“I’ve been circumventing antivirus systems today.” His eyes glistened when my colleague Mattias told me this during the latest after-work get-together. It’s not as strange as it sounds. All our clients have antivirus systems, and they are a natural part of penetration tests.

Traditional antivirus systems collect large numbers of so-called signatures of malicious code, which they then compare with the files on your computers. This approach is called blacklisting. It worked reasonably well in the past, but is becoming increasingly difficult for several reasons.

Firstly, the number of known viruses is increasing exponentially. As soon as they are modified just slightly a new signature is needed. Secondly, there are more and more black hats hacking for a living. When they discover new security holes or develop their own code, they use the information in targeted attacks. In the old days they manufactured viruses that were dispersed on a large scale and could be captured and analysed. Now they keep the knowledge to themselves. This means there is more and more malware circulating on the black market.

Most antivirus systems nowadays look not only for signatures but also for suspicious patterns and behaviours. The result is better, but the fact remains that they are still looking for things they know about.

In summary, traditional antivirus systems can only ward off script kiddies and viruses that make use of known methods. They are important for hygiene, but cannot prevent advanced hacker attacks. Moreover, different antivirus systems are good at different things but do not always work if installed together on the same machine.

More recently, a method called whitelisting has come into focus. Instead of trying to find every malicious program, only a certain number of programs that do the right things are accepted. The downside of this technology is that it requires a finely tuned database that suits precisely your system without interfering with business operations. The advantage is the much lower chance of targeted attacks being successful.

Unfortunately there is no single antivirus program that solves the problem of malware. First you have to decide what information is worth protecting. Then, you need a well thought out strategy that includes several different types of protection: antivirus programs, firewalls, intrusion detection systems and possibly whitelisting of applications. Nor is it wrong to have several types of anti-virus software installed on different computers. Since a large proportion of corporate information is held on mobile devices, extra thought must be given to these.

But above all, we must remember that security is so much more than just antivirus software. An individual security mechanism can always be circumvented. It is the whole picture that really matters.

Share/Bookmark

Attending:

• Tim Samoff / timsamoff
• Iván Gálvez Junquera / ivgalvez (via chat only)
• Rob Bauer / SD69 (via chat only)
• Cosimo Kroll (zehjotkah)

Appoint maemo.org administrators (or, if someone steps in):

• Possibly ask Reggie to take over admin of maemo.org.
  • How much would he charge?
  • Other NDA-restricted info discussed pertaining to transfer and administration of maemo.org infra from Nokia to the community (recorded elsewhere).

Further maemo.org infra:

• Other NDA-restricted info discussed pertaining to maemo.org infra(recorded elsewhere).

Bank account and fundraising:

• Cosimo will research banking options for the Board/community.
• Iván has received an email offering to put ads on maemo.org.
  • It could be a possible solution for TMO if Reggie wants to keep it independent of maemo.org.
• Cosimo: Opinion that the community should run on donations; so no ads.
  • Others agree: no ads on maemo.org.
• Will investigate possibility of commercial “sponsors” (preferably OSS companies).
• Other NDA-restricted info discussed pertaining to community funding (recorded elsewhere).

Foundation website/servers/hosting:

• We need administrators (volunteers).
• Still need to get domain from Niel Nielsen (nieldk).
  • This has since been resolved.
• Some discussion about who should “own” or “hold” the domain name(s) and hosting.
  • Tim will take care of gaining domain and setting up hosting/website in Foundation’s name.
  • Hildonfoundation.org site will point point to maemo.org.

Meeting concluded.

Here's something obvious (and I'm sure it has been discussed before, I just can't find the link right now), but it might be helpful if you haven't played around with SSH much yet, and your Wi-Fi Hotspot isn't working (the case for me right now). The goal is to get an internet connection over your N9/N950 from a PC (tested with Linux, expected to work with OS X and probably also works on Windows - on Windows you might need something like PuTTY).

1. Enable developer mode on your device
2. Connect your device to your computer via USB
3. Select "SDK mode" when asked for the USB connection type
4. Use the SDK connection utility, and select USB connection
5. Note the password displayed in the "Connectivity Details" screen
6. On your computer, use "ssh -D 9898 developer@192.168.2.15"
7. Accept the host key question, and enter the password from step 5
8. You should be greeted by a Busybox prompt "/home/developer $" - leave that open in the terminal window in the background
9. At this point, a SOCKS proxy server is running on port 9898, and you can use it in any applications supporting a SOCKS proxy (there are even utilities like socksify(1) (Debian package: dante-client) that make generic network applications work through a SOCKS proxy)
10. To use it in Firefox, go to Edit - Preferences - Advanced - Network - Settings..., then choose "Manual proxy configuration" and set "SOCKS Host:" to localhost and port to 9898 (be sure to disable the proxy again when you want to browse via a normal Wi-Fi/Ethernet connection)

Instead of doing steps 4 and 5, you can set up a permanent password for your "user" account on the N9, and even set up a SSH key on the N9 to avoid having to enter the password. You can make step 6 simpler by adding an entry to your ~/.ssh/config file (on your host) - see ssh_config(5) for details:

Host n9proxy
    HostName 192.168.2.15
    User developer
    DynamicForward 9898

After that, a "ssh n9proxy" (possibly followed by the developer password) is all you need to set up the proxy. This method is arguably easier (and definitely safer) than using the Wi-Fi hotspot, and instead of using up battery on your N9, it gets charged via the USB port while you are using it.

By the way: You will have to manually connect your N9 to your mobile internet connection, this won't happen automatically.

Cybercom has signed a partnership with Liaison technologies, a global provider of secure cloud-based integration and data management services and solutions. Cybercom will resell and deploy Liaison´s Tokenization solution, Liaison Protect, in the Nordics and Eastern Europe.

In the back of my head I’m remembering something about how music can affect car drivers in traffic (sorry, I can’t be bothered to actually look for a reference at the moment). I’m curious if this might be true for testers as well!

So if there happen to be a project leader or similar out there that would like to try this little experiment I would be very happy to see the result from it. Try and play nice and calm music (like Enya and stuff like that) for a couple of days, then try a lot harder and faster music (any heavy metal will do I  guess). At the end of the experiment try and see if either music actually made the testers find more defects; broke the software/hardware more often or perhaps made the developers cry randomly…

I think this would be an awesome experiment!

Share/Bookmark

Front Page

Open Letter from the Hildon Foundation Board

The newly elected Hildon Foundation Board have published an open letter to the community about the direction they have started to take. "At this point, the first Board meeting minutes have been published for public review. As we hope you'll see, it is nothing but the Maemo Community's best interests that we are concerned with. In fact, the entire reason for the Hildon Foundation to exist is so that the" The encouraging opening continues into a bit of the history behind the community starting with the community council and describing where the Hildon Foundation Board fits into the picture. The board maintains its roots, stating it will conduct business in "an open source manner" both in the board-specific meetings and communication with the community.

Read more (maemo.org)

In this edition (Download)...

1. Front Page
   • Open Letter from the Hildon Foundation Board
2. Community
   • UK Qt meetup in Birmingham this evening

Hey Aaron. I mostly agree with your post. I don’t fully agree, however, with “We needed Android because we couldn’t do it ourselves”:

Mostly Qt (and also KDE) developers, and some GNOME developers who where still left developing for Nokia since the N900 and earlier, made the Nokia N9 Swipe phone. Technically the product is a success; look at the N9′s reviews to verify that. Marketing-wise it’s sort of a failure due to, in my humble opinion, a CEO switch at the wrong time and because he didn’t have enough time to learn how good the phone actually was. But even without much marketing, the product is being sold as we speak.

I do agree if you mean with your blog post that for example the N9 happened thanks to local leadership. The leadership that made it happen was employed at Nokia though, and not really a person in either the Qt or the GNOME camp. Rather a group of passionate leadership-taking people at Nokia.

It might have contributed that these technical leaders didn’t see how strong they could have been together during the CEO switch, at the time when Ari Jaaksi left Nokia as soon as Stephen Elop’s plans became clear. I’m not sure.

I think what we can learn from the episode is to put more trust in the person, and the leadership-taking people, who lead the next product developed the way the N9 was developed. Give those people more time onstage at open source conferences.

I’m also sick and tired of Free Software being inefficient and self-destructive due to internal schism. It’s one of the reasons why I’m not working much on Free Software nowadays. As I’m not much of a leader myself, I silently hope some local leader would change this. Maybe somebody at Digia? Jolla? If I can help, let me know.

By Tim Samoff, Hildon Foundation Board Member.

Dear Maemo Community,

Minutes for first Hildon Foundation Board meeting. VoIP meeting held on Google Hangout. Attending: - Randall Arnold / texrat - Tim Samoff / timsamoff - Ivan Galvez / ivgalvez - Robert Bauer/ SD69 - Craig Woodward (intermittent) / woody14619

Hildon Foundation, Meeting 1 - November 3, 2012

====================================

+ Note:
- Technical Issues persisted via Google Hangout: only Randy, Ivan and Tim had voice capability. Others participated via chat.

+ Public Meeting Minutes?
- Tim: Yes
- Randy: Some private; some public
- Ivan: Are they required?
- Rob: n/a
- Craig: They should be public, with exceptions of criticalinformation/NDA.

+ Bylaws, version 7
- Bylaws unanimously approved by all Board members.

+ Board Officers
- Chair: Randall Arnold
- Secretary: Robert Bauer
- Treasurer: Currently, Tim Samoff
> Proposed to ask Cosimo Kroll/zehjotkah to occupy this role.
~ Cosimo has agreed to take the position and will be appointed at the next Board meeting.)

+ Bank account?
- Find out about bank account (ask Niel Nielsen/nieldk).

+ Meeting schedule
- VoiP every two weeks?
- IRC meetings (Board Business) every two weeks & VoiP meetings(Official Board Meetings) monthly?
- Will schedule regular meetings on Google Calendar (which will also create a permanent Hangout for the Board).

+ Transitioning tasks from Council to Board. Separation of current tasks.
- Ensure Council remains communication conduit for community.
- Board organizes operational decisions.
- Board needs an official statement for Board responsibility withcommunity.
> Ask Craig Woodward about maemo.org channel(s) of Board communication.
~ After the meeting, Ivan asked X-Fade to set up the same mechanism that Council is using for communication. In the meantime, Council account can be used.

+ Funding activities:
- Nothing to report at this time.

+ Private session concerning some NDA-protected issues (recorded elsewhere).

+ Infrastructure problems:
- To be discussed via email.

+ Meeting concluded.