Sunday, November 30, 2003

And the award for Stupid Idea of the Year goes to....

Okay, call me a cynic for continuously whining about these things but I seriously believe that this is an extremely bad idea. Seems that John Str

Anti-honeypot Tool

Read about this on the Honeypots Mailing List...

Seems that the spammers developing tools of their own. First the anti-spammer groups set up honeypots whose objective was to tie up and/or detect spam sources. The spammers have responded with "Send-Safe, a honeypot hunter.

I especially like the wording of the product description:

Send-Safe Honeypot Hunter is a tool designed for checking lists of HTTPS and SOCKS proxies for so called "honey pots". "Honey pots" are fake proxies run by the people who are attempting to frame bulkers by using those fake proxies for logging traffic through them and then send complaints to ones' ISPs.

"Attempting to frame bulkers" indeed. If you're using resources other than your own to spam the planet, there's a problem. "Attempting to frame bulkers" gives the impression that you have a legitimate right to other people's systems. That phrase should read "Attempt to catch resouce thieves". If I catch you using mine, I'm going to do my darnest to make your life hell.

Funny part about it is that they want $299.00 for the program. Must be no honor amongst thieves?

How to file a complaint

Normally I just filter and delete the spam but I've received a particularly distasteful one (Brazilian kiddie porn) which I'm going to file a complaint about. You can follow along as I whine to customer support about a message entitled "joat, welcome to Ped0Wor1d ayuGYoaf".

First, we need to take a look at the message header. Other than changing my account name (to block account scrapers), the header is as-is from the message.


Return-Path: 
Received: from pop.east.cox.net by localhost with POP3 (fetchmail-6.2.1)
    for joat@localhost (single-drop); Sun, 30 Nov 2003 08:43:06 -0500 (EST)
Received: from compuserve.com ([12.229.105.222]) by lakemtai06.cox.net
  (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id
for
; Sat, 29 Nov 2003 21:32:16 -0500
Date: Sun, 30 Nov 2003 03:31:53 +0000
From: mrg@simplewire.com
Subject: joat, welcome to Ped0Wor1d ayuGYoaf
To: joat
References:
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=2.1 required=3.0
tests=BIG_FONT,CTYPE_JUST_HTML,HTML_FONT_COLOR_BLUE,
HTML_FONT_COLOR_MAGENTA,HTML_FONT_COLOR_NAME,IN_REP_TO,
NO_REAL_NAME,REFERENCES,SPAM_PHRASE_00_01, TO_LOCALPART_EQ_REAL version=2.44
X-Spam-Level: **
X-Spambayes-Classification: ham; 0.07

Notice the two "Received:" lines.


Received: from pop.east.cox.net by localhost with POP3 (fetchmail-6.2.1)
    for joat@localhost (single-drop); Sun, 30 Nov 2003 08:43:06 -0500 (EST)
Received: from compuserve.com ([12.229.105.222]) by lakemtai06.cox.net
  (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id
for
; Sat, 29 Nov 2003 21:32:16 -0500

Unless one or more of them have been badly forged, "Received;" lines are normally in reverse chronological order. When backtracing spam, you work in the same order, verifying each line until you reach the line that doesn't "read" correctly. Since there are only two lines in this instance, it is very easy to trace this one back to its source.

The first "Received:" line is a normal entry, generated by my instance of fetchmail.

Right away, the second line has an error in it that sticks out: it's not from the domain that claims to be (CompuServe). Rather, Cox's mail server recorded an IP of 12.229.105.222 as making the connection. It's also significant that the "Return-Path:" address is also not CompuServe.

Finally, the lack of any other "Received:" line is also significant. Normally you would have a client-to-server entry followed by a server-to-Cox-server entry to show that the mail was generated by a mail client and uploaded to the sender's mail server before that server "talked" to Cox. (Too confusing?)

What this means is that a program connected directly to Cox's mail server to generate the mail. In other words, a non-MTA program connected to port 25 on Cox's mail server and "typed the message directly onto the server". This is a technique that system administrators use in troubleshooting mail delivery. Anyone know of spammer programs that use mail lists, do MX lookups, and connect directly to the applicable mail servers?

Anyways, we can still trust most of the second line. Except for "from compuserve.com", the line is generated by the Cox mail server. The IP address is significant in that a reverse lookup reveals that it's an ATT IP address:

$ nslookup 12.229.105.222
222.105.229.12.in-addr.arpa name = 12-229-105-222.client.attbi.com.

Note that if you don't have "nslookup" or "whois", SamSpade.org has a nice web-based version.

A WHOIS lookup returns the following:

$ whois 12.229.105.222
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Comcast Corporation COMCAST-12-229-96-0-WASHINGTON (NET-12-229-96-0-1)
12.229.96.0 - 12.229.127.255


This indicates that while AT&T owns the IP address, they "sublet" the chunk which our suspect IP belongs in to Comcast Corporaton. Note the "NET-12-229-96-0-1" in parenthesis. We can do another WHOIS lookup on this to get:

$ whois NET-12-229-96-0-1

CustName: Comcast Corporation
Address: 1500 Market Street
City: Philadelphia
StateProv: PA
PostalCode: 19102
Country: US
RegDate: 2003-10-10
Updated: 2003-10-10

NetRange: 12.229.96.0 - 12.229.127.255
CIDR: 12.229.96.0/19
NetName: COMCAST-12-229-96-0-WASHINGTON
NetHandle: NET-12-229-96-0-1
Parent: NET-12-0-0-0-1
NetType: Reassigned
Comment:
RegDate: 2003-10-10
Updated: 2003-10-10

TechHandle: DK71-ARIN
TechName: Kostick, Deirdre
TechPhone: +1-919-319-8249
TechEmail: help@ip.att.net

OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: +1-919-319-8130
OrgAbuseEmail: abuse@att.net

OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: +1-888-613-6330
OrgTechEmail: qhoang@att.com

OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: +1-888-613-6330
OrgTechEmail: swipid@nipaweb.vip.att.net


This gives us the address to send our complaint to: "abuse@att.net".

The trick to filing a complaint of this type is to be polite and to present all of the facts (as we've done above). It's also a good idea to provide the original message, with headers, as an attachment to the complaint. You also want to give the ISP an "out" in this case as it may be a hacked box on the far end.

The wording of my complaint (which I've just sent):

To whom it may concern,

Please forward the following to your Abuse and Security departments.

Please find attached an unsolicited (and particularly distasteful) pornographic e-mail advertisement (porn spam) that showed up in my in box. Various things about the headers are notable:

1) The "Return-Path", the source IP, and the source hostname all conflict. That is: "mrg@simplewire.com", "compuserve.com", and "12.229.105.222" respectively.
2) There are no other "Received:" lines other than the one generated by my Fetchmail utility (which I will vouch for the accuracy of) and the one generated by my ISP's (Cox) mailserver. This is indicative of a program connecting directly to Cox's mail server.

The IP recorded by Cox's mail server belongs to one of your customers. Please determine whether the user at that IP is running a spamming program or if it has been compromised by a trojan or worm which allows spammers to use it in a similar manner.

Respectfully,


One side "thought" generated by all of this. When the new federal anti-spam law goes into effect, there's going to be some trouble. There's a strong possibility that this source IP is infected with something similar to the Jeem trojan, which allows for remote control spamming. Given that law enforcement is in a constant game of technological "catch-up" with hackers/spammers, I hope they learn how to read and interpret message headers before throwing some poor church-going Granny in the slammer for spamming the planet with "l33t pr0n".

IPSec Troubleshooting Guide

For those real hair-pullers, here's ICSA Lab's IPSec Troubleshooting Guide.

Thumb Drive Prices

Anyone else notice that "thumb drives" are less than $.50 per M nowadays?

Went window shopping at a few stores yesterday to price a replacement hard drive and noticed that two of the larger chains are now selling 128M thumb drives for about $58.00 US. Saw a 64M USB v1 one for less than $20.00.

Until recently, it'd seemed that the price was never going to go under $1.00/M.

Saturday, November 29, 2003

Nessus

Linux Security has an article entitled "An Introduction to Nessus" which is a decent read. For those not in the know, Nessus is an open source vulnerability scanner.

Some organizations use it instead of ISS as it's attack database is generally larger and more up-to-date. The drawback is that it also can do damage in it's penetration testing if you're not careful (there are switches to disable the more brutish attacks).

Update: Bowulf has a piece in which he indicates that you can avoid the setup and configuration of Linux and Nessus by using Knoppix STD. The only thing you have to worry about otherwise is gathering the updated NASL signature files.

Hint: you can add them to the distribution prior to buring the iso by mounting it via the loopback device. (If there's enough room.) For Linux, try

  mount cdimage.raw -r -t iso9660 -o loop /mnt

AES Encryption

Here's a Microsoft Developers' Network article which discusses how the AES algorithm works. A nice read.

Vi Keys

Got this one from 0xDECAFBAD: a pointer to Harvard's "vi Complete Key Binding List".

Friday, November 28, 2003

Writing your name in the snow

Okay, there seems to be a strong cynical bent to my posts as of late but I can't resist just one more.

In the last few years, Netcraft took a beating from the more zealous side of the Open Source house for saying various nice things about Microsoft and IIS. They were even accused of taking money to produce a slanted survey. Here's another similar situation...

NetCraft has stated that Apache runs on the majority of the web sites on the Internet (and has done so since some time mid-Feb 1996). Now there's an org called Port80 Software that says some pretty nasty things about NetCraft. It appears that they're trying the old "running for office campaign" strategy in which the main tactic is to say negative things about the other guy.

Actually, if you read closely, both reports could be true. In other words, it's very likely that IIS has the majority of the Fortune 1000 corporate server realm while Apache has the overall lead. (Hey, at one point I was responsible for 8 individual web servers, only one of them corporate, and none of them IIS.) The problem I have is with the slights thrown in the article which attempts to give NetCraft (I can't believe I'm defending their tactics) a black eye.

I was suspicious enough of the main article to look at it even close. If you look at the data, port80 only looked at the top 1000 corporations. In this case, "top 1000" is the "Fortune 1000" corporate listing. That means that out of the 30298060 web sites polled by NetCraft, port80 says only a specific 1000 of them "count" so that they can declare that IIS has a majority. (Aside: It could also mean that a majority of the Fortune 1000 CIO's saw the "no one's been down to the server room in days" commercial and was gullible enough to believe it.)

Thank God for "Lies, Damn Lies and Statistics"?

Nothing like leveraging of off someone else's reputation, huh?

Thursday, November 27, 2003

System Administration and Security

Computer World has a short discussion about managed security services. The article is here and following are my answers to their questions:

Should I select the same service provider to manage both IT services and security services?

No, absolutely not. System administrators that also understand security are rare and (usually) high paid. Unless your system administrator has been around the block quite a few times (able to stand up servers using three or more OS's), it's usually a safe bet that they will attempt to do EVERYTHING using the same OS. You end up with a monolithic network (this is the "all your eggs in one basket" train).

What process should I follow when implementing a managed security service?

Semi-agreement with the article. Before you farm out your security services, you should have well-documented policies, procedures, and plans.

How do managed security services affect corporate security risks?

Realize that it is still your organization that is responsible for overall security. You're hiring someone to provide reports on the status of your network. It's still up to you to "push" policy. It'll also be up to you to deal with the politics. If the hired security says that someone is doing something that's against policy, it's up to you to either correct the person or change the policy. Please note that ignoring the situation is bad practice (you're paying for security!) in that it's not a known condition and if you don't correct it immediately, you can't fire anyone for it at a lter date. If it involves anything "shady", you could be sued by other organizations if the situation expands and affects them.

What are the pitfalls of managed security services?

Cost mostly, but depending on what you're buying for service, it can be cheaper than having your own full-time in-house talent.

Also, if you've never had ANY security up 'till now, be prepared for some surprises. The first report that shows up on your desk may tell you a few things about your network that you don't want to hear. Examples of this could include: a virus infection, Bob in accounting spends most of his working time surfing porn, your secretary runs peer-to-peer file trading software at her desk, Fred in purchasing is selling corporate assets on eBay, etc. Just try to remember that these are the reasons that you hired out for security in the first place. Don't shoot the messenger.

What problems are best addressed by managed security services?

If you can't afford (or retain) full-time in-house talent, managed services are definitely an option. See the article for a much better explanation.

Doctor, Doctor!!

"Hey, Doc! It hurts when I do this!"

"So don't do that."

While that may make for shoddy medical practice, it's even worse for security. According to ZDNet, Microsoft has issued a "knowledge paper to fix the hole in MS Exchange's OWA.

Anyone else see bad practice here?

(Hint: if they call it a "fix", marketing can claim that MS "fixes" things rapidly.) Want to talk fast, an ElGamal bug in GPG was announced today. Guess how long you have to wait for the patch? Answer: It's already out.

Question

I've been reading/considering about VOIP today. Is it me or can the only way to secure VOIP be on-the-fly encryption (session and user)?

Saw yet another capture-to-wav tool today.

Wednesday, November 26, 2003

NSM PowerPoint

Something said over on TaoSecurity caused me to Google for NSM and I found a very good PowerPoint presentation on NSM.

Bit Torrent FAQ

A good network administrator knows how the programs employed by his/her users work (or at least knows where to go look it up). Here's the "BitTorrent FAQ". It doesn't describe how to control/limit the traffic but it does describe how the tool works.

Public Clock

pool.ntp.org is home for the public time server project.

Tuesday, November 25, 2003

Don't use Word!

Don't use MS Word if you're going to e-mail or post the document. It makes some pretty heavy assumptions, including who your readers are going to be and the capabilities of their systems. This is a long-standing peeve of a sizeable portion of the Internet. Here's a well-worded version of the anti-Word side of the argument.

Monday, November 24, 2003

Linux McAfee Update Script

For us altruistic types that push our customers files and e-mail through the Linux-based McAfee anti-virus scanner, here's an auto-update script for the signature files. Thanks to Jorge Becerra for writing it and to Bluestream Consulting for reposting it.

Sunday, November 23, 2003

Mess in the wiki

Please bear with the mess under the FWTK pointer, I'm writing a quick paper. It's quite unusable at the moment but should be in near-finished form in the next 10 days or so.

Public Certificates

CACert.org is a public Certificate Authority (CA). For non-admin types, this is a self-proclaimed issuer of free SSL certificates.

Is it worth anything? Like a lot of other things on the Internet, the answer is "it depends". It depends on how well people trust the site and use it. Note: You don't have to use Verisign, you can issue your own certificates. Verisign's strength is that, by way of government sponsorship, the majority of users "trust" it as a CA.

Update: For those that are interested in rolling your own, check out the "OpenSSL Certificate Cookbook".

Blech!

In the five years that I managed firewalls for various networks, I gradually became a cynic. It's also the reason why I'm a stickler for policy wording and some have referred to me as a network Nazi. (Hey, if 29,999 users are happy with how the network runs and you're the one malcontent, call me anything you want.) Exposure to people like that described in the link below is the reason that network security has a high attrition rate. (There is truth to the cliche that some network security types "get out" and raise flowers for a living.)

Okay, let's see him try the "a trojoan did it" defense! (Warning: Article is about a really sick f**k.) (Sorry but that's the only description for him.)

Net::Dict Interface

Having tried my hand at writing various IRC infobots, I've played with Net::Dict occasionally and will probably need it again (thus this blog).

Saturday, November 22, 2003

Looking for Incident-Response.org?

According to Tao Security, someone snagged the domain for Incident-Response.org when it expired (don't you just love how DNS is managed?). If you're still looking for the site, point your browser at:

http://66.96.178.49/

Friday, November 21, 2003

Soap attacks

Here's a Web Apps Security mailing list pointer to a white paper on basic attacks on SOAP. No, it's not discussing strange goings-on in the shower! SOAP is the Simple Object Access Protocol. It's used to overlay various services on top of HTTP allowing communications via XML.

The paper also describes defenses against those attacks.

Wednesday, November 19, 2003

IPSec Troubleshooting Guide

If only Bowulf has posted this a week ago. Took us all of the time we had for lab to get a 5-node VPN up and running.

Then again, it might not have. We finally figured out that d*mn Pix's had to be rebooted for the configuration to load properly.

In any case, it's a nice to have.

Tuesday, November 18, 2003

Corporate Schizophrenia?

It's a busy couple of weeks for Microsoft news. Both good and bad. Enough so that reading them all together may give the impression of corporate schizophrenia:
  • Could it be that they finally get it? Just a little bit?
  • They also want to do some buy and kill, especially after Google pulled a fast one.
  • Why won't they learn that shouldn't promise stuff a trade shows? Anyone else remember the super-fantastic backup technology that Microsoft promised at a Comdex? Funny, Veritas and friends are still around. (The super-fantastic Microsoft backup robot isn't.) That and tablets have already been declared dead.
  • Bill also use Comdex to announce new anti-spam tools. I really hope that Bill didn't use the word "spam" as Hormel might get a little pissed that the worlds (sometimes) richest man is attempting to profit off of the name of one of their products.
  • Meanwhile, pundits punditted that this would put other anti-spam products out of business (yeah, just like IIS and Active Directory did?)
  • Meanwhile, Steve was in Japan, making promises of better security while spreading FUD about open source products.
  • Microsoft has put a "bounty" on the heads of malicious code writers, specifically two evil-doers.
  • The "discussion" over those bounties is only a couple insinuations above a name calling contest
  • Users are a bit less than pleased with Microsoft's new patches
  • and yet two more exploits that use port 135 were made public along with another vulnerabiltity in Microsoft Exchange.

Thanks to: Slashdot, The Evil Empire, HelpNet Security, Computer Cops, Insecure.org Lists, HackInTheBox, eWeek, InfoWorld, ThinkComputer

Side note: Sorry this is showing up on Tuesday. I'd meant to post it on Sunday but it took this long to pull all of the MS-related stuff off of the spike.

CSI loses points

Ooh! CSI just lost points amongst the geeks. One of the investigators called stealing WIFI access from the next building over as "War Chalking".

Heh.

Monday, November 17, 2003

Troubles from within...

Troy Jessup has a good post over on The Security Blog. In it, he talks about the need for upper management to understand the issues which drive network security and some of the shortcomings which damage security (can you say "personal business").

I heartily agree with him and will throw in my own comments here...

Many upper management types are worried that "we'll be seen as network Nazi's". Personally, I don't care of your opinion of me if the network is running properly. If the security model (based on the business model) requires that I flog every dolt who thinks the rules don't apply to them, so be it. Call me all the names you want. I plan on going home at the end of the work day.

Also, and this might sound contrary to the above, you have to have realistic and enforceable rules. Anything else breeds contempt and circumvention of the rules. The end-user also has to understand the reason for each of the rules. This requires user training and user agreements.

Sunday, November 16, 2003

While fishing around I found...

While I was fishing around for some other information, I came across SpammerHunters.com. Might be interesting.

Saturday, November 15, 2003

Quick screen howto

Not necessarily a security tooll, screen is useful in any case. Uptime has a quick howto for using screen.

RSS IM?

Something to play with during free time.

Bridging Firewalls

"Bridging Firewalls" have been around for awhile but are only recently getting notice. (SecurityFocus has a nice article about them.

For the short version, Bridging Firewalls are effectively network bridges which have IPTables-like filtering added in. They are "invisible" because you don't add IP addresses to bridges.

Friday, November 14, 2003

Alternate Data Streams

I'm not able to verify the accuracy of it but Anti-Crack has a piece about "Alternate Data Streams. This is one of the ways you hide stuff in Windows files systems. Includes pointers to tools to detect ADS.

Covert Communications

SilverStr has a piece about covert communications channels.

What's on your network? (to the tune of "What's in your wallet?")

Thursday, November 13, 2003

Changing MAC Addresses

I've gotten into this argument quite a few times over the years. If you ask "most" Windows types if MAC addresses can be changed, they'll say "no". The answer is actually "yes" but under windows, you have to know the trick. (No points for grammar/spelling/translation but you get the idea.)

Under *nix, it's quite easy (and doesn't need to be explained here.).

Yet more wiki stuff

More info added to the wiki:
  • Added to the Blogger's Toolkit - Content Tools section.
  • Added "Refresh or Redirect in PHP"

Some of it you just have to leave at the curb

Jeremy has noticed that spam doesn't compress well.

Is this usable?

Also, he seems to have had better luck with SpamBayes than I have. Could it be that my run-away collection of Procmail recipes is finally catching up with me? It has piqued my interest in graphing my spam though.

Wednesday, November 12, 2003

Rules for a successful security policy

Computer World called them "10 steps" but they're more like "rules of thumb". In any case, they're make up a good guide for having an enforceable security policy.

Tuesday, November 11, 2003

Incident Response Tools

SecurityFocus has a two-part series on Incident Response (by Holt Sorenson):

Definitely worth the read. Both articles have an extensive list of tools and links.

This is a test...


This is a test. This blog is conducting a test of the Emergency Blogcast System. This is only a test.
(annoying noise)
This is a test of the Emergency Blogcast System. The bloggers of your area, in voluntary cooperation with just about no authorities, have developed this system to keep you informed in the event of blogger's block. If this had been an actual post, the Annoying Noise you just heard would have been followed by interesting information, witty posts or snarky behavior. This blog serves the Tidewater area. This concludes this test of the Emergency Blogcast System.
(I was out of town for awhile and missed the official test)

Monday, November 10, 2003

MT Upgrade

Thanks to Mr. 804 for dragging himself through a multi-version upgrade to MT. The new features are just awesome. The two I find most useful in the new version are:
  • "external" pings feature in the main config
  • the ability to figure out the trackback URL for posts which include pointers to other trackback-capable blogs
.

Sunday, November 9, 2003

Push back

I'm joining the posse a bit late in the game but



"I sick and tired of it and won't take any more!!"

What am I ranting about? Comment spam.

Jeremy, Chris, Adam, and duemer have all vented on this topic and have had varying levels of success in fighting back.

Kalsey Consulting has also posted a howto entitled "Cutting Comment Spammers Off at the Knees" and a "Manifesto".

And before you think this is a small group of people, try looking at:

In response to the comment spam here, I'm brushing up on my tracking skills and have added the fine print at the bottom of the main page. (Hey, spam is illegal here in Virgina! Be glad I'm only asking for $100.00!!)

[With apologies to those on the receiving end of the trackbacks; this has a lot of links in it.]

Saturday, November 8, 2003

New wiki entry

New wiki entry: "Procmail - Filtering and forwading at the same time".

One question?

I know I tend to sit in the back row and ignore what's going on down front most of the time but I have a few questions/comments about "Microsoft's bounty":
  • Given that the author already knows how to break into computers, what's to stop him/her from chosing another programmer and planting the "evidence" on that person's computer before calling the cops?
  • Where is all this bounty money coming from? (If you can't guess the obvious answer, e-mail "joat@757.org" with a subject line of "obvious answer" (without the quotes)(an infobot will answer).

Friday, November 7, 2003

Common courtesy?

This entire post is a peevish vent so you may want to skip it.

Okay, I'm back. My last job made me a cynic (network security officer for 30,000+ users). This new job isn't improving my impression of the general public any. This job requires that I travel every other month or so, so I get to view the public "up close and personal". Here's what's set me off this time:

In the U.S., airlines load planes from the back to front. One of the attendants will call out over the announcing system "Now boarding rows 15 through 22". This causes 30 or so of us to queue up and slowly drag ourselves and a carry-on piece of luggage onto the plane.

I've done this four times in as many days and, without fail, there's at least one moron from row 6 or so that makes the super-human effort to get onboard before the rest of us (he cuts in line). Short version: the entire compliment of passengers are delayed while those that should already be on the plane before him waits while he tries to jam an oversized bag (that should have been checked) into the overhead storage. On one of the four flights, this held up boarding long enough that the plane was bumped from it's position in the take-off queue (an additional 10-minute delay).

Would someone explain to me why these people think that they'll get where they're going quicker if they cut in line? Seriously, I think these people should be bumped to the "on standby" category and forced off of the plane.

Thursday, November 6, 2003

More Hitchhikers on the radio

File this one under the "Mebbe I Should Start a 'Cult' Category" category. (That's where the BBC filed it.)

The BBC is going to adapt the remaining Hitchhiker's books to audio.

Yeah, I know: This makes me an old geek. Doesn't anyone else remember staying up late to listen to the Radio Mystery Theater? Extra credit if you did it via a tube or crystal set!

Wednesday, November 5, 2003

I will donate the following service to Bill Gates (if he wants it)

I hereby volunteer my instance of Vixie Cron for Bill Gates's use so that this never happens again.

Bill: Give me a list of the domains and their expirations and I set up cron jobs so that you can be notified a month or so ahead of time.

Update:Jeremy has a short bit about Vixie cron.

Tuesday, November 4, 2003

Security Testing Guide

While we're talking about standards, NIST has published the Guide to Network Security Testing. Thanks to Bowulf for the pointer.

Monday, November 3, 2003

Alien II?

Even though this one is from Slashdot, it makes for interesting "entertainment" (loosely defined).

Every community has their own nut cases. The Internet isn't any different.

Remember awhile back where everyone got spammed by that guy looking for the dimensional warp generator so's he could get back to his own time. He was quickly "outed" by a group of people who are now on the receiving end of what amounts to an e-mail bombing (mail with forged return addresses in intentionally bounced off of legitimate servers in an attempt to fill the victims' mailboxes and block legitimate mail to them.

I had a Great Uncle who responded to situations in a similar manner. It kept a family feud going for decades.

Sunday, November 2, 2003

More Wiki entries

More stuff in the wiki:

- Connecting a Linux box to Sprint PCS via a Samsung N400
- Using fetchmail with Procmail and a virus scanner
- isvirus code listing

Saturday, November 1, 2003

NSA picks a commercial encryption product

From what I can get from the announcement, the NSA has picked a commercial encryption of its internal use.

Please note: they have SDK's for Windows, Linux, Unix and more.

Local Area Security Linux

While we're on the subject of useful CD-based Linux distributions, here's Local Area Security. It claims to be a mix of Trustix and Knoppix.

If anyone uses this, would you post a few comments here?

Nop +4-7

Happy Halloween, y'all.

I may be out of touch for a few days as I'm headed for New Orleans first thing Monday morning. I may have connectivity, I may not. The map for my cell phone service is kinda vague as to what service is available, just like it was when I was visiting my parents (had to drive halfway down a mountain but found service)(pretty good connection in that 100 or so feet).

Anyways, I'll keep posting. It's just that you might not see the posts until I get back.