I have just tonight received the email I have been waiting for from Sony in regard to there PSN “Outage”. As you are all probably aware the PSN has been down for a week now and looks like it will be down for at least another week. It would appear that Sony have managed to loose there entire user database to an intruder. the only think they seem to have protected is the security code for credit cards though they are not finished investigating the breach so there is time yet…

The one thing that has struck me is that they have lost all the users passwords… Now this is quite alarming in a number of ways. Firstly let me note the two options I see there being for the loss of passwords as described by Sony (which is vague at best):

1. The passwords were stored in the clear (not protected by a hash) and were in the same databases that have been taken. Or.

2.The passwords were stored in a database that was compromised but they were hashed password.

Now if option 2 is the case I can only guess that there is some worry that the hashing method used is not very strong I.E. a known algorithm with no salt. This would be bad but excusable.

I fear however that Sony have kept the passwords in the clear. This is inexcusable. IF this turns out to be the case I dare say the protection of the credit card security codes will be as equally poor.

I will await the full disclosure of this incident before I decide weather to leave the PlayStation platform for good.

Here is my take on the single line word press upgrade I saw at hack a day.
The bellow will download the latest version and unpack it. IT then removes the new plugins and themes as to not over wright your installed ones. IT then copies the new install over the old one and resets the permissions on the files.
wget http://wordpress.org/latest.zip && unzip latest.zip && rm -rf ./wordpress/wp-content/ && cp -r ./wordpress/* ../

You may need to change the paths for your installation but this should work quite well.
As allways take a backup before you run this just in case.

The live feed for the MacWorld keynote from MacRumours was hacked today. This hack also took down there regular site. From the text that was in replacement to the keynote info (provided by thoes that had hacked the site) it seems that access to the server controle pannel was hacked allowing access to the hole system. It also apeared that more than one hacker had had ago at the system as conversations emerged in the streem. At one point it seemed that other users of the site were also able to contribute as requests to stop were also included in the streem as well as info from other streem providers. Not a good day for MacRumours.

I have ordered my key now will be with me in two weeks so I can have a proper play then. But I have been thinking. This device doesn’t work if you can just buy one anonymously and create an identity with it and use it for authentication. All it is really good for a single user is for adding to existing accounts on systems and using the key as a single authentication device through the central auth system (openID). Other than that the key needs to be issued by a party and tied to there system and issued in a way so that it is securely placed into the hands of the correct owner for multi factor authentication. in this method for each system you need authentication to you would need a separate key ie for access to a bank account with one firm and access to a credit card held by another firm. One key will not do all. What this system needs is a central authentication system that can be trusted to some level. A bit like Thawte did with ssl certs all those years ago.

Ok I have just herd about the new authentication device from Yubico it is called the Yubikey and it is verry simple it is a usb keyboard in a pen drive that sends a single instance key for authentication anyway I am pressed for time at the mo and this Portugees keyboard is all wrong. But the top and the bottom is havea look it is all opensource they just sell the hardware I have bought mine to play with. you should too. I will postmore when I have had a play but read theresite is is verry cool in the way that it works.

Last FM is the well not new but now legal play what you want internet radio station. And it has its own client so you can play outside of the browser. This is a feature I have always wanted from Pandora. On top of that the client comes in several flavors Windows Apple and Linux and if you use a Debian derivative distro you can install and maintain via apt. Very impressive.

Pandora the custom internet radio company, will be blocking the UK from accessing the station as of the 15th of Jan 08. This is due to licensing issues with the music companies not going well. The UK was the only country out side the US that was able to get the system and there was some thought that the UK would let the add based company stream there radio. But this is not to be the case. There is also concern that the station might be forced off the wires in the US as well in the future. If you haven’t used Pandora before I urge you to have a look before you are unable to again.

Yet another nail in the media revolution coffin. Lets hope Jobs will cheer every one up next week.

The lost casts guys are back on the wire just before series 4 starts to air in the US. Cant wait to hear more from them. Also I just wanted to link this guy not that he isn’t popular enough or that linking him here will help. Johnny has done some really cool projects over the years more recently he has done alot with the Wii Mote that mos people will have seen all over the net. but I think that some of his other projects are of possibly greater note have a look.

I have also recently moved to another new server with more power and before it was really commissioned we purchased its replacement well this server will become a fail over node but that isn’t important. And we are now running ISPCP in anger. we have had to make several changes to the system to make it work the way we need and want it to but nothing to dramatic.  More info on ISPCP issues to follow.

Secondary DNS is a bit of an issue that is yet to be sorted fully in ispCP but if you want to do some hosting with it it is a requirement. So here is the documentation of the way we have implemented secondary DNS within ISPCP.

Here is a little diagram of what we are trying to achieve.

the servers go here.

The Master server is an ispCP box running several domains.

The Secondary server can also be an ispCP box with its own domains on or it could be just a bind server just for secondary DNS.

The Tertiary server is the same as the secondary server.

The zones for the domains running on Master are created automatically on the Master server but need to be transferred to the other two servers. Here is steps that we took to achieve this.

First off we need to create a user on all of our servers that will be used to do the transfer.
useradd -g bind -m -p password dnstrans

This will add a user called dnstrans in the group bind.

Next we need a script that will make the config file for the secondary servers this needs to be edited differently from the master servers config file. We found a script that was written to do the job but we found it not to work quite right. Here is a copy of our script.

#!/bin/bash
# Replace "x.y.z.w" with the IP address of your master DNS
MASTER=x.y.z.w
DB_PATH=/var/cache/bind/
user=dnstrans
group=bind
file=/home/$user/`hostname`sec
echo "#start" > $file #empties transfer file
pushd $DB_PATH # changes to directory path and stores pwd
#ls -1 *.db | awk -v m=$MASTER -v path=$DB_PATH '{ print gensub(/(.*)\.db/,"zone\"\\1\" { type slave; file \""path"/manual/\\1.db\"; masters { "m"; }; };", g,$9); }'
ls -1 /var/cache/bind/ |gawk -v m=$MASTER '{print gensub(/(.*)\.db/,"zone \"\\1\" { type slave; masters { "m"; }; file \""path"\\1.db\"; };",1) }' >> $file
chown $user.$group $file
popd # pops back to pwd

Place this script in /usr/local/sbin/trans. It will also need to be made executable with the following

chmod +x /usr/local/sbin/trans

This script will output a file the the dnstrans home called “xxxsec” were xxx is the host name of the master DNS server that has created this file. This will be the file that we need to transfer to the secondary servers.

Next we automate the creation of this file every hour using crontab.

crontab -e
02 * * * * /usr/local/sbin/trans

This will run at 2 minuites after the hour every hour.

That is it for the master server next we need to configure our secondary servers.

We have to pull the file that has been created to our secondary server with this script.

#/bin/bash
cd /etc/bind/
wget ftp://dnstrans:password@master.server.tld/betasec --passive-ftp #download the zone file
rndc reload #reload the dns domains

We also need this file to be placed in /usr/local/sbin/getdns and it will need to be made executable.

chmod +x /usr/local/sbin/getdns

This will pull the file to the secondary DNS servers /etc/bind/ folder. Next we need to edit the secondary DNS servers config to include the new file this is done with this command.

echo 'include "/etc/bind/hostnamesec";' >> /etc/bind/named.conf.local

Last off we need to automate the pull of the file this is done with a cron job on the secondary server as bellow.

crontab -e
09 * * * * /usr/local/sbin/getdns

This job will run at 9 minuites after the hour every hour.

John has also done a wright up of this project and as he did most of it his is probably better than mine so here is the link to his.

I just had to post these links as I found them tonight and they are quite scary in the way they put info together to get an interesting picture of people. First up is http://centralops.net/ This site can give you some detailed info on domains well worth a try but not just whois it can also do a server scan. Then there is this http://serversniff.net/ way to much info from a server than is healthy. And finally there is this http://www.paterva.com/web/Maltego/ which puts it all together and joins up the dots and the gui when available is really sick.