| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Tue, 31 May 2005
|
|
|
Please excuse the interruption in blogging. I'm on yet another trip, this time to Baltimore. I'll get back to posting shortly. joat: 20:00:00 31 May 2005 |
|
|
Mon, 30 May 2005
|
|
(via Blackhat.info and ZDNet) CipherTrust has used some of
the data gathered from their mail filtering appliances to produce the ZombieMeter.
joat: 12:00:00 30 May 2005 |
|
|
Sun, 29 May 2005
|
|
|
joat: 12:00:00 29 May 2005 |
|
|
Sat, 28 May 2005
|
|
I've finally "got" Del.icio.us. You can see my bookmarks here. The RSS feed for it is here.
joat: 12:00:00 28 May 2005 |
|
|
Fri, 27 May 2005
|
|
Keep an eye on what comes out of the Recon.
joat: 12:00:00 27 May 2005 |
|
|
Thu, 26 May 2005
|
|
Unless you work with the data, you never know when you'll need odd
sources of data so, for my benefit, here is a site that lists the tax rates of all 50 states.
joat: 12:00:00 26 May 2005 |
|
|
Wed, 25 May 2005
|
|
Here's a website
mostly devoted to a tool that builds AutoRun files but has other AutoRun
info.
joat: 12:00:00 25 May 2005 |
|
|
Tue, 24 May 2005
|
|
One of the problems with being on the road for two weeks out of a month
is that I don't get to do the usual amount of research, so I have to
rely on my backlog for source material. In any case... Here's a site
with a collections of papers related to "Mining Alarming Incidents in
Data Streams" (MAIDS). (No, not the NT file system.)
joat: 12:00:00 24 May 2005 |
|
|
Mon, 23 May 2005
|
|
It's a bit from the mutual-appreciation-society but it's more about
tracing the spammers (from awhile ago). Ann Elisabeth has
performed a lot more research and has gotten a lot farther than I did.
She also took advantage of a server crash.
joat: 12:00:00 23 May 2005 |
|
|
Sun, 22 May 2005
|
|
|
Please bear with the site for a bit. I'm doing a bit of spring cleaning
and some things may not work properly for a short while.
joat: 20:00:00 22 May 2005 |
|
|
|
|
LinuxElectrons has an article about XTen soft phones being available for Linux. They're a bit of overkill for my setup but I'll probably "grow into them". Worth taking a look at.
joat: 12:00:00 22 May 2005 |
|
|
Sat, 21 May 2005
|
|
|
Any truth to the rumor that AirJack is being updated to the 2.6 kernel?
joat: 15:00:00 21 May 2005 |
|
|
|
|
I've disliked CircleID articles before, I'll probably continue to do so
in the future. Not to break existing practice, I have issue with
Darren Miller's article, "Road Warrior at
Risk: The Dangers of Ad-Hoc Wireless Networking". While it's a
pretty good article on the dangers of ad-hoc wireless, I find the
authors attitude about sniffing wireless to be a bit too cavalier. In
the wired world, port scanning is not deemed as trepass. It's
considered an annoyance. However, sniffing traffic and accessing
systems without permission is a definite no-no. Why should it be any
different in the wireless realm? Is it any different? This is an issue
that will probably need to be decided in court. While tools like
AirFart will probably considered to be amongst the benign category,
tools like Kismet carry the possibility of landing a war-driver in
court. "But Kismet is a passive tool," you say? True, but it's passive
in the same manner that any wired sniffer is. Don't forget that Kismet
does create pcap-compatible packet dumps. Accessing those
capture files is probably the legal equivalent of accessing the network(s) that the traffic came from. So... If you're a traveler, you
should consider encrypting all of your traffic as it leaves your
computer (use a VPN) or only access generic sites that do not require
login or interaction. (Visit CNN, read /., etc.) If you're a
journalist in search of a story (or anyone else armed with a sniffer),
stay off of other people's computers and don't capture their traffic.
If you're caught doing it, you may end up in cuffs.
joat: 12:00:00 21 May 2005 |
|
|
Fri, 20 May 2005
|
|
Here's a HERT interview
with Kismet developer Mike Kershaw, aka Dragorn.
joat: 12:00:00 20 May 2005 |
|
|
Thu, 19 May 2005
|
|
You can view the presentations from the 2004 DoD Malicious Code
Conference here.
joat: 21:30:00 19 May 2005 |
|
|
|
|
|
To make it simple for the jerk at 66.246.72.112: the comments are
manually reviewed. Stop trying to spam from your porn site.
joat: 19:00:00 19 May 2005 |
|
|
Wed, 18 May 2005
|
|
Here is an iHacked
article on the browser built into the PSP handheld. I'm fascinated by
them. At last week's course, one classmate had one (and used it to find
a hidden AP), another classmate won one of the three given away in
drawings.
joat: 12:00:00 18 May 2005 |
|
|
Tue, 17 May 2005
Mon, 16 May 2005
Sun, 15 May 2005
|
|
I'm back home now. The course in Denver was a blast. Not only did we
learn new things, we entertained ourselves (catching the wardriver was
hilarious) (Note to the Denver financial district: you really should
keep an eye on who's sitting at the curb). Short version of the
course? Don't put anything on wireless that you're not willing to lose
or publicly disclose. This applies if you're using WEP, WPA or even
WPA2. Some protections are inherently faulty, others are secure only
until someone fat-fingers a config file.
joat: 21:30:00 15 May 2005 |
|
|
Sat, 14 May 2005
|
|
BlackHat.Info has an pointer to an article
that tells of the sentencing of a member of Thr34t Krew to 21 months of
jail-time. I'm a bit amazed that it was that short of a sentence as
this group has been around awhile. Other than the usual "hacker
arrested" stories, I'm able to find: Oh, and Sophos says the group is
responsible for the TKBot.
joat: 21:00:00 14 May 2005 |
|
|
Fri, 13 May 2005
|
|
What happens when a wireless security class discovers a wardriver, just outside the window? (heh) How about, the SSID of the AP in the classroom gets changed to "we-see-you-in-the-car" and a ping storm is sent through the AP so that it "sticks out" in whatever listing his tool has. Then get a half dozen or so in the class to stand in the window and wave/point. Okay, we're having too much fun. joat: 16:43:36 13 May 2005 |
|
|
|
|
Johannes Ulrich talked at last night's BOF (Birds Of a Feather) about the Internet Storm Center (ISC) and DShield (the organization that the ISC depends on for data). Salient points include: - DShield is interested in the home user. Logs from your routers give them a much broader view of what's going on than logs from a large organization.
- When you turn in your logs, please sanitize them. Replace the first octet with "10".
- The INFOCon alert status is available as an RSS feed (I still have to find it).
- The ISC site can be viewed without any browser-side scripting (no Java, no JavaScript, no VBS, etc.).
The BOF was very interesting. I came away from it with a couple ideas to work on. One of those is coming up with a script, to run on those modified 54G's that many of us have, so that the router logs can be turned in once per hour (as Johannes requested). Another is to investigate how the black hats are employing IPv6 as a covert channel. Should keep me busy for awhile.... joat: 15:21:31 13 May 2005 |
|
|
|
|
Here is a large listing of wireless tools. joat: 12:00:00 13 May 2005 |
|
|
Thu, 12 May 2005
|
|
|
I'm at the SANS conference in Denver this week, having a good time in the Assessing Wireless Network Security class. I won an iPod Shuffle yesterday (like I needed another?). Anyone want to trade for one of those PSP's (what I was hoping to win)? joat: 19:55:59 12 May 2005 |
|
|
|
|
I've been learning about the ins and outs of Mobile IP. Here's a paper
on the IPv6 version.
joat: 12:00:00 12 May 2005 |
|
|
Wed, 11 May 2005
|
|
CINEMA (Columbia
InterNet Extensible Multimedia Architecture) is a set of server for
creating an enterprise telephony and multimedia system. Remember SIP is
intended for more than just VoIP.
joat: 12:00:00 11 May 2005 |
|
|
|
|
I've loved Zyxel modems for many years. However, they've lost points
with me for thinking that undocumented
or hidden equates to secure. What's that old line about repeating
history? [*sigh*]
joat: 12:00:00 11 May 2005 |
|
|
Tue, 10 May 2005
|
|
Dotslash is a
project that aims to be the antidote to the Slashdot Effect.
joat: 12:00:00 10 May 2005 |
|
|
Mon, 09 May 2005
|
|
For those that are interested in attending Cons, the CarolinaCon is in Raliegh, NC on
June 10-12 this year. The schedule looks interesting.
joat: 12:30:00 9 May 2005 |
|
|
Sun, 08 May 2005
|
|
|
If you're reading this within 6-8 hours of my posting it, have sympathy
for me. I'm on my way to Denver and I'll be a nervous wreck for the
entirety of the trip.
joat: 14:00:00 8 May 2005 |
|
|
|
|
Here's the link for the Voice
over Packet Security Forum. The forums (there's a link in the left-hand
menu) are a bit light in content at the moment but hopefully the site
will gain popularity.
joat: 12:00:00 8 May 2005 |
|
|
Sat, 07 May 2005
|
|
Don't know the value of it, but it looks interesting: The Math Club has
has a piece on spam clustering.
joat: 12:00:00 7 May 2005 |
|
|
Fri, 06 May 2005
|
|
LinuxElectrons has an pointer to Congressional testimony concerning The Hacker Trespasser Exception. It's an interesting read. I just wish that lawmakers would refrain from using slang terms (such as hacker) when writing laws. That sort of thing always requires rewriting of the law after years of judicial interpretation of what the use of the slang term actually meant and the intent of the law that's wrapped around it.
joat: 12:00:00 6 May 2005 |
|
|
Thu, 05 May 2005
|
|
This sort of thing gives CIO's
nightmares as the error reports often include the documents/programs
that were open at the time. On the up side, Microsoft sells an in-house
version of the error-reporting server so that you don't have to expose
your corporate secrets directly to Microsoft.
joat: 12:00:00 5 May 2005 |
|
|
Wed, 04 May 2005
|
|
I still wish I could get Cox to do this: look at their network at the packet level. Three years later, I'm still
attached to what amounts to the network boonies (on the back edge of
their infrastructure) and I still suffer from massive ARP storms. When
your management traffic becomes so extreme that your customer traffic
suffers, something is definitely wrong. I've received everything from
the "I'm the help desk, the problem is in your computer" treatment to
having to talk to security because someone was upset the I supplied the
help desk with a packet capture of what's pounding on the outer
interface of my router. There's little else I can do except live with
it. They're the only game in this area of town at the moment (short of
dial-up).
joat: 12:30:00 4 May 2005 |
|
|
|
|
Here's LURHQ's
analysis of pay-per-click hijacking.
joat: 12:00:00 4 May 2005 |
|
|
Tue, 03 May 2005
|
|
One thing that I didn't mention during the last month was that I was
archiving comment spam. I now have a bit over 800 spam entries that I
will analyze over the next couple weeks. I may be biasing the results
a bit but I expect that a majority of entries will be posted from broad
number of source IP's (zombie machines?) but will involve domains from a
certain registrar. I'll keep you posted.
joat: 12:30:00 3 May 2005 |
|
|
|
|
Here is a paper
from Columbia University entitled " An Analysis of the Skype Peer-to-
Peer Internet Telephony Protocol".
joat: 12:00:00 3 May 2005 |
|
|
Mon, 02 May 2005
|
|
Someone want to donate
a clue to Microsoft? Some of us are already on the IPv6 backbone via a tunnel set up with a Linksys router. Although I occasionally have to log in to my tunnel broker and reset the tunnel (due to my ISP changing my external IP), I don't have to make any configuration changes to my laptop. It auto-configures thanks to the radvd daemon. Just boot and go. It should be noted that the firmware that I use on the Linksys is almost a year old. The newer versions include QoS and better network management tools.
joat: 12:30:00 2 May 2005 |
|
|
|
|
I've been chided for talking about "evil" theory but it is
something that you need to know about, otherwise the blackhats have yet
another advantage. Here is the
article that The Grugq wrote just before he was fired from @stake,
exposing various flaws in specific forensic tools. It's valuable info,
both for the blackhats AND the whitehats (so that they know it
when they see it).
joat: 12:00:00 2 May 2005 |
|
|
Sun, 01 May 2005
|
|
For those that missed it, the public release of the final version of
Sveasoft's Alchemy firmware hit the streets just about two weeks ago.
You can get the public release here.
joat: 13:00:00 1 May 2005 |
|
|
|
|
eDave has a pointer to "The six dumbest ways
to secure a wireless LAN" over on ZDNet. I agree with eDave. We can
probably come up with more than six though but the George Ou's post is a
good read. Add this to the wish list: someone needs to author a good
article on using wireless intrusion detection systems and how a wired
IDS is almost useless for monitoring wireless network extensions.
joat: 12:30:00 1 May 2005 |
|
|
|
|
Here's
the presentations from the Bellua Cyber Security Asia 2005 conference.
joat: 12:00:00 1 May 2005 |
|
|
|
