| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Sat, 31 Jul 2004
|
|
Not sure how I got to these sites, I think it started with a /. or
rootsecure post, but it's interesting what people share, documents, photos, etc.
joat: 12:45:00 31 Jul 2004 |
|
|
|
|
|
I'll have time later today to fix the wiki (actually, I'm considering
changing it). I managed to break it awhile back while messing with the
backend.
joat: 12:10:00 31 Jul 2004 |
|
|
|
|
Personally, I think anyone that writes network-aware programs should learn
about MetaSploit and fuzzing first. Kinda like learning "duck and
cover" prior to the ICBM warning. In any case, if you take care of any
network server, this is good theory/experience to have in your head.
joat: 12:00:00 31 Jul 2004 |
|
|
|
|
LURHQ has posted an analysis of the MyDoom.M worm.
joat: 11:55:00 31 Jul 2004 |
|
|
|
|
Some people wish for code that runs on multiple systesm. Be careful
what you wish for! K-otic has
posted a "Universal" IE exploit that supposedly runs on Windows and Linux and gives you a reverse shell via IE. Advice? Keep your patches up-to-date and configure your firewalls to only allow what you need to do on the Internet. In other words, limit browsing to high-port to port 80. It's not a perfect solution, but it will cut back on exploits like the above.
joat: 10:00:00 31 Jul 2004 |
|
|
Fri, 30 Jul 2004
|
|
It may be a good idea to come up with a taxonomy but I distrust
any effort that copyrights that same taxonomy.
joat: 15:00:00 30 Jul 2004 |
|
|
|
|
FurryGoat has a pointer to some sites which help you figure out what all those Windows background process are.
joat: 14:00:00 30 Jul 2004 |
|
|
|
|
Linux Exposed has a howto
article explain the use of chroot jail daemons and system processes.
joat: 13:00:00 30 Jul 2004 |
|
|
|
|
Lately, blogging has received some degree of "respectability" by being
used by politicians and mainstream media. It wasn't that long ago that
we saw mainstream articles which described blogging as self-referential
rantings of socially misfit narcissists. I think/hope we may see a
similar "occurrence" with the Wikipedia. The Register seems to have
taken a dislike to the Wikipedia, calling it a children's encyclopedia (one of the nice comments). Warning to The Register: what you're not seeing is: distributed collaboration on distributed servers. Given that "it" includes current events and internal commentary, this has the potential to sneak past mainstream notice and become the next "big it". Especially if someone can figure out a way to "specialize" and come up with something similar to topics (like blogging has "flavors"). Having contributed to the Hitchhiker's Guide (back in the Usenet News days), I like the idea of having the Wikipedia (although I haven't been involved much).
joat: 12:00:00 30 Jul 2004 |
|
|
|
|
|
joat: 02:06:52 30 Jul 2004 |
|
|
Thu, 29 Jul 2004
|
|
I've probably blogged about this before about fake spyware software/sites, but it deserves repeating.
joat: 23:00:00 29 Jul 2004 |
|
|
|
|
To paraphrase ICP, I want my .... I like reading items like this from
Jeremy's blog. Don't know
if it's true or not but it's still entertaining.
joat: 14:00:00 29 Jul 2004 |
|
|
|
|
HNS has an article which
discusses the possible future of "phishing".
joat: 14:00:00 29 Jul 2004 |
|
|
|
|
LinuxExposed has an article explaining the basics behind digital signatures and how to use them with XML.
joat: 12:30:00 29 Jul 2004 |
|
|
|
|
There seems to be some (karmic?) balance in the news today. The insanity
concerning the INDUCE Act seems to be balanced by what appears to be
careful consideration at the FCC concerning swapping
out WiFi antennas. Sorry for the use of /. links, it was the
quickest way to post this.
joat: 12:00:00 29 Jul 2004 |
|
|
Wed, 28 Jul 2004
|
|
eBCVG has an article about an
OpenSSH for the PocketPC.
joat: 16:00:00 28 Jul 2004 |
|
|
|
|
|
joat: 13:00:00 28 Jul 2004 |
|
|
|
|
It may be a good idea to visit Network
World Fusion's Security
Resource link page. It has many more links to valuable and/or
entertaining security-related sources/stories since I last visited (a
long time ago). I'm not just recommending it because I'm listed there
too. (heh) Picked up feeds for ATAC and OhBrian this time.
joat: 12:00:00 28 Jul 2004 |
|
|
Tue, 27 Jul 2004
|
|
NIST has proposed the
withdrawal of DES as an approved algorithm.
joat: 23:00:00 27 Jul 2004 |
|
|
|
|
I really enjoyed reading this
article, especially " The Top 5 Company Executive Mistakes". It
nails the organization that replaced me at a previous job. For those
that know me personally, you know who I mean. The article is almost
uncanny while remaining generic, isn't it?
joat: 14:00:00 27 Jul 2004 |
|
|
|
|
InfoSec Writers has a paper
entitled " Virus &
Worms" which is supposed to be an introductory guide for security
awareness, describing the basic theory behind malicious code.
joat: 12:30:00 27 Jul 2004 |
|
|
|
|
TaoSecurity has a list of books that he
(Richard Bejtlich) has contributed to. Included in the list is his
The Tao of Network Security Monitoring: Beyond Intrusion
Detection which appears to be a worthwhile book to have (see his and
the publisher's sites for sample chapters).
joat: 12:00:00 27 Jul 2004 |
|
|
Mon, 26 Jul 2004
|
|
I'm probably going to want/need this sometime in the future. Yeah, it's /. but they're links to made-to-order boards and parts.
joat: 13:15:00 26 Jul 2004 |
|
|
|
|
(also from /.) It's not
security-related but I just couldn't resist: You won't want anyone
else "cooking" for you with one of these.
joat: 12:30:00 26 Jul 2004 |
|
|
|
|
|
joat: 12:00:00 26 Jul 2004 |
|
|
Sun, 25 Jul 2004
|
|
If you have to disclose, at least do it this way,
include a properly written Snort sig so the rest of us can watch out for
your code should the script kiddies take a liking to it.
joat: 13:45:00 25 Jul 2004 |
|
|
|
|
Added trackbacks to the site using this, this and this. Don't know if the install has any bugs yet. I'll keep an eye on it.
joat: 13:35:00 25 Jul 2004 |
|
|
|
|
This
is so dumb, it's almost funny. (Slashdot also posted about it.) Seems
that "security people all over the country" think it looks like a bomb.
I've got news for you, small transistor devices like PDA's and iPod's
look a bit like that too. Makes me wonder who those "security people"
are. It's probably that security "concern" is interpreted by the media
as "security panic", instead of equating to "need to inform/be
informed". I'm not saying that there shouldn't be "concern" if someone
travels commercially with one of the cans in their luggage. It's just
that they should "declare" it as part of the check-in process. There's
a reason why the TSA people require you to remove your laptops from
luggage. I've gotten into the practice of also pulling out any other
"dense" electronics. It saves time. (via
WiFi Toys)
joat: 13:00:00 25 Jul 2004 |
|
|
|
|
TaoSecurity has a quick
review of Netwox, a menu-based collection of network testing tools.
joat: 12:30:00 25 Jul 2004 |
|
|
|
|
Here's a
pointer to Tony Bradley's "Introduction To" articles. Subjects include
vulnerability scanning, packet sniffing, firewalls and intrusion
detection.
joat: 12:00:00 25 Jul 2004 |
|
|
Sat, 24 Jul 2004
|
|
My son and his girlfriend think I'm weird because I like to keep the
house at a freezing (to them) 70 degrees. (My wife understands though.
She's from Buffalo.) I'll admit that, for southeast Virginia, that's
colder than most people's houses. What brought this on? I stumbled
across the weather forecast for where my parents live: Today - Hi: 73, Lo: 49. (Hint: the hi there for today is the lo here for the week.) In other words, I grew up where you wear shorts in the low 60's and sweat heavily in the low 70's. If it wasn't for air conditioning, I probably wouldn't live below 1,000 feet above sea level or south of Pennsylvania.
joat: 19:30:00 24 Jul 2004 |
|
|
|
|
Tom Liston, today's
on-duty handler at the Internet Storm
Center has posted part one of
analysis of malware he contracted by pretending to be "Joe Average" with
a common XP configuration. Intersting to follow.
joat: 15:00:00 24 Jul 2004 |
|
|
|
|
Go here to
decode the stuff from yesterday's Blogger Code post.
joat: 13:00:00 24 Jul 2004 |
|
|
|
|
(from NetSec) Here's a paper
entitled " Distributed Metastatis: Network Attack Methodology. I disagree that it's a new method of network attack as the methods it uses have already been seen in some form or other. However, it is an interesting read and even hints at the dangers of monoculture.
joat: 12:30:00 24 Jul 2004 |
|
|
|
|
Here's the "howto" for
getting your private info removed from Google's search engine.
joat: 12:30:00 24 Jul 2004 |
|
|
Fri, 23 Jul 2004
|
|
This bit of
silliness has been around for a bit. Oh, and B6 d- t++ k s u- f+
i+ o- x- e- l- c--
joat: 13:30:00 23 Jul 2004 |
|
|
|
|
(via RootSecure) Security Focus has posted the
second part of a two-part article discussing crafting packets for audits
of firewalls and intrusion detection systems. (Part 1)(Part 2)
joat: 12:45:00 23 Jul 2004 |
|
|
|
|
Infosec Writers has a pointer to a good paper on hacking via Google. Network security types should consider running the listed searches against Google to see if there are any unexpected exposures of their organizations.
joat: 12:30:00 23 Jul 2004 |
|
|
Thu, 22 Jul 2004
|
|
Call me skeptical, but how long do you think BugMeNot will be allowed to operate? I really like the idea of the service as I've used various addresses in a domain to test if my data was actually protected by those that claimed that they wouldn't sell it or release it without my permission. For the majority of those sites, the addresses I used quickly made it into spammers address books. But back to the question... Call it a prediction if you want, but I can forsee at least a token effort to get a law passed to make this sort of thing illegal. Or you can just call me skeptical.
joat: 13:30:00 22 Jul 2004 |
|
|
|
|
LURHQ has posted an analysis of the
SubmitHook BHO which injects URLs for porn sites when the unwitting user
fills out a form.
joat: 13:30:00 22 Jul 2004 |
|
|
|
|
I spent 30 or so minutes playing with the referrer code and data. I've
changed some of the URL's to site names and have added the various
search engines to the "skip" list. So as to not anger Hormel, I
won't refer to two sites as "spammers". Instead, just feel free to not
click on "ADV" in the referrers list. The ADV's and the search engines
should disappear from the list shortly as the database updates.
joat: 13:00:00 22 Jul 2004 |
|
|
|
|
Orin Kerr has a mailing
list to which he posts various crime and court cases. If you like
Groklaw, you'll like this mailing
list.
joat: 12:00:00 22 Jul 2004 |
|
|
Wed, 21 Jul 2004
|
|
Once again, "Yeah, what Dana
said." Dana's posted a pointer to the BleepingComputer.com
tutorial for a basic (but effective) forensics methodology for determining if you've been hacked and how to clean it up. The assumption is that this process will detect the majority of the compromises due to most of them being "done" in bulk and not in a "clean" manner.
joat: 13:30:00 21 Jul 2004 |
|
|
|
|
IPTables-P2P
is a matching module for "dealing with" the more popular P2P tools.
joat: 13:00:00 21 Jul 2004 |
|
|
|
|
Not sure if i blogged this before but it's a story about a 419'er being caught red-handed.
joat: 12:00:00 21 Jul 2004 |
|
|
Tue, 20 Jul 2004
|
|
InfoSec Writers has a pointer to a good article on steganography. The format of the article is a bit weird (for newspaper?) but the basics are there.
joat: 17:00:00 20 Jul 2004 |
|
|
|
|
An interesting view. Now it's our fault?
joat: 15:00:00 20 Jul 2004 |
|
|
|
|
NetworkWorld Fusion has a quick article discussing how policies and procedures are part of the foundation for your CERT.
joat: 12:30:00 20 Jul 2004 |
|
|
|
|
This is
especially valuable information. I've seen it used to create emergency
filters for content filtering (think initial worm attack). This
knowledge comes in valuable if you tie Snort into the mess and have it
write IPTables filters on-the-fly.
joat: 12:00:00 20 Jul 2004 |
|
|
Mon, 19 Jul 2004
|
|
What's not said here?
Extra points if you include support for your arguments. (Hint: the problem
is not just missing information.)
joat: 12:35:00 19 Jul 2004 |
|
|
|
|
HNS has a MP3 of a discussion
about encryption, including the difference between symmetric and
asymmetric encryption.
joat: 10:30:00 19 Jul 2004 |
|
|
Sun, 18 Jul 2004
|
|
|
joat: 15:38:52 18 Jul 2004 |
|
|
|
|
I've resorted my Bloglines
subscriptions. The public listing of them is available here.
joat: 13:33:00 18 Jul 2004 |
|
|
|
|
The RIAA is come out in force to support
Mr. Hatch's INDUCE Act. To me, it comes across a little like "pay no
attention to the man behind the curtain!"
joat: 13:25:00 18 Jul 2004 |
|
|
|
|
Here's a short list of good anti-Spyware sites. Feel free to add more
in comments. I'll build a formal list on a separate page.
joat: 13:00:00 18 Jul 2004 |
|
|
|
|
I'd like to see this happen.
joat: 12:30:00 18 Jul 2004 |
|
|
Sat, 17 Jul 2004
|
|
Heh. For all you 757'ers and anyone else, here's v0.1 of a Blosxom
plugin for the 757 IRC game IdleRPG.
joat: 23:30:00 17 Jul 2004 |
|
|
|
|
I've updated the "future" plugin (see bottom of right-hand column here)
to include a day of the week display (single letter). Get the new code
here.
joat: 20:00:00 17 Jul 2004 |
|
|
|
|
This past week saw a freak storm park over a roughly 4-square mile area
which my house sits in the middle of. It stayed there and dumped just
under a foot of rain in a two hour period. The following pictures were
taken hours later. I missed the storm as I was at work and my wife says
the water level was much higher. Keep in mind that the street drains
were operating normally. The police report that 3 blocks over, the
water was 3 feet deep. Oh and no, I don't live near any bodies of
water that would overflow like this. This all came from the sky at 2
p.m. and it was all gone by 7 p.m.
Neighbor's bush,
mailbox, and car
Further down the
street, sorry for the fuzziness
The two kids on the left
are on the sidewalk.
joat: 15:53:02 17 Jul 2004 |
|
|
|
|
Here's a pointer to the "Virtual
Honeynet: Deploying Honeywall using VMware" project.
joat: 12:45:00 17 Jul 2004 |
|
|
|
|
Here's
a BBC article about a 419 scam baiter towing the scammer far enough to
send him a birthday card, $80, and a picture of his chest spray painted
as proof that he had joined the scam baiters "church". This is
priceless.
joat: 12:30:00 17 Jul 2004 |
|
|
Fri, 16 Jul 2004
|
|
So many others have said it: "I've written my first Blosxom plugin!" Don't know how useful it'll be. The intended audience is those who use some form of procmail recipe to reroute e-mail messages into their blogs. The plugin populates $future::count with the count of messages waiting with timestamps set in the future. (See the bottom of the right-hand column here.) Grab the plugin here. joat: 23:03:54 16 Jul 2004 |
|
|
|
|
Here's the second article in the series on how the Metasploit Framework works.
joat: 20:00:00 16 Jul 2004 |
|
|
|
|
Senator Leahy (VT) has introduced legislation called "The Anti-phishing Act of 2004". It's about time. My spam intake is starting to include a lot of messages from previously unknown banks requiring me to update my accounts. Anyone else find it interesting that the Senator has used a "technical" term (phishing) in his legislation?
joat: 15:00:00 16 Jul 2004 |
|
|
|
|
Don't know how far it will get, but here's some info about the Internet
Annoyance Logging Protocol (IALP).
joat: 14:00:00 16 Jul 2004 |
|
|
|
