| August 2007 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
|
1 |
2 |
3 |
4 |
| 5 |
6 |
7 |
8 |
9 |
10 |
11 |
| 12 |
13 |
14 |
15 |
16 |
17 |
18 |
| 19 |
20 |
21 |
22 |
23 |
24 |
25 |
| 26 |
27 |
28 |
29 |
30 |
31 |
|
|
Recent Comments
Wiki RSS
|
Tue, 31 Oct 2006
|
|
If you want to get a good idea of where the technologies are going, you need to read documents like Proceedings of the International Symposium on Advanced Radio Technologies (from March of this year). It contains a number of papers on various radio and spectrum issues. Note: NTIA is to national government as FCC is to general public. The common point between the two is the State Department. joat: 13:00:00 31 Oct 2006 |
|
|
Mon, 30 Oct 2006
|
|
Set up your Tivos. Johnny Long is going to be in a documentary on 1 Nov. (9-11 p.m.) on CNBC called "Big Brother, Big Business". The local Cox schedule shows a replay at midnight. Here's his announcement. joat: 13:30:00 30 Oct 2006 |
|
|
|
|
Here is a paper from Mike Kershaw and Josh Wright (who I saw talk this past week) which discusses attacks on the interface firmware (drivers). joat: 13:00:00 30 Oct 2006 |
|
|
Sun, 29 Oct 2006
|
|
Hopefully things have improved since this analysis of 802.1x but I'm not holding my breath. joat: 13:00:00 29 Oct 2006 |
|
|
|
|
For those interested, I've updated the software behind the wiki. For those affected, please bear with me while I make minor adjustments. joat: 02:33:50 29 Oct 2006 |
|
|
Sat, 28 Oct 2006
|
|
Earlier this month Netflix used a contest to test security on one of their datasets. From the University of Texas comes a paper entitled " How to Break Anonymity of the Netflix Prize Dataset" which describes the analysis performed on the dataset. joat: 12:00:00 28 Oct 2006 |
|
|
Fri, 27 Oct 2006
|
|
At the ISSA meeting last night, one member complained that a company he'd approached for security services (one of those where it is mandatory that they have seecurity services), rationalized that they didn't need commercial services because they'd hired a kid hacker who protects "their stuff". Being my cynical self, I asked, "So did they hire an arsonist to keep the place from burning down?" It's crude but I've never claimed not to be a relative of Loud-Fat-Bloke... Hey, it could happen! Nice slogan though: "Security isn't thin" joat: 12:00:00 27 Oct 2006 |
|
|
Thu, 26 Oct 2006
|
|
Brendan in Australia recently asked for my scripts which ties NBTScan to MySQL which prompted me to start working the wiki entries lost during the crash and move that occurred earlier this year. In any case, here are my notes about the tool and, to start, code to push the info into a MySQL database. Like most of the rest of the wiki, it's unfinished work but it should give at least a couple of you a good place to start from. I'll add more as I redevelop it or re-discover old copies. I guess there can be such a thing as too many backups... joat: 12:00:00 26 Oct 2006 |
|
|
Tue, 24 Oct 2006
|
|
After over 3 years of writing a blog entry for each and every day, I've decided to slow things down a bit (at least for awhile). Finding links and/or writing about enough security or computer-related items to have an entry per day for 1000+ days straight is work. So much so that I no longer enjoy it that much. It also conflicted with the rest of my life and things I was working on for friends. In any case, I'm going to try a slightly different approach. The short version: I will when I feel like it. The slightly longer version: I will blog when I have something to write about. The format will not likely change, I'll still point out interesting things and, on occasion, vent about some boneheaded stunt. I just want it to feel less like work. If someone else wants to join in by adding in their own entries here, give me a yell. We can work something out. (I do have a few guidelines though.) joat: 12:00:00 24 Oct 2006 |
|
|
Thu, 19 Oct 2006
|
|
[*sigh*] Maybe it's my engineering background. Maybe it's having worked 20 years in engineering and 10 in security. Maybe it's hanging out with Rob & company. Most likely it's a combination of all of the above. In any case, for any type of system, general engineering rules apply. The topic of discussion this evening is "consolidation" as it applies to network management. A few newer people tend to believe that the one-ring-to-rule-them-all approach is the final solution. I disagree. Consolidation of resources can be a good thing. It allows for easier management and cheaper operations. However, past a certain point, it can also be a bad (or very bad) thing. Consolidation of resources without taking into account operations like security or unique organizational requirements (e.g., specific data sets) is poor practice. While collections of smaller (and diverse) systems are more expensive to manage, the overall operation is more flexible and much more tolerant of failure. Think of it this way --> over the length of your lifetime, which do you think you'd be more tolerant of: 100 paper cuts or 1 accident with a guillotine? joat: 20:30:00 19 Oct 2006 |
|
|
Wed, 18 Oct 2006
|
|
Wow. I'm amazed that this article, about port scanning being a violation of property rights, actually made it into the magazine, hakin9. It's about using applying auld law against virtual access to new technologies. (This always leads to trouble.) There are a serious number of flaws in the logic and I get the impression that he's paraphrasing to justify his logic. joat: 12:00:00 18 Oct 2006 |
|
|
Tue, 17 Oct 2006
|
|
ZDNet's hardware blog has an article on how the new copy protection prevents DVDs from being played in PC's. I think the movie industry should take a very close look at what they're doing. Some of those DVDs do not play in my 6-month old DVD player either. File this one under "shooting one's self in the foot"... joat: 12:00:00 17 Oct 2006 |
|
|
Mon, 16 Oct 2006
|
|
|
Sorry for the bit of offline inactivity again. I celebrated my birthday by getting a new toy and pulling all of the cables from behind the desks in the office. It's taken this long to rewire the computers, relocate the AP's and the printer and to install an OS compatible with the new toy (the Linux version of SageTV). I haven't had a chance to play with it but will let you know. joat: 12:00:00 16 Oct 2006 |
|
|
Thu, 12 Oct 2006
|
|
The power behind command line *nix is that most of the tools do one job well and they can be chained together. Dan Miessler has a quick tutorial on find and xargs will prove useful in a number of situations. This is one of those really valuable techniques that you have to know if you deal with a lot of text files (think: email, blogs, logs, etc.). joat: 23:12:23 12 Oct 2006 |
|
|
Sat, 07 Oct 2006
Thu, 05 Oct 2006
Wed, 04 Oct 2006
|
|
Note to self: When building a kernel from scratch (this may or may not be unique to dual-core 64-bit systems), the initial reboot crashes but a complete shutdown and restart works fine. Something to investigate at a later date... joat: 12:00:00 4 Oct 2006 |
|
|
Tue, 03 Oct 2006
|
|
For those that missed it, Volume 5 of Uninformed is out. joat: 12:00:00 3 Oct 2006 |
|
|
|
|
Concerning the bill to make it illegal for banks and credit card companies (ccc's) to make payments to online gambling sites: I don't believe that this will fix the problem. It will shift to banks/ccc's making payments to overseas banks making payments to gambling sites. It makes the money trail longer and that much harder to trace. I think more is lost than gained in the passage of this bill. joat: 11:30:00 3 Oct 2006 |
|
|
Mon, 02 Oct 2006
|
|
One rule of thumb: Terrorist attacks succeed because attack occurs where we don't expect it, either at a weak spot in a defense or some place where we don't believe that it would ever happen. So now I'm torn. Is ZDNet's article on suicide hackers completely silly because the attack is so far-fetched (the attacker doesn't get matyrdom because he doesn't die) or is it likely to occur and succedd for the same reasoning? joat: 12:00:00 2 Oct 2006 |
|
|
Sun, 01 Oct 2006
|
|
Various of the presentations from Usenix 15 are available online. (MP3's, notes and slides) joat: 12:00:00 1 Oct 2006 |
|
|
|
