| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Thu, 31 Mar 2005
|
|
Bruce Schneier points out a paper on finding MD5 collisions and starts a long conversation (in the comments).
joat: 13:00:00 31 Mar 2005 |
|
|
Wed, 30 Mar 2005
|
|
Here's a surprise... Those two at the RSA conference that had that
"amateur" study that MS was more secure were actually funded by MS. They now claim innocence but the original story used sentences like " A Linux Latest News about Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded..." and " The pair said that they lacked the funding to test other operating
systems..." which doesn't help their claim any. It all made the "test" sound like an honest (although amateur) contest. How much funding do you need to buy/borrow/rent a PowerBook and watch it for 30 days? Hell, you could have built a Plan 9 box out of junk and watched it for 30 days
(for free). Heck, QNX's trial period IS thirty days. How about
FreeBSD? Or OpenBSD? Or Windows 3.1? Or FreeDOS? Or RxDOS? Or Beos?
Does Sun still give away trial versions of Solaris? How much money
was the grant? If it was more than the $20 that one of the
testers pocketed, I'd lean towards using the phrase "sock puppet". And to
avoid getting into that argument (and at the risk of irking both
"churches"), either of those OSs can be a floating turd if it's not
managed properly.
joat: 22:30:00 30 Mar 2005 |
|
|
|
|
It's obvious but a lot of people experimenting with honeypots forget to
do things like minimizing what can be abused.
joat: 13:00:00 30 Mar 2005 |
|
|
Tue, 29 Mar 2005
|
|
FTimes is a forensics tool for
working with alternate data streams (ADS). It's drawback is that it
depends on the local OS. In other words, if the kernel is compromised,
it may not see certain ADSs.
joat: 13:00:00 29 Mar 2005 |
|
|
Mon, 28 Mar 2005
|
|
I neglected to talk about how to listen to Leo on the radio. The flash
applet from the radio station that's supposed to play the stream didn't
work for me. Instead, I used Kaffeine to play it (I installed it from
the Penguin Liberation Front's RPMs)(search Google for "easy urpmi").
At the command line, type " kaffeine
http://ccdig.liquidviewer.com/kfi". It'll open the "mmsh" stream
and will even display the Liquid Audio graphics.
joat: 13:30:00 28 Mar 2005 |
|
|
|
|
The topic has some milage on it but there's some good discussion in the
comments of Bruce Shneier's post on IDN attacks.
joat: 13:00:00 28 Mar 2005 |
|
|
|
|
Here's
Joshua Wright's GIAC GCIH paper which discusses Layer 2 analysis of the
footprints left by wireless tools in the Stumbler family (those that
actually communicate with a wireless LAN as it "detects" them).
joat: 13:00:00 28 Mar 2005 |
|
|
Sun, 27 Mar 2005
|
|
LAMP has a good two-part series on
Asterisk ( Part
1)( Part
2).
joat: 13:00:00 27 Mar 2005 |
|
|
Sat, 26 Mar 2005
|
|
Here's a post about
getting SIP wedged onto an ATA-186.
joat: 22:30:00 26 Mar 2005 |
|
|
Fri, 25 Mar 2005
|
|
Here's a guide for using a Cisco ATA-186 with
Asterisk. (You'll need to turn word-wrap on in your browser if you have
it. If not, view source.) I'd seen some negative comments about using
ATA-186's with Asterisk but thought that the document might be
worthwhile regardless. Anyone care to comment on it?
joat: 13:00:00 25 Mar 2005 |
|
|
|
|
Are they still on the endangered list? It's nice to see them numerous
enough that they consider nesting near where I grew up. From the local newspaper:  (Lynn Brennan) A bald
eagle watches cars pass through the snow while resting on a tree limb at
the Almond Dam Wednesday morning. There appears to be a nesting pair at
the site, adding to others reported throughout the area, especially
along the Canisteo River.
joat: 11:15:00 25 Mar 2005 |
|
|
Thu, 24 Mar 2005
|
|
More in the podcast theme: would you believe NASA has a podcast feed?
joat: 22:30:00 24 Mar 2005 |
|
|
Wed, 23 Mar 2005
|
|
I liked the ScreenSavers prior to G4 and can't stand it now. Ever
wonder what happened to Leo? He's here doing a weekend talk
show about the same ol', same ol'. You can either listen to the stream
on the weekend or download it as a podcast. A cool twist is that the show notes are on a wiki (you can edit/add to the show notes!).
joat: 22:30:00 23 Mar 2005 |
|
|
Tue, 22 Mar 2005
|
|
|
joat: 13:00:00 22 Mar 2005 |
|
|
Mon, 21 Mar 2005
|
|
My apologies. Postings will be a bit thin this week as I've spent most
of the weekend at the hospital. I normally write most of the posts for
the week on the previous weekend. This weekend, I was offline,
mostly. When my son has a cold at this time of year it can combine
with the weather and his asthma. The result is he ends up on oxygen and
steroids. Nothing to worry about though unless, of course, you have
something to do with supporting my grocery bill while he's on steroids
or if you're one of his nurses (he's 20 but acts like a bored 2-year old
when he doesn't feel well).
joat: 15:00:00 21 Mar 2005 |
|
|
|
|
Here's another good online tool.
joat: 13:00:00 21 Mar 2005 |
|
|
Sun, 20 Mar 2005
|
|
For those of you that want an IPv6 version of dyndns.org, try DNS6.org.
joat: 13:00:00 20 Mar 2005 |
|
|
Sat, 19 Mar 2005
|
|
Here's an interesting
paper from the Honeynet Project entitled " Know Your Enemy:
Tracking Botnets". The subtitle reads " Using honeynets to learn
more about Bots".
joat: 13:00:00 19 Mar 2005 |
|
|
Fri, 18 Mar 2005
|
|
Hey telmnstr! The magazine is on
the streets! Here's a review of it.
joat: 21:30:00 18 Mar 2005 |
|
|
|
|
FYI: F-Secure's Blacklight Beta still has about 6
weeks to it. Blacklight is a "running rootkit" detector.
(See the site for a better explanation.)
joat: 21:00:00 18 Mar 2005 |
|
|
Thu, 17 Mar 2005
|
|
I've disagreed with CircleID
authors before. You can chalk this one up as yet another
disagreement. I'm not sure if James Seng was being sarcastic or not
(I'm quite dense when exposed to subtleties) but just about everything
that he describes as a "business model" in this article, I
find offensive and wrong as the underlying methods employed are usually
illegal, unethical, or just plain offensive. What methods are these?
Let's see... - blog comments spamming
- wiki
spamming
- domain hijacking
- domain
squatting
- dishonest or unethical registrars
Have I
missed anything?
joat: 13:00:00 17 Mar 2005 |
|
|
Wed, 16 Mar 2005
|
|
I was surprised when I stumbled across this (via its RSS feed actually).
The U.S. Geological Service maintains a page of latest quakes and
even provides the data in an RSS
feed.
joat: 13:30:00 16 Mar 2005 |
|
|
|
|
|
joat: 13:00:00 16 Mar 2005 |
|
|
Tue, 15 Mar 2005
|
|
If you've ever bought something from CompUSA, you might be eligible for
rebates
that you never received.
joat: 13:00:00 15 Mar 2005 |
|
|
Mon, 14 Mar 2005
|
|
In leiu of this article,
it may be a good idea to brush up on your VoIP. (heh) Okay, I'll drop
it. For now.
joat: 13:00:00 14 Mar 2005 |
|
|
Sun, 13 Mar 2005
|
|
OpenSSH v4.0 is out. Although I'm
a bit wary of new versions, it might be worth a try. Here's a list of
feature
changes.
joat: 13:00:00 13 Mar 2005 |
|
|
|
|
Here's Steve Friedl's An Illustrated Guide to
Cryptographic Hashes. He states that he wrote the article because
of the recent discovered weaknesses and to explain to the general public
what hashes are and what they're used for. Sort of a "the sky is not
falling, only a piece of it" article?
joat: 13:00:00 13 Mar 2005 |
|
|
Sat, 12 Mar 2005
|
|
My comment spammer is back. I was getting worried. Maybe he'd slipped
in the shower and hit his head. Maybe tripped and fell off the curb and
fell in front of a bus. Or was struck by lightning. Hey, I was
really worried. Once again, he can be traced back through Gandi. What
a wonderful service.
joat: 21:00:00 12 Mar 2005 |
|
|
|
|
This has got to be THE most stupid thing I've ever heard. So MS is going to offer patches to the gov't one month prior to anyone else? I have a few questions: - Do they become classified information for that period of time?
- If so, do they think the practice will last any longer than the first due-dilligence lawsuit?
- Is this an early shot at April 1st?
joat: 21:00:00 12 Mar 2005 |
|
|
|
|
Being a n00b does have it's perks, at least when dealing with Asterisk:
everything is new! I finally had time to play with it again, got Kphone
to connect to the server and caused the server to connect to the Digium
site. (Documented here) Next
up, I have to figure out how to get inbound calls across the NAT box (if
anyone wants to send pointers, keep in mind that it's OpenWRT and not a
standard firmware load). Maybe loading Asterisk on it and just having
it forward all calls to the internal box? I'm driving my wife
absolutely nuts playing with this thing!
joat: 14:00:00 12 Mar 2005 |
|
|
|
|
higB talks about a new twist to spam: the
addition of ASCII art as yet another mututation to try to slip past
scanners. I find it interesting as I was first exposed ASCII art in
college. Actually, it was ASCII porn and it was before personal
computers had graphics displays (yeah, I'm old enough to have learned
assembly on a cutting-edge 8080A). The running joke was that if you
left your terminal open, someone would cause a set of jobs dump to the
line printer and get charged to your account. Needless to say, the
computing center went through a minor fortune in tractor paper.
joat: 13:30:00 12 Mar 2005 |
|
|
|
|
LambdaMOO is still around? (I left just after the virtual rape article.)
Actually, it isn't the original PARC LambdaMOO. The source code and a
chunk of the original database was made available to anyone who wanted
it and I think that this is one of those instances. It's one of the
virtual reality success stories, text-based or whatever.
joat: 13:00:00 12 Mar 2005 |
|
|
Fri, 11 Mar 2005
|
|
/usr/bin/geek has a post
describing the basics of podcasting (for the listener). He's had to
explain it repeatedly so he's entitled it " The Dummies* Guide To
Podcasting".
joat: 13:30:00 11 Mar 2005 |
|
|
|
|
Here's
N. Cherry's home automation links page. It's huge! I'll be digging
through this one for weeks.
joat: 13:00:00 11 Mar 2005 |
|
|
Thu, 10 Mar 2005
|
|
Some of us/you find the Brazilian Honeypots Alliance Daily
Statistics page interesting.
joat: 13:30:00 10 Mar 2005 |
|
|
|
|
|
Odd. There's no spam in the comment queue this morning. Did the
spammer(s) forget to reset/reload a script last night? (heh)
joat: 13:00:00 10 Mar 2005 |
|
|
Wed, 09 Mar 2005
Tue, 08 Mar 2005
|
|
In response to this, I'll
add: - YOU GAIN the a better chance at tracking down
spammers and domain thieves
- YOU GAIN a better ability to
contact owners of misbehaving network systems
- YOU GAIN a
little peace of mind by forcing domain owners to cut back on their own
abuse.
Personally, I don't like how it was done but I do
like the fact that "something is being done". The current situation
which allows certain spammer-oriented Registrars to operate makes
running even a simple blog like this (on someone else's site) a constant
battle with jerks and assholes trying to earn off of your volunteered
work. The author of that article needs to take a few civics lessons
too. There is no right to operate a website anonymously. Anonymity is
something you might gain by making traceback difficult but it is not a
Constitutional right. Neither does the First Amendment guarantee the
right to speak anonymously. The First Amendment prevents the government
from censuring your speech. It does not prevent the government from
holding you responsible for what you say, nor does provide any guarantee
of anonymity that would allow you to avoid that responsibility. In all
9 of the authors examples, he claims that anonymity is lost. What
actually occurred was a return to responsibility. The anonymity that
"you" are losing was a temporary side effect of the relaxing rules. For
those of us that used Registrars that kept to the rules, our info was
posted and is readily available. Spam and malicious code has reached
record levels and unless we (as a society) start tightening the rules,
the problems are only going to get worse. We're about to move to a
different network protocol (IPv6). How about we leave some of the
problems behind? Apologies for the rant. I'm tired of tracing crap
back through Gandi and similar.
joat: 13:30:00 8 Mar 2005 |
|
|
|
|
HERT has a post which indicates that the
HITB '04 videos are available via BitTorrent.
joat: 13:00:00 8 Mar 2005 |
|
|
Mon, 07 Mar 2005
|
|
I've added an Asterisk page to the wiki to keep
notes on my experiments with the PBX software and to (hopefully) help
anyone else experimenting with it.
joat: 13:00:00 7 Mar 2005 |
|
|
Sun, 06 Mar 2005
|
|
For basic theory, here is a 15-
Minute Series tutorial on WHOIS.
joat: 13:00:00 6 Mar 2005 |
|
|
Sat, 05 Mar 2005
|
|
I don't know how valuable this is but SixXS does a little bit more than
provide IPv4-to-IPv6 tunnels. If you just want to visit a website on
the "other side" (without setting a tunnel up) just add
".ipv6.sixxs.org" to the hostname. From IPv4
http://www.ipv6.phreak.org.ipv4.sixxs.org will take you to the
IPv6 site for the Digital Information Society. It also works in the
other direction. If all you have is IPv6 connectivity
http://www.google.com.ipv6.sixxs.org will take you to Google.
joat: 13:30:00 5 Mar 2005 |
|
|
|
|
Here's a paper from @Stake which discusses two theoretical approaches to traceback.
joat: 13:30:00 5 Mar 2005 |
|
|
Fri, 04 Mar 2005
|
|
Here's Lenny
Zeltser's paper on reverse engineering malware, parts of which he used
for his GCIH cert requirements.
joat: 13:00:00 4 Mar 2005 |
|
|
Thu, 03 Mar 2005
|
|
Here's a couple PowerPoint presentations from Steve Abrams:
joat: 13:30:00 3 Mar 2005 |
|
|
|
|
For anyone that needs to read Outlook PST's in a *nix environment, I
recommend readpst
(part of the libpst tarball). I wasn't able to pull/push files directly
into my IMAPS server but I was able to generate a local MBOX file, mount
that, and then push the messages onto the IMAPS server via a local mail
client.
joat: 13:00:00 3 Mar 2005 |
|
|
Wed, 02 Mar 2005
|
|
Here's BleepingComputer's quick tutorial for
Windows entitled " Have I Been Hacked?". It's gives a quick what-
to-check for the suddenly paranoid.
joat: 13:30:00 2 Mar 2005 |
|
|
|
|
|
joat: 13:00:00 2 Mar 2005 |
|
|
Tue, 01 Mar 2005
|
|
Here's a blog devoted to issues
related to combating worms.
joat: 13:30:00 1 Mar 2005 |
|
|
|
|
(heh) Here's the algorithm related to this:
if($self eq "MS purist") {
$a=1;
until ($a<0) {
say "We will bury you!";
pound_shoe_on_podium();
stand_in_front_of_flag();
say "It's Un-American!";
say "It's an Axis of Evil!";
launch_3rd_party_FUD_campaing();
$a--;
if($a <1) {
$a=3;
}
}
if(all_else_fails()==1) {
click_heels_three_times();
chant_repeatedly("There's no place like home");
}
}
The unending barrage of FUD (from both sides) gets a bit
tiring. There are specific strengths and weaknesses in all operating
systems which brings about the situation "the best tool for a specific
task". Well-run hybrid networks are more secure than well-run
monolithic networks (Before you want to restart that argument: a
single vulnerability won't damage the entire infrastructure.) For now
the argument has dropped back into the "The End is Nigh" entertainment
category but I do wish that the left and the right would get over it so
the rest of us can get on with our lives.
joat: 13:00:00 1 Mar 2005 |
|
|
|
