It took me a long time to think of an appropriate title for this post. I didn’t want to upset anyone by calling their products ‘consumer grade’ when that’s not how they’re marketed, and I couldn’t think of a way to say ‘disk arrays that aren’t made by Oracle, HP, IBM or NetApp’ that didn’t somehow denigrate the competition. I toyed with ‘sub-prime’ but that has other unfortunate connotations 😛
Month: September 2011
(This is a bit of a rant. There may well be more rants to come.)
If you say to a security professional, ‘I’m going to run my ssh daemon on an unusual port for security reasons’, you’d better stand back and wait for the gasp. *gasp* they say! That’s just security through obscurity, which is no security at all! Shut down your servers and turn the lights off on the way out, you worthless collection of mucus.
‘Security through obscurity’: it even rhymes, which means that it joins the list of empty phrases that sound like they carry authority but actually don’t. ‘It’s Adam and Eve, not Adam and Steve!’ ‘White is right!’ Ohhh I seeeee: there was me thinking you were just a bigot, but your argument rhymes, so it smartly trumps anything I could possibly say!
(like my previous post, this process is reconstructed from memory and a judicious amount of diffing… so there may be bits missing)
Call me paranoid, but I’ve always been nervous about my home wireless network. I know that WPA is supposed to be reasonably secure (my router, a Netgear DG834Gv2, doesn’t support WPA2), but the lack of logging makes me worry that I really don’t know who might be having a go at it. I do all the right things to secure it — strong password, MAC filtering — but still I worry that someone might sit outside my house downloading something that could get me prosecuted. (and yes I know that MAC filtering isn’t strong security but it will defeat a casual would-be intruder).
I’m slowly thinking of things that I’ve hacked together over the years that might be of interest or use to others, and this one is next on the list. I’ll say at the outset that there might be things missing here as I’m having to reconstruct the whole process from memory.
When registering for websites that you might only use once or twice, or where you don’t particularly trust their privacy policy, an throwaway email address is particularly handy. If they start to abuse it, or it leaks or is stolen, you can just discard the address. There are services like Sneakemail that will do this for you, but being a bit of a control freak I wanted something that I could control. Like many others I have a vanity domain and my own mailserver, which runs on a Linux virtual private server provided by the brilliant people at Bytemark (who get a well-earned plug!).
This technique can be used to find out if any SNMP-enabled device has something interesting to share, but here I concentrate on VMware ESXi 4.1. No idea what the deal is with earlier versions.
There are quite a few blog posts out there describing how to enable the SNMP daemon on ESXi (this rather well-written one is the one I used). However, the only information I’ve found says that the only data available is in the standard MIBs supported by most devices, giving information similar to netstat. If that’s all there was, it ain’t particularly useful.
I’ve been toying for a while with the idea of publishing any useful little tidbits of information I come across, so if I can be arsed, this is where they’ll appear.
Of course, far more likely is that I’ll forget about this blog and it’ll go the same way as my last attempt at blogging (c2003, can’t even remember the URL)…