Archive for the ‘IT-security’ Category

The tftpd-server is included in Mac OS X but is not loaded by default.
The configuration-file is found in the LaunchDaemons directory /System/Library/LaunchDaemons/tftp.plist.
I’ll step through the whole process to get the TFTPd server up and running.

We will first have a look at the configuration file (use your editor of choice, I use nano):
$ sudo nano /System/Library/LaunchDaemons/tftp.plist


There are a couple of arguments which I want to add here and I’ll explain why. The first one I would like to add is logging to syslog.

Inside the span of <array></array>  just after <key>ProgramArguments</key> add:
<string>-l</string>

If you want extra verbose logging add the following
<string>-d</string>

We want to add some security by chroot:ing to the specified directory (/private/ftpboot in the xml-file displayed above) upon startup.
<string>-s</string>

Start the tftp daemon.
$ sudo launchctl load -wF /System/Library/LaunchDaemons/tftp.plist

The –w switch tells launchctl (same as launchd but takes arguments) to change the Disabled-key to true. The –F switch forces the loading of our plist-file, even though the key is set to “Disabled”. This all means that we will be able to pass our plist-xml-file without getting an error telling us “nothing found to load”.

We can check that our tftp is running by using the lsof-command:

$ sudo lsof –i:69
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
launchd 1 root 77u IPv6 0x08adc8ec 0t0 UDP *:tftp
launchd 1 root 89u IPv4 0x09bfeb2c 0t0 UDP *:tftp

or by using netstat

$ sudo netstat –a | grep ‘tftp’
udp4 0 0 *.tftp *.*
udp6 0 0 *.tftp *.*

Your tftpd should now be up and running. Remember, you may only upload files which are already created and which you have write access to (or you will get an “Access violation” error in both cases).

In the example displayed below I first create a text-file in our tftpd-directory /private/tftpboot with the contents of “testserver”. I then switch to my home directory and create another file called test.txt with the contents of “testclient” this is to illustrate that the tftp actually works once we get everything up and running.
In this example we get an access denied error, due to our file-access permissions not permitting us to write to the file.

$ cd /private/tftpboot
$ echo testserver > test.txt
$ cd ~
$ echo testclient > test.txt

$ tftp localhost
tftp> trace
Packet tracing on.
tftp> verbose
Verbose mode on.
tftp> put test.txt
putting test.txt to localhost:test.txt [netascii]
sent WRQ
received ERROR
Error code 512: Access violation
tftp> quit

We set our permissions so that the file becomes writable
$ chmod 666 /private/tftpboot/test.txt

Lets try it again:

$ tftp localhost
tftp> trace
Packet tracing on.
tftp> verbose
Verbose mode on.
tftp> put test.txt
putting test.txt to localhost:test.txt [netascii]
sent WRQ
received ACK
sent DATA
received ACK
Sent 12 bytes in 0.1 seconds [960 bits/sec]
tftp>

Now lets try to get the file.

tftp> get test.txt
getting from localhost:test.txt to test.txt [netascii]
sent RRQ
received DATA
Received 12 bytes in 0.0 seconds [inf bits/sec]
tftp> quit

If everything works, both our test.txt files which previously held “testserver” and “testclient” should now hold “testclient”.

$ cat /private/tftpboot/test.txt
testclient
$ cat ~/test.txt
testclient


We are up and running.
If we want to shut down the tftp daemon we execute the following command
$ sudo launchctl unload /System/Library/LaunchDaemons/tftp.plist

Check that the daemon isn’t running anymore
$ sudo lsof –i:69
$

More information on tftpd for Mac OS X:
Enter “man tftpd” (without quotes) in a terminal window or visit
http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/tftpd.8.html

VMWare and RSA just released a best practice guide for security in a cloud environment. The guide is 17 pages in total and should be seen as an overview of

trust-, encryption and authentication related issues in the cloud. It is not a in-depth implementation guide.

Download link:

http://www.rsa.com/innovation/docs/CLWD_BRF_1009.pdf

Solid oak software accuses Jinhui Computer Systems Engineering of stealing parts of its ”Cybersitter” software and claiming it as their own for use in the upcoming Internet censor campaign in China.
The US-based firm Solid oak software is now preparing to battle Jinhui (they probably won’t have any luck getting Chinese courts to stop Jinhui ) by getting US courts to prohibit american computer manufacturers from selling computers with Jinhui’s software on them.

More on this story here: http://blogs.channelinsider.com/secure_channel/content/data_security/us_firm_accuses_chinese_of_stealing_web_filtering_software.html

And there is already a public exploit available for exploiting Jinhui’s ”Green Dam”: http://milw0rm.org/exploits/8938