| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Fri, 31 Dec 2004
Thu, 30 Dec 2004
|
|
Here
is a site discussing basic web proxy theory. An interesting part near
the end discusses "chaining" of proxies so that each department in an
organization can maintain its own usage policy while the organization
can impose its own set of rules. This effectively "chains" or
aggregates usage policies.
joat: 13:00:00 30 Dec 2004 |
|
|
Wed, 29 Dec 2004
Tue, 28 Dec 2004
Mon, 27 Dec 2004
|
|
I made the following with PowerPoint and converted it to a GIF so it's a
bit basic. However, the information is valuable enough. The numbers
across the top is frequency in MHz. 
joat: 13:00:00 27 Dec 2004 |
|
|
Sun, 26 Dec 2004
|
|
QSL.net has a very nice link page.
joat: 15:00:00 26 Dec 2004 |
|
|
Sat, 25 Dec 2004
Fri, 24 Dec 2004
|
|
Normally I spend the first day of the weekend blogging most of the
following week. Today is an exception, for obvious reasons. I have
gifts to wrap, dishes to wash, animals to feed. Somehow I have to
figure out how to sneak my son's and his girlfriend's presents into the
house (past them). HBO is running Carnivale again this coming week so I
have to find time to set up the record schedule. You get the idea. In any case, blogging
this week may be a little erratic. Here's today's... IBM has an
article about building clusters with custom
Knoppix CD's. Knoppix seems to be one of those tools that finds its
way into everything. Since our appliances will soon have their own IPv6
addresses, what's next? Washing Machine Knoppix? Fish Tank Knoppix?
Lawn Mower Knoppix? Don't laugh! Mix in a little wireless or
broadband-over-power-line and it's not that much of a stretch.
joat: 17:00:00 24 Dec 2004 |
|
|
Thu, 23 Dec 2004
|
|
The Web Applications Security mailing list has a pointer to a paper which discusses "session riding", which appears
to amount to hijacking a user's access or data via methods such as
sending crafted instructions via html e-mail (when the user's e-mail
client loads the html, the exploit is executed).
joat: 13:00:00 23 Dec 2004 |
|
|
Wed, 22 Dec 2004
Tue, 21 Dec 2004
|
|
Microsoft has stated that they've
switched virus scanners to " provide a safer online experience for
consumers". Considering that it's probably more of a financial
issue or a programming difficulty (e.g., can't interface the scanner
with the webmail), it's a bad choice of words for the supposed cause.
We may see a lawsuit because a corporation has taken a public
position on the quality of a competitors product (remember Microsoft purchased two
companies last year for this purpose). It's one thing to say your
own product is better than everyone elses. It's another to say (or
directly imply) that a competitor's product is crap. Without proof,
that is.
joat: 22:30:00 21 Dec 2004 |
|
|
|
|
Activeworx has released a new
verion of its Honeynet Security Console (for Win2K/XP). Screenshots are
here.
joat: 13:00:00 21 Dec 2004 |
|
|
Mon, 20 Dec 2004
Sun, 19 Dec 2004
|
|
More news from the wireless front:
joat: 19:00:00 19 Dec 2004 |
|
|
|
|
Here's part one
of a two part series on the current problems with WiFi encryption. The
focus in on WEP but it does touch on other topics. One thing to keep
in mind: if WEP is the best you have, it's better than nothing and
overall WEP security can be improved via basic practices such as
periodically changing keys.
joat: 18:00:00 19 Dec 2004 |
|
|
Sat, 18 Dec 2004
|
|
|
joat: 13:00:00 18 Dec 2004 |
|
|
Fri, 17 Dec 2004
|
|
Found Yet Another Security Related Blog ( YASRB). Here's the RSS feed.
joat: 13:00:00 17 Dec 2004 |
|
|
Thu, 16 Dec 2004
|
|
In doing work-ups for malicious code analysis, I've been using Full Disclosure as a source as it allows attachments. This allows me to download onto a non-MS machine, run a virus scanner and do other things while deciding to use the sample or not. In the process, I usually hit Google also. In trying to figure out "You_are_dismissed.com" (it's Bagle.Ap) I found tasklist.org. It appears to be a really good source for identifying unknown (unauthorized) processes.
joat: 14:00:00 16 Dec 2004 |
|
|
|
|
Tom Dunigan has a very large security-related link list.
joat: 13:30:00 16 Dec 2004 |
|
|
|
|
InfoSec Writers has a good analysis of the JPEG Processing Buffer Overrun.
joat: 13:00:00 16 Dec 2004 |
|
|
Wed, 15 Dec 2004
|
|
Here's an online howto for configuring Putty to tunnel your email traffic safely.
joat: 13:30:00 15 Dec 2004 |
|
|
|
|
Yesterday I posted about a blog run by Deb Radcliff. It appears she has quite an anthology of articles.
joat: 13:00:00 15 Dec 2004 |
|
|
Tue, 14 Dec 2004
|
|
Don't know if I've blogged about it before but HP's free classes site is still online. Topics include firewalls, desktop publishing, MS, Linux, virus protection best practices, organize your life, and many more.
joat: 13:30:00 14 Dec 2004 |
|
|
|
|
Picked up a couple new blogs: Security Awareness (run by Greg Hoffman) and Security Chief (run by Deb Radcliff). Both people are associated with Winn Schwartau, a "security type" and a real character. My first "run in" with him was when someone bulk emailed an employer with tons of wierd email (looked like mail bugs) and the source had his name in the registry.
joat: 13:00:00 14 Dec 2004 |
|
|
Mon, 13 Dec 2004
|
|
Here's Dave Dittrich's home page. Of note are the link's on the left hand side of the page. He maintains some really good lists of site related to various security topics.
joat: 13:30:00 13 Dec 2004 |
|
|
|
|
Here's a good article which discusses the difficulties in detecting complex viruses.
joat: 13:00:00 13 Dec 2004 |
|
|
Sun, 12 Dec 2004
|
|
Here's a good article which discusses network attacks and breaks them down into five basic types.
joat: 13:00:00 12 Dec 2004 |
|
|
Sat, 11 Dec 2004
|
|
Tony Bradley has posted about a site with free CISSP training. This is one of the certifications that will become a bit more valuable in the near future. The Federal Trade Commission is currently suing two companies for lack of GLB compliance. The orders they're trying to get signed include the directive to obtain an satisfactory assessment of their network with 180 days and includes the following statement: | Each assessment shall be prepared by a person as a Certified Information System Security Professional (CISSP) or as a Certified Information Systems Auditor (CISA); a person holding Global Information Assurance Certification from the SysAdmin, Audit, Network, Security Institute (SANS); or by a similarly qualified person or organization approved by the Associate Director for Enforcement, Bureau of Consumer Protection, Federal Trade Commission. |
Prediction: You'll see the quals thing get out of hand, even some fakery/foolery that will require either tighter control of quals or the government will create their own quals requirements. Stand by for an industry shift! joat: 13:00:00 11 Dec 2004 |
|
|
Fri, 10 Dec 2004
|
|
This article is a bit sensationalist ("piles on" semi-unrelated facts in order to scare you) but is mostly accurate. Anyone seen "Sweet Tooth" in action? (No, not the Pogo game!)
joat: 13:30:00 10 Dec 2004 |
|
|
|
|
For entertainment, try viewing the videos at The Broken. They're made by a couple of recognizable faces. I'm not sure if what they're showing is illegal or not, most of it is pretty mild or very old. For you conspiracy types, it proves that there was dark forces behind that TV show. Hacking with Ramzi is really, really bad.
joat: 13:00:00 10 Dec 2004 |
|
|
Thu, 09 Dec 2004
|
|
If you're reading this around 7 p.m. EST, I'm at the Biergarden on High Street in Portsmouth, overdosing on an odd version of potato soup and helping to run a local version of geek trivia. It's part of what is becoming a tradition in that the last (unofficial) day of class is held at the Biergarden. I'm addicted to the potato soup, which I'm not supposed to have due to its content. I don't have the recipe for it (hope to though) but it contains what looks like small bits of pot roast, potatoe slices, and spaetzle in a clear beef broth. Occasionally, another veggie may make a cameo appearance but the base recipe is delicious. Anything with spatzle can't be all that bad, right? If you can find someone who makes good spatzle, heifering, and dumpfnodle hire 'em, marry 'em, or otherwise move in with them. Same goes for lumpia and pansit. And before you food vacuums at 757 ask, mine's only passable so you ain't moving in with me. Apologies for the spelling.
joat: 23:30:00 9 Dec 2004 |
|
|
|
|
Interesting visualization tool. I don't expect it to go anywhere but it is a different approach (see the screenshots). Decent GL links on the page to. (via HITB)
joat: 13:00:00 9 Dec 2004 |
|
|
Wed, 08 Dec 2004
|
|
Ubiqx.org has everything you ever wanted to know about SMB (and probably much, much more).
joat: 13:30:00 8 Dec 2004 |
|
|
|
|
I think " Ten Questions to Ask About Application Security Systems" is appropriate, especially when a lot of our applications are moving onto the web server. They are appropriate elsewhere, especially when the other "move" is away from application proxies and towards "deep packet inspection" (which is inappropriate for HTTP traffic).
joat: 13:00:00 8 Dec 2004 |
|
|
Tue, 07 Dec 2004
|
|
|
Roughly two weeks have gone by. Total number of spams, three. Two from the same jerk at/via 81.27.200.49, trying to be funny. The other at/via 24.69.65.52. Both of them entered via the web page (vice the CGI interface). Both added to the blacklist. It's probably not helping that I talk about it but since this is the last week in the semester, I have a bit of free time to run the donkey at the windmill.
joat: 23:30:00 7 Dec 2004 |
|
|
Mon, 06 Dec 2004
|
|
Palo Wireless is a site with in-depth explanations of most (if not all) of the wireless protocols/technologies.
joat: 13:30:00 6 Dec 2004 |
|
|
|
|
|
Just in case anyone wanted to know, I modified the writeback plugin so that it's non-standard. Just come up with a word that isn't used in any of the code (to keep things simple) and substitue it for writeback in all of the code. For now, it's a bit of a manual process but it doesn't appear to all that hard to automate (changing that is). It may drive the spammers back to posting via the interface, where fight can be on a more even ground.
joat: 13:00:00 6 Dec 2004 |
|
|
|
|
Following is the list of IP's that attempted to connect to the old-style comment system. The only "things" that attempt this are automated programs of one of two types: either search engine spiders (such as Google's below) or comment spammers. Do what you will with the list, just don't hold me responsible for it. | 2 | | 12.158.228.18 | | | | 1 | | 168.143.113.5 | | | | 5 | | 193.95.113.114 | | | | 12 | | 194.213.41.11 | | | | 127 | | 194.213.41.12 | | | | 26 | | 194.213.41.13 | | | | 72 | | 194.213.41.14 | | | | 1 | | 194.7.246.43 | | uu194-7-246-43.unknown.uunet.be | | 1 | | 195.132.141.251 | | m251.net195-132-141.noos.fr | | 4 | | 195.27.14.2 | | | | 1 | | 200.12.238.23 | | | | 40 | | 200.21.45.4 | | mangostino.ut.edu.co | | 3 | | 200.212.114.3 | | | | 4 | | 200.34.99.9 | | | | 1 | | 211.239.170.46 | | | | 1 | | 212.138.47.16 | | cache6-1.ruh.isu.net.sa | | 1 | | 212.138.47.20 | | cache10-4.ruh.isu.net.sa | | 1 | | 212.138.47.21 | | cache13-4.ruh.isu.net.sa | | 1 | | 212.138.47.26 | | | | 10 | | 213.172.36.62 | | | | 12 | | 213.41.1.222 | | wan-222.1.rev.fr.colt.net | | 8 | | 213.41.1.226 | | wan-226.1.rev.fr.colt.net | | 19 | | 217.144.0.137 | | | | 5 | | 218.4.189.197 | | | | 1 | | 218.57.113.11 | | | | 6 | | 219.93.211.74 | | | | 11 | | 64.125.108.114 | | 64.125.108.114.available.above.net | | 42 | | 65.54.188.139 | | | | 1 | | 66.249.64.146 | | crawl-66-249-64-146.googlebot.com | | 1 | | 66.249.64.156 | | crawl-66-249-64-156.googlebot.com | | 1 | | 66.249.64.160 | | crawl-66-249-64-160.googlebot.com | | 1 | | 66.249.64.198 | | crawl-66-249-64-198.googlebot.com | | 4 | | 68.167.94.202 | | h-68-167-94-202.chcgilgm.covad.net | | 6 | | 68.98.206.172 | | wsip-68-98-206-172.ks.ok.cox.net | | 5 | | 80.65.102.162 | | ip102-162.introweb.nl |
joat: 01:52:25 6 Dec 2004 |
|
|
Sun, 05 Dec 2004
|
|
One thing that is not said all that often is that even the good guys have to know things like what's in this paper. It's not just the "good guys" that use encryption.
joat: 13:00:00 5 Dec 2004 |
|
|
Sat, 04 Dec 2004
|
|
Now that I'm not spending a hour or so per day mopping up comment barf (spam), I've had time to fix the comment script to all <b>, <p> and <br>, work on comment titles, and generally get back to tweaking the site. Are there any features that you'd like to see? I'm considering dumping the Blogroll and replacing it with a links list or putting a "recent comments" frame there.
joat: 15:00:00 4 Dec 2004 |
|
|
|
|
Ryumaou has pointed out that O'Reilly has a new magazine called " Make". It's aimed at the hardware geeks. (Telmnstr! This one looks like one of yours.)
joat: 13:00:00 4 Dec 2004 |
|
|
Fri, 03 Dec 2004
|
|
Ever wonder what happened to Sealand?
joat: 13:00:00 3 Dec 2004 |
|
|
Thu, 02 Dec 2004
|
|
Chalk this one up as a pointless temper tantrum... What kind of person (that's the nice version) thinks it's important to post their Winamp-generated playlist to the Internet? (Hint: there's quite a few of them.) I went shopping for a album, containing a Christmas song that I've not heard in fifteen years by Kevin Bloody Wilson (Hey Santa Claus...). It was amazing, the number of fake sites and playlist sites that I had to wade through before finding a legit site offering Kevin's albums. Maybe I should write one? <humming> living next door to spammers </humming>
joat: 13:30:00 2 Dec 2004 |
|
|
|
|
|
joat: 13:00:00 2 Dec 2004 |
|
|
Wed, 01 Dec 2004
|
