Friday, March 31, 2006
Thursday, March 30, 2006
Wednesday, March 29, 2006
Bluetooth Security
In any case, here is a large link page for Bluetooth-related info.
Monday, March 27, 2006
DNS attacks
Sunday, March 26, 2006
E.S. Posthumus
Saturday, March 25, 2006
FC5
Then again, I could be doing something wrong (you ever have that feeling?). An install of the latest OpenBSD also went off without a hitch.
Friday, March 24, 2006
Wikipodia
Thursday, March 23, 2006
Shmoocon - 23 March 2007
Caught J0hnny Long's talk on "No Tech Hacking". As usual, it was worth seeing. (Dave bought the DVD the next day.)
It's old home week at Shmoocon. The usual Shmoo's and non-Shmoo's are here. (Shouts to Telmnstr, Count, Remad, Jeff W., Rob, Squidly1, Hurd, and anyone that I've missed so far.)
I think that this Con is a bit of a let down after the previous two. This one suffers a lot from timing as the hotel is under construction and the restaurant has been moved into where us lay-abouts would normally take up space on the lobby furniture (i.e., a lot of the chattering has been moved into the bars up the street). Syngress did not show up (no books this year) and the WiFi vendor didn't bring any Bluetooth gear (what I was hoping for). I did get a new card and a fistful of adapter cables though...
In any case, I'm having fun catching up with people I haven't seen in a year and trying to not overdose on the Starbucks.
XXX
Wednesday, March 22, 2006
Tuesday, March 21, 2006
Recovery
Monday, March 20, 2006
Wireless calculators
Sunday, March 19, 2006
Saturday, March 18, 2006
802.11 redir
Thursday, March 16, 2006
Tax trouble
Just kidding. I managed to receive four e-mails containing supposed IRS notices saying that I'm owed money and that I should click on a link and fill out the form there.
It doesn't lead anywhere but here's some of the particulars:
From admin@irs.gov (the system administrator for the IRS cares about me!)
The header graphic is from irs.gov.
Del'd by | Return-Path | IMP ID | Clicking link leads to: |
---|---|---|---|
61.221.79.115 | test@simhope.com.tw | 9Uhz1U02V2VGYjh0000000 | http://200-158-140-157.dsl.telesp.net.br/update/IRS/caseid886432/ |
61.221.79.115 | test@simhope.com.tw | 9Url1U00c2VGYjh0000000 | http://200-158-140-157.dsl.telesp.net.br/update/IRS/caseid886432/ |
61.221.79.115 | test@simhope.com.tw | 9UnS1U01n2VGYjh0000000 | http://200-158-140-157.dsl.telesp.net.br/update/IRS/caseid886432/ |
61.221.79.115 | test@simhope.com.tw | 9YMR1U0212VGYjh0000000 | http://test.spnet.ne.jp/Gmark/image/caseid886432/ |
Note that I've said "IMP ID" and not "MSG ID". This and info available about simhope.com.tw leads me to believe that they're an ignorant middle-man. It's the links that the message tries to trick recipients into clicking on that are interesting. Three were from 200-158-140-157.dsl.telesp.net.br and one was from test.spnet.ne.jp. Let's try those.
The nslookup on 200-158-140-157.dsl.telesp.net.br returns 200.158.140.157. A whois lookup on that IP indicates that it belongs to Telecomunicacoes De Sao Paulo S.A. (Sao Paulo Telephone?). Almost obviously a DSL account.
The nslookup on test.spnet.ne.jp returns 211.12.208.189. A whois on that IP indicates that the IP belongs to "Japan Network Information Center". Another telephone company?
Connection attempts to 200.158.140.157 time out. However, connection attempts ("wget -S") to 211.12.208.189, indicate that it's an Apache 2.0.40 server running on Red Hat Linux. The default page was last modified approximately 22 1/2 hours prior to my accessing the server. Oh, and the default page amounts to an open-html tag, an open-body tag, a close-body tag, and a close-html tag. An attempt to visit the page in the link returns a 404 error. However, clicking on the link in the email returns a page containing Japanese sentences. A Babel Fish translation of those pages returns "There was no information which agrees with search. Doing, please try searching for the second time e.g., keyword, category and the commodity etc. are modified. Swallow" followed by a series of untranslated characters.
So it's more or less a dead end. If there was anything there, it's inaccessible now (short of having physical access to the machine). Hopefully you weren't one of the ones that fell for it.
Wednesday, March 15, 2006
Bulwer-Lytton
actual date that submissions will start to be accepted but I think that
there's approximately 30 days left to submit entires to the Bulwer Lytton Fiction Contest.
Yes folks, this is a writing contest for the worst prose. Single
sentence submissions only. Visit the site for the offical rules.
Tuesday, March 14, 2006
Recon vids
Sunday, March 12, 2006
Nixie Tube Watch
Saturday, March 11, 2006
BH 2006
Friday, March 10, 2006
The Measurement Factory
Thursday, March 9, 2006
Wednesday, March 8, 2006
Tuesday, March 7, 2006
Back to basics
The current in-vogue practice is to declare the use of passwords as "old school" and hint that it is the least secure method of protecting your information. Example: Microsoft wants you to switch to token-based authentication, claiming that we should give up using passwords. The truth is that they are only telling your half of the story. What's actually being done is they are not replacing passwords with token-based authentication. You still need some form of password (pin number, pass phrase, etc.) as part of your login process. Contrary to what the media has interpreted/spouted (yeah, even Gartner), passwords are still there.
If any system claims to be more secure by replacing passwords with such-and-such a method, I don't recommend that you buy/use it. Until such time that biometrics become more accurate (much fewer false positives/negatives) and secure, passwords will remain the foundation upon which to build highly secure control systems (keep in mind that this means: authentication, non-repudiation, and identification). For passwords:
- there are much less control problems
- inventory and distribution issues don't exist
- controls over type, length, rotation, etc. are much more flexible
- there are far fewer false positives than any other form of authenticaion (i.e., you don't get in by mistyping your password)
Passwords major drawbacks are:
- there are far too many tools to create defeat password based systems. However, it's the old arms race again. Whatever form of authentication is dominant will be the one that is attacked the most.
- People will take the path of least resistance and use the most easily remembered passwords, also making them the most easily guessed. However, there are available controls to counter this problem.
Tokens and biometrics have a long way to go before they replace passwords as the primary form of access control and authentication. Hopefully the hype will fade into background noise shortly.
Monday, March 6, 2006
Out of date books
Sunday, March 5, 2006
SFE
Also pointed out was E-Clec-Tech which carries the door locks that Telmnstr was looking for (Arcade section).
Saturday, March 4, 2006
Viewing Word
Friday, March 3, 2006
Sleep
- No matter how big you think the airport is, there's one larger, elsewhere (Dallas, Denver and O'Hare so far)
- The size of the rental car you drive should match your own car as closely as possible
- eat food before you get on the plane but limit fluid intake until after your arrive (I won't explain that)
- no matter how much extra space you leave in your suitcase, you'll always not have enough room to bring everything back
- What's considered polite in one location can be extremely rude in another (I won't explain that either)
- I have a serious Starbucks addiction
- You can get jet lag from as little as a one-hour time difference
- The TSA should be empowered to pull people out of line and force them to bathe prior to boarding (there's a difference between long-distance sticky and long-distance slimy/greasy)
- And finally, if you show up the suggested two hours early, the flight will inevitably be delayed at least two hours.