Git: Reset Author of Previous Commits

If you created commits without setting your username and eMail correctly, you want to change those commits. Git offers you the –reset-author feature. Without any additional effort, this feature only applies to the latest commit. What you could do is:

$ git log                          # Check which commits you want to change
$ git rebase -i                    # Rebase all commits since the last push/pull

You can also append a commit hash after rebase command to rebase up to a specific commit:

git rebase -i aba44192a4

After calling the rebase command, an editor should open showing you the latest commits. Each commit is prefixed with a command that git should execute them during the rebase. You have to replace the „pick“ through a „edit“ or just „e“ if you want to reset the author of that commit. Now close the editor and wait until git is ready. It will prompt you with something like:

Stopped at bb44b3177d3cd836a6fa1c52618f0701747de77e... Added some new questions
You can amend the commit now, with
 
        git commit --amend
 
Once you are satisfied with your changes, run
 
        git rebase --continue

Now you want to run the reset-author command and continue to rebase until all commits are done:

$ git commit --amend --reset-author
$ git rebase --continue

Git then responds with „Successfully rebased and updated refs/heads/master.“ You can verify the correct author information using „git log“ again.

Breaking Weak RSA Keys

How would you break a very weak RSA key? In my example, I had the public key given:

N = 965210800519627751

e = 162419

The task is to break the public key by calculating the corresponding private key (d).

I used the open source tool YAFU (http://sourceforge.net/projects/yafu/) to factorize the modulus N:

# ./yafu "factor(965210800519627751)"
 
 
fac: factoring 965210800519627751
fac: using pretesting plan: normal
fac: no tune info: using qs/gnfs crossover of 95 digits
div: primes less than 10000
fmt: 1000000 iterations
Total factoring time = 0.0410 seconds
 
***factors found***
 
P9 = 982451429
P9 = 982451419
 
ans = 1

Now you know that p = 982451429 and q = 982451419 or the other way around. With this knowledge, the RSA key is basically broken!
With some Java, you can easily calculate the corresponding private key d:

BigInteger e = new BigInteger("162419");
BigInteger N = new BigInteger("965210800519627751");
 
BigInteger p = new BigInteger("982451429");
BigInteger q = new BigInteger("982451419");
 
BigInteger phi = (p.subtract(BigInteger.ONE)).multiply(q.subtract(BigInteger.ONE));
BigInteger d = e.modInverse(phi);
 
System.out.println(d.toString());

By knowing d, you are in possession of the private key and able to act as the real key owner. Of course, this approach is limited to (very) weak RSA keys since factoring a big number is very hard and takes exponentially much time.

Free Book about HTTP and Networking Performance

If you’re a web developer, the foundation of your technology stack is the Web and the myriad of networking protocols it rides on: TCP, TLS, UDP, HTTP, and many others. Each of these protocols has its own performance characteristics and optimizations, and to build high performance applications you need to understand why the network behaves the way it does.

Link: High Performance Browser Networking

Keep Track of TCP Sessions with Snort

If you want to create Snort rules that check multiple packets of a TCP session, you need the flowbits option. It allows you to add „tags“ to a TCP stream. If another packet of that stream arrives, other rules can filter for those tags.

Snort Documentation http://manual.snort.org/node470.html:

It allows rules to track states during a transport protocol session.

Example:

Imagine you want to check site accesses in a specific folder on your webserver and would like to receive an alert if a site was not found (had 404 error).
So you need to check the HTTP request from the client to filter for the specific folder, and you need to check the server response to know the HTTP status code.

alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"File Access"; pcre:"/GET \/specific_folder\/.*/i"; flowbits:set,specific_folder_access; flowbits:noalert; sid:100000;)

Here you define the first rule that checks the HTTP request. If the access goes into the specific_folder, the flowbit (tag) „specific_folder_access“ will be set. This tag allows us to identify packets that meet this criteria in the second rule. „flowbits:noalert;“ means that – although this rule fired – no alert will be triggered.

alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:"Site in specific_folder not found"; content:"404"; http_stat_code; flowbits:isset,specific_folder_access; sid:100001;)

In the second rule, we require the packet to be part of a TCP stream tagged with the flowbit „specific_folder_access“. If so, and if the status code is 404, an alert is triggered.

You can even set multiple tags and compose multiple rules to filter complex behavior. See manual.snort.org for more information.

MySQL Backup and Restore with UTF-8 in mind

I recently had some issues as I dumped a MySQL/MariaDB database on a Linux server and tried to import that dump on my Windows working machine.

Umlauts broke on my Windows machine but not on the Linux server where dump was created. I found a good explanation how to actually create UTF-8 aware backups:
Dumping and importing from/to MySQL in an UTF-8 safe way

  • Backup:
    Use the mysqldump option to write the output to disk, dont use the bash redirect function (mysqldump … > database.sql).

    $ mysqldump -u root -p database -r database.sql
  • Restore:
    Again, there is a better way using as using bash file reading:

    $ mysql -u root -p --default-character-set=utf8 database
    mysql> SOURCE database.sql

Two-Factor Authentication for SSH

Google offers a PAM module to do two-factor authentication using its Google Authenticator app. It seems to be easy to setup up but still brings a huge security improvement.

A good tutorial for Debian/Ubuntu can be found here:
Digitalocean: How To Protect SSH With Two-Factor Authentication