Category: HowTo’s

Towards An Objective and Scientific CFP Methodology

scientistsI, like many in the information security industry, submit talks to a number of conferences every year. The more conferences I submit to, however, the more apparent it becomes (at least to me) that a more scientific approach to the call for papers/proposal (CFP) process is required to reduce bias. I’m not saying that any or all of the CFP committee participants, or the conference itself, is guilty of malicious or intentional bias. Science has shown that there will always be irrational cognitive biases, whether intentional or not, that affect our decision making process. In a CFP process this could manifest itself as bias towards any number of things such as a particular topic, an individual’s past, sexual orientation or identification, company or industry affiliation, and even the grammar of the submission itself.
I see the CFP process as a reproducible experiment. As such, an experiment of this nature requires a number of things to be conducted successfully in a measurable and repeatable fashion. The following list of ideas are the result of a personal brainstorm of what I would like to see included as a part of the CFP process (in no particular order):

Continue Reading

Quick fix for Ruby after Xcode 5.1 update

If you’ve recently upgraded XCode to 5.1 on your OS X workstation/laptop you may have run into the following error when trying to install or update a gem:

root# gem install shodan
Fetching: json-1.8.1.gem (100%)
Building native extensions. This could take a while...
ERROR: Error installing shodan:
ERROR: Failed to build gem native extension.

/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/bin/ruby extconf.rb
creating Makefile

make "DESTDIR="
compiling generator.c
linking shared-object json/ext/generator.bundle
clang: error: unknown argument: '-multiply_definedsuppress' [-Wunused-command-line-argument-hard-error-in-future]
clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
make: *** [generator.bundle] Error 1

Gem files will remain installed in /Library/Ruby/Gems/2.0.0/gems/json-1.8.1 for inspection.
Results logged to /Library/Ruby/Gems/2.0.0/gems/json-1.8.1/ext/json/ext/generator/gem_make.out

As discussed here the reason for this sudden error is found in the Xcode Release Notes:

The Apple LLVM compiler in Xcode 5.1 treats unrecognized command-line options as errors. This issue has been seen when building both Python native extensions and Ruby Gems, where some invalid compiler options are currently specified.

According to the blog post it seems that the newer version of the llvm compiler shipping with Xcode 5.1 is a little more restrictive when it comes to warnings. Furthermore it says that:

Projects using invalid compiler options will need to be changed to remove those options.
That is, developers should not expect this change to be reverted in the future.

It turns out that the temporary fix, until everyone updates their gems, is to run the following command instead of the usual gem install command:

root# ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install gem_name

For example:

root# ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install shodan
Building native extensions. This could take a while...
Successfully installed json-1.8.1
Fetching: shodan-1.0.0.gem (100%)
Successfully installed shodan-1.0.0
Parsing documentation for json-1.8.1
Installing ri documentation for json-1.8.1
Parsing documentation for shodan-1.0.0
Installing ri documentation for shodan-1.0.0
2 gems installed

There you go. Hope it helps.

Facilitating Fluffy Forensics – Part 1

Forensics_8_featuredI’ve always known that CloudPassage Halo could help facilitate forensic acquisition in cloud environments but we’ve been missing the ability to acquire disk images from target servers in a reliable, repeatable, and free manner.

After reading Ken Pryor’s excellent NBDServer blog post on Wednesday, April 10th, and while preparing for my SOURCE Boston 2013 talk entitled Facilitating Fluffy Forensics, I found myself wondering if the tool might help with investigations in public cloud environments.

Continue Reading

Scroll to top