Monday, May 31, 2004
What worms do
Sunday, May 30, 2004
Patting myself on the back
Comment spam zombies
- 22.214.171.124 - Unknown, connection failed but online
- 126.96.36.199 - Unknown, connection failed but online
- 188.8.131.52 - IIS 4.0, WinNT 4.0 (default web page), DSL customer
- 184.108.40.206 - Unknown, connection failed, no ping
- 220.127.116.11 - IIS 4.0
- 18.104.22.168 - Unknown, connection refused
- 22.214.171.124 - IIS 5.0, Win2K (NH Solutions)
- 126.96.36.199 - Unknown, connection failed, no ping
- 188.8.131.52 - Unknown, connection failed, but online
- 184.108.40.206 - IIS 5.0, no default page
- 220.127.116.11 - Unknown, connection refused
- 18.104.22.168 - IIS 5.0, default web page
- 22.214.171.124 - IIS 5.0, default web page
- 126.96.36.199 - Unknown, connection refused
- 188.8.131.52 - IIS 5.0, no default page
- 184.108.40.206 - Unknown, connection failed, no ping
- 220.127.116.11 - IIS 5.0, Middle School web server
- 18.104.22.168 - Unknown, connection failed but online
- 22.214.171.124 - IIS 3.0, defautl NT page in Spanish
- 126.96.36.199 - Unknown, connection failed but online
- 188.8.131.52 - Unknown, connection failed but online
- 184.108.40.206 - Unknown, connection failed but online
- 220.127.116.11 - IIS 5.0, default page
- 18.104.22.168 - Unknown, connection refused
- 22.214.171.124 - IIS 4.0, no default page
For each of the IP's I attempted to connect to port 80 via various means (browser, telnet, wget -S) and pinged the IP if port 80 failed to get the above. Anyone see a really nasty trend in the data?
So, either there's an army of blog spamming zombies or someone has figured out blind commenting with spoofed addresses. In any case, this is getting old.
Saturday, May 29, 2004
PGP Joe Job
Thursday, May 27, 2004
Wednesday, May 26, 2004
Intro to shellcoding
Monday, May 24, 2004
Intro to CIRT Management
Sunday, May 23, 2004
Saturday, May 22, 2004
"&#"seems to do the trick.
Thursday, May 20, 2004
Wednesday, May 19, 2004
Tuesday, May 18, 2004
Spam and Security
The short version is that the article talks about the dangers that are contained within spam and the methods that can be used to fight spam. Mention of changing the SMTP protocol is made. Personally, major changes to the protocol will likely not work. There is too much inertia in "how things are done". Any change has to be seamless, invisible, and compatible with systems that don't use whatever the new scheme is.
Why use WEP?
Monday, May 17, 2004
Saturday, May 15, 2004
New MT blogging license
J (if you're reading this), I'm seriously considering switching also. Given the number of "authors" that use this site (whether or not their blogs have been dead for months), the site may be in violation of the new license. I don't think it's worth putting the effort into supporting a version of any code that the authors/owners have abandoned. (I'm pissed because I put a LOT of work into the code behind this monstrosity!)
For any Six Apart people reading this: my response is not entirely your fault. It's a reaction to yet another "volunteer" project that has gone commercial and has left certain categories of users behind by changing their licensing scheme for profit purposes. IMHO, you now reside with CDDB and NFR.
Guess it's time to read up on the export function?
Scans for open relays
Thursday, May 13, 2004
Bloglines Mozilla Toolkit
Note: runs on Windows and Linux (supposedly)
Wednesday, May 12, 2004
Tuesday, May 11, 2004
"Hi" to all you NoVa types!
TCP RST Attacks
I want one!
This tools uses a time-memory trade-off instead of brute force attacks on passwords. In other words, it can pre-compute the the resulting hash because the same user and password on different machines (using LM authentication) produces the same hash. This is the reason that, if possible, you should use more modern authentication or alternative methods for Windows authenticaion.
Towards good passwords
Sunday, May 9, 2004
Privacy is a perception
In the coming weeks/months, you'll hear a lot of griping about how there's no privacy in Gmail, how various proposed laws will take away from your freedom, and possibly some other issues will arise out of the increasing rhetoric that culminates in November.
Whether or not any of it is true is beside the point. Pundits treat "privacy" as an all or nothing thing. It doesn't work that way. If you're over a certain age, hundreds if not thousands of people are intimate with various details of your life Examples include: doctors, lawyers, law enforcement, your spouse/SI, your pet's vet, your bank, numerous insurance companies, your neighbors, public utiiities, your employer. Need I go on?
Privacy in public places is even more of a perceived issue. It is dependant on the degree of conformity you are willing to submit to. A very bad example is from the movie "The Matrix". How many of you remember the blonde in the red dress? Okay, now describe the last person to pass between her and the camera. (Hint: they were wearing dark business clothes and sensible shoes.)
You can drive to work every day, at or near the speed limit, no one will take notice of you. Do twenty five miles an hour over or under the speed limit and everyone else near you will take notice, especially if their job involves traffic control.
Your e-mail can get inspected (and normally is) numerous times, for malicious code, content, legitimacy. It leaves a trail on whatever mail server/handler it passes through. Some of those systems may keep copies of the entire message. Now people are up in arms about a service whose computers attach targeted advertisements to messages and makes your mail folder searchable (note: they've always been searchable in some form or other).
This country has numerous laws which protect your privacy. However, just like tax laws, there are hundreds of exceptions to those laws, most of which do not require notifying you of their use. For the majority of our online life, it translates into the phrase "expectation of privacy".
That "expectation of privacy" depends on our "perception of privacy". Most of us don't know that our ISP's keep records of what we do online and/or periodically scan for TOS compliance. Many of us don't care. A good portion of those that do know and do care consider that "invasion" as a protection.
A good portion relates to how unique you believe yourself to be and how worried you are that the rest of the world may take an interest in the minute details of your "private" life. How paranoid are you? And yes, just because you're paranoid doesn't mean that "they" aren't out to get you.
Brad Templeton (of the EFF) and John Battelle have quite a few good points, for and against, GMail. Personally, I think the proposed California legislation to ban GMail is idiotic for the same reason that I think most of the other arguments are silly: no one is going to force you to use the service.
Another point is that many of the other web-mail services already do, in some form or another, what Google is proposing to do (see Mr. Templeton's article).
I haven't tied the above together all that well but I think it's the start of a good argument. What do you think?
(Note to you TCC alumni: this fall's class involves Cyberlaw and you'll need to be able to argue either side or both sides of the argument.)
Saturday, May 8, 2004
Personally I'm skeptical that it will work, I'm skeptical that it'll be effective, and I think it'll force spammers to be more technically competent.
This third thought is the worrier. Personally, I liked the days before we had Baynsian filtering. It was really easy to filter spam. Nowadays, I run, at a minimum, two scoring schemes and a good number of messages still end up in my inbox.
An interesting read.