Fri, 09 May 2008

Wrong! Wrong! Wrong!

Chris Soghoian's post, "IRS web site opens door to phishers" prompted me to visit the web site. In attempting to connect to the secure site, Firefox spit up the warning below. Note to any IRS webmaster: this is NOT how it's supposed to be done! joat: 05:53:33 9 May 2008

| [/Boneheaded_Doings] permanent link

Sat, 26 Apr 2008

Yeah! Wut?

Either Alec Saunders is completely ignorant about his former employer or he's playing at being a troll. His post entitled "Microsoft's Contribution Was TCP/IP" lacks a serious amount of "clue". Actually, the TCP/IP stack was "borrowed" and then implemented poorly. I think that by using the phrase "by ensuring a relatively bug-free implementation of IP", it's a indication that Alec: wasn't there, was in marketing (and therefore ignored anything the programmers said), or is just a clueless journalist A little research shows that he was actually a director of marketing, meaning that (at best) he knew the features but not the bugs. Windows 95 had a secure TCP/IP stack?! Buahahahaha....[**gasp**].hahahaha.... For some reason, Alec has no memory of the horrendous amount of crap and pain we (as network operators) went through in the late 90's and early 00's. Could there have been that much separation between the various MS departments at the time? joat: 09:34:11 26 Apr 2008

| [/Boneheaded_Doings] permanent link

Thu, 20 Mar 2008

Goolag redo

Okay, so I got the description of Goolag wrong. Mostly, it's my fault for not realizing that I'm supposed to download a binary executable from a known hacker site (yeah, that's a smart move). That from a page where the main focus is a search bar and the download link is formatted so that it appears as a "feature" on a page titled "Goolaq". A little bit of design knowledge (instead of "adapting" formats) and visitors might not make the incorrect assumption. Mixing what is supposed to be a legitimate link for a download into what is supposed to be a parody leads to confusion such as this. It's like your pastor telling a dirty joke during a sermon. At best, it leaves people scratching their heads. Again, my apologies for the confusion, especially to Corey Nachreiner. To the guy calling himself "ass", I won't "moderate your comment up". You've yet to say anything constructive. I've posted this retraction instead. Please realize that I've never claimed to be a "l33t h4x0r" like you. In any case, from this humble n00b, thank you for your input! joat: 07:01:00 20 Mar 2008

| [/Boneheaded_Doings] permanent link

Thu, 28 Feb 2008

Goolag

Corey Nachreiner, over at WatchGuard, posted that the cDc has created Goolag as an aid to Google hacking (the term of using Google to find vulnerable devices or programs). Corey's declaration is a bit off of the mark in that Goolag is actually only a custom interface to search the cDc kruft space. In other words, you get to search all of the web for stuff that's related to (or at least mentionds) the cDc, not the all of Google's "discoveries", as evidenced by the following to screenshots. Either one of those searches should have turned up hundreds, if not thousands of references to web cams. You can reproduce this "research" by going to Goolag and typing in "view" or "web cam" and then comparing it with a similar search via the normal Google interface (actually, Google will most likely block your search as an attempt at Google hacking, but it will report millions of hits). joat: 06:25:21 28 Feb 2008

| [/Boneheaded_Doings] permanent link

Wed, 20 Feb 2008

Leverage

From the Obvious-but-not-stated-dept.: ... and thus, your entire infrastructure must be Cisco. joat: 06:36:11 20 Feb 2008

| [/Boneheaded_Doings] permanent link

Wed, 05 Dec 2007

With friends like these

Hmmm.. I'm the 10,000th visitor to Digg in 2007? (Yay!) Why don't I feel safe clicking on that link? (Somebody should check on where they're getting their ads from!) joat: 23:57:23 5 Dec 2007

| [/Boneheaded_Doings] permanent link

Mon, 12 Nov 2007

Not a small problem.

This is really not good. If you want an idea of how bad it is, try visiting the NIST Vendor list and picking out all of the Microsoft products. Then remember that Microsoft tends to re-use code as much as possible, making the possibility that the problem exists in XP and Vista very likely. Then go back and pick out all of the products which employ Microsoft's libraries. While this sort of paper doesn't cause problems directly, it is the sort of thing that others build upon, often ending with "nice" additions to security toolkits. I wonder how long it'll be before NIST responds.... Update: the paper is here if you don't want to wade through Slashdot. joat: 19:53:27 12 Nov 2007

| [/Boneheaded_Doings] permanent link

Tue, 06 Nov 2007

Cell phone jamming

Before you take it upon yourself to jam someone else's phone calls, just because you can only hear one half of the conversation, please consider the following: What's your justification? Are you jealous that you're not part of the conversation? Don't like that the girl likes to say "like", like way too much? Before you get into the "invasion of your space" argument, answer the question: "Where am I?" I'm willing to bet that you're in a public place and your personal space doesn't involve a cone of silence. Do you come from one of those broken homes where "silence at the dinner table" was a rule? If so, then I'm sad for you. I come from an active family that the earliest we'd see each other as a group was dinner time. Aside from a few spats when we were younger, it was a time for communication. Are you that much of a control freak? When you press that button realize: You're breaking a Federal law each time you push that button, risking fines up to $11,000 ($10,000 for jamming, the rest for possession and use of contraband) You're also risking a civil suit from anyone who's conversation you interrupted (think doctor's talking to emergency room). Jammers are rarely directional, especially the cheap ones. A thirty foot range means sixty feet by sixty feet (i.e., everyone in the restaurant, and then some). Yeah, there are a few places where cell phone use can be seen as inappropriate, such as church, a movie theater, or class. However, let me point out that it is not you, with your butt in the chair, that has the right to enforce any such rule. It is the responsibility of the paster/priest, theater owner, or instructor to make and enforce the rule. Anything that you do, including saying "Hang up that phone!" is beyond your jurisdication and may be construed as a form of assault (look that one up). It falls under "The management reserves the right to refuse service..." You want silence, go sit somewhere where the business owner prohibits the use of cell phones (it's his jurisdiction, not yours). If it's a public place, you're S.O.L. You cell phone users. If it's a place where quiet is the norm, it's okay to answer your phone, just take the conversation outside as soon as possible. It's the polite thing to do and it'll help keep the etiquette nazis off of the rest of our backs. Me? I'm using another entirely legal device. If you use a jammer in plain view, I'm taking a picture and hoping it's good enough to convict you. If you're yelling into the phone in a place where quiet is the rule, I'll take a series of pictures (hey, you're acting strange in public), choose the best one, and submit it to the Craption Contest. joat: 06:22:01 6 Nov 2007

| [/Boneheaded_Doings] permanent link