| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Fri, 30 Jun 2006
|
|
InfosecWriters has a pointer to a paper by Sam Sotillo which discusses how Phil Zimmerman's Zfone works. joat: 12:00:00 30 Jun 2006 |
|
|
Thu, 29 Jun 2006
|
|
For those of you that like playing with Google Maps, they've added a few new functions. Here is a tutorial for messing with the API and the new features. joat: 12:00:00 29 Jun 2006 |
|
|
Wed, 28 Jun 2006
|
|
Found during research on business cards: SourceForge has an online copy of " Making TeX Work" by Norman Walsh. joat: 12:00:00 28 Jun 2006 |
|
|
Tue, 27 Jun 2006
|
|
Oooohh! My brain is full! You ever have that feeling that if you crammed one more fact into it, you'd start losing other stuff? That's me. Today. Mid-terms (pursuing another degree). I've learned more about the late Baroque period in the last four weeks than I did during remainder of my life. I rec'd a 98 on today's test. Completely blew one question by scratching out the wrong letter (I actually knew the answer). Problem is I've had the theme song to AskANinja playing in my head all day. It makes thing a bit difficult when you have to name 10 piece when the professor plays "Name That Tune" with Baroque music. Damn you, Neu Tickles!! (heh) joat: 01:27:37 27 Jun 2006 |
|
|
Mon, 26 Jun 2006
|
|
For you crypto and programming types, Wikipedia has a page of algorithms. While it doesn't usually explain the algorithms themselves, it does have pointers to the info you're looking for. joat: 12:00:00 26 Jun 2006 |
|
|
Sun, 25 Jun 2006
|
|
I've been researching a possible project which involves putting various info on business cards and have run across some other people's interesting work. Here's one: a business card for estimating angles and, with a bit of math, distance. joat: 20:30:00 25 Jun 2006 |
|
|
Sat, 24 Jun 2006
|
|
Here is a paper which discusses the D-Link NTP ddos and includes other ddos attacks as historical examples. joat: 20:30:00 24 Jun 2006 |
|
|
Fri, 23 Jun 2006
|
|
Here is a collection of wireless-related links. joat: 20:30:00 23 Jun 2006 |
|
|
Thu, 22 Jun 2006
|
|
The following is mostly for my benefit... I cleaning out various pieces of luggage, I discovered some of my notes from this year's ShmooCon, specifically the Wi-Fi Trickery lecture. Here's some disjointed notes: - raw injection can corrupt a WIDS
- FakeAP is only effective against novice wardrivers (as a defense) and WIDS (inserts bad or junk info into the database)
- FakeAP can be detected by looking at timestamps (usually too low), sequence numbers (often reset or too low), and other misbehaving parameters.
- A good number of frames are not normally analyzed by WIDS (e.g., ACK frames), thereby allowing for the existance of covert channels
The tools/topics discussed in the lecture included: Enhanced FakeAP, GlueAP, MitM attacks and covert channels. joat: 12:00:00 22 Jun 2006 |
|
|
Wed, 21 Jun 2006
Tue, 20 Jun 2006
|
|
NIST has three draft publications for which they're accepting public comment: - The Information Security Handbook: A Guide for Managers
- The Guide to IEEE 802.11i: Robust Security Networks
- PIV Data Model Test Guidelines
Note: the deadline for comment for this last one closes June 22nd. (You'd better hurry!) joat: 12:00:00 20 Jun 2006 |
|
|
Mon, 19 Jun 2006
|
|
Amit Klien has an interesting article which discusses various issues with DNS security at the registrar level. joat: 12:00:00 19 Jun 2006 |
|
|
Sun, 18 Jun 2006
|
|
Philip Su's article talks about the political and emotional abuse that runs rampant inside the company. What's glossed over is the same behavior occuring within the user community (not that it is limited to the Microsoft realm). Many seem to have forgotten the condescending, often pompous, position of the illuminati that Windows was the most secure and best tool for the job. True or not, it was the position marketed and accepted by the general populace. (Apple seems to be repeating the process.) Microsoft has a new chance with the coming release of Vista. Hopefully they realize that with a new product, they've reset the KLOC counter to a high value and will need to work their way back down (again). That the product has several new technologies built into its foundation will cause numerous problems once the outside world (black, white and grey-hat) begins to understand its workings. Hopefully the MS marketing department will be constrained from promoting the new OS as being the most secure on the planet as was done with previous versions. If they don't we'll have to suffer through yet another generation of programmers and admins whose declarations of better security are based solely on party line and the fact that it's the only OS they know. (i.e., those admins who manage systems in multiple worlds have favorites but they're not rabid purists). If they do avoid the used car salesman approach, I believe that, in the long run, Vista will be a much more successful product. joat: 20:30:00 18 Jun 2006 |
|
|
Sat, 17 Jun 2006
|
|
Okay, this is getting out of hand. I was out of town for a week and was able to sift through the comment queue only once (on Tuesday). Since then the comment spammers have dumped a little over 21,000 spams into the queue. Luckily, I'm not limited to manual delete. It is a PITA though. joat: 17:00:00 17 Jun 2006 |
|
|
Fri, 16 Jun 2006
|
|
The article is a bit dated but " Securing MySQL" is still valuable. joat: 12:00:00 16 Jun 2006 |
|
|
Thu, 15 Jun 2006
|
|
Here's Bruce Shneier's posts on last year's NIST Hash Workshop: The pieces are short but they poing to quite a few interesting papers. joat: 12:00:00 15 Jun 2006 |
|
|
Wed, 14 Jun 2006
|
|
I may have blogged this one before but here is an interesting piece on analysis of wireless "discovery" tools (yeah, another of Josh Wright's pieces). One thing to keep in mind is that he's discussing "active" tools. Passive tools are rarely discovered and then mostly by accident. joat: 12:00:00 14 Jun 2006 |
|
|
Tue, 13 Jun 2006
|
|
One of the things that you will eventually do if you work in network security is read the header of a piece of email. Whether it's troubleshooting a problem, backtracking spam, or just trying to figure out where a message has been, you need to be able to interpret what you're reading. " Reading Email Headers" explains the basics. Keep in mind the article may or may not be entirely accurate as each piece of software that handles e-mail has its own "standards" for doing things. An example of this is that MsgID's are valid only on the machines that generated them, especially on firewalls. Assuming that MsgID's are constant from source to destination will quickly get you lost. Also, each mail handler has its own way of generating those ID's. Sendmail's ID's are a combination of timestamp and process number. (Beginners should consult the Bat Book to learn how to decode them.) MS Exchange ID's appear to be totally random. (For years, I've been looking for a source of info for this.) Also, some organizations purposely munge headers in an attempt to "hide" their internal architecture. This sword cuts both ways though as it also complicates troubleshooting. In any case, the article explains the basics of reading headers and basic forgery detection. Count it as a need-to-know. joat: 12:00:00 13 Jun 2006 |
|
|
|
|
Note to anti-virus companies: Please add the feature where if the malware is known to steal, borrow or otherwise forge the source address on an infected email, the code will NOT send an email back to the supposed source. I'm now getting complaints about my non-existent MS mail client in Italian. Grazie! joat: 10:30:00 13 Jun 2006 |
|
|
Mon, 12 Jun 2006
|
|
SecurityFocus has a two-part article on malicious cryptography ( part 1, part 2). You'll probably find the references listed at the end of each part interesting. joat: 12:00:00 12 Jun 2006 |
|
|
Sun, 11 Jun 2006
|
|
Just in case you're wondering how to do it, the DoJ has a page entitled " How to Report Internet-Related Crime". Keep in mind that most cybercrime fails to meet the minimum requirements for law enforcement to act on as there's only so many investigators and there's so much crime. If you can prove a crime (that doesn't meet the damage minimum), you might consider civil prosecution or private investigators. joat: 20:30:00 11 Jun 2006 |
|
|
Sat, 10 Jun 2006
|
|
If you're willing to dig a bit, this class blog might be a good starting point for surfing crypto/security-related reading. joat: 20:30:00 10 Jun 2006 |
|
|
Fri, 09 Jun 2006
Thu, 08 Jun 2006
|
|
NTSecurity has an article which discusses the issues associated with dumping memory for forensic purposes. Not how, but what might complicate the practice. joat: 12:00:00 8 Jun 2006 |
|
|
Wed, 07 Jun 2006
|
|
Here is a SecurityFocus piece entitled " Malware Analysis for Administrators". joat: 12:00:00 7 Jun 2006 |
|
|
Tue, 06 Jun 2006
|
|
|
joat: 12:00:00 6 Jun 2006 |
|
|
Mon, 05 Jun 2006
|
|
Since KFI updated their streaming software, us non-MS users have had issues in listening to the live stream. Mplayer doesn't work because it claims that it's missing a codec and it really doesn't like the multiple forwarders that the web client employs. Try this: - Go here.
- Hit "stop" before the page redirects.
- Right click on "click here" and select "copy link location"
- open a terminal and type mplayer (don't hit return yet)
- paste the link (copied earlier) into the command line and hit enter
Depending on the age of this hint, you should start hearing the KFI feed. joat: 12:00:00 5 Jun 2006 |
|
|
Sun, 04 Jun 2006
|
|
NetSecurity has a piece on how to analyze HijackThis logs. joat: 12:00:00 4 Jun 2006 |
|
|
Sat, 03 Jun 2006
|
|
LURHQ has also posted an analysis of the Cryzip ransomware trojan. joat: 12:00:00 3 Jun 2006 |
|
|
Fri, 02 Jun 2006
|
|
LURHQ has posted an analysis of the Arhiveus ransomware trojan. joat: 20:30:00 2 Jun 2006 |
|
|
Thu, 01 Jun 2006
|
|
Correct me if I'm wrong but neither Google nor Digium had anything to do with the connection, though they both acknowledge it. I'd thought that it was developed by a third party. joat: 23:20:17 1 Jun 2006 |
|
|
|
