Thursday, March 31, 2005
Hash function attacks
Bruce Schneier points out a paper on finding MD5 collisions and starts a long conversation (in the comments).
Wednesday, March 30, 2005
D'oh!
Here's a surprise... Those two at the RSA conference that had that
"amateur" study that MS was more secure were actually funded by MS. They now claim innocence but the original story used sentences like "A Linux Latest News about Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded..." and "The pair said that they lacked the funding to test other operating
systems..." which doesn't help their claim any. It all made the "test" sound like an honest (although amateur) contest.
"amateur" study that MS was more secure were actually funded by MS. They now claim innocence but the original story used sentences like "A Linux Latest News about Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded..." and "The pair said that they lacked the funding to test other operating
systems..." which doesn't help their claim any. It all made the "test" sound like an honest (although amateur) contest.
How much funding do you need to buy/borrow/rent a PowerBook and watch it for 30 days? Hell, you could have built a Plan 9 box out of junk and watched it for 30 days
(for free). Heck, QNX's trial period IS thirty days. How about
FreeBSD? Or OpenBSD? Or Windows 3.1? Or FreeDOS? Or RxDOS? Or Beos?
Does Sun still give away trial versions of Solaris?
How much money
was the grant? If it was more than the $20 that one of the
testers pocketed, I'd lean towards using the phrase "<a title="You'll
have to use a search engine for this one">sock puppet".
And to
avoid getting into that argument (and at the risk of irking both
"churches"), either of those OSs can be a floating turd if it's not
managed properly.
Huh?
It's obvious but a lot of people experimenting with honeypots forget to
do things like minimizing <a href="http://www.wormulon.net/2005/03/26/web-security-tip-1-remove-
wget/">what can be abused.
do things like minimizing <a href="http://www.wormulon.net/2005/03/26/web-security-tip-1-remove-
wget/">what can be abused.
Tuesday, March 29, 2005
FTimes
<a href="http://ftimes.sourceforge.net/FTimes/FTimes+in
+Action/IntrusionAnalysis.shtml">FTimes is a forensics tool for
working with alternate data streams (ADS). It's drawback is that it
depends on the local OS. In other words, if the kernel is compromised,
it may not see certain ADSs.
+Action/IntrusionAnalysis.shtml">FTimes is a forensics tool for
working with alternate data streams (ADS). It's drawback is that it
depends on the local OS. In other words, if the kernel is compromised,
it may not see certain ADSs.
Monday, March 28, 2005
More on Leo
I neglected to talk about how to listen to Leo on the radio. The flash
applet from the radio station that's supposed to play the stream didn't
work for me. Instead, I used Kaffeine to play it (I installed it from
the Penguin Liberation Front's RPMs)(search Google for "easy urpmi").
At the command line, type "kaffeine
http://ccdig.liquidviewer.com/kfi". It'll open the "mmsh" stream
and will even display the Liquid Audio graphics.
applet from the radio station that's supposed to play the stream didn't
work for me. Instead, I used Kaffeine to play it (I installed it from
the Penguin Liberation Front's RPMs)(search Google for "easy urpmi").
At the command line, type "kaffeine
http://ccdig.liquidviewer.com/kfi". It'll open the "mmsh" stream
and will even display the Liquid Audio graphics.
802.11 Layer 2 Analysis
Here's
Joshua Wright's GIAC GCIH paper which discusses Layer 2 analysis of the
footprints left by wireless tools in the Stumbler family (those that
actually communicate with a wireless LAN as it "detects" them).
Joshua Wright's GIAC GCIH paper which discusses Layer 2 analysis of the
footprints left by wireless tools in the Stumbler family (those that
actually communicate with a wireless LAN as it "detects" them).
Sunday, March 27, 2005
Saturday, March 26, 2005
ATA-186 + SIP
<a href="http://blog.tmcnet.com/blog/tom-keating/voip/voip-blog/cisco-
ata186-firmware-and-other-voip-stuff.asp">Here's a post about
getting SIP wedged onto an ATA-186.
ata186-firmware-and-other-voip-stuff.asp">Here's a post about
getting SIP wedged onto an ATA-186.
Friday, March 25, 2005
Asterisk + ATA-186
<a href="http://www.loligo.com/asterisk/cisco/ATA-186-
guide.v20030628.txt">Here's a guide for using a Cisco ATA-186 with
Asterisk. (You'll need to turn word-wrap on in your browser if you have
it. If not, view source.)
guide.v20030628.txt">Here's a guide for using a Cisco ATA-186 with
Asterisk. (You'll need to turn word-wrap on in your browser if you have
it. If not, view source.)
I'd seen some negative comments about using
ATA-186's with Asterisk but thought that the document might be
worthwhile regardless. Anyone care to comment on it?
Returning
Are they still on the endangered list? It's nice to see them numerous
enough that they consider nesting near where I grew up. From the local newspaper:
(Lynn Brennan) A bald eagle watches cars pass through the snow while resting on a tree limb at
the Almond Dam Wednesday morning. There appears to be a nesting pair at
the site, adding to others reported throughout the area, especially
along the Canisteo River.
enough that they consider nesting near where I grew up. From the local newspaper:
(Lynn Brennan) A bald eagle watches cars pass through the snow while resting on a tree limb at
the Almond Dam Wednesday morning. There appears to be a nesting pair at
the site, adding to others reported throughout the area, especially
along the Canisteo River.
Thursday, March 24, 2005
Wednesday, March 23, 2005
Where's Leo?
I liked the ScreenSavers prior to G4 and can't stand it now. Ever
wonder what happened to Leo? He's here doing a weekend talk
show about the same ol', same ol'. You can either listen to the stream
on the weekend or download it as a podcast. A cool twist is that the show notes are on a wiki (you can edit/add to the show notes!).
wonder what happened to Leo? He's here doing a weekend talk
show about the same ol', same ol'. You can either listen to the stream
on the weekend or download it as a podcast. A cool twist is that the show notes are on a wiki (you can edit/add to the show notes!).
Tuesday, March 22, 2005
Smarter worms
A little while ago, the wormblog
pointed
out <a href="http://tennis.ecs.umass.edu/~czou/research/routingWorm-
techreport.pdf">this interesting paper.
pointed
out <a href="http://tennis.ecs.umass.edu/~czou/research/routingWorm-
techreport.pdf">this interesting paper.
Monday, March 21, 2005
No op
My apologies. Postings will be a bit thin this week as I've spent most
of the weekend at the hospital. I normally write most of the posts for
the week on the previous weekend. This weekend, I was offline,
mostly.
of the weekend at the hospital. I normally write most of the posts for
the week on the previous weekend. This weekend, I was offline,
mostly.
When my son has a cold at this time of year it can combine
with the weather and his asthma. The result is he ends up on oxygen and
steroids. Nothing to worry about though unless, of course, you have
something to do with supporting my grocery bill while he's on steroids
or if you're one of his nurses (he's 20 but acts like a bored 2-year old
when he doesn't feel well).
Sunday, March 20, 2005
Saturday, March 19, 2005
Botnets
Here's an interesting
paper from the Honeynet Project entitled "Know Your Enemy:
Tracking Botnets". The subtitle reads "Using honeynets to learn
more about Bots".
paper from the Honeynet Project entitled "Know Your Enemy:
Tracking Botnets". The subtitle reads "Using honeynets to learn
more about Bots".
Friday, March 18, 2005
Blacklight
FYI: F-Secure's <a href="http://www.f-
secure.com/blacklight/try.shtml">Blacklight Beta still has about 6
weeks to it. <a href="http://www.f-
secure.com/blacklight/">Blacklight is a "running rootkit" detector.
(See the site for a better explanation.)
secure.com/blacklight/try.shtml">Blacklight Beta still has about 6
weeks to it. <a href="http://www.f-
secure.com/blacklight/">Blacklight is a "running rootkit" detector.
(See the site for a better explanation.)
Thursday, March 17, 2005
So now they're called "business models"?
I've disagreed with CircleID
authors before. You can chalk this one up as yet another
disagreement.
authors before. You can chalk this one up as yet another
disagreement.
I'm not sure if James Seng was being sarcastic or not
(I'm quite dense when exposed to subtleties) but just about everything
that he describes as a "business model" in this article, I
find offensive and wrong as the underlying methods employed are usually
illegal, unethical, or just plain offensive.
What methods are these?
Let's see...
- blog comments spamming
- wiki
spamming - domain hijacking
- domain
squatting - dishonest or unethical registrars
Have I
missed anything?
Wednesday, March 16, 2005
Earthquakes
I was surprised when I stumbled across this (via its RSS feed actually).
The U.S. Geological Service maintains a page of latest quakes and
even provides the data in an RSS
feed.
The U.S. Geological Service maintains a page of latest quakes and
even provides the data in an RSS
feed.
Tuesday, March 15, 2005
Class action suit
If you've ever bought something from CompUSA, you might be eligible for
rebates
that you never received.
rebates
that you never received.
Monday, March 14, 2005
Google/Yahoo VoIP
In leiu of this article,
it may be a good idea to brush up on your VoIP. (heh) Okay, I'll drop
it. For now.
it may be a good idea to brush up on your VoIP. (heh) Okay, I'll drop
it. For now.
Sunday, March 13, 2005
OpenSSH
OpenSSH v4.0 is out. Although I'm
a bit wary of new versions, it might be worth a try. Here's a list of
feature
changes.
a bit wary of new versions, it might be worth a try. Here's a list of
feature
changes.
Illustrated Guide to Hashes
<a href="http://unixwiz.net/techtips/iguide-crypto-
hashes.html">Here's Steve Friedl's An Illustrated Guide to
Cryptographic Hashes. He states that he wrote the article because
of the recent discovered weaknesses and to explain to the general public
what hashes are and what they're used for. Sort of a "the sky is not
falling, only a piece of it" article?
hashes.html">Here's Steve Friedl's An Illustrated Guide to
Cryptographic Hashes. He states that he wrote the article because
of the recent discovered weaknesses and to explain to the general public
what hashes are and what they're used for. Sort of a "the sky is not
falling, only a piece of it" article?
Saturday, March 12, 2005
He's baack!
My comment spammer is back. I was getting worried. Maybe he'd slipped
in the shower and hit his head. Maybe tripped and fell off the curb and
fell in front of a bus. Or was struck by lightning. Hey, I was
really worried.
in the shower and hit his head. Maybe tripped and fell off the curb and
fell in front of a bus. Or was struck by lightning. Hey, I was
really worried.
Once again, he can be traced back through Gandi. What
a wonderful service.
Huh?
This has got to be THE most stupid thing I've ever heard. So MS is going to offer patches to the gov't one month prior to anyone else? I have a few questions:
- Do they become classified information for that period of time?
- If so, do they think the practice will last any longer than the first due-dilligence lawsuit?
- Is this an early shot at April 1st?
Asterisk again
Being a n00b does have it's perks, at least when dealing with Asterisk:
everything is new! I finally had time to play with it again, got Kphone
to connect to the server and caused the server to connect to the Digium
site. (Documented here)
everything is new! I finally had time to play with it again, got Kphone
to connect to the server and caused the server to connect to the Digium
site. (Documented here)
Next
up, I have to figure out how to get inbound calls across the NAT box (if
anyone wants to send pointers, keep in mind that it's OpenWRT and not a
standard firmware load). Maybe loading Asterisk on it and just having
it forward all calls to the internal box?
I'm driving my wife
absolutely nuts playing with this thing!
Spam art
<a href="http://secureme.blogspot.com/2005/03/interesting-spam-old-
school-ascii-art.html">higB talks about a new twist to spam: the
addition of ASCII art as yet another mututation to try to slip past
scanners. I find it interesting as I was first exposed ASCII art in
college.
school-ascii-art.html">higB talks about a new twist to spam: the
addition of ASCII art as yet another mututation to try to slip past
scanners. I find it interesting as I was first exposed ASCII art in
college.
Actually, it was ASCII porn and it was before personal
computers had graphics displays (yeah, I'm old enough to have learned
assembly on a cutting-edge 8080A). The running joke was that if you
left your terminal open, someone would cause a set of jobs dump to the
line printer and get charged to your account. Needless to say, the
computing center went through a minor fortune in tractor paper.
LambdaMOO?
LambdaMOO is <a href="http://www.cuddletech.com/blog/pivot/entry.php?
id=106">still around? (I left just after the virtual rape article.)
Actually, it isn't the original PARC LambdaMOO. The source code and a
chunk of the original database was made available to anyone who wanted
it and I think that this is one of those instances. It's one of the
virtual reality success stories, text-based or whatever.
id=106">still around? (I left just after the virtual rape article.)
Actually, it isn't the original PARC LambdaMOO. The source code and a
chunk of the original database was made available to anyone who wanted
it and I think that this is one of those instances. It's one of the
virtual reality success stories, text-based or whatever.
Friday, March 11, 2005
Podcasting
/usr/bin/geek has a post
describing the basics of podcasting (for the listener). He's had to
explain it repeatedly so he's entitled it "The Dummies* Guide To
Podcasting".
describing the basics of podcasting (for the listener). He's had to
explain it repeatedly so he's entitled it "The Dummies* Guide To
Podcasting".
Thursday, March 10, 2005
Brazilian Honeypots Alliance
Some of us/you find the Brazilian Honeypots Alliance Daily
Statistics page interesting.
Statistics page interesting.
No spam?
Odd. There's no spam in the comment queue this morning. Did the
spammer(s) forget to reset/reload a script last night? (heh)
spammer(s) forget to reset/reload a script last night? (heh)
Wednesday, March 9, 2005
Tuesday, March 8, 2005
Loss of anonymity?
In response to this, I'll
add:
add:
- YOU GAIN the a better chance at tracking down
spammers and domain thieves - YOU GAIN a better ability to
contact owners of misbehaving network systems - YOU GAIN a
little peace of mind by forcing domain owners to cut back on their own
abuse.
Personally, I don't like how it was done but I do
like the fact that "something is being done". The current situation
which allows certain spammer-oriented Registrars to operate makes
running even a simple blog like this (on someone else's site) a constant
battle with jerks and assholes trying to earn off of your volunteered
work.
The author of that article needs to take a few civics lessons
too. There is no right to operate a website anonymously. Anonymity is
something you might gain by making traceback difficult but it is not a
Constitutional right.
Neither does the First Amendment guarantee the
right to speak anonymously. The First Amendment prevents the government
from censuring your speech. It does not prevent the government from
holding you responsible for what you say, nor does provide any guarantee
of anonymity that would allow you to avoid that responsibility.
In all
9 of the authors examples, he claims that anonymity is lost. What
actually occurred was a return to responsibility. The anonymity that
"you" are losing was a temporary side effect of the relaxing rules. For
those of us that used Registrars that kept to the rules, our info was
posted and is readily available. Spam and malicious code has reached
record levels and unless we (as a society) start tightening the rules,
the problems are only going to get worse. We're about to move to a
different network protocol (IPv6). How about we leave some of the
problems behind?
Apologies for the rant. I'm tired of tracing crap
back through Gandi and similar.
Monday, March 7, 2005
Sunday, March 6, 2005
Saturday, March 5, 2005
SixXS
I don't know how valuable this is but SixXS does a little bit more than
provide IPv4-to-IPv6 tunnels. If you just want to visit a website on
the "other side" (without setting a tunnel up) just add
".ipv6.sixxs.org" to the hostname.
provide IPv4-to-IPv6 tunnels. If you just want to visit a website on
the "other side" (without setting a tunnel up) just add
".ipv6.sixxs.org" to the hostname.
From IPv4
http://www.ipv6.phreak.org.ipv4.sixxs.org
will take you to the
IPv6 site for the Digital Information Society. It also works in the
other direction. If all you have is IPv6 connectivity
http://www.google.com.ipv6.sixxs.org
will take you to Google.
Malware trail
I've been remiss in not pointing out that "Follow the Bouncing
Malware" actually had four installments.
Malware" actually had four installments.
Friday, March 4, 2005
Reverse Engineering Malware
Here's Lenny
Zeltser's paper on reverse engineering malware, parts of which he used
for his GCIH cert requirements.
Zeltser's paper on reverse engineering malware, parts of which he used
for his GCIH cert requirements.
Thursday, March 3, 2005
ReadPST
For anyone that needs to read Outlook PST's in a *nix environment, I
recommend readpst
(part of the libpst tarball). I wasn't able to pull/push files directly
into my IMAPS server but I was able to generate a local MBOX file, mount
that, and then push the messages onto the IMAPS server via a local mail
client.
recommend readpst
(part of the libpst tarball). I wasn't able to pull/push files directly
into my IMAPS server but I was able to generate a local MBOX file, mount
that, and then push the messages onto the IMAPS server via a local mail
client.
Wednesday, March 2, 2005
Have I been hacked?
<a href="http://www.bleepingcomputer.com/forums/index.php?
showtutorial=24">Here's BleepingComputer's quick tutorial for
Windows entitled "Have I Been Hacked?". It's gives a quick what-
to-check for the suddenly paranoid.
showtutorial=24">Here's BleepingComputer's quick tutorial for
Windows entitled "Have I Been Hacked?". It's gives a quick what-
to-check for the suddenly paranoid.
DNS Attacks
Linux Exposed has a quick
article on "<a href="http://www.linuxexposed.com/Articles/Security/DNS-Common-
Abuses-4.html">DNS Common Abuses".
article on "<a href="http://www.linuxexposed.com/Articles/Security/DNS-Common-
Abuses-4.html">DNS Common Abuses".
Tuesday, March 1, 2005
Say it again
(heh) Here's the algorithm related to <a href="http://www.groklaw.net/article.php?
story=20050225155855922">this:
story=20050225155855922">this:
if($self eq "MS purist") {
$a=1;
until ($a<0) {
say "We will bury you!";
pound_shoe_on_podium();
stand_in_front_of_flag();
say "It's Un-American!";
say "It's an Axis of Evil!";
launch_3rd_party_FUD_campaing();
$a--;
if($a <1) {
$a=3;
}
}
if(all_else_fails()==1) {
click_heels_three_times();
chant_repeatedly("There's no place like home");
}
}
The unending barrage of FUD (from both sides) gets a bit
tiring. There are specific strengths and weaknesses in all operating
systems which brings about the situation "the best tool for a specific
task". Well-run hybrid networks are more secure than well-run
monolithic networks (Before you want to restart that argument: a
single vulnerability won't damage the entire infrastructure.)
For now
the argument has dropped back into the "The End is Nigh" entertainment
category but I do wish that the left and the right would get over it so
the rest of us can get on with our lives.
Subscribe to:
Posts (Atom)