The Blog of Tom Webster

Chronic Ranter, Reviewer, and Developer. I speak only for myself, opinions are my own.

Salty Talks and InfoSec

  2013-12-13 07:26:00 PST

Last night was the holiday meeting of Ohio InfoSec Forum, a group that puts on monthly security meetings for free in Kettering, Ohio. They discuss everything from high-level security (use strong passwords) to low-level complex security (here's how you write a buffer overflow in C). It's really a fantastic group. I've recently had the pleasure of being added to their Board of Directors. I help with web technology, marketing, acquiring speakers and sponsors. You know, normal stuff that happens in a charity organization.

Anyway, we just recently had our holiday meeting, which consisted of us playing "Who's Slide is it Anyway?!". The format consists of picking audience members to present on a randomly-chosen slide deck, of which they have no prior information about. The results tend to be mildly hilarious. With some people standing in front of the group, completely flabergasted, as they struggle to find the words to talk about chair and couch design. Other people flew through the random deck with grace, talking about the fantastic new PRISM program (heavy sarcasm, of course). All in all, it was a good time.

One of the non-joke decks I made up was a quick 3-5 minute talk about how to hash passwords securely with salt (in case you can't use bcrypt or another made-for-password hashing algorithm). Check it out here. It's not in-depth, it doesn't cover all use cases, but it does give a decent first-look at what salt is and why it's helpful.

Garbled Sounds in Audacity - Debian Testing (jessie)

  2013-11-25 09:47:00 PST

While trying to record some lines for inSecurity, I ran into a fairly annoying bug with Audacity on my home system. I recorded some sound, and it did record properly, but when I tried to play it back, all I heard was garbled audio for a split second. After a long time Googling for the answer, I stumbled upon this launchpad bug report, which details a workaround at the bottom. I took this information and made an alias entry in my .bashrc file:

alias audacity='PULSE_LATENCY_MSEC=30; export PULSE_LATENCY_MSEC; /usr/bin/audacity'

I could hear the audio properly when I relaunched audacity, much to my happiness.

Get List of Users from Active Directory Group

  2013-10-24 06:10:00 PDT

If you've ever needed to export a list of users from an Active Directory group, you've probably discovered that it isn't entirely straight forward. The secret to generating and exporting a list are a few command line tools, dsquery and dsget. Below, you'll see an example of a group export. The output is fixed-width, so use Excel to break up the data into a managable format.

You'll only need to change CN=Group Name,OU=Groups,DC=Example,DC=com to fit your domain and group. If you'd like to control what fields are exported from dsget, check out this list of parameters for dsget on technet.

dsquery group "CN=Group Name,OU=Groups,DC=Example,DC=com" | dsget group -members | dsget user -ln -fn -samid -email > C:\Users\username\Desktop\file.csv

New Talk and a New Talk Page

  2013-10-11 07:34:00 PDT

I'm happy to announce that I've finished creating my talks page! Over there you can find various presentations that I've given at conferences and forums, along with podcast appearances (still building that out). My latest talk is Making Security Shiny, so go check that out.

Git Branch in Bash Prompt

  2013-07-22 11:02:00 PDT

If you've wanted to see your current branch in Bash, check out this easy .bashrc addition from henrik. Just add the code to the bottom of your .bashrc file and source ~/.bashrc to add the changes.

#   username@Machine ~/dev/dir[master]$   # clean working directory
#   username@Machine ~/dev/dir[master*]$  # dirty working directory

function parse_git_dirty {
  [[ $(git status 2> /dev/null | tail -n1) != "nothing to commit (working directory clean)" ]] && echo "*"
function parse_git_branch {
  git branch --no-color 2> /dev/null | sed -e '/^[^*]/d' -e "s/* \(.*\)/[\1$(parse_git_dirty)]/"
export PS1='\u@\h \[\033[1;33m\]\w\[\033[0m\]$(parse_git_branch)$ '
Page: 12 of 32