Tuesday, June 26, 2012

More things to worry about

RSA SecurID 800 tokens appear to be compromised along with other brands. This month has been crazy on the security exploit and malware side of the house. There has been a rash of new and very interesting exploits and some pretty fun new malware. Earlier this month we also saw the boat get rocked, per say, when we learned of an exploit for hypervisors. Now a hypervisor attack has always been the holy grail of theoretical attacks right behind hard tokens, but before this month it was just that, theoretical. If the hypervisor attack proves to be true and left un-patched, this could nullify a lot of cloud deployments. (reference)

And it even gets more scary. Today, once again, we get to worry, really worry. The objects we have come to rely on for real secure authentication, hard tokens, are proving to be vulnerable in under 9 minutes of hacking.  Today we learn that the RSA SecurID 800 along with a few other brands of tokens have been exploited. (research paper)

Saturday, March 10, 2012

How to compile CRRCSim v0.9.12 for Mac OSX 10.7.3

-->
CRRCSim is an RC model-plane simulator (http://sourceforge.net/projects/crrcsim/) for Linux that allows you to fly planes with not only your mouse/keyboard/joystick, but also with your RC plane transmitter.  See my next post for how to get your RC plane transmitter talking to your Mac and CRRCSim.  Now compiling and getting CRRCSim to run on a Mac is a bit tricky so let me walk you through the steps.  

Step 1: You will need to install XCode if you have not already

Step 2: You will need to install MacPorts and then some Linux libraries from MacPorts that are not included with MacOSX by default

> sudo port install plib
> sudo port install jpeg
> sudo port install portaudio
> sudo port install libsdl

Step 3: Download the source code for CRRCSim from sourceforge.net and unpack it:

> cd $HOME/Downloads
> tar xzf crrcsim-0.9.12.tar.gz

Step4: You will need to edit src/mod_misc/filesystools.cpp to make the search path work right for MacOSX.  Here is a diff file that will allow CRRCSim to be launched via the Finder or via the command prompt.

187c187,189
<     std::string s = "/Library/Application Support/" + appname;
---
>     // Bret
>     //std::string s = "/Library/Application Support/" + appname;
>     std::string s = "./crrcsim.app/Contents/Resources";
193a196,211
>
>     std::string s1 = "./Resources";
>     if (dirname != "")
>       {
>          s1.append("/");
>          s1.append(dirname);
>       }
>     pathlist.push_back(s1);
>
>     std::string s2 = "../Resources";
>     if (dirname != "")
>       {
>         s2.append("/");
>         s2.append(dirname);
>       }
>     pathlist.push_back(s2);

Step 5: Configure, Compile, and Install CRRCSim

> cd $HOME/Downloads/crrcsim-0.9.12
> ./configure CPPFLAGS="-I/opt/local/include -DAPIENTRY=" LDFLAGS="-L/opt/local/lib -lintl -framework OpenGL" --prefix=$HOME/crrcsim.app
> make
> make install

Step 6: Fix up the directories to be MacOSX like

> cd $HOME/crrcsim.app
> mkdir Contents
> cd Contents
> mkdir Frameworks PlugIns Resources SharedFrameworks
> mv ../bin MacOS
> mv ../share/crrcsim/* Resources/
> mv ../share Resources/
> rmdir Resources/share/crrcsim/
> mv Resources/share/doc/crrcsim/* Resources/share/doc/
> rmdir Resources/share/doc/crrcsim/

Step 7: Add the Icon file from the source tree.  NOTE: if you download the tar.gz tar ball then you will not have the MacOSX icn file.  You need to get this from the source tree itself.  It is called: crrcsim.icns and you need to put it in $HOME/crrcsim.app/Contents/Resources/

Step 8: Create the Info.plist and PkgInfo files in $HOME/crrcsim/Contents/ see the following web sites for more details.  I will include samples below.  (https://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/ConfigFiles.html)  and (https://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/ConfigApplications.html)

NOTE: Don't copy the HTML pre tags in this textarea.



Step 9: Copy the crrcsim.app directory over to your /Applications/ directory and have fun playing the RC plane simulator.   I will post more details about making a disk image at a later time.