FreeBSD and GNU/Linux system administration

We are seeking volunteers who are proficient in managing FreeBSD and GNU/Linux systems. Ideally the candidate will be familiar and comfortable setting up and using common monitoring tools, log management applications, backup/restore solutions, database administration, system auditing processes, configuration management and light programming duties using shell or interpreted scripting languages. The ideal candidate should have extensive, remote distributed Unix system administration experience.

Software development

We are seeking volunteers who are proficient in developing various network and security tools. Competency with C/C++ a must. Ability to maintain, debug and learn other languages is desired. The ideal candidate should be capable of socket client and server programming with an emphasis on secure coding practices suitable for widespread public usage and release.

Malware analysis

We are seeking volunteers who are proficient in advanced static and dynamic malware analysis. Competency with common tools such as disassemblers and debuggers as well as x86 assembly instructions and programming a must. The ideal candidate should be capable of developing associated tools suitable for public use and security community release.

Digital media development

We are seeking volunteers who are proficient in creating original digital content including images and video suitable for publication online and in printed materials. An ideal candidate should have experience performing web development in a Unix environment.

If you can help fulfill one or more of the needs above, we want to hear from you. Please visit our Apply to DRG page and submit your application today!

pub   1024D/47196BBF 2009-06-17
      Key fingerprint = C90E 0C2A A629 DF49 959C  D04D 4426 3058 4719 6BBF
uid                  Dragon Research Group 
uid                  Dragon Research Group 
sub   4096g/BBA00357 2009-06-17

gpg-ring-check is currently a prototype. We have verified it works on a number of current Linux distributions, but have also verified it doesn't currently work properly on a current Mac OS X machine with GPGTools installed and also not with 2.x versions of GnuPG. We hope to provide an updated version in the future that will handle all the different operating systems GnuPG runs on as well as all versions of GnuPG. We'll also happily accept patches and fixes from the community.

Using this tool is as easy as running it on the command line without any arguments to get a usage message. Each option should be self explanatory. By default the script will look for a pubring.gpg file in ~/.gnupg/pubring.gpg directory, but you may specify an alternate location. If run with the -a option and a parameter specifying the number of days from the current date, it'll look for display the keys that are revoked, have expired or will expire within the specified number of days. The DRG uses PGP extensively and we find this tool helpful to help alert us to keys on our keyring that become unusable or are about to expire. We hope you too find this script useful. We'd love to hear from you with feedback.

The details of an implementation for protecting these messages with GNU Privacy Guard (GPG) is outlined below. GPG provides an easy way to send sensitive data across untrusted networks or to destinations that may have limited security controls. Look for more GPG tips from the DRG in the coming weeks and months!

A quick procmail recipe will empower us to do just that:

SUBJECT=`formail -xSubject:`
:0 c
*^To:.*root.*
|formail -I "" | gpg --trust-model always -ear "foo@example.org" | mail -s "$SUBJECT" foo@example.org

In case your procmail skills are a little rusty, let's walk through each line:

• The first line utilizes the formail binary to extract the subject of the incoming message and assign it to the bash variable SUBJECT.
• The second line creates a copy of the message that is used later in the recipe.
• The third line filters on messages that contain "root" in the To: field.
• The fourth line takes a copy of the message and pipes it through a series of command lines.
• formail -I "" will give us the message body without any of the original headers. This output is then piped to gpg.
• gpg then encrypts the message body. We utilize --trust-model always to prevent gpg about prompting for an untrusted public key. The -ear flags encrypt the message, create armored ascii output and utilize the specified e-mail address as the recepient.
• Finally, the output from gpg is piped to the mail command to send to the remote e-mail address.

When implementing something similar, you'll want to keep a few things in mind.

• Since the procmail recipe runs as the mailbox user, it is not wise to use the recipe on the root account. In fact, some MTAs will not let you pipe messages to commands that are run as UID 0 (this is the default configuration in exim4). It is best to forward root e-mail to a non-priveleged account for archiving and forwarding purposes. Use your /etc/aliases file to accomplish this.
• Ensure that you have local mail delivery enabled for your root account and the non-priveleged account that is handling the forwarding otherwise procmail will never see the message to process it.
• Procmail may not be enabled in your default MTA install. Enabling it should involve uncommenting a line or two in your MTA's configuration file.
• Finally, it should go without saying, but make sure the non-privelged account that does your forwarding has the proper public key in its keyring. If it doesn't, the procmail recipe will fail silently, leaving you scratching your head and digging through logs.

DRG loves to hear from the community. If you have any feedback, enhancements or fixes, drop us an e-mail or ping us on twitter.

Upon learning of NoScript's selection as this year's award winner, Giorgio Maone, the NoScript project leader thanked the selection committee for recognizing NoScript. "This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day." On his his personal blog hackademix.net, Giorgio went on to describe specific development plans and goals for NoScript in the coming months. Patrick Green, DRG Advisory Council Chair and Manager of Networks and Telecommunications at the University of Warwick, speaking on behalf of the selection committee said "It has been a great pleasure to be involved with this very important grant fund - we had a very strong list of candidates for the grant, and it was very difficult to chose a recipient. I'm personally pleased to congratulate NoScript, and help them to continue the good work they do helping end users secure their systems."

This year's award was entirely and solely funded by a personal donation from Robert O. Thomas III. The grant is expected to be awarded, on a yearly basis, to a project with the highest overall merit rating by an independent DRG review committee. The DRG is seeking award sponsors for future awards. If you would like to make a US tax deductible contribution to help sponsor future awards, please contact the Dragon Research Group by sending email to dragon@dragonresearchgroup.org.

The Security Innovation Grant is a one-of-a-kind program to help fund innovative information security projects. Administered by the Dragon Research Group, the winner of the award is chosen by an independent selection committee drawn from the DRG Advisory Council. The selection committee is supported by input from an independent review committee made up of industry experts from the information security community. Award candidate submissions are open to the public with the review committee evaluating submissions according to the award guidelines and project criteria. Further details about the award can be found on the Security Innovation Grant page.

The Dragon Research Group web site has been IPv6 connected since October 2010. Nearly 400 unique IPv6 addresses have accessed http://dragonresearchgroup.org since October 2010. Less than 5% of those that did so used both HTTP and HTTPS, the vast majority were HTTP only. For the month of June 2011 there have been over 2500 IPv6 unique HTTP GET requests from nearly 40 unique IPv6 sources thus far. The top 10 countries by the routed origin of the covering IPv6 prefix for those sources since 2010 accessing dragonresearchgroup.org were:

We have seen over 650 unique visitors to the DRG IPv6 test page. Of those, only about 5% actually came from an IPv6 source address.

The DRG Distro Network is a global monitoring network that contains UNIX hosts running application listeners for a few key well known services such as DNS, HTTP and SSH on otherwise unused address space. About one third of the DRG Distro Network has globally routed IPv6 addresses in almost ten different countries. As of today, all but one of the DRG Distro Network installations can successfully send ICMPv6 echo request messages to a well known remote IPv6 connected host and receive ICMPv6 echo responses. All DRG Distro Network installations with IPv6 connectivity are using a /64 network mask by default except for one that is a /126.

The DRG Distro Network has seen only a single IPv6-based SSH connection attempt from Japan. The DRG Distro Network has never seen a SSH password-based authentication attempt over IPv6. The DRG Distro Network has only ever seen a single 'HTTP GET /' request, also from Japan, but from a different source address than the SSH connection attempt. The DRG Distro Network has never seen any unsolicited DNS messages overs IPv6.

The DRG Distro Network has witnessed hundreds of thousands of lame delegation conditions involving IPv6-based DNS name servers. Lame delegation events occurr for a variety of reasons, including deficient IPv6 connectivity in the path between the DRG Distro Network resolvers and authoritative servers. In fact, over 99% of all IPv6-related lame delegations the DRG Distro Network sees are due to a network reachability issue. In some cases a DRG Network Distro pod that purports to have global IPv6 connectivity is actually unreachable by hosts outside of it's local network.

A key interest and long term objective for the DRG is to better understand IPv6 connectivity issues and to help develop tools and insight that better address the needs and challenges to manage the new network layer.

While the community celebrates World IPv6 Day and continues to roll out the next-generation IP protocol, we here at DRG are striving to help. Stay tuned for enhanced IPv6 insight from DRG over the coming months. In the meantime, we would love for you to help us do the research by joining DRG or running a pod.

We are especially interested in volunteers who possess the following skills:

FreeBSD and GNU/Linux system administration

We are seeking volunteers who are proficient in managing FreeBSD and GNU/Linux systems. Ideally the candidate will be familiar and comfortable setting up and using common monitoring tools, log management applications, system auditing processes, configuration management and modest shell scripting solutions to common tasks. Database administration experience is a plus.

IPv6 end host configuration and internetworking

We are seeking volunteers who understand IPv6 transition technologies, addressing and routing. Ideal candidates will have experience setting up and utilizing IPv6 on Linux and FreeBSD systems.

Technical writing

We are seek volunteers who have a breadth of information security experience, excellent written skills and a desire to publish research reports, white papers and refereed journal articles on behalf of DRG and its associated research. Ideal candidates will also possess web authoring skills.

Tool development

We are seeking volunteers who are proficient in developing small to medium sized security tools. Proficiency with Perl Python, Ruby, C, shell scripting and similar languages common to a UNIX platform are most applicable. The ideal candidate should be able to write small network applications, log parsing scripts, work with SQL databases and be generally capable of manipulating data to produce interesting insight. Web development skills are a plus.

Outreach and public relations evangelizing

We are seeking volunteers who are well connected in the security community and can help interface with the Internet community to bridge needs and projects between the community and DRG. Ideal candidates should be highly respected and frequent participants in various Internet security community forums, proficient with social networking applications and regular guests at in-person community events.

Follow us on Twitter

• 2012 (3)
  • June (1)
  • May (1)
  • February (1)
• 2011 (10)
  • December (1)
  • November (2)
  • August (1)
  • July (1)
  • June (2)
  • May (1)
  • April (1)
  • March (1)
• 2010 (4)
  • October (1)
  • August (1)
  • March (1)
  • January (1)
• 2009 (9)
  • December (1)
  • July (2)
  • June (1)
  • April (2)
  • March (1)
  • January (2)