| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Mon, 31 May 2004
|
|
TechNews World has a short piece on what worms are being used for nowadays. joat: 15:04:00 31 May 2004 |
|
|
|
|
Anyone have any experience with RootKit Hunter? What do you think of it? joat: 14:36:00 31 May 2004 |
|
|
Sun, 30 May 2004
|
|
|
Just wanted to keep track of these:
http://www.securityfocus.com/columnists/177
http://www.ndnn.org/blog/archives/000153.html joat: 19:42:00 30 May 2004 |
|
|
|
|
Dana Epp had the same problem that I did today. Massive comment spam. Today's was oriented towards beastiality. It appears that there's an army of zombies out there being used to spam MT-based blogs. The following IP's blogged the same comment spam:
- 24.51.181.126 - Unknown, connection failed but online
- 61.55.134.196 - Unknown, connection failed but online
- 63.203.249.138 - IIS 4.0, WinNT 4.0 (default web page), DSL customer
- 63.227.76.25 - Unknown, connection failed, no ping
- 65.64.123.184 - IIS 4.0
- 65.112.194.26 - Unknown, connection refused
- 66.142.24.209 - IIS 5.0, Win2K (NH Solutions)
- 66.14.145.9 - Unknown, connection failed, no ping
- 80.58.5.46 - Unknown, connection failed, but online
- 196.3.85.70 - IIS 5.0, no default page
- 200.75.94.138 - Unknown, connection refused
- 200.150.249.26 - IIS 5.0, default web page
- 200.168.79.161 - IIS 5.0, default web page
- 202.108.207.181 - Unknown, connection refused
- 203.17.12.4 - IIS 5.0, no default page
- 206.11.149.61 - Unknown, connection failed, no ping
- 207.68.98.5 - IIS 5.0, Middle School web server
- 207.166.221.254 - Unknown, connection failed but online
- 207.248.228.153 - IIS 3.0, defautl NT page in Spanish
- 211.21.63.206 - Unknown, connection failed but online
- 212.175.234.10 - Unknown, connection failed but online
- 212.175.234.145 - Unknown, connection failed but online
- 213.155.40.66 - IIS 5.0, default page
- 218.62.42.115 - Unknown, connection refused
- 218.185.66.178 - IIS 4.0, no default page
For each of the IP's I attempted to connect to port 80 via various means (browser, telnet, wget -S) and pinged the IP if port 80 failed to get the above. Anyone see a really nasty trend in the data?
So, either there's an army of blog spamming zombies or someone has figured out blind commenting with spoofed addresses. In any case, this is getting old. joat: 01:33:00 30 May 2004 |
|
|
Sat, 29 May 2004
|
|
From the Full Disclosure mailing list comes a story about how one author's address and PGP signature was hijacked and used in a spam, thereby forcing the author to do a lot of extra work and, in his words, having to be nice about it. joat: 11:01:00 29 May 2004 |
|
|
|
|
|
joat: 03:28:00 29 May 2004 |
|
|
Thu, 27 May 2004
|
|
LinuxSecurity has a short, but good, article on " Identifying Hoaxes and Urban Legends". This is one of those bits of information that you'll want to have a local copy of. You'll find yourself providing it to various users on a regular basis.
joat: 10:01:00 27 May 2004 |
|
|
|
|
(via NetSec) A new version of Helix is out. Helix is a Knoppix-based disk with forensics and auditing purposes in mind. joat: 03:54:00 27 May 2004 |
|
|
Wed, 26 May 2004
Mon, 24 May 2004
|
|
|
joat: 23:32:00 24 May 2004 |
|
|
Sun, 23 May 2004
|
|
|
joat: 19:26:00 23 May 2004 |
|
|
Sat, 22 May 2004
|
|
|
Blog spammers are trying a new tactic here. They're using the old URL obfuscation trick. Fortunately, filtering for "&#" seems to do the trick. joat: 16:09:00 22 May 2004 |
|
|
|
|
So far Hacking Linux Exposed's series on file and email encryption using PGP is up to six parts: 1 - file and mail security2 - creating your key3 - encrypting and decrypting4 - importing and exporting keys5 - verifying public keys6 - signing public keysjoat: 02:38:00 22 May 2004 |
|
|
Thu, 20 May 2004
|
|
It's considered a "best practice" to manually type in an URL for any site that involves your personal data or finances. Clicking on a link that someone else wrote is considered "untrusted", at best, or possibly criminal, as recent news reports have stated. Of course, it also makes you responsible for any mistyped URL's too. joat: 12:11:00 20 May 2004 |
|
|
Wed, 19 May 2004
|
|
TaoSecurity has a pointer to Slyck. In Richards words, " Slyck does an excellent job categorizing and explaining a dozen individual file sharing methods, then offers information on programs implementing each method. This is a great resource for anyone trying to understand file sharing protocols they might see on their networks." joat: 23:58:00 19 May 2004 |
|
|
Tue, 18 May 2004
|
|
Security Focus has an article about the TCP/IP knowledge required to be a security analyst. I agree except that you should not only be able to read code, you should be able to write/fix C and have more than a passing familiarity with Perl. joat: 10:52:00 18 May 2004 |
|
|
|
|
Security Focus has a two-part article on Anti-Spam Solutions and Security ( Part 1)( Part 2). The short version is that the article talks about the dangers that are contained within spam and the methods that can be used to fight spam. Mention of changing the SMTP protocol is made. Personally, major changes to the protocol will likely not work. There is too much inertia in "how things are done". Any change has to be seamless, invisible, and compatible with systems that don't use whatever the new scheme is. joat: 10:48:00 18 May 2004 |
|
|
|
|
|
Here's one good reason to use that broken-down and often abused encryption protocol for wireless (WEP): it prevents open access to, and infection of, your network by any infected wireless device that happens to pass through your immediate area. If it's all you have, use it. It adds a layer of protection. joat: 01:00:00 18 May 2004 |
|
|
Mon, 17 May 2004
|
|
(from /.) A Salt Lake Tribune article indicates that Novell may has started the SCO mess years ago.
D'oh! joat: 01:54:00 17 May 2004 |
|
|
|
|
Here's another blog search engine. Nice thing about this one, a search for "joatblog" doesn't bring up this site, just entries on sites with references to joatblog. However it's being done, it's a nice that the search engine is limited to entry text. joat: 01:49:00 17 May 2004 |
|
|
Sat, 15 May 2004
|
|
Read this and this. Count me amongst the negative response from the "personal users" and those who've put a lot of work into the code behind their sites. (For Scripty Goddess, it's a serious amount of code.)
J (if you're reading this), I'm seriously considering switching also. Given the number of "authors" that use this site (whether or not their blogs have been dead for months), the site may be in violation of the new license. I don't think it's worth putting the effort into supporting a version of any code that the authors/owners have abandoned. (I'm pissed because I put a LOT of work into the code behind this monstrosity!)
For any Six Apart people reading this: my response is not entirely your fault. It's a reaction to yet another "volunteer" project that has gone commercial and has left certain categories of users behind by changing their licensing scheme for profit purposes. IMHO, you now reside with CDDB and NFR.
Guess it's time to read up on the export function? joat: 16:27:00 15 May 2004 |
|
|
|
|
|
On one of the Snort sensors that I have access to, it appears that China is scanning for open mail relays. At least fifteen IP addresses are trying to bounce mail back to gagq@gagq.com. Has anyone else seen this or know what the tool is that they're using? joat: 16:00:00 15 May 2004 |
|
|
|
|
|
I'm back in town. Bloglines is currently offline (for maintenance and upgrade) so I'm not able to access my backlog. I'll back file yesterday and today once it gets back online. I'll use the "free time" to clear out what appears to be a couple hundred blog spams that crept in while I was AFK. joat: 03:44:00 15 May 2004 |
|
|
Thu, 13 May 2004
|
|
Here's a paper on " Packer Sniffer Detection With AntiSniff". joat: 11:27:00 13 May 2004 |
|
|
|
|
I've been a heavy Bloglines user (abuser!) for almost a year now. Other users, such as Chad Everett put their free time to much more productive use than I do. Hence the Bloglines Mozilla Toolkit. This thing adds a notifier and several additional features to Mozilla and Firefox. Given the additional features that Bloglines has added recently, this is a very powerful addition to the power blogger's toolset.
Note: runs on Windows and Linux (supposedly) joat: 00:40:00 13 May 2004 |
|
|
Wed, 12 May 2004
|
|
|
joat: 23:58:00 12 May 2004 |
|
|
Tue, 11 May 2004
|
|
|
Sorry for the delay on yesterday's posts. I'm in Laurel, MD again. I'm attending a conference in DC on Wed./Thur. and Laurel is the closest I could get a room on really short notice (less than a day). For once, I timed the drive around the belt just right. I only had to slow for traffic once and that was for bridge construction.
"Hi" to all you NoVa types! joat: 22:27:00 11 May 2004 |
|
|
|
|
|
joat: 22:22:00 11 May 2004 |
|
|
|
|
I agree with Matt: seven tuners? Whatever for?
I want one! joat: 22:19:00 11 May 2004 |
|
|
|
|
Here's a GIAC GCIH (Sans GIAC Incident Handler) paper, submitted by Mike Mahurin, which describes the Microsoft LANMAN password decryptor, Rainbow Crack. This tools uses a time-memory trade-off instead of brute force attacks on passwords. In other words, it can pre-compute the the resulting hash because the same user and password on different machines (using LM authentication) produces the same hash. This is the reason that, if possible, you should use more modern authentication or alternative methods for Windows authenticaion. joat: 02:16:00 11 May 2004 |
|
|
|
|
The Thai online news site, The Nation, has a good article about chosing good passwords. joat: 01:34:00 11 May 2004 |
|
|
Sun, 09 May 2004
|
|
Privacy is a perception.
In the coming weeks/months, you'll hear a lot of griping about how there's no privacy in Gmail, how various proposed laws will take away from your freedom, and possibly some other issues will arise out of the increasing rhetoric that culminates in November.
Whether or not any of it is true is beside the point. Pundits treat "privacy" as an all or nothing thing. It doesn't work that way. If you're over a certain age, hundreds if not thousands of people are intimate with various details of your life Examples include: doctors, lawyers, law enforcement, your spouse/SI, your pet's vet, your bank, numerous insurance companies, your neighbors, public utiiities, your employer. Need I go on?
Privacy in public places is even more of a perceived issue. It is dependant on the degree of conformity you are willing to submit to. A very bad example is from the movie "The Matrix". How many of you remember the blonde in the red dress? Okay, now describe the last person to pass between her and the camera. (Hint: they were wearing dark business clothes and sensible shoes.)
You can drive to work every day, at or near the speed limit, no one will take notice of you. Do twenty five miles an hour over or under the speed limit and everyone else near you will take notice, especially if their job involves traffic control.
Your e-mail can get inspected (and normally is) numerous times, for malicious code, content, legitimacy. It leaves a trail on whatever mail server/handler it passes through. Some of those systems may keep copies of the entire message. Now people are up in arms about a service whose computers attach targeted advertisements to messages and makes your mail folder searchable (note: they've always been searchable in some form or other).
This country has numerous laws which protect your privacy. However, just like tax laws, there are hundreds of exceptions to those laws, most of which do not require notifying you of their use. For the majority of our online life, it translates into the phrase " expectation of privacy".
That "expectation of privacy" depends on our "perception of privacy". Most of us don't know that our ISP's keep records of what we do online and/or periodically scan for TOS compliance. Many of us don't care. A good portion of those that do know and do care consider that "invasion" as a protection.
A good portion relates to how unique you believe yourself to be and how worried you are that the rest of the world may take an interest in the minute details of your "private" life. How paranoid are you? And yes, just because you're paranoid doesn't mean that "they" aren't out to get you.
Brad Templeton (of the EFF) and John Battelle have quite a few good points, for and against, GMail. Personally, I think the proposed California legislation to ban GMail is idiotic for the same reason that I think most of the other arguments are silly: no one is going to force you to use the service.
Another point is that many of the other web-mail services already do, in some form or another, what Google is proposing to do (see Mr. Templeton's article).
I haven't tied the above together all that well but I think it's the start of a good argument. What do you think?
(Note to you TCC alumni: this fall's class involves Cyberlaw and you'll need to be able to argue either side or both sides of the argument.) joat: 13:18:00 9 May 2004 |
|
|
Sat, 08 May 2004
|
|
|
Took a look at my backlog this morning. I have three months of notes to work on. The good news is that I've finished the semester at college. That only leaves the GCIA cert. The bad news is that the cert will probably expand to absorb all available time. Things should pick up a little bit and hopefully I'll gain on the backlog. joat: 11:33:00 8 May 2004 |
|
|
|
|
Here's a news article about a traceback feature developed at Penn State called "e-postmark" which allows analysts to traceback spam via "hidden" data at the packet level. Personally I'm skeptical that it will work, I'm skeptical that it'll be effective, and I think it'll force spammers to be more technically competent. This third thought is the worrier. Personally, I liked the days before we had Baynsian filtering. It was really easy to filter spam. Nowadays, I run, at a minimum, two scoring schemes and a good number of messages still end up in my inbox. joat: 11:27:00 8 May 2004 |
|
|
|
|
More in the "Free Books" category, /. has a pointer to five free calculus books. joat: 11:20:00 8 May 2004 |
|
|
|
|
(via the Web Application Security mailing list) Amit Klein has a paper entitled " Divide and Conquer" describing "HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics".
An interesting read. joat: 11:02:00 8 May 2004 |
|
|
|
|
|
joat: 10:49:00 8 May 2004 |
|
|
Fri, 07 May 2004
|
|
Here is NIST's paper on " Wireless Network Security - 802.11, Bluetooth and Handheld Devices". joat: 03:42:00 7 May 2004 |
|
|
|
|
If you're going to do anything related to networks, you have to know how DNS works (the mainline stuff, not just MS's version) and how the other services interact with it. Here is a paper on basic DNS troubleshooting. joat: 03:38:00 7 May 2004 |
|
|
Wed, 05 May 2004
|
|
Here's some of the presentations from the Yale Conference on Cybercrime. joat: 22:43:00 5 May 2004 |
|
|
|
|
Yet more support for the argument that keyword filtering, either for viruses or mail/web content, does NOT work. joat: 22:17:00 5 May 2004 |
|
|
Tue, 04 May 2004
|
|
It's not exactly the best idea for entertainment but here's a site devoted to baiting the 419 scammers. joat: 17:33:00 4 May 2004 |
|
|
|
|
Hopefully, this isn't true. joat: 00:36:00 4 May 2004 |
|
|
Sun, 02 May 2004
|
|
|
Does anyone have a link for Dave Aitel's Unmask? I'm interested in running it against 11,000 or so spam messages I've collected in the past month. Failing that, how about a link to a paper describing the technique? joat: 23:58:00 2 May 2004 |
|
|
|
|
Others have used Primestar dishes to do this before but here's a good description of how to do it. joat: 23:38:00 2 May 2004 |
|
|
|
|
|
joat: 23:03:00 2 May 2004 |
|
|
Sat, 01 May 2004
|
|
|
Sorry for the delay, spent some extra time today removing over 800 new spams in comments. joat: 23:47:00 1 May 2004 |
|
|
|
|
For those that watch the Bloglines feeds that I use, I've unsubscribed from Moreover's Security feed. Bloglines said that I had five new stories to read. Each of them were Verisign Ads. Blech! joat: 16:57:00 1 May 2004 |
|
|
|
