Saturday, November 28, 2009

What's so sacred about 140 characters?

Why 140 characters? The obvious answer, which I'm sure you know, is so that a tweet can fit into the 160 character limitation of an SMS text message. In other words, the Twitter user name (which can be up to 15 characters) followed by the 140 character tweet can all be packaged nicely into a single SMS text message.

Which begs the next question: Why restrict a tweet to the limits set by SMS when this is the World Wide Web? One of the "limitations" of e-mail and the Web is that you need Internet access for connectivity. In developed countries, we take Internet connectivity for granted. Having spend some time living in East Africa I was amazed to see how important SMS was to the locals who don't own computers, printers, or even have an e-mail address. But, nearly all of them had pre-paid cell phones and they used SMS just like we use e-mail (they also had trivial SMS to e-mail and e-mail to SMS bridges).

Additionally, their cell phone networks have features which I wish we had here in the US. Basically, people in developing countries have substituted the computer, printer, and Internet with the cell phone, fax, and the carrier's wireless network. This is how most of the world gets "online" with technology.

Imagine if Twitter didn't just go after the consumer market who own computers and smart phones with Internet access (I'm guessing about one billion people), but, instead, what if Twitter went after every person on the planet who's an active cell phone subscriber (which will reach 4.6 billion by the end of 2009). Now, that would be a fantastic communications tool!

Tuesday, November 17, 2009

Script Kiddies SSH Attack Solution

Are you tired of seeing attacks against port 22 (SSH) on your public servers?

The attacks generally look like the following log snippet which is a simple dictionary attack (usually against root or admin).


Nov 15 07:41:58 static-171-163-154-171 sshd[5470]: Failed password for rootfrom 68.152.76.202 port 50818 ssh2
Nov 15 07:41:58 static-171-163-154-171 sshd[5472]: Invalid user password from 68.152.76.202
Nov 15 07:41:58 static-171-163-154-171 com.apple.SecurityServer: authinternal failed to authenticate user password.
Nov 15 07:41:58 static-171-163-154-171 com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.


You could try reporting the offending IP address, but the attacking computer will frequently turn out to be a compromised Windows machine owned by grandma and grandpa.

Solution
Your best bet, after ensuring that you're using a strong password, is to have SSH listen on a port other than 22, such as 8080. Since port 8080 is usually used as an alternative to port 80, attackers will try using the http protocol to exploit it, which will fail before the attack even has a chance to begin. At this point, script kiddies will move along since there are so many other servers, with vulnerabilities, to choose from.