as the owner</div>
<div class="p1">
<br /></div>
<div class="p1">
<b><span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;">createdb -O msf msf -h localhost</span></b></div>
<div class="p1">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCIMYgHzxYkwW6rkgdsrGBqlGxKnNGtKjj0BwsR4Ak3QvvK1QVGYblXjsP7fUwd10Y7DwbpGiR0aXLr3oJGgdf8Tk0yWd4Ybv4EcMupfO3VX7CCjKDh34oSdfrOBoMWOMYDUXzcT7_J7M/s1600/Screen+Shot+2014-02-03+at+10.33.06+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCIMYgHzxYkwW6rkgdsrGBqlGxKnNGtKjj0BwsR4Ak3QvvK1QVGYblXjsP7fUwd10Y7DwbpGiR0aXLr3oJGgdf8Tk0yWd4Ybv4EcMupfO3VX7CCjKDh34oSdfrOBoMWOMYDUXzcT7_J7M/s1600/Screen+Shot+2014-02-03+at+10.33.06+PM.png" height="96" width="640" /></a></div>
<br />
<br />
<h3>
9) Finish the ruby gems needed for metasploit to function</h3>
Then we need to finish with the gems metasploit needs to use.<br />
<div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">gem install pg sqlite3 msgpack activerecord redcarpet rspec simplecov yard bundler</b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv3tHmUSDn9VApXnNMffhD3KDopBQPiswoVyjEeosfPDiUoOITJ0uRhDgsY6gP9J1GqbGSzNYlcUI6Ypk6yz4JOkqnUI1SzC2BuW-qd1Ce8dRqCFpCCqh7gObD98CW9o8t6JKCRj-HxKs/s1600/Screen+Shot+2014-02-03+at+10.33.22+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv3tHmUSDn9VApXnNMffhD3KDopBQPiswoVyjEeosfPDiUoOITJ0uRhDgsY6gP9J1GqbGSzNYlcUI6Ypk6yz4JOkqnUI1SzC2BuW-qd1Ce8dRqCFpCCqh7gObD98CW9o8t6JKCRj-HxKs/s1600/Screen+Shot+2014-02-03+at+10.33.22+PM.png" height="182" width="640" /></a><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv3tHmUSDn9VApXnNMffhD3KDopBQPiswoVyjEeosfPDiUoOITJ0uRhDgsY6gP9J1GqbGSzNYlcUI6Ypk6yz4JOkqnUI1SzC2BuW-qd1Ce8dRqCFpCCqh7gObD98CW9o8t6JKCRj-HxKs/s1600/Screen+Shot+2014-02-03+at+10.33.22+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv3tHmUSDn9VApXnNMffhD3KDopBQPiswoVyjEeosfPDiUoOITJ0uRhDgsY6gP9J1GqbGSzNYlcUI6Ypk6yz4JOkqnUI1SzC2BuW-qd1Ce8dRqCFpCCqh7gObD98CW9o8t6JKCRj-HxKs/s1600/Screen+Shot+2014-02-03+at+10.33.22+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a>A little while later...<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMdepbuYopCmqg6h46FI_Nq_kbyl3KZLUHlnoFZ45wBmVF9-HU_AYDTvy50OcTuc-4u1LbCEHALBI1r5OvxvjA0E1Z7B3Hy6ctYTqQ3SHNqsET6fTLJ2g7ZT71vzfNqhY-aZVp4PXW938/s1600/Screen+Shot+2014-02-03+at+10.33.39+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMdepbuYopCmqg6h46FI_Nq_kbyl3KZLUHlnoFZ45wBmVF9-HU_AYDTvy50OcTuc-4u1LbCEHALBI1r5OvxvjA0E1Z7B3Hy6ctYTqQ3SHNqsET6fTLJ2g7ZT71vzfNqhY-aZVp4PXW938/s1600/Screen+Shot+2014-02-03+at+10.33.39+PM.png" height="138" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<h3>
10) Linking metasploit to Postgres</h3>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
First edit the Postgres configuration file:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="" style="clear: both; text-align: left;">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">sudo vi /opt/msf/config/database.yml</b></span></div>
<div class="" style="clear: both; text-align: left;">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"><br /></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU9sWLcGwyVhn1Vc5_Ywbt7OOVlj6fI6RkQK41sD017N10HFZc4631EGF3WOcj05gdUURjoRR4paYy3gYWPUl5LzerLqEwgd6-GA_PCfJnIc0IwFPmaEFV3dIc9LWfPZBbZCQvRNyNdOk/s1600/Screen+Shot+2014-02-06+at+7.30.30+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU9sWLcGwyVhn1Vc5_Ywbt7OOVlj6fI6RkQK41sD017N10HFZc4631EGF3WOcj05gdUURjoRR4paYy3gYWPUl5LzerLqEwgd6-GA_PCfJnIc0IwFPmaEFV3dIc9LWfPZBbZCQvRNyNdOk/s1600/Screen+Shot+2014-02-06+at+7.30.30+AM.png" height="72" width="640" /></a></div>
<div class="" style="clear: both; text-align: left;">
<br /></div>
<div class="" style="clear: both; text-align: left;">
Add the following to the file and save</div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"><br /></b></span>
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">production:</b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> adapter: postgresql</b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> database: msf</b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> username: msf</b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> password: </b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> host: 127.0.0.1</b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> port: 5432</b></span></div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> pool: 75</b></span></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="p1">
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;"> timeout: 5</b></span></div>
<div class="p1">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_qBxh1nnWFN4kmbe5bKc7uryEZXhEnSdlF2LkyFaMYXP31EiCgSwk0z0bbGL3GR0JnlqNc6VbN4NWMcduvw2dRU4LIuJuhAaXmoUUq3u7bDD7qPycf0jHh_OLKKbr0tDfG6eR5-4Vxzc/s1600/Screen+Shot+2014-02-06+at+7.30.51+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_qBxh1nnWFN4kmbe5bKc7uryEZXhEnSdlF2LkyFaMYXP31EiCgSwk0z0bbGL3GR0JnlqNc6VbN4NWMcduvw2dRU4LIuJuhAaXmoUUq3u7bDD7qPycf0jHh_OLKKbr0tDfG6eR5-4Vxzc/s1600/Screen+Shot+2014-02-06+at+7.30.51+AM.png" height="240" width="320" /></a></div>
<br />
<h3>
11) making sure the shell environment is set up</h3>
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">source /etc/profile</b></span><br />
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">source ~/.bash_profile</b></span><br />
<br />
<h3>
12) executing Metasploit, or so I thought</h3>
/opt/msf isnt' in my path so I'll execute it from the directory<br />
<br />
I changed directories and it tells me ruby-1.9.3-p484 isn't installed<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIu72oKx216zYxjDhciUj77BJ5G-PokH5TJ0jWcEJU0cFe_1lUPb9uAkNbtAZt64Lk9NHEqOaiRwPxwbv540NMA9XmvKCouKqFDBGM2GNRYUExwhAfTeTDLKOdEfLK8fVMjg_dP5-S3dg/s1600/Screen+Shot+2014-02-06+at+7.33.31+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIu72oKx216zYxjDhciUj77BJ5G-PokH5TJ0jWcEJU0cFe_1lUPb9uAkNbtAZt64Lk9NHEqOaiRwPxwbv540NMA9XmvKCouKqFDBGM2GNRYUExwhAfTeTDLKOdEfLK8fVMjg_dP5-S3dg/s1600/Screen+Shot+2014-02-06+at+7.33.31+AM.png" height="146" width="640" /></a></div>
<br />
<h3>
13) installing ruby-1.9.3-p484</h3>
<br />
Well, I'll see if I can take the shortcut route and just install ruby 1.9.3-p484 even though ruby-2.1.0 was installed earlier.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">rvm install ruby-1.9.3-p484</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimWyVmz-tPsPMQYdXkMi0iPIsNOU__nh4l2Tskt3lviPyPK_RyBtGdHgh70OkyGpAs9VfcCbrDTQcrATSkfZRWpapOmBcHBp9pY7fQ6efLZgqAe3YmRU0NcTA808-xGE9lDpuibazPxOg/s1600/Screen+Shot+2014-02-06+at+7.40.36+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimWyVmz-tPsPMQYdXkMi0iPIsNOU__nh4l2Tskt3lviPyPK_RyBtGdHgh70OkyGpAs9VfcCbrDTQcrATSkfZRWpapOmBcHBp9pY7fQ6efLZgqAe3YmRU0NcTA808-xGE9lDpuibazPxOg/s1600/Screen+Shot+2014-02-06+at+7.40.36+AM.png" height="458" width="640" /></a></div>
<br />
<h3>
14) execute msfconsole again...bundle install</h3>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinrODKgEG5yHtCzgx9nV56OPAKfoanx93LuWJA398WDudcf1mOauYZm-GqelXzx5BgX-Wj3WSgHUu1x83E3BxW2xpCpCldhEWLqkAOP_41exs2nJyO7My8DTzTXZVK7VBx88XsvglIPvo/s1600/Screen+Shot+2014-02-06+at+7.41.49+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinrODKgEG5yHtCzgx9nV56OPAKfoanx93LuWJA398WDudcf1mOauYZm-GqelXzx5BgX-Wj3WSgHUu1x83E3BxW2xpCpCldhEWLqkAOP_41exs2nJyO7My8DTzTXZVK7VBx88XsvglIPvo/s1600/Screen+Shot+2014-02-06+at+7.41.49+AM.png" height="84" width="640" /></a></div>
<br />
Okay, so now one of the gems isn't installed.<br />
<br />
Executing<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #cfe2f3;">bundle install</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbdtRw5srIiC0Xx9Qo0yyvifx_dCDpJ2nagWeMxte7aeoW2empAHTt1raP91u1QUg3rlPRYoZ4ozjT1fm4Drv2iapi6-sotBGb1zFXvFXBIWfxGiFF0jmWuNUW30djygHYkiS3gZU6p6c/s1600/Screen+Shot+2014-02-06+at+7.48.33+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbdtRw5srIiC0Xx9Qo0yyvifx_dCDpJ2nagWeMxte7aeoW2empAHTt1raP91u1QUg3rlPRYoZ4ozjT1fm4Drv2iapi6-sotBGb1zFXvFXBIWfxGiFF0jmWuNUW30djygHYkiS3gZU6p6c/s1600/Screen+Shot+2014-02-06+at+7.48.33+AM.png" height="178" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjKuhvltmuZwFYuFZI_rlcZJtbtcgiaQgS1WR1H2kgSP1EZbgJ6AAUTJ4KTOIWl55osTRXzGKwgWVNHQO1fAbmbx_vEIcpyJjX65ToztyZLyW1BgvVuoVo3LoRLe-v9XwQ8cVDN8rPEvI/s1600/Screen+Shot+2014-02-06+at+7.48.46+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjKuhvltmuZwFYuFZI_rlcZJtbtcgiaQgS1WR1H2kgSP1EZbgJ6AAUTJ4KTOIWl55osTRXzGKwgWVNHQO1fAbmbx_vEIcpyJjX65ToztyZLyW1BgvVuoVo3LoRLe-v9XwQ8cVDN8rPEvI/s1600/Screen+Shot+2014-02-06+at+7.48.46+AM.png" height="124" width="640" /></a></div>
<br />
<h3>
15) Okay, executing msfconsole again...and it worked!</h3>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEierLto22IDSH74y5saEMGGEXLo-IsH_RUqehp-CpkvI3iXJNvNImVAW5Y-vmwmEQPzDDs_OXVvna16bQeeycZv6rwtxs8fah1dXHu_HexmfVh8UlJZ_iU5718MmPM5ON1lbELCz3hjarw/s1600/Screen+Shot+2014-02-06+at+8.01.24+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEierLto22IDSH74y5saEMGGEXLo-IsH_RUqehp-CpkvI3iXJNvNImVAW5Y-vmwmEQPzDDs_OXVvna16bQeeycZv6rwtxs8fah1dXHu_HexmfVh8UlJZ_iU5718MmPM5ON1lbELCz3hjarw/s1600/Screen+Shot+2014-02-06+at+8.01.24+AM.png" height="640" width="636" /></a></div>
<br />
It worked! I freaked out a little first, then I realized that this was by design. All good!<br />
<br />
Just to make sure...execute msfconsole again:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi50bwmyCD5uFTPJ5JsJEGdezHGw8at_Yyvj3kCVjb0Fo1bglJ_BKRy6ry2G3GkH97ow369PZk0oVuZylqviy2syCsVaLBMc8tTinDySFEce6e_nw-JPDAUgbri_dhAQMqduC0N-9iLZRI/s1600/Screen+Shot+2014-02-06+at+8.09.11+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi50bwmyCD5uFTPJ5JsJEGdezHGw8at_Yyvj3kCVjb0Fo1bglJ_BKRy6ry2G3GkH97ow369PZk0oVuZylqviy2syCsVaLBMc8tTinDySFEce6e_nw-JPDAUgbri_dhAQMqduC0N-9iLZRI/s1600/Screen+Shot+2014-02-06+at+8.09.11+AM.png" height="640" width="521" /></a></div>
<br />
SUCCESS!!!<br />
<br />
Okay, maybe that was just a fluke:<br />
<br />
Execute msfconsole again:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoBznuRw5l3psYBM9awlhB24VZjSS8aWSKiouN04IgA5wgwqd2jpL6nviSnCuwIGV92PsYAZ8csQUyoustm6uc0qEq9azRBlmMpR2V9teUVru2n_a1BUAK35l7JJIEP5jXGNVElhELr_E/s1600/Screen+Shot+2014-02-06+at+8.09.26+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoBznuRw5l3psYBM9awlhB24VZjSS8aWSKiouN04IgA5wgwqd2jpL6nviSnCuwIGV92PsYAZ8csQUyoustm6uc0qEq9azRBlmMpR2V9teUVru2n_a1BUAK35l7JJIEP5jXGNVElhELr_E/s1600/Screen+Shot+2014-02-06+at+8.09.26+AM.png" height="266" width="640" /></a></div>
<br />
Looks like its working...<br />
<br /></div>
<div class="p1">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-44495297755228538452013-11-22T10:23:00.003-08:002013-11-22T10:23:57.431-08:00Reputation.com responds to Adobe breach, bravo!<div class="tr_bq">
Reputation.com emailed account holders on November 22nd , saying the following: </div>
<div class="tr_bq">
<br /></div>
<div class="tr_bq">
(I apologize, they don't have this on their website or I'd link to it, so you'll just have to take my word for it.)</div>
<blockquote>
"<span style="background-color: white; color: #222222; font-family: Arial, sans-serif; font-size: 13px; line-height: 18px;">We recently learned that a list that potentially contains email addresses, encrypted passwords and answers for security questions for Adobe Systems customer accounts has been published in numerous places on the Internet. Out of an abundance of caution and concern for our customers, we obtained a copy of this list of purported Adobe account information and cross-checked it against our customer account information.</span></blockquote>
<blockquote>
<span style="background-color: white; color: #222222; font-family: Arial, sans-serif; font-size: 13px; line-height: 18px;">You are receiving this email from us because your email address and possibly other compromising information is on this list. Because many customers use the same user names and passwords for multiple accounts, we wanted to alert you to this issue and remind you to log in and change your Reputation.com password if you believe it is the same as your Adobe account login information."</span></blockquote>
This is a great move from Reputation.com. They took a problem that wasn't theirs that affected a significant number of people and considered what it meant to their customer base. Based on that they took a risk, but did the right thing. They sent an email with their concern to their customers and made the recommendation to improve security and change passwords. This has the likely affect of reducing Reputation.com's account compromise issues, improving the customer experience and also reducing their overhead to support their customers.<br />
<br />
Overall, a great idea, and so trivial to execute.<br />
<br />
Bravo.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-20674213817284077042013-11-05T12:20:00.000-08:002013-11-05T12:36:38.351-08:00Epic hack on a Limo Service broker(?)<a href="http://krebsonsecurity.com/2013/11/hackers-take-limo-service-firm-for-a-ride/">http://krebsonsecurity.com/2013/11/hackers-take-limo-service-firm-for-a-ride/</a><br />
<br />
(I think they're a broker for other local services.)<br />
<br />
This is an epic hack, really. A treasure trove of information, from the who's who on the national and international stage. Key facets of the hack:<br />
<br />
<ol>
<li>241,000 high- or no-limit American Express cards with expiration dates. High value in the underground card number sales markets.</li>
<li>Travel schedules for national/international figures. Very interesting for some.</li>
<li>Sometimes, companion information for national/international figures. Interesting or very interesting for some as well.</li>
<li>Personal details about national/international figures, like Donald Trump wanting/needing a clear front seat (for a bodyguard or what?), or an alias people use when getting picked up.</li>
</ol>
<br />
The credit card numbers are a very impressive haul. Not so great for this company's PCI compliance, or American Express. Wonder if the business will stay afloat. This is a small organization, I'm assuming. One that has entered into the world of online payment processing and application development (with ColdFusion). In this case, making money took precedence over security of the platform, or the data...and they are paying for that decision.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-7127669380154903642013-10-26T10:48:00.000-07:002013-10-30T12:26:20.872-07:00ST:TNG S4E3: Brothers, "private key" holds up over time, I thinkHere's some Saturday morning fun.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4BOPDg01MqPHJGIzxqymkO8-TZwswPooeW0djbY7Y6Y3kbtyqgB3uzkucnTAne5maITmJ1H02n-8aChi8Mvft-I7oXRSSqk6fL7kD8rET4UgCBtIiizUG-Nao-bvY8Y5uKVJnWux-qN4/s1600/vlcsnap-2013-10-26-10h07m01s140.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4BOPDg01MqPHJGIzxqymkO8-TZwswPooeW0djbY7Y6Y3kbtyqgB3uzkucnTAne5maITmJ1H02n-8aChi8Mvft-I7oXRSSqk6fL7kD8rET4UgCBtIiizUG-Nao-bvY8Y5uKVJnWux-qN4/s200/vlcsnap-2013-10-26-10h07m01s140.png" width="200" /></a></div>
I ran across a snippet of Star Trek: The Next Generation that is fun, from a security perspective. In Season 4, Episode 3, titled "Brothers" (<a href="http://www.youtube.com/watch?v=tPCPIrHOeDc" target="_blank">YouTube</a>), Data takes over (technical) control of the Enterprise in at the start of the episode and hurtles the ship and crew across the galaxy at warp 9.3 to some unknown destination. In order to do this, he has prevented others from taking over the ship again. (Sounds like a hacker, doesn't it?) Data has impersonated Picard and made sure all capabilities to enter in new commands are restricted.<br />
<br />
Here's the dialog:<br />
<br />
<div style="text-align: left;">
<b>Data (impersonating Picard): </b>Computer, establish a security code for access to all functions previously transferred to bridge.<br />
<b>Computer: </b>Enter code.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZT51Du15ti9OKNBUuGClfZZMCie34BmQA4cjiOd3OdXEglk_eEgtf4KBc0gnLc4uh8f2kef-LOoTztELyLTeCoZ0ujzAoa-bpD5PcdAI6cGHNyeIfGR1AAl3yY7eaJLf102pbgOI8GYU/s1600/vlcsnap-2013-10-26-10h07m11s83.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZT51Du15ti9OKNBUuGClfZZMCie34BmQA4cjiOd3OdXEglk_eEgtf4KBc0gnLc4uh8f2kef-LOoTztELyLTeCoZ0ujzAoa-bpD5PcdAI6cGHNyeIfGR1AAl3yY7eaJLf102pbgOI8GYU/s200/vlcsnap-2013-10-26-10h07m11s83.png" width="200" /></a></div>
<b>Data (impersonating Picard): </b>17346721476C3278977763T732V 731171888732476789764376 lock </div>
<br />
Looking at this, I was curious if this code was sufficiently long to protect what Data wanted to do in this situation. After all the NCC-1701-D was built in the 24th century (2364 is where the ST:TNG series started). They have to have had significantly faster computers at that point.<br />
<br />
So, some math. Looks like we have 10 digits and no distinction between upper or lower case, so 36 possible characters. The security code was 51 characters long.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrWyXP7DEgLkoMKKNV1soA2l7j91RpoUkK33TiHCDdWoCMTLdehgjaQqTlM_oAUC2KA9tnl7bXIc1YPk6pveYR_0IIQrG2OHuNrHJJ2SixMBQTVectyioFvIA3rU2RVHBQVN1dOArajBM/s1600/vlcsnap-2013-10-26-10h08m52s69.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrWyXP7DEgLkoMKKNV1soA2l7j91RpoUkK33TiHCDdWoCMTLdehgjaQqTlM_oAUC2KA9tnl7bXIc1YPk6pveYR_0IIQrG2OHuNrHJJ2SixMBQTVectyioFvIA3rU2RVHBQVN1dOArajBM/s200/vlcsnap-2013-10-26-10h08m52s69.png" width="200" /></a></div>
<ul>
<li>10+26 = 36 possible options </li>
<li>51 characters long </li>
<li>Possible combinations: 2.351947044600255e+79</li>
<li>Or: 23,519,470,446,002,552,619,480,849,617, 690,081,539,337,173,577,026,375,375, 550,590,789,301,897,093,185,536</li>
</ul>
<br />
So, how long would would it take for a computer of the 24th century to crack this code through brute force (on average)? Well, we don't know, because ST:TNG used fictional computing measurements called <a href="http://en.memory-alpha.org/wiki/Quad" target="_blank">quads</a>, so there will be a gap in our assessment. Here's how it would lay out given our current way of thinking about computing power, using the <a href="https://www.grc.com/haystack.htm" target="_blank">GRC password checking tool, Haystack</a>:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDYWvS9-4tsiqEqH-CWdsi13VrbyNgnw7OJy9nqs9_VGtkYqtpaSIpC4WgFf1yqgaiZs2Q08j111A9jbl5xqyFt_IRK3VsMAJVc-CEozxbQW_C8wpF7JDEtIQBw5EnoltgEMOXGhNVoq0/s1600/Screen+Shot+2013-10-26+at+12.13.43+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="508" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDYWvS9-4tsiqEqH-CWdsi13VrbyNgnw7OJy9nqs9_VGtkYqtpaSIpC4WgFf1yqgaiZs2Q08j111A9jbl5xqyFt_IRK3VsMAJVc-CEozxbQW_C8wpF7JDEtIQBw5EnoltgEMOXGhNVoq0/s640/Screen+Shot+2013-10-26+at+12.13.43+AM.png" width="640" /></a></div>
<br />
So...we find out it would take us 76.92 million trillion trillion trillion trillion centuries to look for the entire search space for this password, assuming we could guess 100,000,000,000,000 potential matches per second. For an average, we'd half that, but that's still a lot of time. I'd say Data has a chance at success in locking out the crew from taking back the ship!<br />
<br />
And, if they had additional controls over guessing, like monitoring for failed attempts and time delays for additional guesses, he'd be good to go. Data would have little fear of the silly crew with their computer trying to guess the code in any reasonable time.<br />
<br />
We find out later that he has been summoned by his father/builder/creator with a homing beacon, as his father's death is imminent. In the end, the show implies his dad passes on, and his unstable android brother Lor is back on the loose, with the custom emotion chip built by their father for Data, installed in Lor's brain.<br />
<br />
Good fun!<br />
Chris<br />
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-48383174891415732262013-06-17T09:49:00.001-07:002013-06-17T09:50:09.506-07:00Apple's iOS7 features good, but timing shameful...(Full disclosure, I have an iPhone.)<br />
<br />
Apple recently announced that they're going to add three features to try to make their phones and tablets less attractive to thieves. iOS7 will force you to re-enter your Apple ID to:<br />
<br />
<ol>
<li>erase data</li>
<li>turn off Find My iPhone</li>
<li>reactivate the phone after it has been erased remotely</li>
</ol>
<br />
I'd contend that Apple's long coveted iPhone has actually created this smartphone theft problem in the first place. Prior to everyone wanting the "cool smartphone", phone theft occurred, but it wasn't at the same scale. Once the Apple marketing machine kicked in and the iPhone/2/3/3GS/4/4S/5 came out and Apple fanboys and fangirls were acting snobbish about how superior their phone was to everything else on the market, people needed to have them. Those that are less scrupulous would then find ways to steal other's devices.<br />
<br />
While I applaud the addition of these features by default, there is nothing preventing them from including these features now. You don't need a wholesale OS upgrade to get these features<span style="background-color: white;"><span style="color: blue;">. <b><i>Apple should have turned this on years ago, and we should not praise them for turning this on now. </i></b></span></span><span style="color: blue;"><i>They could have helped to fix this problem any day of any week of any month for the last several years. </i></span>I can only theorize why they haven't. Could it be that they were letting thieving and the drama that goes along with it help to drive up demand of their prized, and significantly profitable, devices?<br />
<br />
One can only theorize...<br />
<br />
In the mean time, read up on the <a href="http://preyproject.com/" target="_blank">Prey Project</a>, and how you can activate some of these features on your phone today, like asking for an Apple ID to remove programs: <a href="http://preyproject.com/blog/2013/04/tip-stop-prey-from-being-deleted-on-iphone-ipad">http://preyproject.com/blog/2013/04/tip-stop-prey-from-being-deleted-on-iphone-ipad</a><br />
<br />
Chris<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-43892271344550806892013-05-07T09:20:00.001-07:002013-05-07T09:44:47.898-07:00New Security Awareness Video: Learn about Cloud SecuritySANS just posted a new video that is aimed at educating your workforce on "the cloud" and how they should interact with and secure data that is kept with cloud service providers, whether they're a cloud storage, application or are providing other services.<br />
<br />
I think it did a pretty good job in layman's terms, for business users, of explaining what "cloud" is and how to think about managing access for cloud services.<br />
<br />
The video is here: <a href="http://www.securingthehuman.org/resources/ncsam">http://www.securingthehuman.org/resources/ncsam</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/7Ms4ud8ylrw?feature=player_embedded' frameborder='0'></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-42967572334357126672013-05-03T11:16:00.000-07:002013-05-03T11:16:47.353-07:00"Thinking Long Term can be Short Sighted"<a href="http://farm3.staticflickr.com/2181/2513955691_dbae8a5e64_m.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://farm3.staticflickr.com/2181/2513955691_dbae8a5e64_m.jpg" /></a>I've been on a kick lately about getting the fundamentals down pat before people should devote significant time to advanced thinking and processes. I admit that it is very tactical, which most people don't think is that sexy. The problem is that if we only focus on the sexy, new advanced things, we lose sight of getting the bread-n-butter security things done. The things that provide 80% of the value of the team to the organization. Things like effective security monitoring, application security risk assessments and compliance programs. These things need to be solid before we can get into things that may provide value, but they're incremental improvements, not wholesale capabilities.<br />
<br />
<a href="http://www.linkedin.com/today/post/article/20130502165025-900547-thinking-long-term-can-be-short-sighted" target="_blank">LinkedIn: Thinking Long Term Can be Short Sighted</a><br />
<br />
Image credit: msittig, <a href="http://www.flickr.com/photos/msittig/2513955691/">http://www.flickr.com/photos/msittig/2513955691/</a>, cc<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-38754228034663254242013-04-22T09:40:00.001-07:002013-05-03T11:17:19.581-07:00Applications are like puppies!<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcIml0zxqswj8SyL3LmcoxYUKW-NcCIxs_pFBV9JzsOZVuwpt6P7RzAST-1GNt4wCbPqv95NBJNCq-Rhmm-NQ_-IiqGfUC8hgDgOSXP8Zwlb-GERU9dENoDDwVGbIHrWuwzKr4-JnuVDs/s1600/small__4298922031.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcIml0zxqswj8SyL3LmcoxYUKW-NcCIxs_pFBV9JzsOZVuwpt6P7RzAST-1GNt4wCbPqv95NBJNCq-Rhmm-NQ_-IiqGfUC8hgDgOSXP8Zwlb-GERU9dENoDDwVGbIHrWuwzKr4-JnuVDs/s1600/small__4298922031.jpg" /></a><br />
<div style="margin: 0in 0in 0.0001pt;">
<br />
<span style="font-family: Calibri, sans-serif; font-size: 15px;">As I talked about in another blog post (<a href="http://www.labrat.com/2013/04/hoarding-organizational-phenomenon-part.html">Hoarding: an organizational phenomenon</a>), hoarding applications can lead to an overwhelming and oppressive IT environment for the staff and the organization.</span><br />
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 11pt;"><br /></span></span></div>
<div style="margin: 0in 0in 0.0001pt;">
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">I like analogies. <i><b>Buying an application is a lot like owning a puppy to people who have never owned a puppy before</b></i>.</span><br />
<ol>
<li><span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><i>Everyone loves looking at a puppy</i> (just like the business thinking about buying an application).</span></span></li>
<li><span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><i>Everyone loves looking at the puppy do things</i> (or for applications, capabilities and demos).</span></span></li>
<li><span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><i>Everyone imagines having a puppy being full of Frisbee and cuddle time</i> (or for applications, the business operating like a scene out of <a href="http://www.youtube.com/watch?v=1MIRa1z4bwo">The Coca-Cola Happiness Factory</a>).</span></span></li>
<li><span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><i>At this point, everyone that wants a puppy agrees that it would be great to own a puppy. I mean, look at that picture! Isn't that puppy cute? How could you not want a puppy!?</i></span></span></li>
</ol>
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;">Committing to a puppy is only a short term engagement. A puppy is only a puppy for a year, maybe. The reality is that you're truly commit to the full life cycle of a canine. Not only is your puppy a puppy, it will absolutely become a dog. It is inevitable. </span></span><br />
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><br /></span></span>
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;">Applications have a similar life cycle. Commit to a puppy of application, when it is all cute and funny, you are also committing to the dog of an application, where you need to clean up after it and take it to the vet regularly, like <i><b>pay maintenance and for upkeep, including security updates</b></i>. And...eventually, the dog becomes old and you'll need to put it down, just like old applications.</span></span><br />
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><br /></span></span>
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;">See, applications are like puppies!</span></span><br />
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;"><br /></span></span>
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;">Chris</span></span></div>
<br />
photo credit: <a href="http://www.flickr.com/photos/roozbeh11/4298922031/">Roozbeh Rokni</a> via <a href="http://photopin.com/">photopin</a> <a href="http://creativecommons.org/licenses/by-nc-nd/2.0/">cc</a>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-422131053159721532013-04-18T12:30:00.002-07:002013-04-18T12:30:20.909-07:00Hoarding: the organizational phenomenon<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqczZP5OhuPAmg7ibKOhzv5gS0HtTKp8TsSTBhYuJ4P3XjUMDbR-Gwgl0qBc3bCf0fcevT8yfnTxXqkrYDvdZM-6Y8vaYuMSrQf9ddAfh5uzV3h_cjZxOxb8WwSHQUJl-zMbet0Tdmk5U/s1600/small_1414486102.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><br /><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqczZP5OhuPAmg7ibKOhzv5gS0HtTKp8TsSTBhYuJ4P3XjUMDbR-Gwgl0qBc3bCf0fcevT8yfnTxXqkrYDvdZM-6Y8vaYuMSrQf9ddAfh5uzV3h_cjZxOxb8WwSHQUJl-zMbet0Tdmk5U/s1600/small_1414486102.jpg" /></a><br />
<span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;">Applications are a key part of the success of companies these days. An organization's ability to create new capabilities and deliver new products often lies in the ability to execute on delivering new services with applications. It makes sense that we have applications, and even <i>many</i> applications. </span></span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">I've been thinking lately about the cost of supporting applications and infrastructure. </span><span style="font-family: Calibri, sans-serif;"><span style="font-size: 15px;">As a security leader, I'm frequently thinking about what it costs to protect the organization from known and unknown IT security threats. The most significant threat is probably those same applications we all implement and use in an organization to propel the business forward. </span></span><br />
<span style="font-family: Calibri, sans-serif; font-size: 11pt;"><br /></span>
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">I believe many organizations, and specifically leaders, have a bad habit of implementing things. I've inherited half-baked SIEM tool implementations 3 times now, for instance. Some organizations have processes to try to curb overall spend on IT implementations, as well as ROI calculators that help in determining if that product is a good idea for the company to implement. Regardless of these processes, and despite these processes, i</span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">f leaders are not careful and
intentional about product implementations,</span><span class="apple-converted-space" style="font-family: Calibri, sans-serif; font-size: 11pt;"> </span><b style="font-family: Calibri, sans-serif; font-size: 11pt;">organizations
become like hoarders<span class="apple-converted-space"> </span></b><span style="font-family: Calibri, sans-serif; font-size: 11pt;">we see
on reality TV shows on A&E or TLC. (Truth be told, I've watched
a number of them.<i> Hoarders: Buried Alive</i>, for example.) </span><br />
<span style="font-family: Calibri, sans-serif; font-size: 11pt;"><br /></span>
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">Hoarders
love to collect. Hoarders love to buy something, "own" it and bring it home. </span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">Organizations,
meaning</span><span class="apple-converted-space" style="font-family: Calibri, sans-serif; font-size: 11pt;"> </span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">IT</span><span class="apple-converted-space" style="font-family: Calibri, sans-serif; font-size: 11pt;"> </span><b style="font-family: Calibri, sans-serif; font-size: 11pt;"><i>and<span class="apple-converted-space"> </span></i></b><span style="font-family: Calibri, sans-serif; font-size: 11pt;">the business, purchase and
collect applications that feel (and maybe are) really valuable and really
meaningful to the work that they perform. They are all beautiful and valuable when they're new to an organization. </span><i style="font-family: Calibri, sans-serif; font-size: 11pt;"><b>Leaders get credit for implementing new technology and enabling new capabilities in the organization. </b></i><span style="font-family: Calibri, sans-serif; font-size: 11pt;">There is an all too common life cycle of products however:</span><br />
<div style="margin: 0in 0in 0.0001pt;">
</div>
<ol>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">The teams implementing the product go
from "fighting for it" (insert appropriate long pause for the typical long implementation here) to "its implemented!" </span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">Now
the organization settles into a time where the operational teams are getting to
know the product and working on operationalizing it; building processes, workflow, troubleshooting, etc. (some should have happened prior to implementation, for sure, but lots will happen after)</span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">At this point, it is "installed" and <i>probably</i> "operational". </span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">This product
will sit in a portfolio of other applications that have been implemented and collected over the
years. </span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">Various teams pay various levels of attention to the, now old, apps. So, over time, they sit and rot. They may be maintained...or not.</span></li>
</ol>
<span style="font-family: Calibri, sans-serif; font-size: 11pt;"><b style="font-style: italic;">Hoarders are not good at assessing the value of something in
relationship to what it costs to keep and maintain it.</b><i> </i></span><span style="font-family: Calibri, sans-serif;"><span style="font-size: 11pt;">Eventually, you have a house full of things
you've bought and no where to sit or sleep. In a company, the analog of running
out of space is running out of budget. </span></span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">No organization can afford to
keep every application going that they've purchased over the years, because:</span><br />
<ol><span style="font-family: Calibri, sans-serif; font-size: 11pt;">
<li><span style="font-size: 11pt;">You may no
longer have the budget to pay for the staff with the numerous and varied skills
needed to maintain a diverse and sprawling application environment. </span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">You may not find that the vendors will support the </span><span style="font-family: Calibri, sans-serif;">application</span><span style="font-family: Calibri, sans-serif; font-size: 11pt;"> versions you're running, security updates included.</span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">You may find that vendors are not willing to support out of date core IT </span><span style="font-family: Calibri, sans-serif;">infrastructure</span><span style="font-family: Calibri, sans-serif; font-size: 11pt;"> older platforms sit on.</span></li>
<li><span style="font-size: 11pt;">I, as an IT security function, will point out the affects of #2 and #3 on what is in the environment on a regular basis. </span></li>
</span></ol>
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">
</span>
<br />
<ul>
</ul>
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">Leaders are then forced to make a decision, which is a great thing. We need to consider what doesn't need to be maintained</span><span style="font-family: Calibri, sans-serif; font-size: 11pt;"> and can be removed from the environment. </span><b style="font-family: Calibri, sans-serif; font-size: 15px;"><i>Unfortunately, leaders do not get much credit for dismantling old platforms. </i></b><span style="font-family: Calibri, sans-serif; font-size: 15px;">Sometimes they get credit for reducing overhead, but there's much more value than just reducing overhead.<b><i> That is a culture problem that we need to change. Leaders should be rewarded for reducing complexity, reducing risk and reducing overhead. </i></b>"A penny saved is a penny earned!" said Ben Franklin.</span><br />
<span style="font-family: Calibri, sans-serif; font-size: 15px;"><br /></span>
<span style="font-family: Calibri, sans-serif; font-size: 15px;">Unfortunately</span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">, we can't just call 1-800-Got-Junk and get rid of old applications. But I'd suggest some good directions to base actions: </span><br />
<div style="margin: 0in 0in 0.0001pt;">
<ol>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">create threshold for purchasing </span><span style="font-family: Calibri, sans-serif; font-size: 15px;">applications that involves exposing the risks and fully loaded expenses for an application, and use that to slow down expense sprawl</span><span style="font-family: Calibri, sans-serif; font-size: 11pt;">. </span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">create standards for the business and IT to follow, and be diligent about growing and tending those standards to meet and be predictive about the organization's needs.</span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">make sure that the cost of maintaining systems is appropriately attributed to where in the organization that system/application supports the business.</span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">make decisions to consolidate like applications.</span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">make decisions to consolidate vendors .</span></li>
<li><span style="font-family: Calibri, sans-serif; font-size: 11pt;">make decisions to simplify the infrastructure.</span></li>
</ol>
</div>
<div style="margin: 0in 0in 0.0001pt;">
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">In the end, I think the primary information security concern about the environments we operate in can be boiled down to <b><i><span style="color: red;">being intentional about what we put into the environment</span></i></b>. Know what the risk and commitments are before you take action and implement. </span><br />
<span style="font-family: Calibri, sans-serif; font-size: 15px;"><br /></span>
<span style="font-family: Calibri, sans-serif; font-size: 15px;">Chris</span><br />
<br /></div>
<div style="margin: 0in 0in 0.0001pt;">
<span style="font-family: Calibri, sans-serif; font-size: 11pt;">photo
credit:<span class="apple-converted-space"> </span><a href="http://www.flickr.com/photos/canonsnapper/1414486102/">canonsnapper</a><span class="apple-converted-space"> </span>via<span class="apple-converted-space"> </span><a href="http://photopin.com/">photopin</a><span class="apple-converted-space"> </span><a href="http://creativecommons.org/licenses/by-nc-nd/2.0/">cc</a><o:p></o:p></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-66351368987350821612013-03-29T11:58:00.001-07:002013-09-06T09:48:11.298-07:00Mashable talks about InfoSec competition!<a href="http://www.mashable.com/">Mashable</a> has a great little article that talks about the mature and growing trend of information security competitions. The beauty of these competitions is that they typically have both offensive and defensive elements. The offensive side plays the "capture the flag", abbreviated as CTF in the infosec culture, by trying to break in to systems and networks and discover bits of clues that lead to the grand prize. This is a penetration testing competition, primarily. They serve as the "red team". This is how the the competition in the article worked.<br />
<br />
More sophisticated competitions have also a "blue team" that provides defensive, detective capabilities, that will also trying to block the penetration testers and keep systems up and running.<br />
<br />
It is a ton of fun, and a challenge for everyone involved.<br />
<br />
Mashable: Competition Seeks Next Generation of Cybersecurity Experts<br />
<a href="http://mashable.com/2013/03/28/cyber-aces/">http://mashable.com/2013/03/28/cyber-aces/</a><br />
<br />
Cyber Aces<br />
<a href="http://cyberaces.org/">http://cyberaces.org/</a><br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-6826430127785647282013-03-15T13:50:00.000-07:002013-07-12T14:52:04.114-07:00Replaced Windows Home Server (WHS) with a Synology DiskStationOver the course of the last year, I've come to the realization that I was going to be switching my Windows Home Server for something else. My issues weren't much different than anyone else's and my reasoning is familiar, but I thought I'd document them here so maybe it will help someone else think through the process and maybe they'll come to the same conclusion in their own situation.<br />
<br />
Why I left Windows Home Server:<br />
<br />
<ul>
<li>I was on Home Server v1 still because it worked. Home Server 2011 had issues, as far as I had heard on the Interwebnets.</li>
<li>Microsoft abandoned the Home Server platform. There was nothing after HS2011.</li>
<li>Plug-ins were weak. There were some, and they generally worked. There should have been more. After all, this is a generic server platform underneath. That never materialized.</li>
<li>My Shuttle XPC SN68G2 chassis was good enough (after having to replace two capacitors in the power circuit on the motherboard a couple years in), but I was running out of disk space and needed to buy more/new drives. I only had 3.5TB online. Sounds crazy to say that...</li>
<li>While I had faith I could bare metal restore a workstation that was backed up to the server, I highly questioned having to rebuild the server. Especially given the lack of support from MSFT, and the eventual lack of support from the Internet community.</li>
</ul>
<div>
<a href="http://www.synology.com/products/img/top/DS413j.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://www.synology.com/products/img/top/DS413j.jpg" /></a>Why I went to a Synology NAS:</div>
<ul>
<li>I wasn't willing to go head-long into a full Windows server. That opened me up to other operating systems.</li>
<li>I was comfortable with this platform being back-ended by Linux. I didn't think I'd be doing a lot of super, command line or other customization, but I thought if it's based on Linux, there's the possibility of the Internet community turning up some cool things. </li>
<li>No major OS to deal with. It is stripped down so there's less complication and less to be compromised, in theory.</li>
<li>Synology builds disk subsystems and NAS platforms for business. That inspires some confidence.</li>
<li>Great reviews.</li>
</ul>
<div>
Am I glad I have one now?</div>
<ul>
<li>The management console is great. Seriously, this makes the platform.</li>
<li>I was right, by the way. There are some cool things you can do when you get into the guts and homebrew world. There are some restrictions, but you can manipulate things and use common Linux tools. Which is good.</li>
<li>The software capabilities of this server is crazy. Synology maintains and supports a dozen different very, very useful plugins that just work. Need a VPN? No problem. Need media streaming? Sure, there are multiple ones to do that. AND, on top of that, there is an active vendor community. I assume Synology works and helps vendors support their platform. It is really great, given where I came from on WHS.</li>
<li>Given Synology takes pride in their SOHO, home business. It is the equivalent of Honda racing teams bringing some of that technology to a Civic. It shows. The software is the same software they run on their commercial platforms. You see some of that in the console, but doesn't inhibit a home user in any way.</li>
<li>There are apps for Android and iOS to access and manage the server. W00t!</li>
<li>It just works. </li>
</ul>
<div>
What don't I like/what would I like to see?</div>
<div>
<ul>
<li>Hardware-based encryption would have been nice. The speed of the server is fine, but start doing a lot of that and I imagine you'd run into issues.</li>
<li>I'd love to have a Synology NAS-NAS backup solution that would encrypt the actual data. That way I could park one at my brother-in-law's or parent's house and they could have a server I could put vital data. They both have servers, but there's no option to encrypt the data, so it makes everyone feel a little weird about doing it.</li>
<li>That's really it...</li>
</ul>
</div>
<br />
Chris<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-76684562633518559472013-02-21T12:05:00.001-08:002013-02-21T12:05:43.213-08:003D designs, fan designs, copyright<span style="font-family: Verdana, sans-serif;">This is going to be interesting. I suspect there will be a middle ground found. We already have laws regarding copying someone's design. The question will be around "fan" work, and the ability of folks to be able to check for copyright and patents easily. AND, it will be up to the copyright/patent holder to hire lawyers and take people to court. So, if you don't have the cash, you won't be able to defend yourself from people copying your design.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><a href="http://readwrite.com/2013/02/20/3d-printing-will-be-the-next-big-copyright-fight">http://readwrite.com/2013/02/20/3d-printing-will-be-the-next-big-copyright-fight</a></span><br />
<br />
<span style="font-family: Verdana, sans-serif;">And once the 3D printing designs are out on the Internet, it is going to make it even more challenging to protect your own designs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Chris</span><br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7417551381844298245.post-56860108626335650252013-02-14T08:46:00.003-08:002013-02-14T08:46:40.499-08:00Top 10 Reasons Valentines are Like Passwords<span style="font-family: Verdana, sans-serif;">Valentines are like passwords, or is it passwords are like Valentines. I'll let you decide. These are pretty good. </span><br />
<span style="font-family: Verdana, sans-serif;"><br />
<a href="http://www.okta.com/blog/2013/02/top-10-reasons-valentines-are-like-passwords/">http://www.okta.com/blog/2013/02/top-10-reasons-valentines-are-like-passwords/</a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">My favorite is: </span><span style="background-color: white; font-family: Helvetica, Arial, sans-serif;"><b><i>No one wants to change them when things are working</i></b></span>Unknownnoreply@blogger.com0