Tuesday, November 30, 2004
Google Hacking Book
Monday, November 29, 2004
Ads in Feeds
I feel that one of the reasons that RSS became so popular was that it allowed readers to avoid all the extra fluff on a website and get right to the content, thereby increasing the amount of content you can read in a day. Inserting advertisements into those feeds dilutes the value of the content. If, like in some low traffic feeds, the advertisements out-number the actual posts, it can become a justifiable reason to unsubscribe from the feed. I think that many content providers are going to have to learn the hard way that social media (as bloggers are sometimes called)(as opposed to mainstream media) allows for very fickle readers. Contrary to what most content providers think about themselves, very few feed sources are "valuable" enough to be able to keep their subscription levels while annoying their readers at the same time.
In any case, how long before someone writes an aggregator that filters advertisements? Do we really have to join that arms race?
Anti-spam Honeypots
Sunday, November 28, 2004
Spam list for 27 Nov 2004
1 | 142.165.112.131 | msjwsk02d010101131.sk.sympatico.ca | ||
5 | 193.255.207.253 | seyhan.cu.edu.tr | ||
2 | 194.117.217.227 | |||
7 | 200.12.238.31 | |||
4 | 201.12.13.170 | |||
1 | 202.141.239.4 | |||
1 | 202.163.115.203 | |||
4 | 202.163.115.205 | |||
1 | 202.68.147.182 | |||
3 | 203.113.29.2 | |||
7 | 203.115.21.155 | |||
1 | 203.151.40.252 | 203-151-40-252.inter.net.th | ||
1 | 203.190.254.9 | |||
1 | 203.197.234.177 | delhi-203.197.234-177.vsnl.net.in | ||
1 | 210.18.184.246 | |||
3 | 211.185.38.61 | |||
4 | 212.117.152.70 | mailrelay.flying.co.il | ||
1 | 212.36.213.15 | |||
12 | 213.172.36.62 | |||
22 | 213.56.68.29 | |||
1 | 216.239.39.5 | proxy.google.com | ||
1 | 217.14.219.34 | |||
1 | 219.95.89.125 | |||
1 | 24.24.72.83 | bgm-24-24-72-83.stny.rr.com | ||
1 | 61.1.185.85 | |||
68 | 64.125.108.114 | 64.125.108.114.available.above.net | ||
1 | 64.238.121.155 | |||
1 | 65.35.35.197 | 197-35.35-65.tampabay.rr.com | ||
26 | 65.54.188.138 | |||
44 | 65.54.188.139 | |||
1 | 66.231.168.82 | |||
2 | 66.249.64.156 | crawl-66-249-64-156.googlebot.com | ||
1 | 66.249.64.195 | crawl-66-249-64-195.googlebot.com | ||
1 | 66.249.64.30 | crawl-66-249-64-30.googlebot.com | ||
1 | 66.249.64.33 | crawl-66-249-64-33.googlebot.com | ||
1 | 67.107.73.195 | |||
1 | 68.83.190.72 | pcp09996361pcs.narlington.nj.comcast.net | ||
9 | 80.65.102.162 | ip102-162.introweb.nl | ||
2 | 80.65.121.214 | ip121-214.dsl.introweb.nl | ||
1 | 81.15.196.129 | |||
1 | 83.108.243.136 | ti400720a080-13192.bb.online.no |
SQL Injection Attacks
Knoppix Hacks
Anyways, the book looks like it's worth the $$.
Saturday, November 27, 2004
From Scrabble to Verbal Aggression
I think it's one of the reasons why the classes in Chesapeake are so enjoyable. Everyone has the Internet "right there" and usually anyone can hijack the class for a few minutes with a semi-related bit of information. The instructor has to have one of those personalities and be able to herd cats (there IS a learning plan to follow). Some students find it frustrating, others find it just outright odd, but a working knowledge of Google or Yahoo syntax does help with some of the verbal references thrown out during conversations (quick quiz: Who said, "Help me Mr. Wizard! I don't want to be a ..." ).
Friday, November 26, 2004
CWShredder
Spammers list
Do what you want with the list.
47 | 148.244.150.57 | host-148-244-150-57.block.alestra.net.mx | ||
2 | 152.163.100.199 | cache-rtc-ad05.proxy.aol.com | ||
1 | 193.129.22.146 | |||
8 | 193.79.18.243 | |||
3 | 194.63.235.155 | cache1.thess.sch.gr | ||
2 | 194.63.235.156 | cache2.thess.sch.gr | ||
1 | 194.63.235.157 | cache3.thess.sch.gr | ||
4 | 195.175.37.11 | |||
8 | 195.175.37.24 | |||
2 | 195.175.37.26 | |||
1 | 195.175.37.7 | |||
26 | 195.245.247.155 | |||
1 | 195.61.146.130 | eapp.tamisa.ro | ||
5 | 200.118.118.4 | Static-IP-cr2001181184.cable.net.co | ||
1 | 200.12.238.31 | |||
2 | 200.168.62.134 | 200-168-62-134.cebinet.com.br | ||
13 | 200.31.79.214 | |||
2 | 200.60.207.58 | client-200.60.207.58.speedy.net.pe | ||
16 | 203.113.29.1 | |||
3 | 203.113.29.2 | |||
6 | 203.150.234.46 | 203-150-234-46.inter.net.th | ||
6 | 203.151.40.252 | 203-151-40-252.inter.net.th | ||
2 | 203.172.154.114 | |||
19 | 203.197.234.177 | delhi-203.197.234-177.vsnl.net.in | ||
1 | 209.33.210.2 | 209-33-210-2.sg-wireless.infowest.net | ||
1 | 210.143.29.247 | c12-247.actv.ne.jp | ||
12 | 212.117.152.70 | mailrelay.flying.co.il | ||
1 | 212.138.47.12 | cache2-2.ruh.isu.net.sa | ||
2 | 212.138.47.16 | cache6-1.ruh.isu.net.sa | ||
1 | 212.138.47.21 | cache13-4.ruh.isu.net.sa | ||
1 | 213.132.32.130 | eth1.cache2.dubaiinternetcity.net | ||
43 | 213.172.36.62 | |||
8 | 213.56.68.29 | |||
3 | 217.14.219.34 | |||
1 | 218.5.191.126 | |||
15 | 220.90.132.183 | |||
1 | 221.132.39.253 | localhost | ||
2 | 61.19.243.11 | |||
1 | 61.95.226.18 | |||
4 | 63.100.211.203 | 63-100-211-203.reverse.newskies.net | ||
1 | 63.72.136.96 | |||
4 | 64.124.92.199 | stdev1.sj3.escalate.com | ||
86 | 64.125.108.114 | 64.125.108.114.available.above.net | ||
5 | 64.132.198.149 | 64-132-198-149.essind.com | ||
1 | 65.4.208.158 | adsl-4-208-158.mem.bellsouth.net | ||
1 | 65.50.67.11 | CPE002078d287e4-CM014250010853.cpe.net.cable.rogers.com | ||
17 | 65.54.188.138 | |||
1 | 66.249.64.160 | crawl-66-249-64-160.googlebot.com | ||
1 | 66.249.64.167 | crawl-66-249-64-167.googlebot.com | ||
1 | 66.249.64.189 | crawl-66-249-64-189.googlebot.com | ||
1 | 66.249.64.195 | crawl-66-249-64-195.googlebot.com | ||
1 | 66.249.64.198 | crawl-66-249-64-198.googlebot.com | ||
2 | 66.249.64.201 | crawl-66-249-64-201.googlebot.com | ||
4 | 66.249.64.202 | crawl-66-249-64-202.googlebot.com | ||
2 | 66.249.64.205 | crawl-66-249-64-205.googlebot.com | ||
1 | 66.249.64.30 | crawl-66-249-64-30.googlebot.com | ||
1 | 66.249.64.37 | crawl-66-249-64-37.googlebot.com | ||
2 | 66.249.64.38 | crawl-66-249-64-38.googlebot.com | ||
1 | 66.249.64.55 | crawl-66-249-64-55.googlebot.com | ||
2 | 66.249.64.58 | crawl-66-249-64-58.googlebot.com | ||
1 | 66.249.64.68 | crawl-66-249-64-68.googlebot.com | ||
2 | 66.249.64.70 | crawl-66-249-64-70.googlebot.com | ||
1 | 68.167.94.202 | h-68-167-94-202.chcgilgm.covad.net | ||
1 | 68.235.196.123 | 68-235-196-123.crlsca.adelphia.net | ||
1 | 68.252.22.121 | adsl-68-252-22-121.dsl.dytnoh.ameritech.net | ||
1 | 69.152.200.106 | adsl-69-152-200-106.dsl.fyvlar.swbell.net | ||
39 | 80.65.102.162 | ip102-162.introweb.nl | ||
2 | 80.65.121.214 | ip121-214.dsl.introweb.nl | ||
6 | 81.110.124.10 | cpc2-with1-4-0-cust10.bagu.cable.ntl.com | ||
1 | 81.153.86.133 | host81-153-86-133.range81-153.btcentralplus.com | ||
7 | 81.208.62.130 | |||
1 | 82.176.17.196 | |||
2 | 83.168.19.77 | adsl-19-77.cytanet.com.cy |
Fighting a moving target
I don't have that previous paragraph worded the way I'd like it to be but you get the idea.
Thoughts for articles/papers (feel free to borrow):
- networks that adapt to a new threat faster have a better survival rate
- the need for adaptive technologies to fight security threats (even if it's the ability to script "in the middle")
- the need for trained personnel to use those adaptive technologies
- what technologies still need adaptive capabilities
Self-inflicted wounds
Oops
Thursday, November 25, 2004
Port reporter
Wednesday, November 24, 2004
Spammer update
Detecting kernel mods with gdb
Tuesday, November 23, 2004
Knoppix book
Monday, November 22, 2004
Bluetooth and GPRS
Bluetooth setup?
Intro to kernel backdoors
Sunday, November 21, 2004
PDA Forensics Guidelines
Comments back on
...and the arms race continues...
The Internet Overlords
Subject: [Full-Disclosure] Why is IRC still around?
Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through IRC?
5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs?
The list goes on and on...
Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC?
What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place?
The following posts quickly degraded into a flame war and name-calling contest. I find the discussion offensive mostly for the implied logic behind it. (It's included in the name calling contest.) One reader summed my opinion up in a short well-worded sentence: Who is 'we' and what makes you think anyone cares what you 'sunset'?
This is the same mentality as that behind my MSCE rant (and before this gets to far, it was a specific MSCE that I was ranting about, not all of them). There's a certain logic used by some of the n00b MSCE's whose only network training amounts to what they learned out of the MSCE book. Contrary to what MS would like you to believe, the Internet is still a very insecure, dangerous "place" with little or no control. The logic that any "we" can force the suspension of a protocol for any reason gives me a headache. The poster actually assumes that there is a man behind the curtain pulling the levers and ropes.
You can read the list via the Checksum archive.
It's interacting with that type of people that got me blacklisted by my grandmother's church in my early 20's. The short version of the story amounts to a short discussion between a picketer and myself, in front of the only convenience store open at 6:30 a.m. in a three county area. Him: "Don't go in there! They sell Playboys!" Me: "They sell coffee in there."
(Yeah, I grew up in a very small town.)
Malicious Code Analysis
The bad news is that the IDA Pro people have taken down their free download due to excessive traffic.
Saturday, November 20, 2004
Friday, November 19, 2004
NT to be discontinued
Let the politics begin!
Thursday, November 18, 2004
Ports database
Wednesday, November 17, 2004
Grey Milter
DDoS page
Tuesday, November 16, 2004
Translating RSS Feeds
RSS feeds for Wiki
Enjoy!
Monday, November 15, 2004
Recovery
Sunday, November 14, 2004
Fsck'in moron!
name: video chat
url: http://www.video[-]chat[-]room.c0m
date: 11/13/2004 07:06:27
title: video chat
comment: Why my previous comments was deleted, how about freedom of speach?
excerpt:
blog_name:
ip: 62.183.50.164
My son learned the answer to that question at the dinner table, when he was 12. The answer? "I'm not the Federal government. So sit down and shut up."
Mebbe we should give lessons in U.S. law to overseas spammers so they don't sound so f*cking stupid when they ask questions? If there's any question, I did munge the url a bit to prevent him from getting any points with the search engines.
In answer to the first part of the spammer's question, it was deleted because it had absolutely nothing to do with the post it was attached to. Chingate cabron!
It's too quiet
Maybe I'm just used to living in areas where being boneheaded in public is considered a form of entertainment (HI, NYS, SOVA)?
Application Layer DoS Attacks
Building Policy
Saturday, November 13, 2004
Spamming
Yet more legal issues coming this way
While it may be true that the law blocks the growth of that industry, I'm not so sure that passing the law damaged the economy. Rather, the law made online gambling within the U.S. illegal, forcing the sites to move out of the country, thereby creating the economy that is supposedly now endangered.
It should prove interesting what comes out of this and the upcoming attempt by the U.N. to "govern" the Internet, not only for the U.S. but for any country who'll have to give up sovereignty to participate. (Example: some of the things that I talk about here are illegal in Europe but inane here in the U.S.)
Is that thunder?
Bloglines
Friday, November 12, 2004
Playing with speech
The Phishing Guide
Thursday, November 11, 2004
Wednesday, November 10, 2004
Harlan takes a pounding and keeps ticking
Of course the usual obfuscators showed up within the first few comment posts. And the usual conspriracy freaks. According to one of them, you can recover files via a one-to-one bit copy even after the original had been overwritten ten times.
In an odd twist of timing, tonight's class worked with Helix to gather data from a running system. For those that don't know what it is, Helix is a Linux-based "live CD" that also is devoted to obtaining forensics data from live systems and making bit copies of storage devices. In addition to being a "live cd", you can also drop the CD into the drive on a running Windows system. "Autorun" will bring up an interface with a set of statically-compiled tools which allow you to perform various forensics functions (see the site for more info).
Stored Malicious Code
Christmas is coming
Tuesday, November 9, 2004
Perl in Forensics
Monday, November 8, 2004
Spammers
Cryptovirology and Extortion
Note: to read or download the paper yourself, click on one of the links in the upper right-hand corner.
Cryptovirology
2-year Train Wreck
Most of the Internet's problem protocols are on that list. 'Bout the only thing missing SMTP. I wonder why that's not on the list.
In any case, this should set the purists' (on both sides of the fence) teeth to grinding. Think of it, having to include a MS license with every *nix (Linux, Sun and *BSD) and MacOS distro.
I'm reminded of something my grandmother used to say: I can't see the good in it, in either direction.
Sunday, November 7, 2004
Kapersky Labs
Help Wanted II
Saturday, November 6, 2004
Procmail howto
- Part One
- Part Two
- Part Three
- Part Four.
Part Three talks about Procmail and Part Four talks about "Distributed Spam Detection".
Electronic Crime Needs Assessment
Friday, November 5, 2004
Forensic Tool Comparison
- Partial Results from Prototype Testing Efforts for Disk Imaging Tools: SafeBack 2.0
- Test Results for Disk Imaging Tools: dd GNU fileutils 4.0.36, Provided with Red Hat Linux 7.1
- Test Results for Disk Imaging Tools: dd Provided with FreeBSD 4.4
- Test Results for Disk Imaging Tools: EnCase 3.20
- Test Results for Disk Imaging Tools: SafeBack 2.18
Thursday, November 4, 2004
Music.HRConnect
If you're a musician/band from Southeast Virginia, be sure to list your band on Music.HRConnect. If you're not in a band and are just looking for a place to go, check out the venues/schedules on the site. You can even listen to some of the bands' MP3's.
Electronic Crime Scene Investigation
Wednesday, November 3, 2004
P2P Summit presentations
According to the post, the presentations will be available for a limited time.
Digital Evidence Collection
Tuesday, November 2, 2004
Bleeding Snort Howto
Monday, November 1, 2004
Podcasting
Bluedriving?
Also, does anyone make directional antennas for Bluetooth? Or is it even worth the trouble of performing periodic scans because even cell phones have an interface nowadays?
Thanks to Furrygoat for pointing out the site.