| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Sat, 31 Jul 2004
|
|
Not sure how I got to these sites, I think it started with a /. or
rootsecure post, but it's interesting what people share, documents, photos, etc.
joat: 12:45:00 31 Jul 2004 |
|
|
|
|
|
I'll have time later today to fix the wiki (actually, I'm considering
changing it). I managed to break it awhile back while messing with the
backend.
joat: 12:10:00 31 Jul 2004 |
|
|
|
|
Personally, I think anyone that writes network-aware programs should learn
about MetaSploit and fuzzing first. Kinda like learning "duck and
cover" prior to the ICBM warning. In any case, if you take care of any
network server, this is good theory/experience to have in your head.
joat: 12:00:00 31 Jul 2004 |
|
|
|
|
LURHQ has posted an analysis of the MyDoom.M worm.
joat: 11:55:00 31 Jul 2004 |
|
|
|
|
Some people wish for code that runs on multiple systesm. Be careful
what you wish for! K-otic has
posted a "Universal" IE exploit that supposedly runs on Windows and Linux and gives you a reverse shell via IE. Advice? Keep your patches up-to-date and configure your firewalls to only allow what you need to do on the Internet. In other words, limit browsing to high-port to port 80. It's not a perfect solution, but it will cut back on exploits like the above.
joat: 10:00:00 31 Jul 2004 |
|
|
Fri, 30 Jul 2004
|
|
It may be a good idea to come up with a taxonomy but I distrust
any effort that copyrights that same taxonomy.
joat: 15:00:00 30 Jul 2004 |
|
|
|
|
FurryGoat has a pointer to some sites which help you figure out what all those Windows background process are.
joat: 14:00:00 30 Jul 2004 |
|
|
|
|
Linux Exposed has a howto
article explain the use of chroot jail daemons and system processes.
joat: 13:00:00 30 Jul 2004 |
|
|
|
|
Lately, blogging has received some degree of "respectability" by being
used by politicians and mainstream media. It wasn't that long ago that
we saw mainstream articles which described blogging as self-referential
rantings of socially misfit narcissists. I think/hope we may see a
similar "occurrence" with the Wikipedia. The Register seems to have
taken a dislike to the Wikipedia, calling it a children's encyclopedia (one of the nice comments). Warning to The Register: what you're not seeing is: distributed collaboration on distributed servers. Given that "it" includes current events and internal commentary, this has the potential to sneak past mainstream notice and become the next "big it". Especially if someone can figure out a way to "specialize" and come up with something similar to topics (like blogging has "flavors"). Having contributed to the Hitchhiker's Guide (back in the Usenet News days), I like the idea of having the Wikipedia (although I haven't been involved much).
joat: 12:00:00 30 Jul 2004 |
|
|
|
|
|
joat: 02:06:52 30 Jul 2004 |
|
|
Thu, 29 Jul 2004
|
|
I've probably blogged about this before about fake spyware software/sites, but it deserves repeating.
joat: 23:00:00 29 Jul 2004 |
|
|
|
|
To paraphrase ICP, I want my .... I like reading items like this from
Jeremy's blog. Don't know
if it's true or not but it's still entertaining.
joat: 14:00:00 29 Jul 2004 |
|
|
|
|
HNS has an article which
discusses the possible future of "phishing".
joat: 14:00:00 29 Jul 2004 |
|
|
|
|
LinuxExposed has an article explaining the basics behind digital signatures and how to use them with XML.
joat: 12:30:00 29 Jul 2004 |
|
|
|
|
There seems to be some (karmic?) balance in the news today. The insanity
concerning the INDUCE Act seems to be balanced by what appears to be
careful consideration at the FCC concerning swapping
out WiFi antennas. Sorry for the use of /. links, it was the
quickest way to post this.
joat: 12:00:00 29 Jul 2004 |
|
|
Wed, 28 Jul 2004
|
|
eBCVG has an article about an
OpenSSH for the PocketPC.
joat: 16:00:00 28 Jul 2004 |
|
|
|
|
|
joat: 13:00:00 28 Jul 2004 |
|
|
|
|
It may be a good idea to visit Network
World Fusion's Security
Resource link page. It has many more links to valuable and/or
entertaining security-related sources/stories since I last visited (a
long time ago). I'm not just recommending it because I'm listed there
too. (heh) Picked up feeds for ATAC and OhBrian this time.
joat: 12:00:00 28 Jul 2004 |
|
|
Tue, 27 Jul 2004
|
|
NIST has proposed the
withdrawal of DES as an approved algorithm.
joat: 23:00:00 27 Jul 2004 |
|
|
|
|
I really enjoyed reading this
article, especially " The Top 5 Company Executive Mistakes". It
nails the organization that replaced me at a previous job. For those
that know me personally, you know who I mean. The article is almost
uncanny while remaining generic, isn't it?
joat: 14:00:00 27 Jul 2004 |
|
|
|
|
InfoSec Writers has a paper
entitled " Virus &
Worms" which is supposed to be an introductory guide for security
awareness, describing the basic theory behind malicious code.
joat: 12:30:00 27 Jul 2004 |
|
|
|
|
TaoSecurity has a list of books that he
(Richard Bejtlich) has contributed to. Included in the list is his
The Tao of Network Security Monitoring: Beyond Intrusion
Detection which appears to be a worthwhile book to have (see his and
the publisher's sites for sample chapters).
joat: 12:00:00 27 Jul 2004 |
|
|
Mon, 26 Jul 2004
|
|
I'm probably going to want/need this sometime in the future. Yeah, it's /. but they're links to made-to-order boards and parts.
joat: 13:15:00 26 Jul 2004 |
|
|
|
|
(also from /.) It's not
security-related but I just couldn't resist: You won't want anyone
else "cooking" for you with one of these.
joat: 12:30:00 26 Jul 2004 |
|
|
|
|
|
joat: 12:00:00 26 Jul 2004 |
|
|
Sun, 25 Jul 2004
|
|
If you have to disclose, at least do it this way,
include a properly written Snort sig so the rest of us can watch out for
your code should the script kiddies take a liking to it.
joat: 13:45:00 25 Jul 2004 |
|
|
|
|
Added trackbacks to the site using this, this and this. Don't know if the install has any bugs yet. I'll keep an eye on it.
joat: 13:35:00 25 Jul 2004 |
|
|
|
|
This
is so dumb, it's almost funny. (Slashdot also posted about it.) Seems
that "security people all over the country" think it looks like a bomb.
I've got news for you, small transistor devices like PDA's and iPod's
look a bit like that too. Makes me wonder who those "security people"
are. It's probably that security "concern" is interpreted by the media
as "security panic", instead of equating to "need to inform/be
informed". I'm not saying that there shouldn't be "concern" if someone
travels commercially with one of the cans in their luggage. It's just
that they should "declare" it as part of the check-in process. There's
a reason why the TSA people require you to remove your laptops from
luggage. I've gotten into the practice of also pulling out any other
"dense" electronics. It saves time. (via
WiFi Toys)
joat: 13:00:00 25 Jul 2004 |
|
|
|
|
TaoSecurity has a quick
review of Netwox, a menu-based collection of network testing tools.
joat: 12:30:00 25 Jul 2004 |
|
|
|
|
Here's a
pointer to Tony Bradley's "Introduction To" articles. Subjects include
vulnerability scanning, packet sniffing, firewalls and intrusion
detection.
joat: 12:00:00 25 Jul 2004 |
|
|
Sat, 24 Jul 2004
|
|
My son and his girlfriend think I'm weird because I like to keep the
house at a freezing (to them) 70 degrees. (My wife understands though.
She's from Buffalo.) I'll admit that, for southeast Virginia, that's
colder than most people's houses. What brought this on? I stumbled
across the weather forecast for where my parents live: Today - Hi: 73, Lo: 49. (Hint: the hi there for today is the lo here for the week.) In other words, I grew up where you wear shorts in the low 60's and sweat heavily in the low 70's. If it wasn't for air conditioning, I probably wouldn't live below 1,000 feet above sea level or south of Pennsylvania.
joat: 19:30:00 24 Jul 2004 |
|
|
|
|
Tom Liston, today's
on-duty handler at the Internet Storm
Center has posted part one of
analysis of malware he contracted by pretending to be "Joe Average" with
a common XP configuration. Intersting to follow.
joat: 15:00:00 24 Jul 2004 |
|
|
|
|
Go here to
decode the stuff from yesterday's Blogger Code post.
joat: 13:00:00 24 Jul 2004 |
|
|
|
|
(from NetSec) Here's a paper
entitled " Distributed Metastatis: Network Attack Methodology. I disagree that it's a new method of network attack as the methods it uses have already been seen in some form or other. However, it is an interesting read and even hints at the dangers of monoculture.
joat: 12:30:00 24 Jul 2004 |
|
|
|
|
Here's the "howto" for
getting your private info removed from Google's search engine.
joat: 12:30:00 24 Jul 2004 |
|
|
Fri, 23 Jul 2004
|
|
This bit of
silliness has been around for a bit. Oh, and B6 d- t++ k s u- f+
i+ o- x- e- l- c--
joat: 13:30:00 23 Jul 2004 |
|
|
|
|
(via RootSecure) Security Focus has posted the
second part of a two-part article discussing crafting packets for audits
of firewalls and intrusion detection systems. (Part 1)(Part 2)
joat: 12:45:00 23 Jul 2004 |
|
|
|
|
Infosec Writers has a pointer to a good paper on hacking via Google. Network security types should consider running the listed searches against Google to see if there are any unexpected exposures of their organizations.
joat: 12:30:00 23 Jul 2004 |
|
|
Thu, 22 Jul 2004
|
|
Call me skeptical, but how long do you think BugMeNot will be allowed to operate? I really like the idea of the service as I've used various addresses in a domain to test if my data was actually protected by those that claimed that they wouldn't sell it or release it without my permission. For the majority of those sites, the addresses I used quickly made it into spammers address books. But back to the question... Call it a prediction if you want, but I can forsee at least a token effort to get a law passed to make this sort of thing illegal. Or you can just call me skeptical.
joat: 13:30:00 22 Jul 2004 |
|
|
|
|
LURHQ has posted an analysis of the
SubmitHook BHO which injects URLs for porn sites when the unwitting user
fills out a form.
joat: 13:30:00 22 Jul 2004 |
|
|
|
|
I spent 30 or so minutes playing with the referrer code and data. I've
changed some of the URL's to site names and have added the various
search engines to the "skip" list. So as to not anger Hormel, I
won't refer to two sites as "spammers". Instead, just feel free to not
click on "ADV" in the referrers list. The ADV's and the search engines
should disappear from the list shortly as the database updates.
joat: 13:00:00 22 Jul 2004 |
|
|
|
|
Orin Kerr has a mailing
list to which he posts various crime and court cases. If you like
Groklaw, you'll like this mailing
list.
joat: 12:00:00 22 Jul 2004 |
|
|
Wed, 21 Jul 2004
|
|
Once again, "Yeah, what Dana
said." Dana's posted a pointer to the BleepingComputer.com
tutorial for a basic (but effective) forensics methodology for determining if you've been hacked and how to clean it up. The assumption is that this process will detect the majority of the compromises due to most of them being "done" in bulk and not in a "clean" manner.
joat: 13:30:00 21 Jul 2004 |
|
|
|
|
IPTables-P2P
is a matching module for "dealing with" the more popular P2P tools.
joat: 13:00:00 21 Jul 2004 |
|
|
|
|
Not sure if i blogged this before but it's a story about a 419'er being caught red-handed.
joat: 12:00:00 21 Jul 2004 |
|
|
Tue, 20 Jul 2004
|
|
InfoSec Writers has a pointer to a good article on steganography. The format of the article is a bit weird (for newspaper?) but the basics are there.
joat: 17:00:00 20 Jul 2004 |
|
|
|
|
An interesting view. Now it's our fault?
joat: 15:00:00 20 Jul 2004 |
|
|
|
|
NetworkWorld Fusion has a quick article discussing how policies and procedures are part of the foundation for your CERT.
joat: 12:30:00 20 Jul 2004 |
|
|
|
|
This is
especially valuable information. I've seen it used to create emergency
filters for content filtering (think initial worm attack). This
knowledge comes in valuable if you tie Snort into the mess and have it
write IPTables filters on-the-fly.
joat: 12:00:00 20 Jul 2004 |
|
|
Mon, 19 Jul 2004
|
|
What's not said here?
Extra points if you include support for your arguments. (Hint: the problem
is not just missing information.)
joat: 12:35:00 19 Jul 2004 |
|
|
|
|
HNS has a MP3 of a discussion
about encryption, including the difference between symmetric and
asymmetric encryption.
joat: 10:30:00 19 Jul 2004 |
|
|
Sun, 18 Jul 2004
|
|
|
joat: 15:38:52 18 Jul 2004 |
|
|
|
|
I've resorted my Bloglines
subscriptions. The public listing of them is available here.
joat: 13:33:00 18 Jul 2004 |
|
|
|
|
The RIAA is come out in force to support
Mr. Hatch's INDUCE Act. To me, it comes across a little like "pay no
attention to the man behind the curtain!"
joat: 13:25:00 18 Jul 2004 |
|
|
|
|
Here's a short list of good anti-Spyware sites. Feel free to add more
in comments. I'll build a formal list on a separate page.
joat: 13:00:00 18 Jul 2004 |
|
|
|
|
I'd like to see this happen.
joat: 12:30:00 18 Jul 2004 |
|
|
Sat, 17 Jul 2004
|
|
Heh. For all you 757'ers and anyone else, here's v0.1 of a Blosxom
plugin for the 757 IRC game IdleRPG.
joat: 23:30:00 17 Jul 2004 |
|
|
|
|
I've updated the "future" plugin (see bottom of right-hand column here)
to include a day of the week display (single letter). Get the new code
here.
joat: 20:00:00 17 Jul 2004 |
|
|
|
|
This past week saw a freak storm park over a roughly 4-square mile area
which my house sits in the middle of. It stayed there and dumped just
under a foot of rain in a two hour period. The following pictures were
taken hours later. I missed the storm as I was at work and my wife says
the water level was much higher. Keep in mind that the street drains
were operating normally. The police report that 3 blocks over, the
water was 3 feet deep. Oh and no, I don't live near any bodies of
water that would overflow like this. This all came from the sky at 2
p.m. and it was all gone by 7 p.m.
Neighbor's bush,
mailbox, and car
Further down the
street, sorry for the fuzziness
The two kids on the left
are on the sidewalk.
joat: 15:53:02 17 Jul 2004 |
|
|
|
|
Here's a pointer to the "Virtual
Honeynet: Deploying Honeywall using VMware" project.
joat: 12:45:00 17 Jul 2004 |
|
|
|
|
Here's
a BBC article about a 419 scam baiter towing the scammer far enough to
send him a birthday card, $80, and a picture of his chest spray painted
as proof that he had joined the scam baiters "church". This is
priceless.
joat: 12:30:00 17 Jul 2004 |
|
|
Fri, 16 Jul 2004
|
|
So many others have said it: "I've written my first Blosxom plugin!" Don't know how useful it'll be. The intended audience is those who use some form of procmail recipe to reroute e-mail messages into their blogs. The plugin populates $future::count with the count of messages waiting with timestamps set in the future. (See the bottom of the right-hand column here.) Grab the plugin here. joat: 23:03:54 16 Jul 2004 |
|
|
|
|
Here's the second article in the series on how the Metasploit Framework works.
joat: 20:00:00 16 Jul 2004 |
|
|
|
|
Senator Leahy (VT) has introduced legislation called "The Anti-phishing Act of 2004". It's about time. My spam intake is starting to include a lot of messages from previously unknown banks requiring me to update my accounts. Anyone else find it interesting that the Senator has used a "technical" term (phishing) in his legislation?
joat: 15:00:00 16 Jul 2004 |
|
|
|
|
Don't know how far it will get, but here's some info about the Internet
Annoyance Logging Protocol (IALP).
joat: 14:00:00 16 Jul 2004 |
|
|
Thu, 15 Jul 2004
|
|
This is
amusing. Anyone blow up their algorithm yet?
joat: 19:00:00 15 Jul 2004 |
|
|
|
|
Nick, you're missing a good part of the
issue. Yes, both IE and Mozilla (on Windows) have "shell"
problems. What makes the IE issue worse is that IE is tied into the
desktop and the operating system. In other words, Mozilla rides on top
of the OS, IE is in the OS.
joat: 12:30:00 15 Jul 2004 |
|
|
|
|
Bleeding Edge is a site with
last minute Snort signatures. Most of them have small use or are
development only. In the site's words, they "are prone to false
positives and sometimes not work as expected". However, it is a good
site to keep up with the latest sigs (and problems) and can give you a
few good ideas of your own.
joat: 12:30:00 15 Jul 2004 |
|
|
Wed, 14 Jul 2004
|
|
I didn't notice that new versions of Hydra and Kismac have been out for five
weeks already.
joat: 21:01:00 14 Jul 2004 |
|
|
|
|
Was monkeying around, backtracing referers and discovered that k-otik
has RSS feeds!
http://www.k-otik.com/advisories.xml
http://www.k-otik.com/news.xml
http://www.k-otik.com/exploits.xml
http://www.k-otik.com/virus.xml
joat: 20:00:00 14 Jul 2004 |
|
|
|
|
FCC Chairman Powell has started a blog to get feedback on various issues
that the FCC is handling. Unfortunately, everyone with an agenda has
responded to his first post. How long will Mr. Powell be able to stand the usually-off-topic nattering before he closes commenting? From the looks of the replies, not long. There's a little bit of just about every movement and cause in there and a couple nut cases, too. Some of it's even FCC-related!
joat: 18:00:00 14 Jul 2004 |
|
|
|
|
Here's a short piece on passwords being ineffective if the attacker has local access to the system. Includes links to samdump and pwdump2. Aside: with "local access", you have to heavily depend on the honor system.
joat: 13:00:00 14 Jul 2004 |
|
|
|
|
I'm not sure which definition of that I mean, yet. InfoSec Writers has an article which describes company losses due to employee abuse of corporate information resources. The article talks about controls and policy but I don't feel that it's taken everything into account. Policy controls and monitoring are good for security, up to a point. If the controls and monitoring are so overbearing it can have a degrading effect on corporate productivity and security as, past a certain point, it will be held in general contempt by all, including management. Your security policies have to be enforceable and, above all, realistic. Allowing some personal use of e-mail and some surfing during break or lunch time improves the situation a great deal.
joat: 12:00:00 14 Jul 2004 |
|
|
Tue, 13 Jul 2004
|
|
Bill says that Open Source kills jobs. I beg to differ. Instead of giving money to someone who is already hoarding a large portion of the national wealth, a company can spend the money (which would have been spent on multiple instances of IIS, Exchange, and MS DNS servers and multiple user licenses) on an extra employee or two. The situation leans that much further over towards open source when you start talking about MS's plan to sell license subscriptions. Bill also hinted that not using MS products reduces tax income for governments. Which do you think brings in more taxes: a one time sales tax or ongoing income tax? Better to spend that money on SA training (no matter what OS you use) or assistant SA's. And before we have another Blue Monday incident, I'm not griping about the OS. I'm griping about the marketing practice!
joat: 13:45:00 13 Jul 2004 |
|
|
|
|
Interfax is reporting that hackers
are now offering custom viruses for a
price. It seems to be more of the bleed-over we've been hearing
about: the relationship between hackers and spammers.
joat: 13:35:00 13 Jul 2004 |
|
|
|
|
Network Associates ate up a lot of other companies on its path to become
just McAfee again. Good things (Gauntlet) disappeared, other good
things survived. Here's an article about the comeback that PGP is seeing due to the recent troubles with e-mail.
joat: 12:00:00 13 Jul 2004 |
|
|
Mon, 12 Jul 2004
|
|
Here's a good explanation of address spoofing by malicious code. Anyone know of a good open source version I can use as a pre-formated response to complaints?
joat: 13:44:00 12 Jul 2004 |
|
|
|
|
While wandering around Matthew Lange's blog, I got off on a tangent and ended up doing a Google search on non-standard search engines. It's amazing the amount of stuff that gets indexed by various search engines. Following is a list of non-standard search engines (IRC users, IRC channels, BT files, etc.) that security types might be interested in: IRCSpy - IRC file search
SearchIRC - IRC channels, users, networks
ISOHunt - BitTorrent file search
PacketNews - IRC file search
NetSplit - IRC channel search
XDCCSpy - IRC file search
Warning: Some sites listed cause browser crashes.
joat: 12:33:00 12 Jul 2004 |
|
|
|
|
This falls into the intelligence gathering category more than anything else, but it's still an interesting read. The short version is that if a company uses a public available or accessible DNS server, an attacker could gather intel about the company by keeping an eye on what answers the DNS server is providing to company users.
joat: 11:34:00 12 Jul 2004 |
|
|
|
|
I took the final step this evening and deleted the old MT-based blog. The comment spam was getting out of hand. This past week saw some especially nasty pr0n spam. Now we just have to wait for the search engines to catch up. joat: 08:00:00 12 Jul 2004 |
|
|
Sun, 11 Jul 2004
|
|
I've rec'd a few questions about the box on the bottom right. Because
the blog is running without a web input, I wrote a bit of code to count
the messages pending in the near future and stuck it in an i-frame.
Let me know if anyone has problems with it or wants the code. It's a
hack, not an acutal plug-in, though I probably should rewrite it into
one?
joat: 13:35:00 11 Jul 2004 |
|
|
|
|
(From Tejas Patel) eTrust is still giving away copies of their anti-virus and firewall package. The "free" is good for a year, after which they hope you liked their product well enough to become a paying customer.
joat: 12:35:00 11 Jul 2004 |
|
|
|
|
Awhile back, someone came up with a method for brute-forcing hashes
using a time-memory tradeoff. Basically, for certain types of
algorithms, results of hashes can be pre-calculated and stored.
Unhashing a hash becomes the result of performing a lookup in a giant
database. Well, someone has done come up with online MD5 cracking. (via /.)
joat: 12:17:00 11 Jul 2004 |
|
|
|
|
As cool as Bluemonger
sounds (or may actually be), I don't think tying yet another infection
vector to the Internet or your home computer is that good of an idea.
joat: 12:00:00 11 Jul 2004 |
|
|
Sat, 10 Jul 2004
|
|
F-Secure, the SSH and anti-virus people, have their own weblog and RSS feed.
joat: 16:00:00 10 Jul 2004 |
|
|
|
|
|
joat: 13:34:00 10 Jul 2004 |
|
|
|
|
Tim Greene has a point. 802.11i may or may not be the cure for wireless's ills. Nothing 11i-compliant is out yet. The first certified products will probably be available early next year. Until then, you still want to protect your networks with (OSI model) layer 2 encryption/protection such as AirFortress, Cranite, or 3eTI. LAYER 3 VPN'S ARE NOT SAFE TO USE IN WIRELESS ENVIRONMENTS!!! Don't forget your wireless IDS's either. It's scary to see that "experts" in the business world are still recommending WEP.
joat: 12:35:00 10 Jul 2004 |
|
|
|
|
|
joat: 11:00:00 10 Jul 2004 |
|
|
Fri, 09 Jul 2004
|
|
Here's the results of the Search Engine Optimization Contest that I was so doom-and-gloom about, earlier in the week. Seems that it wasn't a "bad guy" that won.
joat: 18:00:00 9 Jul 2004 |
|
|
|
|
You've heard me rant about this one before. Prentice Hall's
Professional Technical Reference has an article which discusses the author's point of view where each and every user on the Internet should be held legally responsible for their hacked systems flooding the planet with spam. Again, I don't believe you can hold my grandmother responsible for someone hacking her Tivo. A. Lizard likes to say things like "due diligence" but ignores the fact he may only be able to sue for those instructions in the booklet that came with the device. After he can prove that everyone consistently reads all of the directions in those multi-language documents.
joat: 14:00:00 9 Jul 2004 |
|
|
|
|
I can only think of one reason why a worm would include its own source code and that's to make it harder for law enforcement to prove who's the author of the code. Can y'all think of any other reason(s)?
joat: 12:35:00 9 Jul 2004 |
|
|
|
|
HNS has a downloadable MP3 of
a presentation explaining session
hijacking.
joat: 12:33:00 9 Jul 2004 |
|
|
Thu, 08 Jul 2004
|
|
K-Otik has posted a
good one. Hopefully Snort sigs to follow soon.
joat: 13:30:00 8 Jul 2004 |
|
|
|
|
Stop using NTLM passwords now. If this
has any truth , using NTLM authentication has just become that much more
of a security problem.
The problem is if the database exists. We already knew that this would
be a problem eventually.
joat: 12:15:00 8 Jul 2004 |
|
|
|
|
|
joat: 12:00:00 8 Jul 2004 |
|
|
|
|
This is almost a year old. From the looks of the replies, it's still a problem for "stock" users.
joat: 12:00:00 8 Jul 2004 |
|
|
|
|
While it improves life for the majority, I somehow think that link prefetching contains the possibility to be seriously abused by unsavory webmasters.
joat: 12:00:00 8 Jul 2004 |
|
|
|
|
Prentice Hall's Professional Technical Reference has a book
excerpt which discusses TCPDump.
joat: 11:30:00 8 Jul 2004 |
|
|
Wed, 07 Jul 2004
|
|
Prentice Hall's Professional Technical Reference has an interesting article which discusses the fine print in Privacy
Statments.
joat: 11:00:00 7 Jul 2004 |
|
|
Tue, 06 Jul 2004
|
|
This type of attack is (currently) quite noisy/easy to detect but doesn't bode well for SSL-based web sites. Fortunately, OpenSSL (the library used by Apache) has been patched against this. Can anyone make comment on the MS side of the house?
joat: 13:11:00 6 Jul 2004 |
|
|
|
|
Prentice Hall's Professional Technical Reference has an article entitled
" Building
OpenSSH - Tools and Tradeoffs" which discusses theory and
installation of OpenSSH 3.7.1p2.
joat: 12:22:00 6 Jul 2004 |
|
|
Mon, 05 Jul 2004
|
|
Got a bit bored this afternoon, decided to read logs generated by the
new code in the last two days. What have I learned? Three things: 1)
a lot more people visit here than make comments, 2) someone in Japan
blogged something about my site (I cannot read/speak Japanese all that
well), and 3) I should consider switching the "make a comment" HTML link
over to a bit of JavaScript "onClick" code. Seems MSN's and Google's
spiders follow the "make a comment" link, even if there's no comments on
the far end. Using the alternate code might avoid the extra network
bits and might cause a few less useless pages to be stored in search
engines.
joat: 23:45:00 5 Jul 2004 |
|
|
|
|
It's obvious that no one in this go 'round " gets
it". It's not which OS is better, it's which one is used and
protected properly. Considering some of the recent news articles about
both sites, in this case it's neither. And it'll only get nasty. If
the IIS box gets hacked, the OSS purists get on the news with a "told
you so". If it's the Apache box, the MS purists start ranting about
"lack of support". Neither group is correct. Both groups are
correct. Mostly it's the people hired to run the servers. And given
the reason for the servers existances, it's not a question of "if" but
"when".
joat: 13:55:00 5 Jul 2004 |
|
|
|
|
The Search Engine Optimization Contest is not a game. It's a contest
but, in the long run, it damages Google. Basically, it's a contest to
see who can get a page up to #1 and keep it there. Some consider "by
any means possible" as justifiable. The contest finishes
day-after-tomorrow. Read more about it here and here.
joat: 13:00:00 5 Jul 2004 |
|
|
|
|
Yet another my-OS-is-better-than-yours rant. Feel free to join in at
the chorus. Computer
Weekly has an article discussing the number of vulnerabilities discovered last year for each of the major OS's. Unfortunately, this kind of statistic fails to clear up anything. MS had 46, Suse had 48, Sun had 60, etc. You should notice that they gave you numbers but didn't enumerate the vulnerabilities. What's normally done is limit MS products to just those in the default install (usually just those that MS wrote). However, Linux and Sun includes other peoples programs on their disks. See the problem? (Chorus)It's not which one is better, it's which one is managed worse! If you're going to compare products, do it on a case-by-case basis. Mail client vs mail client. Browser vs. browser. Core OS vs. core OS. Exploit which takes the Internet down vs. Exploit which takes the Internet down. Ad nausium. Any report which just spouts numbers makes me think that the source of the report suddenly has additional funding from somewhere, as we've seen this before.
joat: 09:00:00 5 Jul 2004 |
|
|
Sun, 04 Jul 2004
|
|
It's a couple months old but commentary about Blaster continues.
joat: 13:20:00 4 Jul 2004 |
|
|
|
|
This is a
neat trick. I can appreciate it because I live just down the street
from a group of just-got-our-own-car teenagers. Up until now, I'd
considered HERF but that'd also cook the electronics in the rest of the
immediate neighborhood.
joat: 12:00:00 4 Jul 2004 |
|
|
Sat, 03 Jul 2004
|
|
Thanks to Allen Hutchison
for his counter plugin. Update: Allen is also responsible for pointing out the proper plugin (and giving enough hints) to allow me to put comments back on the main page. joat: 19:30:00 3 Jul 2004 |
|
|
|
|
In tracking down some interesting referrers, I came across Barry Irwin's
Security
sub-blog and from there, his Security Planet, a
good pseudo-aggregator. (I use "pseudo" only because it's not the
reader that adds/deletes feeds. Barry does that.) Good site though.
joat: 17:00:00 3 Jul 2004 |
|
|
|
|
|
I've added the redirect from the old blog so everyone should be ending
up here. Next on the list: fix pings. joat: 16:29:40 3 Jul 2004 |
|
|
|
|
The old blog software is still installed and running. What that means
is that the comment spammers are still adding junk to the old blog. The
traffic level seems to have dropped off a bit though. Could it be
related to the fact that I no longer post via MT and therefore no longer
"ping" the usual sites to indicate that the MT blog has been
updated? Hmm... Wonder if it would be worth leaving MT running and
doing an analysis of the traffic after a month or so?
joat: 16:29:07 3 Jul 2004 |
|
|
|
|
Heads up to DC drivers. As of the day before yesterday, there's a new
law on the books that prohibits you from holding a cell phone up to your head while driving. While it's intended to regulate those distracted idiots doing 40 in a 55 while talking long distance with their mom, I have "issues" with the law:
- cell phone use is sixth,
ninth
or first depending on who you ask. "First" is usually based on surveys
of common opinion rather than actual studies. The government studies
usually indicate cell phones having less cause than adjusting the
radio/internal temperature, eating, and yelling at the kids.
- the law is too broad as it allows for fines for ANY distraction
- the law is vaguely worded (can apply to any driver with a two-way
radio with a button-operated microphone, GPS, or radar device)(i.e., law
enforcement, cab drivers, delivery personnel, firemen, utility workers,
etc.) ("electronic device" is generic and, by definition, means just
about anything in the car)
- the law adds yet another requirement on law enforcement (must search
for the presence of cell phones at each accident) and government
(database tracking, reporting, and training). Unless the legistlators
intend on providing additional funding for yet another requirement on
law enforcement and lower government, this just adds another stress on
an already limited budget.
Unfortunately, it's one more low level law that is too expensive to
fight and will probably be ignored in the long run. In the security
world, your policies have to be realistic and enforceable for them to be
effective. Too many "silly rules" and the entire system is held in
contempt by the average user.
I've been rear ended seven times. Four of them while stopped at a
light, two while slowing for a light, and one in a parking lot. Each
and every time the driver was distracted (by sunlight, a road sign,
another person, etc.). That is, unless one or more of them did it
intentionally (road rage?).
Accidents will continue to happen, regardless of what drivers are
doing, especially inside of, or on, 495 after 3 p.m. on a workday. (too
damned many cars in narrow lanes on not enough pavement)(ignoring the
amount road construction that occurs during rush hour in DC).
We'd save more lives by making cars single person vehicles, with a
top speed of 35 mph, without radios or temperature controls and tearing
down every sign along the highway.
joat: 14:59:48 3 Jul 2004 |
|
|
|
|
|
joat: 14:00:00 3 Jul 2004 |
|
|
|
|
From /. comes news that nVidia has
released Linux
drivers for their chipsets. Hopefully we'll start seeing these in
the next distros.
joat: 13:00:00 3 Jul 2004 |
|
|
|
|
SmartMobs has a short piece on new
case law in which "tracking by GPS device" is still being "settled".
Should be interesting to keep track of.
joat: 12:00:00 3 Jul 2004 |
|
|
Fri, 02 Jul 2004
|
|
If anyone has any comments about JavaHMO, please let
me know. It took a bit to get Java up and running (hint: copy the JRE
folder to /usr/local/) but JavaHMO is installed and start-able. I'll be
playing with it over the next few days.
joat: 20:00:00 2 Jul 2004 |
|
|
|
|
The Register has a list of the host countries where 99% of the Internet's spam originates from. No, the U.S. is not #1, but it's in the top five. Read more about it here. More on the subject from Infoworld.
joat: 14:00:00 2 Jul 2004 |
|
|
|
|
The Honeyposts mailing list has a pointer to the Sombria Honeypot and an analysis of a Brazilian hacker group.
joat: 13:30:00 2 Jul 2004 |
|
|
|
|
|
joat: 13:00:00 2 Jul 2004 |
|
|
|
|
This proves two things. One, you need support from management to do ANYTHING security-related. Two, it's next to impossible to get a gov't worker fired for waste and abuse. (Hey, the guy that did get fired probably violated a security policy about installing unauthorized software. The boss was only wasting time.)
joat: 12:00:00 2 Jul 2004 |
|
|
Thu, 01 Jul 2004
|
|
Security Protocols has a piece about the Scob Trojan which supposedly includes the source code.
joat: 20:30:00 1 Jul 2004 |
|
|
|
|
/. has a pointer to A parent's guide to Linux Web filtering. While not that scalable for large enterprises, this technique works wonderfully for small offices and homes, especially if your surfers know that their activities are being logged and they can be held responsible for their actions.
joat: 20:00:00 1 Jul 2004 |
|
|
|
|
One nice thing about using Blosxom is that I can write these posts ahead of time and Blosxom won't display them until the timestamp is less than the current time. Work for this weekend: a way to display comments on the main page.
joat: 15:30:00 1 Jul 2004 |
|
|
|
|
This analysis has odd timing. In the past few days, as part of a "argument" for wireless L2 encryption, I viewed a demo of a MiTM attack on PPTP from a wireless client. Note to all: you need integrity checking at the L2 level. ARP-based attacks are still possible for wireless, IPSec/PPTP/other L3 tunnels absolutely suck for wireless! (via NetSec)
joat: 15:00:00 1 Jul 2004 |
|
|
|
|
SecurityDocs looks like another good site to keep an eye on for reading material.
joat: 14:00:00 1 Jul 2004 |
|
|
|
|
I think that this is a really bad decision. While systems/network administrators should be able to access certain types of e-mail (for troubleshooting or policy violations), allowing a service provider to read other peoples' e-mail (without their permission) so that he can gain a competetive advantage, has serious implications. This is another of those slippery slopes. Wired also has an article about it.
joat: 13:30:00 1 Jul 2004 |
|
|
|
|
(From WiFiNetNews) Broadcom has announced 802.11g on a chip. Hmmm.. Be the first on your block to have your toilet paper dispenser on the Internet! Seriously, if this becomes available to the garage hardware hacker, we'll probably see some interesting projects. More here.
joat: 12:00:00 1 Jul 2004 |
|
|
|
