Sunday, March 22, 2015

Java on Iceweasel

Tonight I needed Sun Java to make something run in my Iceweasel browser. It was a bit of a pain (my memory was fuzzy on how I did it before so a little blog post) to get it running so this how I did it:

Download your java tar.gz from java.com and unpack the tag.gz in /opt/. represents the version you have downloaded.

$ sudo tar -zxvf .tar.gz -C /opt/

A new folder in /opt/ is created with the content of the downloaded tar.gz file. We are going to use links so we can install multiple version in the future if that would be necessary.

$ sudo ln /opt/ /opt/java-sun

We need to check the home variables:

$  JHome=/opt/java-sun
$ update-alternatives --install /usr/bin/java java ${JHOME% * /}/bin/java 20000

To check this java is the prefered way run:

$ update-alternatives --config java

Now we still need to configure the Iceweasel browser. Close all instances first.

$ sudo ln -sf /opt/java-sun/lib/amd64/libnpjp2.so /usr/lib/mozilla/plugins/libnpjp2.so

To check if everything works, open your Iceweasel browser and go to http://www.java.com/en/download/installed.jsp. Click on verify Java version and give it the permission to run.

Thursday, March 12, 2015

Back to basics

Recently I switched jobs and one of the interesting parts of changing jobs is everything is new and you have the 'fresh pair of eyes'.

The new environment has everything, a big network, mobile, malware and other attacks and a bunch of people.

It is this people factor that is actually the most challenging. Right now besides the technical aspects of the job, I am trying to convince a lot of people that the techie side of security is only a small fraction of the job.

Technically it has been the basics:
* user accounts and privileges
* tools
* network segregation
* vulnerability management
* incident response

Although it isn't possible for every organization to hire new infosec people all the time, it remains in my opinion a good exercise: Ask yourself why the things are as they are and evaluate the needs of the organization, they might have changed.