| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Wed, 30 Jun 2004
|
|
The /. article has the URL wrong but IPv6Nordic.com has a " Free Transition Cookbook" for those moving from IPv4 to IPv6.
joat: 18:30:00 30 Jun 2004 |
|
|
|
|
This is a /. post which describes the origni of the "forward this e-mail and receive $$$ from Bill Gates" chain letter which has been "living" on the Internet since 1997. It's been decades since I last saw one given out, but I hereby nominate Byran Mack for a "Elbow of the Year" award.
joat: 18:00:00 30 Jun 2004 |
|
|
|
|
|
joat: 17:30:00 30 Jun 2004 |
|
|
|
|
I was unable to fix those posts yesterday. Short version of the excuse
== I was troubleshooting a video distribution system (cables!!!) and was
faced with the choice of editing text or five hours sleep. Guess which
one I chose. As for the cause of the text problems, blame Microsoft.
Seems that even when you tell Outlook to use straight text to compose
messages, it still encodes things like equal signs (=). One more
support for my rant against claiming compliance with industry standards.
joat: 17:00:00 30 Jun 2004 |
|
|
Tue, 29 Jun 2004
|
|
|
My apologies for the cruft below. I've been experimenting with
mail-based delivery and it seems that Outlook is a horrible source for
it and OWA is even worse. I will delete/correct the mess this evening.
joat: 13:24:00 29 Jun 2004 |
|
|
|
|
It's not surprising, after the fact, that someone thought this up: location aware WiFi. The article (Via The New Scientist) states that it works best where GPS doesn't, inside large buildings and other places where the GPS satellite signals are blocked.
joat: 12:30:00 29 Jun 2004 |
|
|
|
|
Here's a /.
pointer to an article which talks about 429,000 violations of the DNC
law. We receive these calls occasionally and have given up trying to
report them. Instead, my wife has gotten quite nasty with some of the
callers. Me? I think the epitome of rude is <click!>
joat: 12:20:00 29 Jun 2004 |
|
|
|
|
There's another bit of JavaScript that's causing surfers to compromise their machines just by visiting the website. The Evil Empire has a pointer to an eWeek article about it.
joat: 12:10:00 29 Jun 2004 |
|
|
|
|
The Incidents mailing list has a post
which discusses various statistics about the Scob Trojan which users
were recently contracting from compromised web sites via JavaScript.
The other thing that still needs to be determined was how the
JavaScript got onto the web sites in the first place.
joat: 12:00:00 29 Jun 2004 |
|
|
Mon, 28 Jun 2004
|
|
Yet another article discussing the motivations of virus writers.
joat: 23:30:00 28 Jun 2004 |
|
|
|
|
Here's an article which discusses hacking Google's numrange operator. joat: 13:00:00 28 Jun 2004 |
|
|
|
|
|
joat: 12:15:00 28 Jun 2004 |
|
|
Sun, 27 Jun 2004
|
|
|
It appears that my posts are showing up on Bloglines sans titles. More work to do. joat: 14:37:00 27 Jun 2004 |
|
|
|
|
|
For some of last night's posts and all of today's, I've been mailing my entries in (involves shell scripts and procmail). I seem to have run across a problem with time. Because of the problem in the script and the time zone that the server resides in, any post timestamped after 8 p.m. may jump to the next day's set of posts after midnight. I'm working on it. joat: 13:04:00 27 Jun 2004 |
|
|
|
|
Dan Kaminsky talked about tunneling non-standard stuff via the DNS protocol at the recent Layer One Technology Conference. The L1 people say the actual presentation "eclipses" the Power Point and will be offering DVD recordings of the event (requires that you join a mailing list). This stuff is funny and scary at the same time. joat: 12:30:00 27 Jun 2004 |
|
|
|
|
I really don't think that the Induce Act is that well thought out. If you follow the logic, MP3 players, IPods, Xerox machines, fax machines, and just about any network-aware program, not counting the P2P software that the Act is aimed at. They really need some serious rewording or someone's going to jail for selling a used cable modem.
It should be noteworthy that while Mr. Hatch's 8-page argument for passing the bill talks about P2P and "protecting the children", the actual Bill does not. Various people have taken it upon themselves to rebut Mr. Hatch's arguments.
This one is going to be interesting to watch. joat: 12:15:00 27 Jun 2004 |
|
|
|
|
Not sure of the amount of truth in the article but "Confession for Two" is an interesting article/interview with a spammer. joat: 12:00:00 27 Jun 2004 |
|
|
Sat, 26 Jun 2004
|
|
This sort of hardware hacking fascinates the heck out of me. joat: 23:28:00 26 Jun 2004 |
|
|
|
|
I've added the referers plugin as sort of a vanity feature for myself. I modified it slightly to include local sources also. joat: 23:16:22 26 Jun 2004 |
|
|
|
|
Skype has decided to offer a free Linux-based version of its VoIP software for download. joat: 20:00:00 26 Jun 2004 |
|
|
|
|
The morning shock jocks have a bit they call "Stupid News" where they read news articles about various stupid human tricks. I think that this qualifies as InfoSec Stupid News.
joat: 19:15:00 26 Jun 2004 |
|
|
|
|
The RSS feeds are online again, I'm still working on the others. You will have to change your subscriptions though. I "borrowed" the RSS 1.0 feed from the Blosxom Starter Kit. Unfortunately I never got past beginner Japanese so I am unable to read/translate the documentation. For anyone that cares, the download is at http://hail2u.net/archives/bsk/bsk101.zip.
I still need to get the other feeds online, get them all validated and tweak out all of the other kruft from the old blog. Repairing the wiki is much further down the road. Wish me luck.
joat: 19:14:00 26 Jun 2004 |
|
|
|
|
Thanks to Kyle at http://kylem.xwell.org for pointing out the hole in the writeback plugin. I've applied his patch.
I'm still new to Blosxom so if anyone knows of any other problems I should fix, please let me know. I'm also considering switching over to static files also. Due to the number of entries already in the blog, it takes a bit to do all the background work to build a dynamic page. joat: 19:00:47 26 Jun 2004 |
|
|
|
|
|
Welcome to the new version of my ongoing mess. Please bare with me as I clean up various bugs. Everything in the left-hand column should be working properly, the top menu and various links in the right-hand column still link back to the old blog. I'll continue to work on it. joat: 05:45:25 26 Jun 2004 |
|
|
|
|
|
joat: 01:50:00 26 Jun 2004 |
|
|
Fri, 25 Jun 2004
|
|
Courtesy of the Full Disclosure mailing list, here's an analysis of the ILookup Trojan (examples of exploits included).
Update: more info.
Update: yet more info.
Update: and yet more. joat: 21:30:00 25 Jun 2004 |
|
|
Thu, 24 Jun 2004
|
|
|
Just started receiving a new type of comment spam. This one started with a synopsis of today's news bulletin which talked about the AOL programmer being arrested for selling the AOL user list. It was followed by 11 links for incest porn sites which are forwarded off of GeoCities web sites. Gee, running a blog is SO much fun... joat: 23:58:00 24 Jun 2004 |
|
|
|
|
/. has a pointer to an article which blames MS zombies for 80% of spam.
The Register has an articlein which Philippe Gerard, a senior EU official, berates the anti-spam industry for lack of co-operation. Basically, he states the legislation exists, it's now up to the industry to enforce them.
Err.. how? How do I, as a lowly SA or NSO, enforce those laws? Do I now have a federal charter to kick doors in and incarcerate miscreats? (I'm exaggerating but you get my point?) My response to Mr. Gerrard is: we need to go back to the drawing board on this one. joat: 23:53:00 24 Jun 2004 |
|
|
|
|
Believe it or not, your usual network troubleshooting is a pretty straight-forward process. Then again, it's amazing the number of "network professionals" that cannot do basic troubleshooting. (One of the reasons that I still get phone calls from the NOC that I left a year and a half ago.) joat: 23:50:00 24 Jun 2004 |
|
|
|
|
Not widely announced yet but 802.11i was ratified today!
joat: 23:45:00 24 Jun 2004 |
|
|
|
|
JFW... Now the RIAA (or at least one of its memebers) is looking to infect your machine.
joat: 02:48:00 24 Jun 2004 |
|
|
|
|
|
Okay, I'm in a fighting mood. I've had to argue repeatedly in the last week that Spyware is nothing more than malicious code. It's just a trojan with a few odd twists. By using various prevention and detection/clean-up tools, an organization should be able to keep ahead of the malicious code.
Prevention tools include: content filtering for web and mail traffic, pop-up blockers, anti-virus software (those that include spyware scanning), and active systems adminstration and network monitoring. A good portion of the problem can be prevented by blocking specific sites. Unlike worms/viruses, the sources of spyware do not move around much.
Detection/clean-up tools include: spyware scanners or anti-virus scanners with spyware detection capabilities, active systems administration and network monitoring.
Spyware gets in (mostly) via user interaction. It also is included in legitimate software and can even be installed via RPC. People noticed the Blaster worm because it was noisy and infected other systems. How many people have noticed spyware that was quietly installed and only occasionally connects to a website?
Anyone want to convince me otherwise? joat: 02:22:00 24 Jun 2004 |
|
|
|
|
I've got the MT to Blosxom conversion script tweaked so that I have only a few errors (only 6 out of 1100) to correct manually. I only have a few template tweaks to work on and I should be able to swap 'em out without too much interuption. The new blog looks a lot like the old one, only a few underlying features will change. Wish me luck! joat: 01:47:00 24 Jun 2004 |
|
|
|
|
It appears that the 802.11i standard willl be signed into being tomorrow! joat: 01:36:00 24 Jun 2004 |
|
|
Tue, 22 Jun 2004
|
|
|
Please excuse any weird problems with the blog over the next few days. By Saturday, I hope to be moved to the other blogging software (still have a few bugs to kick out). joat: 10:49:00 22 Jun 2004 |
|
|
|
|
Something to keep an eye on. joat: 10:48:00 22 Jun 2004 |
|
|
|
|
I agree with Jeremy in that we don’t do it for the traffic. joat: 10:26:00 22 Jun 2004 |
|
|
|
|
Baseline Magazine has an article discussing the current state of HIPAA compliance and what many medical organizations are going to have to do in the next 9 1/2 months. Sad to say, but it's probably going to take the government levying a heavy fine against a national org before the rest of them realize that they're going to have to conform.
joat: 03:12:00 22 Jun 2004 |
|
|
|
|
Scripty Goddess shows how to pre-fill a field entry and how to auto-clear it if the user clicks on the field. joat: 03:07:00 22 Jun 2004 |
|
|
Sun, 20 Jun 2004
|
|
|
Please excuse any interuptions in blogging over the next few days as MT is being removed from the server and bloggers are asked to move to another program. I'll attempt to continue blogging but it may get a bit messy. joat: 17:58:00 20 Jun 2004 |
|
|
|
|
|
joat: 16:17:00 20 Jun 2004 |
|
|
|
|
My first exposure to LURHQ was in the late 90's when they were "doing" mostly firewall monitoring. They've grown up a bit since then.
They've posted an analysis of one of my favorite port scanning tools: scanrand, part of the Paketto Kieretsu project. joat: 10:21:00 20 Jun 2004 |
|
|
|
|
Richard Dorn, over at Security Focus has an article about how the increase in the number of security certifications cheapens their value, as a whole.
I only agree up to a point. They will lose their value as employers go through a period "realization", (that hiring Bob at the NOC really was a mistake). However, this will also be a shakedown period as the employers figure out what the truly valuable certifications are. (There's a reason why CCIE's get salaries which are in the 6-figure range.) In other words, the valuable security certifications are going to be the ones that are HARD to get. joat: 09:59:00 20 Jun 2004 |
|
|
|
|
Security Focus has an article discussing forensics analysis of a system that hasn't been turned off yet. joat: 03:25:00 20 Jun 2004 |
|
|
|
|
Angelo Rosiello has a quick paper about shellcoding basics. Anyone have a paper on reverse engineering shellcode to determine what it does? joat: 03:16:00 20 Jun 2004 |
|
|
Fri, 18 Jun 2004
|
|
Here and here are explantions and examples of Joe jobs. joat: 23:52:00 18 Jun 2004 |
|
|
|
|
TrimMail started a project that might be interesting to finish. Read this and this about how they tripped over a nest of "marketers". joat: 07:01:00 18 Jun 2004 |
|
|
|
|
I hate to admit (quietly) that I am amongst the demographic that was dropped by Comcast when they merged G4 and TechTV. Comcast just doesn't get it. The geeks and gamers are actually two different demographics with only a little overlap.
What really ticks me off is that Comcast seems to think we watched out of hero worship: " Shane described the cancellation of Call for Help as "just a programming decision." He added that Laporte can be seen on segments of The Screen Savers... Err... yeah, that's it, right...
I wonder if James Burke would consider doing "Connections4"? (My wife calls that cocaine for history geeks.) joat: 06:37:00 18 Jun 2004 |
|
|
|
|
The mathematics are a bit beyond me but IBM has posted the methods for doing Bayesian analyis in PHP. joat: 03:48:00 18 Jun 2004 |
|
|
|
|
Insecure.org has a pointer to an analysis of the Witty worm. joat: 03:46:00 18 Jun 2004 |
|
|
Thu, 17 Jun 2004
|
|
ComputerWorld has an article which lists six basic justifications for security training. joat: 01:29:00 17 Jun 2004 |
|
|
|
|
Linux Security has an article entitled "Tacklilng Unix Security in Large Organizations". Here's part 1 and part 2. joat: 01:27:00 17 Jun 2004 |
|
|
Wed, 16 Jun 2004
|
|
From the Honeypots mailing list comes the announcement of a Kuang2 emulation script for honeyd. joat: 01:07:00 16 Jun 2004 |
|
|
|
|
|
joat: 01:05:00 16 Jun 2004 |
|
|
|
|
|
Once again I've prevented the possibility of making a new friend within the profession by telling both sides of an ongoing "which OS is better" argument that they were both wrong. The argument should be which OS is worse and is totally dependant on the system administrator responsible for the specific instance of the OS. In other words, it's dependant on the people involved. joat: 01:04:00 16 Jun 2004 |
|
|
Tue, 15 Jun 2004
|
|
I'm still not sure that it's an original attack, but Bugtraq has a description of the Rose Attack. joat: 02:07:00 15 Jun 2004 |
|
|
|
|
Here's more about the problems with allowing unchecked USB use in your networks. joat: 01:56:00 15 Jun 2004 |
|
|
|
|
Here is another analysis of the Witty Worm, this one CIADA's. joat: 01:55:00 15 Jun 2004 |
|
|
|
|
|
joat: 01:52:00 15 Jun 2004 |
|
|
Sun, 13 Jun 2004
|
|
Recently saw something like this at work. The only reason we detected it was that the spoofed source address belonged to a neighbor org. joat: 21:38:00 13 Jun 2004 |
|
|
|
|
It’s more of the usual electronic Pearl Harbor tripe but can be used as support for my argument that malicious code can affect national security.
It's amazing the number of people that think national security has nothing to do with the economy or the trust that citizens put in something. Examples: our money is no longer gold/silver-based, the stock market fluctuates based on investor opinion, it takes years for companies to recover from scandal (e.g., Enron, Exxon, etc.). joat: 13:19:00 13 Jun 2004 |
|
|
|
|
From the Penentration-Testing mailing list, more discussion concerning USB hazards.
joat: 13:12:00 13 Jun 2004 |
|
|
|
|
Michal Zalewski has a piece entitled " Strike Out", which describes the problems of publishing word documents without removing the "change" data. The IEEE also has an article on the topic.
joat: 12:58:00 13 Jun 2004 |
|
|
|
|
|
joat: 02:35:00 13 Jun 2004 |
|
| |
