I recently decided to hack my Wii console so that I can play games from a USB back up drive. I won't go into details of how I accomplished the hack as you can find many very well written tutorials using Google. Instead I will be going into why I chose to hack my Wii.
Convenience is the main reason that I did this. Now that it is hacked I only have to put a disc into the Wii when I first bring a new game home from the store. After a simple installation process the game is copied to an external USB hard drive and can be loaded using a special Wii channel added during the hacking process. The USB channel displays a list of all of my games with thumbnails of the game covers that I can scroll through and launch with a simple click of the Wii controller.
In addition to convenience I also chose to do this for security. Discs get damaged and lost over time, especially with kids using them regularly. With the game discs stored somewhere safe I will be able to re-install them if my console ever malfunctions or is stolen.
The app store for the iPhone and iPod Touch already takes this a step further. When you purchase an application in the app store it is added to the list of applications you have purchased. You are able to download the application and install it, as well as copy it to other compatible devices in your household. When you get a new device the applications are automatically copied over to the new device without having to re-purchase them.
Although many who choose to hack their Wii do it so they can copy games they have not purchased I have chosen to copy only games I have actually purchased. I develop software for a living and believe that the game developers deserve to be paid for their work.
Hacking the Wii was a quick and easy process that allows me much more convenience and security than the Wii did before. Hopefully more vendors will go the route Apple did with the app store and in the future the no one will need to worry about losing or damaging an application disc.
Friday, January 15, 2010
Sunday, January 10, 2010
Basic cPanel Server Hardening - Part 4
So far this series of articles has covered protecting your server with a firewall and defending against brute force attacks, this article will cover securing the /tmp directory. The /tmp directory is used by applications for temporary storage while they are running. By default any user can create and execute files in /tmp, making it an easy stepping stone for exploits. The following changes will prevent these files from being executed, helping to limit what a hacker can do.
Execute these commands to create and mount a secured /tmp filesystem:
Next you need to edit the file /etc/fstab and add this line to the end so that the new /tmp will be mounted when the server reboots.
The server I set up actually had most of this work already done, but the noexec parameter had not been added to /etc/fstab for /tmp. To correct this all I had to do was edit /etc/fstab to add noexec to the parameter list and then execute the command:
You now have a /tmp directory that does not allow files to be executed. This step reduces the options available for hackers attempting to attack and exploit your system. In the next part I will go over disabling root login to tighten security even more.
Execute these commands to create and mount a secured /tmp filesystem:
dd if=/dev/zero of=/dev/tmpDSK bs=1024 count=500000 # create file to hold new /tmp directory /sbin/mke2fs /dev/tmpDSK # make file system for new /tmp cp -R /tmp /tmp_backup # make back up of existing /tmp directory mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp #mount new /tmp with noexec chmod 1777 /tmp # set permissions for new /tmp cp -R /tmp_backup/* /tmp/ # copy backup of /tmp into new /tmp rm -rf /tmp_backup # remove backup of /tmp
Next you need to edit the file /etc/fstab and add this line to the end so that the new /tmp will be mounted when the server reboots.
/dev/tmpDSK /tmp ext2 loop,noexec,nosuid,rw 0
The server I set up actually had most of this work already done, but the noexec parameter had not been added to /etc/fstab for /tmp. To correct this all I had to do was edit /etc/fstab to add noexec to the parameter list and then execute the command:
/bin/mount -o remount /tmp
You now have a /tmp directory that does not allow files to be executed. This step reduces the options available for hackers attempting to attack and exploit your system. In the next part I will go over disabling root login to tighten security even more.
Subscribe to:
Posts (Atom)