Posts Tagged ‘Solaris’

How to check any filesystem for bad blocks using GNU / Linux or FreeBSD with dd

Monday, November 28th, 2011

Check any filesystem partition for BAD BLOCKS with DD on GNU Linux and FreeBSD

Have you looked for a universal physical check up tool to check up any filesystem type existing on your hard drive partitions?
I did! and was more than happy to just recently find out that the small UNIX program dd is capable to check any file system which is red by the Linux or *BSD kernel.

I’ll give an example, I have few partitions on my laptop computer with linux ext3 filesystem and NTFS partition.
My partitions looks like so:

noah:/home/hipo# fdisk -l
Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x2d92834c
Device Boot Start End Blocks Id System
/dev/sda1 1 721 5786624 27 Unknown
Partition 1 does not end on cylinder boundary.
/dev/sda2 * 721 9839 73237024 7 HPFS/NTFS
/dev/sda3 9839 19457 77263200 5 Extended
/dev/sda5 9839 12474 21167968+ 83 Linux
/dev/sda6 12474 16407 31593208+ 83 Linux
/dev/sda7 16407 16650 1950448+ 82 Linux swap / Solaris
/dev/sda8 16650 19457 22551448+ 83 Linux

For all those unfamiliar with dddd – convert and copy a file this tiny program is capable of copying data from (if) input file to an output file as in UNIX , the basic philosophy is that everything is a file partitions themselves are also files.
The most common use of dd is to make image copies of a partition with any type of filesystem on it and move it to another system
Looking from a Windows user perspective dd is the command line Norton Ghost equivalent for Linux and BSD systems.
The classic way dd is used to copy let’s say my /dev/sda1 partition to another hard drive /dev/hdc1 is by cmds:

noah:/home/hipo# dd if=/dev/sda1 of=/dev/hdc1 bs=16065b

Even though the basic use of dd is to copy files, its flexibility allows a “trick” through which dd can be used to check any partition readable by the operating system kernel for bad blocks

In order to check any of the partitions listed, let’s say the one listed with filesystem HPFS/NTFS on /dev/sda2 using dd

noah:/home/hipo# dd if=/dev/sda2 of=/dev/null bs=1M

As you can see the of (output file) for dd is set to /dev/null in order to prevent dd to write out any output red by /dev/sda2 partition. bs=1M instructs dd to read from /dev/sda2 by chunks of 1 Megabyte in order to accelerate the speed of checking the whole drive.
Decreasing the bs=1M to less will take more time but will make the bad block checking be more precise.
Anyhow in most cases bs of 1 Megabyte will be a good value.

After some minutes (depending on the partition size), dd if, of operations outputs a statistics informing on how dd operations went.
Hence ff some of the blocks on the partition failed to be red by dd this will be shown in the final stats on its operation completion.
The drive, I’m checking does not have any bad blocks and dd statistics for my checked partition does not show any hard drive bad block problems:

71520+1 records in
71520+1 records out
74994712576 bytes (75 GB) copied, 1964.75 s, 38.2 MB/s

The statistics is quite self explanatory my partition of s size 75 GB was scanned for 1964 seconds roughly 32 minutes 46 seconds. The number of records red and written are 71520+1 e.g. (records in / records out). This means that all the records were properly red and wrote to /dev/null and therefore no BAD blocks on my NTFS partition 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Computer Security, FreeBSD, Linux, System Administration, Various | No Comments »

New critical Adobe Flash Player security flaw allows a malicious attacker to get access to Windows, Linux, Mac OS and BSD

Wednesday, April 20th, 2011

Flash swf Player artistic logo exploit

A new zero-day exploit for the Adobe Flash Player has been published on http://exploit-db.com .
The exploit published is targetting Windows 7 systems.
Even though the published version of the exploit is said to affect Windows 7 installations, the shellcode with this proof of concept exploit (PoC) could surely be changed to a one that would also take effect in Linux.
Most likely Linux exploitation will be a harder task to achieve, however thesecurity advisory issued http://www.adobe.com/support/security/advisories/apsa11-02.html recommends an immediate update of the flash player.

According to some rumors the 0 day adobe flash vulnerability has been exploited since a long time to get access to confidential U.S. governmental documents.

A classical ways said that malicious hackers uses is by sending a flash (.swf) containing email, by simply opening the email attachment the victim gets exploited.

Adobe officially has reported, there are no official information if attacks has targetted other company software like Adobe Acrobat Reader which supports embedded flashes.
According to Adobe Adobe Reader is not vulnerable to this kind of attacks as it uses a protected mode which would mitigate the attack (though I hardly doubt this claim).

The affected versions of Adobe’s Flash player are:

  • Flash Player 10.2.153.1 for Windows
  • Flash Player 10.2.153.1 for Apple Macintosh
  • Flash Player 10.2.153.1 for Linux and Solaris
  • Flash Player 10.2.156.12 for Android Mobile platform

as well as the Authplay.dll library used by Adobe’s Acrobat Reader

Earlier versions of Flash player are also affected by the critical security vulnerability.
There are already rumors that the exploit is exploited using a crafted (.swf) files embedded into Microsoft Word .doc files.

This new critical vulnerability is another example clearly showing how insecure a user who has flash enabled in their browser is.

According to preliminary information, exploitation of this critical security flaw can be sucessfully achived in most (if not all) browsers …

By so far browsing on Linux was always considered to be a way more secure than on Windows, with this issue rising up this kind of believe is questioned.
Surely many Linux distributions and FreeBSD and BSD derivatives used as Desktops will probably not package timely newer version of the adobe flash (flashplugin-nonfree) package on time

Today the flash player is a de-facto standard and is wide spread among most modern internet connected operating system obviously it’s unificated use, creates unified problems.

The example with this flash security issue is a good example against why non-free technologies should not be set as standards.
If the flash player and standard was free and everybody could create and distribute flash players for free. Such a vulnerability affecting so many operating systems and so many browsers would never come true

To sum it up, this issue will surely create a lot of problems and opens a serious security hole for us the Linux users.

Therefore be sure to update your flash player before someone has exploited you through the web.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Computer Security, FreeBSD, Linux, Windows | No Comments »