Walmart servers hacked

Wired has a story about a hacker breaking into Walmart’s point of sales computer. Amazingly Walmart claims that the attacker didn’t get any costumer’s personal information or credit cards. While I’m a bit dubious of their ability to know this, I did find the description of how the attacker got in to be interesting.

Investigators found that the tool had been installed remotely by someone using a generic network administrator account. The intruder had reached the machine through a VPN account assigned to a former Wal-Mart worker in Canada, which administrators had failed to close after the worker left the company.

Subversion on Ubuntu

Why is it always so hard to setup applications in Linux? Don’t get me wrong I much prefer setting up complex applications in Linux to setting them up in Windows but still there must be an easier way. I just spent several hours setting up subversion on my Ubuntu machine which involved some time on help pages and some time debugging and some time figuring out how I wanted my setup to work vs. other people’s setups. So I’m documenting some of my problems and solutions here just in case some other poor soul has a similar issue.

Basic Subversion setup

To begin the following url was an excellent help guide to start with. The guide described everything except how to do ssl encryption and I had some issues with the authentication which is detailed below.

Authentication issues

Once I got everything installed and working I tried doing a checkout on another machine. Much to my surprise the checkout worked but asked for no username or password. For some reason the server was requiring a username and password to write to a file on svn but not to read. Since I wanted my files to be kept private I had to lookup some documentation on how to change the authentication. I recommend this site, it is fairly cryptic but it has some good examples. I ended changing the /etc/apache2/mods-available/dav_svn.conf so it would only allow bob and myself to make changes.

<Location /svn/compilers>
DAV svn
SVNPath /home/svn/compilers
AuthType Basic
AuthName "compilers subversion repository"
AuthUserFile /etc/subversion/passwd
require user kami bob

SSL Encryption

Using the basic setup SVN sends all passwords and other data in the clear. This is somewhat insecure and I wanted to enable SSL encryption. There is a nice Ubuntu documentation page on how to do this. The only problem is that a default install of apache2 on Ubuntu doesn’t come with the apache2-ssl-certificate application. I found a discussion forum that talks about the issue and proposes several solutions. I’ve quoted the solution I used below:

* apache2-ssl.tar.gz (964 bytes, application/x-tar)

You can grab ssleay.cnf and apache2-ssl-certificate from Edgy’s apache2 version.

I hope this workaround works for people who bothered by this issue. Extract the package and put ssleay.cnf to /usr/share/apache2/ and apache2-ssl-certificate to /usr/sbin.

Create /etc/apache2/ssl directory. Then apache2-ssl-certificate script should work.