Friday, April 30, 2004
ISC Handlers' Diary
Stumbler Detection
You're infected
- NetSky forges "From:" lines by grabbing addresses off of the infected machine
- I can't be infected with NetSky as I don't run MS on my home machines
I'm gonna go injure my forehead.
Thursday, April 29, 2004
DNS Cache Snooping
Blame or don't blame the victim
I'm venting...
Wednesday, April 28, 2004
DNS wildcards
My view on it is they're useful, at my level. When certain orgs start wildcarding top-level domains, I'm there passing out the pitchforks, torches, and maps of the castle.
Tuesday, April 27, 2004
Open relay testing
Sunday, April 25, 2004
More TCP RST problem info
New Postfix
Saturday, April 24, 2004
Pat Tillman
Your mom's lesson of "If you can't say anything nice, don't speak" applies here.
If you see his family on the street, pay your respects. (Express sympathy, don't stare.) If his coffin passes in front of you in the coming days, show respect. (Remove hat, put hand on heart.) Other than offering assistance or kind words to his wife or parents, you're not allowed to say anything.
This young man was one of few who volunteered. Some do this with the blessing of their families, some do it against the wishes of their families. Regardless of that, it is a choice that they make with knowledge of the possible results. No one, not even family, is allowed to take away from that choice.
Pat had the fortune of being famous early in his life. Thus his death has drawn a lot more attention than others in the past three years. All deserve the same respect. Forget the fanfare and hype of Memorial Days of the past decade. Instead, when you're standing on the curb during the next Memorial Day Parade, think about what Pat and others gave up to do something they believed was needed, knowing what might happen. Put your hand over your heart or nod your head. Wish them well, wherever they may be.
If you have strong feelings for/against the war, find another venue to vent in. Pat's death (and the other's) is not a soapbox for you to stand on. You don't get to use it as "proof" for anything. This isn't the Viet Nam war where hundreds of thousands were drafted. Every single member of the military is a volunteer.
Ignore them if you want, most prefer it that way. They don't do it for the money (it doesn't pay well). They don't do it for respect (however pride has a lot to do with it). They, like others that died in responding to 9/11, do it because it needs to be done and no one else is willing to do it. If you can't understand why people do this sort of thing, accept it as something that you don't understand. Don't attach your own motives or politics to their actions (or deaths). Kathleen Parker has been able to explain it somewhat.
(Jerry Bowman, you're a no-class asshole. Show some sympathy for his family. Suppress your politics at least until after they bury the dude.)
Thursday, April 22, 2004
TCP RST's
The hot topic of the week is the TCP RST vulnerability. Dana Epp has a post about it.
Personally, I don't think that it's that big of an issue because you need the following:
- Src & Dst IP (one of which is more or less dynamic)
- Src & Dst Port (one of which is ephemeral)
- the range of sequence #'s (which are in a sliding window).
For this type of attack to be successful, you either:
- be inline so that you can sniff the one IP, the ephemeral port, and the sequence number window, or
- need a massively distributed zombie army to brute force the same information.
Certain protocols which use consistent source and/or destination IP's and/or ports are statistically more at risk but I still don't think it's that much of a vulnerability. Local wireless attacks are more like as being "inline" only requires proximity to the AP.
Then again, I could be wrong.
Here it comes...
Default message
Set the default status on your page via:
Tuesday, April 20, 2004
Monday, April 19, 2004
Forensic Analysis of a Live Linux System
Sunday, April 18, 2004
WDS Howto
Saturday, April 17, 2004
Hackers and hotspots
Wireless theme tonight
Wireless IDS
What do you call this?
Warspying
More problems with wireless?
High speed wireless USB
With that kind of bandwidth, you're going to have fewer and fewer cables to worry about. I can see no video cable to the monitor, a wireless hard drive, CDROM/DVD drive, wireless speakers, wireless interface to your plasma flat screen monitor, etc.
Heck, why stop there? Why not enable your fridge, your automobile, a television remote which is also tied into your computer, your doorbell, etc. Given the two way technology, it's only a hop to RFID-like capabilities where you can keep track of your pets, your kids, what's in your pantry, how much TP you have left, etc. All it'll take is a small transceiver in each room, either wired or wireless using 802.11g or similar.
WiFi with your cellular?
According to this, the U.S. cell phone companies are going to take advantage of their man-made advantages and get into the act, offering 802.11 wireless from the same towers that they offer telephone and PCS data from.
What's next? They aren't talking but if the above happens, how far is it to IP addresses for devices in your car? We're going to need IPv6 sooner than we thought.
Spyware everywhere
After cleaning my wife's machine, I think that number is quite low. Then again, she'd been running the machine nightly for almost two years.
Thursday, April 15, 2004
Online book
An anniversary
May you always live on multiple catalog mailing lists and have to tow your can uphill to the street. In the rain! Hopefully your garbage man will know that it was you who started this mess!
Tuesday, April 13, 2004
Online book
Monday, April 12, 2004
Sunday, April 11, 2004
RSS and Mobile Devices
Saturday, April 10, 2004
Friday, April 9, 2004
ARP Spoofing Guide
Thursday, April 8, 2004
The Art of Rootkits
Gibson map
Wednesday, April 7, 2004
Yet another proposal?
"(1) A person who wishes to greatly reduce spam must install software on each computer with an e-mail client application (such as Microsoft Outlook)."
Doesn't take into account the scope of what he's proposing. Everyone who has an e-mail client must also install some other software? What hooks does it require? Personnaly, Outlook doesn't run on my home computers or any of my servers. For those really paranoid moments, I use a text client with no hooks to external programs. Am I going to be required (the "or else" kind) to change my preferred e-mail client if it doesn't have the hooks to run with this extra software. The assumption is that my grandmother can install software.
"(2) A person who wishes to greatly reduce spam, when sharing his or her e-mail address, must also go through the trouble of sharing a code number."
A personal ID number? Your papers please? (Sorry, I sat in a proposal for mandatory PKI certificates for all Internet users last night.) (To protect the children, of course!) This assumes that my grandmother can remember another number, let alone being able to figure out how to use e-mail.
"(3) Mailing list services must make a slight modification to their databases and mailing scripts to store and use codes in addition to e-mail addresses. "
Are you going to pay for this? The improper assumption is that all mailing lists respect their subscribers' privacy and don't sell the codes along with the addresses. It also assumes that my grandmother can code the changes into her mailman server without damaging her pr0n list. (heh)
Adding technology isn't going to work. That way leads to an arms race as spammers develop ways around the obstacles placed in front of them. We'll solve the spam problem via technology about the same time that the virus problem is solved via similar methods.
Adding more laws isn't going to work. Do that will only add greater contempt for the law. They're criminals already, another law won't make them feel bad about themselves.
The only solution is enforcement. Unfortunately, very few law enforcement agencies have the personnel/time/money/talent/inclination to track down and prosecute spammers. Most of those that do are acting in response to corporate complaints, not complaints from the individual citizen.
I've learned (via recent jobs) that small business takes a beating from small scale fraud and theft. There's a well-populated gap between what local law enforcement is able to investigate and what state/federal law enforcement is willing to investigate. Who fills that gap? Private investigators, if the businessman/woman is willing to pay for an investigation that may or may not yield results.
Unfortunately, enforcement of exisiting laws is also a probable non-option. It costs to train the local law enforcement officer(s). You also have to find officers willing to take the training. Low-end cybercrime, while possibly glamourous for prosecutors, holds little career advancement for the local city cop or sheriff (usually it's not within their jurisdiction either).
Tuesday, April 6, 2004
PHP coding practices
Saturday, April 3, 2004
Sluethkit update
Spam Noise
Given the amount of spam that's getting past my filters, DSpam may be the next tool/tech to take a look at (it contains Bayesian noise filters).
Hackers in general?
In any case, here's a third-hand view of the world (a journalist interviews a guy who has talked to actual hackers!). Take it with a grain of salt.
Friday, April 2, 2004
ComputerWorld Link Page
Here's a clue
Pigeon Bandwidth
Thursday, April 1, 2004
Here we go again....
If you ask a DNS admin, every domain on the Internet is a sub-domain of the implicit ".". In other words, for "www.cisco.com", "www" is the hostname, "cisco" is a subdomain of "com", and "com" is a sub-domain of ".". If you write zone files, you know that the "." is explicit on the backend or you end up with some strange looking results. In any case, we have another bone-headed patent making the rounds.
Anyone know if this news item is legit or an April Fools joke? (I'm overly suspicious of everything on the Internet at this time of year.)