| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Fri, 30 Apr 2004
|
|
You should be reading the diary section of the Internet Storm Center on a daily basis. joat: 14:08:00 30 Apr 2004 |
|
|
|
|
|
joat: 13:52:00 30 Apr 2004 |
|
|
|
|
Everyone that has my home address (you're not that many), please check your machines. One of you is infected with NetSky.P. It's causing one of my boneheaded ISP techs to claim that I'm infected. Anyone else want to explain to him that: - NetSky forges "From:" lines by grabbing addresses off of the infected machine
- I can't be infected with NetSky as I don't run MS on my home machines
I'm gonna go injure my forehead. joat: 03:01:00 30 Apr 2004 |
|
|
Thu, 29 Apr 2004
|
|
From the Full Disclosure list, here's a paper on DNS Cache Snooping. It's another one of those techniques that can be used for evil or for good. In any case, it's an interesting topic that needs further examination. joat: 01:48:00 29 Apr 2004 |
|
|
|
|
Cool tool. Too bad it only runs on Windows. (via /.) joat: 01:47:00 29 Apr 2004 |
|
|
|
|
You've heard me vent about this before. My only response to Tim Mullen is that my grandmother expects you for dinner the last week in July. You'll be teaching her all about viruses, safe computing practices, what the "any key" is for, whether or not her "MS Keyboard" calling home is good or bad, whether or not that nice man from the bank really wants her to update her account info, and how to look up my e-mail address (she writes it down and tends to lose it)(doesn't trust her electronic address book). All on your own expense Tim. joat: 01:38:00 29 Apr 2004 |
|
|
|
|
|
I'm about to drop my feeds to Moreover. I just waded through "Computer Security News". It had one actual news item, the rest were ads for Verisign. First DNS wildcards, now RSS spam. Geez! joat: 00:49:00 29 Apr 2004 |
|
|
Wed, 28 Apr 2004
|
|
Here's the Internet Architecture Board's comments on DNS wildcards.
My view on it is they're useful, at my level. When certain orgs start wildcarding top-level domains, I'm there passing out the pitchforks, torches, and maps of the castle. joat: 01:14:00 28 Apr 2004 |
|
|
|
|
Linux-Sec is a security-related site with A LOT of links.
joat: 01:12:00 28 Apr 2004 |
|
|
Tue, 27 Apr 2004
|
|
OpenCores: Free open source IP cores and chip design. joat: 01:14:00 27 Apr 2004 |
|
|
|
|
Linux Security has a howto for encrypting/decrypting directories with GPG. joat: 00:47:00 27 Apr 2004 |
|
|
|
|
(via BugTraq) It's now well-known that you can test your ISP for an open relay. This sort of thing keeps SA's awake at night. Then again, the good ones use a variant of this to periodically test their own servers. joat: 00:40:00 27 Apr 2004 |
|
|
Sun, 25 Apr 2004
|
|
It's old hat but even Google can be used for evil. joat: 17:26:00 25 Apr 2004 |
|
|
|
|
Here's a good discussion on VLAN's and trunking. joat: 14:18:00 25 Apr 2004 |
|
|
|
|
OSVDB has a piece about the recent problem discovered in the TCP protocol. I still don't think it's that bad of an issue. It's easily mitigatable and was only a problem for certain protocols. joat: 03:24:00 25 Apr 2004 |
|
|
|
|
While I am a firm supporter of Sendmail, I've also shown an interest in Postfix and other MTA's (anything that can interface with Procmail can't be all bad). I've still got a lot to learn about the non-Sendmail "solutions" but I'm learning quickly. From /.'s Postfix post, there's some new features worth taking a close look at. joat: 03:19:00 25 Apr 2004 |
|
|
Sat, 24 Apr 2004
|
|
Pat Tillman died today (yesterday in Afghanistan). He was 27.
Your mom's lesson of "If you can't say anything nice, don't speak" applies here.
If you see his family on the street, pay your respects. (Express sympathy, don't stare.) If his coffin passes in front of you in the coming days, show respect. (Remove hat, put hand on heart.) Other than offering assistance or kind words to his wife or parents, you're not allowed to say anything.
This young man was one of few who volunteered. Some do this with the blessing of their families, some do it against the wishes of their families. Regardless of that, it is a choice that they make with knowledge of the possible results. No one, not even family, is allowed to take away from that choice.
Pat had the fortune of being famous early in his life. Thus his death has drawn a lot more attention than others in the past three years. All deserve the same respect. Forget the fanfare and hype of Memorial Days of the past decade. Instead, when you're standing on the curb during the next Memorial Day Parade, think about what Pat and others gave up to do something they believed was needed, knowing what might happen. Put your hand over your heart or nod your head. Wish them well, wherever they may be.
If you have strong feelings for/against the war, find another venue to vent in. Pat's death (and the other's) is not a soapbox for you to stand on. You don't get to use it as "proof" for anything. This isn't the Viet Nam war where hundreds of thousands were drafted. Every single member of the military is a volunteer.
Ignore them if you want, most prefer it that way. They don't do it for the money (it doesn't pay well). They don't do it for respect (however pride has a lot to do with it). They, like others that died in responding to 9/11, do it because it needs to be done and no one else is willing to do it. If you can't understand why people do this sort of thing, accept it as something that you don't understand. Don't attach your own motives or politics to their actions (or deaths). Kathleen Parker has been able to explain it somewhat.
( Jerry Bowman, you're a no-class asshole. Show some sympathy for his family. Suppress your politics at least until after they bury the dude.) joat: 01:34:00 24 Apr 2004 |
|
|
Thu, 22 Apr 2004
|
|
Just a quick one...
The hot topic of the week is the TCP RST vulnerability. Dana Epp has a post about it.
Personally, I don't think that it's that big of an issue because you need the following: - Src & Dst IP (one of which is more or less dynamic) - Src & Dst Port (one of which is ephemeral) - the range of sequence #'s (which are in a sliding window).
For this type of attack to be successful, you either: - be inline so that you can sniff the one IP, the ephemeral port, and the sequence number window, or - need a massively distributed zombie army to brute force the same information.
Certain protocols which use consistent source and/or destination IP's and/or ports are statistically more at risk but I still don't think it's that much of a vulnerability. Local wireless attacks are more like as being "inline" only requires proximity to the AP.
Then again, I could be wrong. joat: 11:46:00 22 Apr 2004 |
|
|
|
|
I love IMAP. It makes a lot of email "things" easy, especially centralized backups. It's just not intended for anything larger than a local LAN. I hope AOL knows what they're getting into. joat: 10:59:00 22 Apr 2004 |
|
|
|
|
Some has code a port knocking implementation, as a proof of concept. Stand by for this thing to be included in worm infections. (from /.) joat: 01:08:00 22 Apr 2004 |
|
|
|
|
I haven't tested this (from Code Novice) but I'll need it in the future:
Set the default status on your page via:
<SCRIPT language=Javascript>
<!-- defaultStatus="your message here" //-->
</SCRIPT>
joat: 00:31:00 22 Apr 2004 |
|
|
Tue, 20 Apr 2004
|
|
|
joat: 10:33:00 20 Apr 2004 |
|
|
|
|
Here's the Linux-for-PS2 PS2-LinuxFAQ. joat: 10:31:00 20 Apr 2004 |
|
|
Mon, 19 Apr 2004
|
|
|
joat: 01:34:00 19 Apr 2004 |
|
|
|
|
Richard Steven's web site lives on. joat: 01:33:00 19 Apr 2004 |
|
|
Sun, 18 Apr 2004
|
|
Tom's Networking has a howto for setting up WDS, currently the only way to implement mesh mode. It has limitations (see the article) but does extend your range. I'll be experimenting with this more once I've got one of my class papers turned in (one of two is due soon). joat: 01:47:00 18 Apr 2004 |
|
|
Sat, 17 Apr 2004
|
|
USA Today has a piece about how hackers routinely snoop other systems at hot spots. It also talks about wirelessly transmitted diseases (many computers in those hotspots have little or no protection). joat: 11:20:00 17 Apr 2004 |
|
|
|
|
|
I've dug through my backlog and posted all of the recent wireless-related items for a friend who's going to be on tomorrow's "Ask the Expert". Other topics should include WEP, WPA, China's attempt to jump-start the WAPI standard as part of the WiFi certification, and what the WiFi certification actually means (interoperability between vendors). joat: 02:41:00 17 Apr 2004 |
|
|
|
|
Here's DISA's wireless FAQ. joat: 02:34:00 17 Apr 2004 |
|
|
|
|
I've seen this wireless IDS ( AirMagnet) in action in three forms (PDA, laptop, and stand-alone sensor). It's an awesome tool. Especially fun to watch at a wireless technology "vendors day". A bit on the expensive side though.
joat: 02:25:00 17 Apr 2004 |
|
|
|
|
War-walking is when you wander around with some sort of sensing device to find WiFi hotspots. So what do you call it when you wander around with the hotspot strapped to your back?
joat: 02:20:00 17 Apr 2004 |
|
|
|
|
Yet another hobby for someone: wireless video warspying. For those that don't know, the "war" part indicates people wandering around attempting to pick up unprotected wireless signals. In this case, they're looking for those cheap X-10 cameras that have been popular over the last 5 or so years. joat: 02:13:00 17 Apr 2004 |
|
|
|
|
SecList's BugTraq archive has a post which discusses a problem with having multiple profiles in your wireless configuration and having the NIC automatically select the best available AP. Tools like AirJack can disconnect a NIC from an secure connection and cause it to switch over to an insecure one. Can anyone else remember Mitnick's attack on Shimomura's machine? joat: 02:09:00 17 Apr 2004 |
|
|
|
|
Device Forge has an article about the coming development of high speed wireless USB. Supposedly up to 127 devices and a bandwidth of 480 Mbps with a future target of 1Gbps. Assuming a range comparible with Bluetooth, this is probably going to be fun. With that kind of bandwidth, you're going to have fewer and fewer cables to worry about. I can see no video cable to the monitor, a wireless hard drive, CDROM/DVD drive, wireless speakers, wireless interface to your plasma flat screen monitor, etc. Heck, why stop there? Why not enable your fridge, your automobile, a television remote which is also tied into your computer, your doorbell, etc. Given the two way technology, it's only a hop to RFID-like capabilities where you can keep track of your pets, your kids, what's in your pantry, how much TP you have left, etc. All it'll take is a small transceiver in each room, either wired or wireless using 802.11g or similar. joat: 01:47:00 17 Apr 2004 |
|
|
|
|
Awhile ago one of the projects that the local geek group was trying to get off the ground was community wireless. Unfortunately, the land around here varies less than 10 feet per mile, so there's very little line-of-sight unless you own a few buildings or cell towers. According to this, the U.S. cell phone companies are going to take advantage of their man-made advantages and get into the act, offering 802.11 wireless from the same towers that they offer telephone and PCS data from. What's next? They aren't talking but if the above happens, how far is it to IP addresses for devices in your car? We're going to need IPv6 sooner than we thought. joat: 01:28:00 17 Apr 2004 |
|
|
|
|
The Screen Savers and The Register both had a bit about Earthlink's spyware audit which found an average of 28 instances of spyware per subscriber's machine.
After cleaning my wife's machine, I think that number is quite low. Then again, she'd been running the machine nightly for almost two years. joat: 01:17:00 17 Apr 2004 |
|
|
|
|
Here's the link for the Cyphernomicon. joat: 01:02:00 17 Apr 2004 |
|
|
Thu, 15 Apr 2004
|
|
The second version of Firewalls and Internet Security: Repelling the Wily Hacker is out. The first version is now available online. joat: 11:21:00 15 Apr 2004 |
|
|
|
|
|
joat: 11:12:00 15 Apr 2004 |
|
|
|
|
Curse you Canter & Siegel!!
May you always live on multiple catalog mailing lists and have to tow your can uphill to the street. In the rain! Hopefully your garbage man will know that it was you who started this mess! joat: 01:17:00 15 Apr 2004 |
|
|
Tue, 13 Apr 2004
|
|
Here's the online version of the Handbook of Applied Cryptography by Menezes, Oorschot, and Vanstone. joat: 09:18:00 13 Apr 2004 |
|
|
Mon, 12 Apr 2004
|
|
Here's a very long list of security related papers. joat: 22:32:00 12 Apr 2004 |
|
|
|
|
Here's another good security tool list. joat: 22:02:00 12 Apr 2004 |
|
|
Sun, 11 Apr 2004
|
|
Another one for my benefit: Daily Wireless's article about RSS readers for mobile devices. joat: 19:42:00 11 Apr 2004 |
|
|
|
|
Bruce Schneier's Applied Cryptography is available online. joat: 14:08:00 11 Apr 2004 |
|
|
|
|
Added "SUB BLOGLINES" button near the top right so that you can quickly subscribe to this blog via Bloglines. Also added a link so that you can view my Bloglines subscriptions. joat: 14:07:00 11 Apr 2004 |
|
|
|
|
|
joat: 03:08:00 11 Apr 2004 |
|
|
Sat, 10 Apr 2004
|
|
Here's another security tools list. joat: 00:49:00 10 Apr 2004 |
|
|
Fri, 09 Apr 2004
|
|
HITB has a quick post about arp spoofing. Not much theory but gives a quick description of the basics and what it's used for. joat: 10:47:00 9 Apr 2004 |
|
|
Thu, 08 Apr 2004
|
|
Here's a policy manager for Snort rule sets.
joat: 10:41:00 8 Apr 2004 |
|
|
|
|
Here's an awesome Snort site. Includes various plans for Y-cables. joat: 01:35:00 8 Apr 2004 |
|
|
|
|
I admit that I'm a Gibson fan. I even frequented the cyberpunk list for awhile. Here's a map of his works. joat: 00:54:00 8 Apr 2004 |
|
|
|
|
This hackable router could be interesting to experiment with. joat: 00:47:00 8 Apr 2004 |
|
|
Wed, 07 Apr 2004
|
|
Things I find wrong with this proposal:
" (1) A person who wishes to greatly reduce spam must install software on each computer with an e-mail client application (such as Microsoft Outlook)."
Doesn't take into account the scope of what he's proposing. Everyone who has an e-mail client must also install some other software? What hooks does it require? Personnaly, Outlook doesn't run on my home computers or any of my servers. For those really paranoid moments, I use a text client with no hooks to external programs. Am I going to be required (the "or else" kind) to change my preferred e-mail client if it doesn't have the hooks to run with this extra software. The assumption is that my grandmother can install software.
" (2) A person who wishes to greatly reduce spam, when sharing his or her e-mail address, must also go through the trouble of sharing a code number."
A personal ID number? Your papers please? (Sorry, I sat in a proposal for mandatory PKI certificates for all Internet users last night.) (To protect the children, of course!) This assumes that my grandmother can remember another number, let alone being able to figure out how to use e-mail.
" (3) Mailing list services must make a slight modification to their databases and mailing scripts to store and use codes in addition to e-mail addresses. "
Are you going to pay for this? The improper assumption is that all mailing lists respect their subscribers' privacy and don't sell the codes along with the addresses. It also assumes that my grandmother can code the changes into her mailman server without damaging her pr0n list. (heh)
Adding technology isn't going to work. That way leads to an arms race as spammers develop ways around the obstacles placed in front of them. We'll solve the spam problem via technology about the same time that the virus problem is solved via similar methods.
Adding more laws isn't going to work. Do that will only add greater contempt for the law. They're criminals already, another law won't make them feel bad about themselves.
The only solution is enforcement. Unfortunately, very few law enforcement agencies have the personnel/time/money/talent/inclination to track down and prosecute spammers. Most of those that do are acting in response to corporate complaints, not complaints from the individual citizen.
I've learned (via recent jobs) that small business takes a beating from small scale fraud and theft. There's a well-populated gap between what local law enforcement is able to investigate and what state/federal law enforcement is willing to investigate. Who fills that gap? Private investigators, if the businessman/woman is willing to pay for an investigation that may or may not yield results.
Unfortunately, enforcement of exisiting laws is also a probable non-option. It costs to train the local law enforcement officer(s). You also have to find officers willing to take the training. Low-end cybercrime, while possibly glamourous for prosecutors, holds little career advancement for the local city cop or sheriff (usually it's not within their jurisdiction either).
joat: 01:36:00 7 Apr 2004 |
|
|
|
|
|
joat: 01:35:00 7 Apr 2004 |
|
|
Tue, 06 Apr 2004
|
|
The translation has problems in parts but it contains useful data: PHP Libraries. joat: 03:49:00 6 Apr 2004 |
|
|
Sun, 04 Apr 2004
|
|
|
joat: 19:54:00 4 Apr 2004 |
|
|
|
|
Here's the link for OL2MBOX, the Outlook PST to MBOX converter.
joat: 19:53:00 4 Apr 2004 |
|
|
Sat, 03 Apr 2004
|
|
It's two weeks late but there's a new verions of SleuthKit out. SleuthKit is a forensics tool used with the Autopsy Forensic Browser.
joat: 17:20:00 3 Apr 2004 |
|
|
|
|
I'm blogging this one 'cause I want to investigate the tool once I've got more time....
Given the amount of spam that's getting past my filters, DSpam may be the next tool/tech to take a look at (it contains Bayesian noise filters). joat: 13:16:00 3 Apr 2004 |
|
|
|
|
I don't really trust any article in which a journalist and a hacker, especially a teenage one, interact. What you get is what the often-clueless journalist thinks that the limited-world-view teenager thinks of the world in general. That make's it a second-hand view of the world, right?
In any case, here's a third-hand view of the world (a journalist interviews a guy who has talked to actual hackers!). Take it with a grain of salt. joat: 13:15:00 3 Apr 2004 |
|
|
|
|
ComputerWorld has a sidebar in which they list various virus, worm, and threat-related links. joat: 01:20:00 3 Apr 2004 |
|
|
|
