[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PWDumpX v1.4 (and GUI:s)

To: Markus Jansson <markus.jansson@xxxxxxxxx>
Subject: Re: [Full-disclosure] PWDumpX v1.4 (and GUI:s)
From: Valdis.Kletnieks@xxxxxx
Date: Thu, 10 Jan 2008 12:02:57 -0500

On Wed, 09 Jan 2008 21:36:07 +0200, Markus Jansson said:

> (BTW. My doubleclicking on desktop icon is maybe 200x faster than you
> writing two lines of command line crap to get the program to do the
> same thing I make it do with just doubleclicking it with my mouse.)

Bullshit. A GUI is *fine* - if your goal in life is "run nmap, run nessus,
print results, hand invoice to customer".  I admit to using one myself, for all
the things that I want run *exactly the same way* every time - like launching
an instance of the admin tool for a software package I have to admin, or the
tool for managing my music playlists.  Having little point-n-click things for
the 40 or 50 things I do the same way every time is great.  However, the
instant you need to do anything that changes based on what the *last* 3 things
you tried, plus what you saw on a mailing list 3 weeks ago regarding a similar
incident - a GUI loses big time.

Let me know what desktop icon is "200x faster" than any one-liner bash/whatever
pipeline that includes an awk, sed, or egrep with a regular expression in it.

As an example - sendmail supports TLS on SMTP connections.  How to produce a
sorted list of what connection types were used?

grep STARTTLS=client /var/log/maillog | grep version | awk '{print $8 " "$10 " 
" $11}' | sort | uniq -c | sort -nr

and out pops:

   3981 version=TLSv1/SSLv3, cipher=AES256-SHA, bits=256/256
   3077 version=TLSv1/SSLv3, cipher=DHE-RSA-AES256-SHA, bits=256/256
    583 version=TLSv1/SSLv3, cipher=DES-CBC3-SHA, bits=168/168
    396 version=TLSv1/SSLv3, cipher=RC4-MD5, bits=128/128
    156 version=TLSv1/SSLv3, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
      2 version=TLSv1/SSLv3, cipher=RC4-SHA, bits=128/128

Let me know how long it takes you to figure out how to double-click something
to do that.  Oh - the investigation has taken another turn, and now you need
to know what server you *received* mail from and then relayed to 
mail.example.com?

grep "relay=mail.example.com" /var/log/maillog | awk '{print $6}' > 
/tmp/queue.ids
grep -f /tmp/queue.ids /var/log/maillog | grep 'daemon=MTA' | awk '{print $14}' 
| sort -u

How much more double-clicking did you do?

Attachment: pgp3K77fOF4sj.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] PWDumpX v1.4 (and GUI:s)
  - From: Markus Jansson

References:
- Re: [Full-disclosure] PWDumpX v1.4 (and GUI:s)
  - From: Markus Jansson

Prev by Date: [Full-disclosure] ID-Commerce Security Advisory - SLR-2007-001
Next by Date: [Full-disclosure] SunOS 5.10 ICMP Remote Kernel Crash Exploit Code
Previous by thread: Re: [Full-disclosure] PWDumpX v1.4 (and GUI:s)
Next by thread: Re: [Full-disclosure] PWDumpX v1.4 (and GUI:s)
Index(es):
- Date
- Thread