JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page.

Announcing the Ribose Retrace Challenge + Rewards

The "retrace" project

We've been working on an open source project called "retrace".

retrace (with a lower "r") is a versatile security vulnerability / bug discovery tool through monitoring and modifying the behavior of compiled binaries on Linux, OpenBSD/FreeBSD/NetBSD (shared object) and macOS (dynamic library).

It can be used to assist reverse engineering / debugging dynamically-linked ELF and Mach-O binary executables.

The Challenge

We are announcing 3 separate challenges that comes with rewards, in order to encourage usage of retrace and make retrace better. Rewards go up to US$ 1,000 each so it could be very interesting.

The challenge period runs from 2017-08-09 to 2017-10-10 inclusive, with the winning challengers announced on 2017-10-16 here (and the retrace GitHub page).

Full details of the Retrace Challenge here: https://riboseinc.github.io/retrace/

Bug Challenge

The Bug Challenge encourages finding bugs (any bug AND security vulnerabilities) in well-known software (OSS / proprietary) using retrace.

Challenge rewards are given according to the CVE CVSS score of the entry -- for example, a confirmed Critical CVE reported using retrace, there is a grand prize of $1,000 -- there are multiple prizes for each category.

Improvement Challenge

The improvement challenge is to improve the actual retrace tool in form of code. The challenger should write code that improves retrace (library or CLI) to do something useful. For example, the "Best Improvement" grand prize is again $1,000. See the retrace page for the other categories.

Usage Challenge

The "usage challenge" is to discover creative and interesting ways of using retrace in form of code. The challenger should write code that utilizes and incorporates retrace (lib or CLI) to do something useful AND interesting. The results will be incorporated in the /examples directory of the retrace repo for public usage, for the benefit of all. As an example, the "Most Useful" grand prize is $500.

Who are we?

We are Ribose, the secure sharing company. We believe privacy and security form the foundation of liberty, and our goal is to empower people to freely communicate and achieve productivity. Through an approach we call "asymmetric security™", we leverage deep security and technology expertise to create highly-secure products validated to the world's most stringent requirements and regulations.

We created retrace to aid developers and security researchers to develop better code that leads the world to a better place.

Link

Here's the link to the challenge. May the best win!

https://riboseinc.github.io/retrace/

Read More

Tech post: AWS: Converting CentOS and Red Hat AMIs to EXT4

(Guest post by Aaron Smith)

It's a well known fact that Red Hat and CentOS use XFS for their default file system so it should come as no surprise that this default is reflected in the most frequently used Red Hat-based AMIs on AWS EC2. These distributions used to default to EXT4 but that time has long past.

However, there are several reasons you may want to use EXT4 as your default file system, and the first of that on AWS EC2 is because of performance. Yet it is something you must explicitly define at time of install or convert the system after the install has finished. You do not get to make this choice with the AMIs on AWS and that can be a real bummer if you are looking to use a file system other than XFS.

It's a great time to be alive though. Why? Because we have the tools to make this happen ourselves. The tool we are specifically interested in here is Packer. Packer can take an existing AMI and build a new AMI based on settings we define as well as apply provisioner scripts to alter the underlying image. Provisioner scripts don't have to be complicated and, in this case, we can write a bash script that will convert a root CentOS or Red Hat partition from XFS to EXT4.

To talk about this process from a Packer standpoint, we will tell Packer to do several things in order:


  1. Spin up an instance from a Red Hat or CentOS AMI of our choosing and attach an extra storage volume

  2. Run the provisioner script that will also do several things:

    1. format the extra volume with EXT4

    2. mount the volume

    3. rsync all relevant files from the XFS root volume to the EXT4 volume

    4. update the EXT4 volume's fstab to reflect the new boot partition

    5. update the EXT4 volume's boot directory and Grub configuration



  3. Build a new AMI using the prepared EXT4 volume (which will now be the root volume for instances based of this AMI)

The Packer builder configuration should look something like this for example:

{
"variables": {
"version": "7.3",
"aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_security_token": "{{env `AWS_SECURITY_TOKEN`}}",
"packer_build_vpc_id": "{{env `PACKER_BUILD_VPC_ID`}}",
"packer_build_subnet_id": "{{env `PACKER_BUILD_SUBNET_ID`}}"
},
"min_packer_version": "0.12.3",
"builders": [
{
"type": "amazon-ebssurrogate",
"ami_virtualization_type": "hvm",
"region": "us-east-1",
"source_ami": "ami-b63769a1",
"ssh_username": "ec2-user",
"ssh_pty": "true",
"access_key": "{{user `aws_access_key_id`}}",
"secret_key": "{{user `aws_secret_access_key`}}",
"token": "{{user `aws_security_token`}}",
"vpc_id": "{{user `packer_build_vpc_id`}}",
"subnet_id": "{{user `packer_build_subnet_id`}}",
"ami_name": "redhat-encrypted {{user `version`}} {{timestamp}}",
"instance_type": "t2.micro",
"encrypt_boot": "true",
"launch_block_device_mappings": [
{
"device_name": "/dev/sdf",
"delete_on_termination": "true",
"volume_type": "gp2",
"volume_size": "100"
}
],
"ami_root_device": {
"source_device_name": "/dev/sdf",
"device_name": "/dev/sda1",
"delete_on_termination": true,
"volume_size": "100",
"volume_type": "gp2"
}
}
],
"provisioners": [
{
"type": "shell",
"execute_command": "echo 'packer' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
"script": "scripts/convert_volume.sh"
}
]
}

As you can see, we are mounting an additional volume (`/dev/sdf`), running our provisioner script that creates the EXT4 root volume, then mounts that volume as if were the original volume (as `/dev/sda1`) when it comes time to build the new AMI. You'll also see that we are using the `amazon-ebssurrogate` builder type that Packer provides. This type exists precisely for the purpose of what we are trying to do here. That's why you don't see us attaching the source `/dev/sda1` volume. It is assumed that we will be attaching a volume to use as a root volume and provisioning it as we deem necessary based on the source root volume. Lovely.

We've walked through the Packer configuration and now you're probably wondering how the actual XFS to EXT4 conversion happens in the provisioner script. Here's how we do it in our bash script:

#!/bin/bash
readonly __progname="$(basename $0)"

errx() {
echo -e "$__progname: $@" >&2
exit 1
}

main() {
readonly local dev="/dev/xvdf"
readonly local mntpoint="/mnt"

[ ! -d "${mntpoint}" ] && \
errx "cannot find mountpoint '${mntpoint}'"

parted -a optimal "${dev}" mklabel gpt mkpart primary '0%' '1%' name 1 grub set 1 bios_grub on print || \
exit 1
parted -a optimal "${dev}" mkpart primary '1%' '100%' name 2 rootfs set 2 boot on print || \
exit 1
mkfs.ext3 "${dev}1" || \
exit 1
mkfs.ext4 "${dev}2" || \
exit 1

mount "${dev}2" "${mntpoint}"

# amazon-ebssurrogate: rsync: getcwd(): No such file or directory (2)
# amazon-ebssurrogate: rsync error: errors selecting input/output files, dirs (code 3) at util.c(1008) [Receiver=3.0.9]
# http://serverfault.com/questions/591743/rsync-getc...
cd /
rsync -aAXv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} / "${mntpoint}" || \
exit 1

readonly local uuid_d1="$(lsblk -no UUID ${dev}1)"
readonly local uuid_d2="$(lsblk -no UUID ${dev}2)"

echo "UUID=${uuid_d2} / ext4 defaults 0 0" > "${mntpoint}/etc/fstab"

grub2-install --boot-directory="${mntpoint}/boot" "${dev}" || \
exit 1
grub2-mkconfig -o "${mntpoint}/boot/grub/grub.cfg" || \
exit 1

if [ $(cat /etc/redhat-release | awk '{ print $1 }') == 'CentOS' ]; then
readonly local oldid="${uuid_d1}"
else
readonly local oldid="${uuid_d2}"
fi

find "${mntpoint}/boot/" -type f -exec sed -i "s/${oldid}/${uuid_d2}/g" {} \;

umount "${mntpoint}" || \
exit 1
echo "finished!"
}

main "$@"
exit 0


If you are familiar with bash, then this should make some sense to you based on what talked about above. The additional volume needs to be partitioned and formated with EXT4. We then mount it and rsync the operating system data from the source volume to the new EXT4 volume. We store the UUIDs of the volumes involved in variables and make the appropriate changes to the `/etc/fstab`, boot files, and GRUB configuration. It is at this point where we can unmount the EXT4 volume and proceed with building the new AMI. Viola!

Read More

New feature: all Ribose emails now cryptographically signed with PGP

With email phishing and spoofing increasingly common today, many people are lulled into a false sense of despair. Yet there are methods to combat them, and the most oft-used one is cryptographic signing of emails.

Since last week, Ribose cryptographically signs all emails to you via PGP to allow you can verify authenticity of our emails. A valid Ribose PGP signature proves that the email has not been modified in transit, and also proves that the sender is indeed Ribose instead of a malicious third party.

To verify email PGP signatures, the current state of things require installation of some sort of plugin, but most of these tools do integrate nicely with your platform (Linux / macOS / Windows). We also have listed out recommended tools on our PGP page below.

With many of our users coming from sensitive industries, some of them have voiced out their concern for encrypted email notifications to prevent data leakage from emails. As a next step, we will be enabling full encryption of emails in an upcoming release, with a facility to upload your public PGP key that will be used to encrypt all messages sent via email. Stay tuned!

For more details on Ribose email signing and how to verify signatures, visit our PGP page at https://www.ribose.com/pgp.

Read More

Talk at CSA HKM Knowledge Sharing Event in PolyU

We are proud to share that our own Jeffrey Lau will be giving a talk at the Hong Kong Polytechnic University today!
At the talk, an official CSA HKM Knowledge Sharing Event, Jeffrey will be speaking about the Management of SaaS-Specific Risks.
SaaS (software-as-a-service) has almost become a necessity to businesses and daily lives of the modern day, as you know, and today more than ever we have a limitless option of providers to choose from. With how easy it is to sign up and start using such services, sometimes it is also too easy for us to diminish or be unaware of the associated risks. This is especially important for organizations - SaaS, being cloud-based, inherently possess greater risk than traditional IT. Left unchecked they pose a potential threat to an organization's survival. Luckily, there are measures that an organization can take in order to manage them. Jeffrey talks about what these SaaS-associated risks are and what best practices can an organization take to protect itself and its customers against them in today's event.

All the best for today's attendees, we hope the talk may be fruitful and informative for you! If you missed the event, worry not, this won't be the last event that our staff will participate in, so stay tuned for more!


For more information about the event, click here!

Read More

Ribose named Best New Collaboration Service, Best New Social Business Solution and Best Social Collaboration App at 2016 International Business Awards

Company wins three Gold Stevie® Awards in world's premier business awards program

[Hong Kong] – 28 September 2016 – Ribose has won three Gold Stevie® Awards in the "Best New Product or Service of the Year – Software Collaboration/Social Networking Solution", "Best New Product or Service of the Year - Software - Social Business Solution" and "Best Social Mobile App" categories, as well as a Bronze Stevie® Award for "Best New Product or Service of the Year - Software - Security Solution" at The 13th Annual International Business Awards.

The International Business Awards, or "Stevies", are the world's premier business awards program recognizing the most respected individuals and commercial organizations around the world. The 2016 IBAs attracted more than 3,800 nominations from over 60 nations and territories – representing a wide range of public and private, profit and non-profit, small and large organizations from virtually every industry.

Ribose provides a unique and secure cloud collaboration platform that helps users work together effectively, while protecting their highly-valuable collaborative data through pioneering cloud security and privacy – delivered through an intuitive user experience expected in today's consumer software. The platform adopts the world's most stringent specified security requirements by advocating a 'highest-bar' approach to cloud security and privacy. With its accessibility, dependability and security, the Ribose platform gives users the peace of mind to focus on their tasks at hand.

  • Ribose founder Ronald Tse commented, "Ribose is delighted to improve on last year's results at the 13th Annual International Business Awards – winning three Gold Stevie Awards in the extremely competitive Best New Collaboration Service, Best New Social Business Service and Best Social Mobile App categories. We are also pleased to win a Bronze Stevie Award for Best New Security Solution in a very strong field of competitors. These awards stand as proof that our mission of democratizing secure collaboration with a 'highest bar' approach resonates with our users and judges alike, helping us make working together easy and fun – while protecting users' data with the highest, internationally certified levels of security."

  • He continued, "We are both humbled and flattered by the judging panel's recognition of our work, and I'd like to congratulate all of this year's IBA winners and nominees for sharing their experiences and success stories from around the world. It's always been a source of pride for our team at Ribose to be recognized amongst some of the leading names in international business."


Stevie Award winners were determined by the average scores of more than 200 executives worldwide who participated in the judging process from May through early August.

In awarding Ribose the Gold Stevie for Best Social Collaboration App, judges commended Ribose for "being social but at the same time highly protected in a cloud based platform" and for "practical and strong use of technology to enable greater globalization and digitization."


  • Judges who selected Ribose for the Gold Stevie in the Best Collaboration / Social Networking Solution category called it "a great example of customer engagement and involvement in business operations" and "definitely a company to watch out for," praising Ribose for offering a "clever new angle on secured collaboration." Scoring the submission for Best Social Business Solution, the panel highlighted Ribose's "world class cloud platform" and "exceptional security features", backed by "numerous international awards and certifications."


IBA judges also presented Ribose with a Bronze Stevie Award for Best New Product or Service of the Year - Software - Security Solution, commenting, "Ribose empowers customers to devote their full energy to developing their business, while leaving security in their capable hands. It is a true enabler to many industries."

  • "We are delighted to congratulate Ribose on winning three Gold and one Bronze Stevies at the 13th Annual International Business Awards. Building on their remarkably successful debut last year, Ribose has continued to demonstrate its passion and commitment to excellence in secure cloud computing – taking home an impressive four Stevie Awards this year," remarked Michael Gallagher, president and founder of the Stevie Awards.

Details about The International Business Awards and the lists of Stevie Award winners are available at www.StevieAwards.com/IBA.

Read More
Next
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Get Started

Getting Started