Sunday, April 12, 2009

Painless, Distro-Agnostic Cisco Webex on Linux

For true cross-platform web conferencing, Cisco Webex is the only way to go. GotoMeeting only recently added OSX support, and Linux, forget about it?

My experience on getting it work with the built-in components on my Thinkpad... forget about it!

Ubuntu 8.0.4 worked sporadically and and on 8.10 Firefox crashed. Hard.

I Googled a bit and didn't find any quick workarounds, so I decided to try it the old fashioned way. So here is what I came up with to get it working reliably. I assume this works on other distros as well.

(All of this assumes you create another user for just webex so you don't corrupt your local .mozilla and .adobe files etc.)

Download Components

1. Get the tarball of Adobe Flash ( tested)
2. Download Firefox 3.x (3.0.8 tested)
3. Download JRE .bin installer (jre6u13-linux-i586.bin used)
4. Create a webex directory and move all of these to it
5. Uncompress them there


1. Remove ~/.mozilla and ~/.adobe
2. Run ~/webex-local/firefox/firefox then quit
3. Run the ./flashplayer-installer script
4. Run the java installer binary
5. Create the symlink for the java plugin within $HOME

ln -s ../../webex-local/jre1.6.0_13/plugin/i386/ns7/

Testing Webex

1. Run your local firefox
2. Confirm you can execute java applets by visiting
3. Click on the test meeting

Thursday, April 09, 2009

SCADA CyberSpy Reverse Forensics Contest

So given the hoopla on Chinese/Russian CyberSpy Hacking the Power Grid Story I figured it was time to break Blog-silence.

I had the misfortune of hearing Siobhan Gorman on NPR yesterday on my commute so I was still fuming yesterday about the vermin in the Intelligence Community that leak classified threat data on "background" to reporters to influence policy. This data cannot be repudiated not only because most journalists don't have the technical wherewith all to know better but because the leakers cannot be held accountable. The "good guys" in the IC (those that follow the rules and don't disclose secrets) cannot challenge (or confirm) it. It is a one-sided game that leads to bad policy, scaring the public, and bad legislation. Does anyone not remember Iraq and WMDs?

But I digress.

What was interesting about the Gorman interview was that she mentioned network forensic data that showed how control systems not only had been penetrated and were being remotely monitored and possibly controlled.

So some readers may remember the HoneyNet Projects Reverse Challenge. Basically a contest to analyze malware, if you never heard of it

What I think would be cool is some aspiring folks with the skills and time (I have some of the former but none of the latter) to basically create some forensic data, let's say packet captures that show the power grid being mapped, HMI's and PLCs being monitored, ICCP traffic being captured and retransmitted back to our Chinese and Russian masters so they can "monitor power flows" like Gorman mentioned in her interview. Remember be sure to visit APNIC and pick your IPs to spoof wisely.

The minimum entry can just be some packet captures, but you are guaranteed to at least place if you release actual tools used by our Chinese and Russian overlords to blackmail us at will and cause us to resort to cannibalism.

You get bonus points if you actually show some slight knowledge of Mandarin or Russian.

But here's the rub, don't release it on your blog don't talk about it at the next Con because there will inevitably be lots of presentations on the topic. Silently release your own "evidence of Chinese Russian control over the power grid" into a P2P network, or better yet let your laptop get stolen in an airport (make sure you have the right colored classification stickers on your laptop) and wait for your "data" to make the news.