| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Thu, 30 Jun 2005
|
|
Here's Core Security's analysis of the Slapper worm.
joat: 12:00:00 30 Jun 2005 |
|
|
Wed, 29 Jun 2005
|
|
I've gotten rusty. I spent two hours troubleshooting software that I
hadn't touched in two years. What should have taken me 5 minutes to
trace took me 2 hours. You can consider me as wearing the "bonehead"
sign around my neck, at least, thru the weekend. D'oh!
joat: 12:00:00 29 Jun 2005 |
|
|
Tue, 28 Jun 2005
|
|
The author of this WatchGuard really admires Skype's ability to evade firewall controls and thereby void security policy. While Skype might be hard to block, it is easy to detect and the author seems to have forgotten the most effective countermeasure for preventing the use of any tool: public executions. If all of the network's users are aware of the consequences of violating policy (and know it's being enforced), incidents won't occur that often. As a former network hitman, I've seen this one in action. No matter what you think of it, it's a method that does work.
joat: 12:00:00 28 Jun 2005 |
|
|
Mon, 27 Jun 2005
|
|
I won a Shuffle in a drawing at a recent conference and have been using
it to listen to various Podcast (hate the name) shows. I also burn a
lot of those shows to disk and listen to them during my one hour+
commute to/from work. I'm interested in maintaining a list (in the
wiki) of good geek/tech shows. Here's my favorites: - any of the
Leo Laporte shows (TLR, TWIT, the KFI shows)
- /bin/rev (although
I don't like Stank's personality, he does have a good
show)
- Slashdot review
- Geek News Central
- Chris
Pirillo
Others I've been monitoring (haven't decided if I
like yet) include: - Infonomicon
- Linux Link Tech
Show
- Mondays
- LQ
- Linux Link Tech
Show
- most of the stuff in HackerMedia
Leave a
comment and I'll add the sources to the wiki.
joat: 12:00:00 27 Jun 2005 |
|
|
Sun, 26 Jun 2005
|
|
Just got done watching Troops
and I.M.P.S.. Good stuff.
I.M.P.S. is a bit more subtle (for humour) but both are good. Love the
references to MST3K and Predator.
joat: 17:00:00 26 Jun 2005 |
|
|
|
|
One thing that Kismet demo's don't often include is GPSDrive, a program
that will detect Kismet and add additional capability to the surveyor's
toolkit. Here is Anthony Stone's presentation on the topic. I especially like the slide showing the relationship between the OSI and TCP/IP models (though it doesn't have much to do with wireless).
joat: 12:00:00 26 Jun 2005 |
|
|
Sat, 25 Jun 2005
|
|
|
joat: 16:00:00 25 Jun 2005 |
|
|
|
|
Slashdot's already been there but here's the paper on HTTP Request Smuggling by Klein, Orrin, Heled & Linhart.
joat: 12:00:00 25 Jun 2005 |
|
|
Fri, 24 Jun 2005
|
|
Here's an article from Core Security discussing analysis of shellcode.
joat: 12:00:00 24 Jun 2005 |
|
|
Thu, 23 Jun 2005
|
|
Here's the North
American IPv6 Task Force's list of "Articles of Interest".
joat: 20:00:00 23 Jun 2005 |
|
|
Wed, 22 Jun 2005
|
|
Say that it'll
take $2K to build something, someone will take it as a challenge and
probably come up with something just as effective for $50, which
somebody else will mass produce for $20. Something to keep an eye on,
both the bad guy tech and what the manufacturers are going to do to
counter the problem.
joat: 12:00:00 22 Jun 2005 |
|
|
Tue, 21 Jun 2005
|
|
Here is William Bellamy's SANS/GSEC paper on HTTP Header Exploitation. Note: it has nothing to do with the recent exploits which I'll blog about later in the week.
joat: 12:00:00 21 Jun 2005 |
|
|
Mon, 20 Jun 2005
|
|
Here's another article on the .xxx domain. If you read the article, certain alarms should be ringing in your head. It's probably not comprehensive, but here's what irks me: - ICM will charge $60-$70 dollars, $10 of which would fund someone else's agenda (ICANN also gets a cut)
- the "non-profit" will be comprised of what appears to be groups that will be most biased in the first place: adult material perveyors, privacy advocates, and "child-advocacy concerns" (what are those, exactly?).
- the sentence "Even if it's voluntary, supporters say, adult sites will have incentives to use .xxx.". What incentives might that be? It's certainly not monitary in nature! I think the only other remotely available incentives in existence are moral and penal. Since adult web sites are already considered to be against community morals, the only other incentive is going to be fines/jail time.
- the phrase "required to follow yet-to-be-written 'best practice' guidelines, such as prohibitions" is a triple negative. "Required to follow best practice" sounds like a law. "Prohibitions" does nothing to lessen the impression. Beside, spamming and malicious scripts (code) is already illegal.
- domain managers have had a very spotty history of assigning domains based on qualifications. Outside of the ".mil" and ".gov" domains, chaos prevails. Now we're supposed to believe that an organization made up of members with conflicting agendas is going to be different?
Let me repeat myself: I'm quite skeptical that this situation lead to anything good. joat: 12:00:00 20 Jun 2005 |
|
|
Sun, 19 Jun 2005
|
|
I still haven't decided if this is a new fad, an overblown art project, or someone attempting to astroturf a fad so they can collect e-mail addresses (or worse).
joat: 12:00:00 19 Jun 2005 |
|
|
Sat, 18 Jun 2005
|
|
Here's an article which discusses the tech that has many security officers banning iPods in the workplace. Personally, I think it's a bit over the top and entirely for the wrong reason. If you're worried about corporate data leaving the workplace (or programs being brought in), you should also worry about those thumb drives that the company signs out, all of the e-mail and web traffic, CD burners, hard copy, what's in employees' heads... (do I need to go on?) You should worry about iPods (or any other USB device) that have alternate OSs because of the DMA issues but banning them because they're temporary storage (without banning all other forms of temporary storage) is prejudicial in nature and basically ignorant.
joat: 12:00:00 18 Jun 2005 |
|
|
Fri, 17 Jun 2005
|
|
Note to self: when dhclient responds with: /sbin/dhclient-script:
configuration for eth3 not found take a look in
/etc/sysconfig/network-scripts and make sure that ifcfg-eth3
exists. I'm such a bonehead at times. This caused a situation where a
friend's windows laptop would connect to the network just fine but my
kluge-box wouldn't. Nothing was getting logged. I didn't notice until
I started running all of the commands manually. Based on the number of
times this shows up in Google, this is a common problem.
joat: 12:00:00 17 Jun 2005 |
|
|
Thu, 16 Jun 2005
|
|
In wandering around the net, I tripped over the NIST Virtual Library.
Most of the articles are over my head but I do understand a few of them.
Enjoy!
joat: 12:00:00 16 Jun 2005 |
|
|
Wed, 15 Jun 2005
|
|
Here's a site
that gives the basic theory behind most of the crypto systems in use.
joat: 12:00:00 15 Jun 2005 |
|
|
Tue, 14 Jun 2005
|
|
I was in Raliegh-Durham today for the VMWare demo (so call me a swag whore 'cause I like free copies of commercial software). Two things that could have made the demo a bit better: 1) GIVE BETTER directions to the place. The RD Hilton is at the east end of Page Road. However, the only thing on Page Road signifying the existance of the Hilton is a tiny 6" x 8" sign that appears to be pointing to the Sleep Inn parking lot. I missed this sign the first time through and spent the next hour exploring every inch of Page Road (and it's only a few miles long). Thanks to the manager at the Days Inn for pointing the way. 2) If you're going to present to a roomful of geeks, give 'em tables to work on. Just stuffing a small room with chairs makes the entire experience uncomfortable for everyone, especially when there's a full house. To give them credit, the presentation was interesting. The title is "lost" because, as usual, I got lost on my way to where I was going. It's something that I've learned to live with, and my wife has learned to tolerate (our first date, we aimed at a restaurant in the next city... ended up in the next state). This time I did end up at the proper place (after asking directions twice) but I did get to see an ominous crime scene, complete with the population from 6 police cruisers and 3 news vans. Also on scene was 100+ feet of yellow police tape and what looked like a black bicycle laying on the ground. Anyone know what it was? joat: 21:30:00 14 Jun 2005 |
|
|
Mon, 13 Jun 2005
|
|
For you Jason Scott fans, here's an article on the problems with (and reasons for) archiving the Internet. It's interesting that the average lifespan of a web page is 44 days. It's annoying that some consider it illegal to archive public content.
joat: 12:00:00 13 Jun 2005 |
|
|
Sun, 12 Jun 2005
|
|
The media is getting some pretty decent mileage on "Is IPSec on borrowed
time?". What hasn't been said is that each has its own advantages,
disadvantages and best use. The values that (can) differ with both
implementations include: the layer(s) where encryption occurs,
authentication mechanisms, the layer(s) where encapsulation occurs, and
situations where it's best employed. I think what we'll see is
peaceful co-existance, in the toolbox.
joat: 12:00:00 12 Jun 2005 |
|
|
Sat, 11 Jun 2005
|
|
Webroot is predicting that spyware will be embedded in RSS feeds by the end of the year. While it's possible, I think that the limitation is that it requires compromise of the feed source.
joat: 12:00:00 11 Jun 2005 |
|
|
Fri, 10 Jun 2005
|
|
CircleID has another view from a different author on the upcoming XXX domains.
Mr. Javed has come up with a couple points that I hadn't thought of.
joat: 12:00:00 10 Jun 2005 |
|
|
Thu, 09 Jun 2005
|
|
|
Weird, the comment spammers must have taken me off of their list. I
haven't received any (and I'm not asking for it!!) in a couple weeks.
joat: 12:30:00 9 Jun 2005 |
|
|
|
|
|
Those of you that actually visit the site have probably noticed that I'm
cleaning up some of the code on the site. Experiments and anti-spammer
tweaks have left the back end in a horrible mess. Between that and
work, I haven't had much time to research entries for the site. Please
bare with me for a bit longer and I apologize for the current font set.
joat: 12:00:00 9 Jun 2005 |
|
|
Wed, 08 Jun 2005
|
|
HigB did something that we're all prone to do in the long run: shot himself in the foot. However, he caught it in
time and did an quick analysis of the trojan.
joat: 12:00:00 8 Jun 2005 |
|
|
Tue, 07 Jun 2005
|
|
There is something more painful that being a level III Unix admin and
being forced to watch level I training CBT's. It's being forced to
watch level I training CBT's that were produced in the mid-1990's! Ow!
Brain hertz!
joat: 12:00:00 7 Jun 2005 |
|
|
Mon, 06 Jun 2005
|
|
I often complain about the four networks that I can "see" from my chair in the front room. Wormulon seems to have it much worse than I do. And before you comment, yes, I do have to run one of those APs unencrypted. The device on the other end cannot "do" any form of encryption. Not even WEP which, if it's all you have, you should still be using. My neighbor thinks I'm hacking his systems because I know the names of his machines. He is a heavy MS user (including SMB) and doesn't understand that when he turns off his AP (for security reasons) his machines will join any other wireless network. My network monitors are full of entries about "MoonGodess". I guess it could be worse. joat: 12:00:00 6 Jun 2005 |
|
|
Sun, 05 Jun 2005
|
|
Bob Cromwell maintains a link farm of
security-related sites. It's worth exploring, there's some "doozies" in
there (try the "Privacy" or "Downright Scary Threats" links).
joat: 12:00:00 5 Jun 2005 |
|
|
Sat, 04 Jun 2005
|
|
Here are a couple ComputerWorld and CBC articles about the new .xxx domains coming into being. This topic has been discussed on this blog and other forums previously. Expect this domain adoption to lead to an extended excercise in frustration, polictics, censorship and name-calling. ICANN is making the TLD available (for $75 per domain) so that porn sites can move in. What's not being said is that most porn sites probably won't move there because it makes censorship of their site(s) extremely simple. An good example of this is "www.whitehouse.com". The site uses that domain for two reasons: notariety and to attract fat-fingered surfers. What happens when ICANN figures out that very few web sites are buying their $75 .xxx domains and are sticking with their $5 .com/.net domains? It's likely to involve parental controls, loud proclamations of "we're doing it to protect the children", and attempts to force migration to the .xxx realm. It'll only get nastier after that. Because I periodically write about things that are unpleasant to some (and sometimes include the word "fuck"), does this site deserve an adult rating? Who gets to categorize the site? How long before people realize that the Internet is an adult tool, not a child's playground? Hopefully, the .xxx domain will exist to hold only those sites that want to be there but (feel free to call me a pessimist) I don't believe it'll exist more than 6 months before either the legislative branch or the media calls out the lynch mob. joat: 12:00:00 4 Jun 2005 |
|
|
Fri, 03 Jun 2005
|
|
Here is a short paper on the issues involved with collecting forensic evidence in a distributed environment, (i.e., the typical corporate network). joat: 12:00:00 3 Jun 2005 |
|
|
Thu, 02 Jun 2005
|
|
I'm not sure where I found it but here's a sample test for CISSP.
joat: 12:00:00 2 Jun 2005 |
|
|
Wed, 01 Jun 2005
|
|
To go along with the recent GoogleMaps content, here is a site with a lot of GPS and map links. What happens when we get broadband connectivity in our cars? Tieing gpsd to GoogleMaps isn't that difficult. joat: 12:00:00 1 Jun 2005 |
|
|
|
