Sunday, April 30, 2006


Finals are this week so this means that, for any of Rob's old students, we'll be at our final in the usual place in Portsmouth on Thursday evening. (heh) Please remember their policy concerning charge cards and individual order payment (i.e., bring cash!). The extended forecast says "isolated thunderstorms" so you may want to include an umbrella when you leave for work that morning.

Return of comment spam

It took all of 45 seconds for the old/new comment system to receive spam. I'm now up to about a dozen an hour. You don't see it because of the blog's manual review system.

In any case, it's prompted the return of the warning label at the bottom of this page. If you plan on using this system for unsolicited advertising, you're required to read the policy as submission of content comprises agreement.


The "Using Rootkits to Defeat DRM" article is a couple months old but the discussion in the comments is interesting. Some of it relates to what I experienced when I installed the Digium TDM400P card on my computer (the software didn't recognize the card, assumed "evil-by-default" and disabled various licenses for legitimately purchased software. Add a very-difficult-to-locate customer service department to that and I understand a lot of the attitude. Not that I condone it, mind you, but I do understand it.

Saturday, April 29, 2006


I did very little today that would be considered productive by most. Geek-wise, I had a busy day, though little of it was security related (no security-related blog post today). I set up a wiki to develop a curriculum for a possible class, coded a prototype clone (not showable yet), fixed the comment system here, and cleaned up a butt ton of wiki kruft.

I still have to work on a class project, rebuild a laptop, tweak DoomCube code, download and burn the week's podcasts to disk, and take a nap. Something's not going to get done...

Friday, April 28, 2006

Comment section

The problem with the local comment section has been located and I'm working on getting it working again. For the next day or so, there'll be two links for comments at the bottom of each story. Please use the left-hand one if you want to make a comment.

I will work on moving the comments from HaloScan to the local system. Thanks for putting up with it.

Thursday, April 27, 2006


This page has been up for a very long time but it contains still-valuable information on obfuscating/de-obfuscating URLs.

Wednesday, April 26, 2006


The site is a bit rarified but a lot of the work by the IETF workign groups is important to "how things work".

Tuesday, April 25, 2006


It isn't "The Spinning Cube of Potential Doom" but it's somewhat similar. Here's DoomCube.

WLAN MAC Address Spoofing

Here is an interesting paper from Josh Wright which discusses MAC address spoofing in wireless networks.

Monday, April 24, 2006


I don't know of it's value as a tutorial but Allen Downey's How to Think Like a Computer Scientist is a good refresher reference.

Sunday, April 23, 2006

Day 1

I was able to fend off the install for almost 4 years but I finally got so frustrated with the ME crashes that I purchased/installed XP. I then installed all of the usual tools (anti-spam, anti-virus, etc.). All this for one lousy game series that I like playing...

Consider this Day 1 of the count towards the next file system damaging crash.

Saturday, April 22, 2006


Here's the presentation and video from last year's IACR on the "New Collision Search for SHA-1".

Friday, April 21, 2006


I haven't evangelized on the advantages of using Vi in a long time. People who know it well enough cannot cannot function without it. (Though they often curse the people who forced them to learn it.) In any case, here is the U. of H.'s Vi Tutorial.

Damn you Bob Acosta! (heh)

Thursday, April 20, 2006

Wednesday, April 19, 2006


Here is a recent article, entitled "Performance tuning Unix systems" which discusses the use of "nice".

Tuesday, April 18, 2006

GoogleTalk + Asterisk

I'm going to have to try this. Serge Mankovski has cooked up a way to hook GoogleTalk to Asterisk and is evening offering a VM of his experiment. The cool thing is that my hardphone will likely work with this also.

Monday, April 17, 2006

Gizmo's Picks

Tech Support Alert has a Windows-oriented article entitled "The 46 Best-ever Freeware Utilities". While I don't agree with a lot of their picks, it does list a lot of good security tools for Windows users.

Update (10 Jul 2017): Peter Selmeczy has provided an alternate page for the above broken link: The 36 Best Free Utilities for your Computer (Apple and Windows).

Sunday, April 16, 2006


I'm not sure of the accuracy (or even if it contains problems of its own) but MessenPass looks like it has some value in a first responder/forensic toolkit. It allows you to recover IM passwords of a logged in user (local machine only).

Saturday, April 15, 2006


For my own reference (I've needed it before): here is Boing Boing's piece on how spammers get around captcha's with porn.

Friday, April 14, 2006


I managed to miss this month's HRSUG meeting so I also missed the chance to ask about how the Snort/Sourcefire people felt about the purchase being blocked. Anyone know?

Thursday, April 13, 2006

More DNS trouble

Milton Mueller has written an article in which he's proud that the ICANN members have voted to protect the "privacy" of domain registrants. What's not said in the article is that the vote was directly beneficial to those voting. In other words, their biggest customers (the spammers that cycle through hundreds if not thousands of domains in a year) are protected.

The drawback is that they're also likely to turn themselves into a legal organization as this "advantage" gets exploited to its limits. It will also draw them into a tight relationship with the U.S. Government, the same one that they're now proud to have defeated. This is because only those with enough resources to repeatedly subpoena information from the registrants. In other words, Microsoft and the USG. The rest of us security types are left out in the cold.

Unless ICANN starts policing the environment they control, allowing people to hide behind false or hidden identities, I wouldn't be surprised at the type of law suits they'll face in the coming years, especially if the situation gets so bad that government feels the need to step in. This will get quite interesting in the next few years.

Wednesday, April 12, 2006

Don't do it

This is an explanation of "why TCP over TCP (tunneling) is a bad thing". It's one of those bits of knowledge you need to know when dealing with VPN's, especially if you're using tunnels in tunnels or employing mobile IP in any form.

Tuesday, April 11, 2006


For my own reference: here is a cheat sheet for makefiles. Actually, it's a howto for writing makefiles but it's helpful in debugging an uncooperative compile.

Monday, April 10, 2006

Web browser forensics

SecurityFocus has a very good article on web browser forensics. If your job involves investigating suspicious user activity, this is one of the must-knows. (Hint: more should be written on the topic.)

Saturday, April 8, 2006

Portable Apps

If you're in network management, the following is "a bad thing". If you travel a lot and use a lot of hotel business center computers, it's likely "a good thing". In any case, someone at Wikipedia is maintaining a list of portable applications (stuff you can carry around on your flash drive and run as needed).

Friday, April 7, 2006

NSLU2 update

With all of the crap that I attempted to run on the NSLU2, it was no suprise that the box showed a tendency to lock up after a couple hours run time (though the amount of stuff running to cause that was impressive (Apache, MySQL, Mediawiki, uShare, DNS, screen'd sessions, thttpd, Samba, NFS, not to mention a scripted tcpdump session (an attempt to watch problems that a second-hand network print server was causing)). I've cleaned up the start-up scripts and uninstalled a lot of the ipkg's. Let's see how long it'll hold up unattended now...

Thursday, April 6, 2006

Gone missing

Apologies for not pushing stories onto the blog this week. I've been very busy, what with it being the first week of the month (evening meetings) and working on a large coding project for class. I will back fill shortly.

Wednesday, April 5, 2006


Rob: Save a chair for me in the next class for the week you talk about Metasploit (link to H. D. Moore's slide set).

Tuesday, April 4, 2006

Yahoo Click-Fraud

Here is an analysis of one of the ways that the spammers do it (generate income) nowadays.

Monday, April 3, 2006

Browser fuzzing

Ever wonder how some bugs are discovered? Some of them are found via analysis, others are found via a form of brute forcing (with illegal input) called fuzzing. Here is a discussion of fuzzing applied to web browsers.

Sunday, April 2, 2006


Note to self: You need more lead time when trying to get an unfamiliar tool (Wand's BSOD) (no not the MS BSOD) up and running.

Saturday, April 1, 2006


I was messing around with the NSLU2 again last night. With a bit of Google searching, I was able to find the list of files to load to enable compiling on the NSLU2. After that, I experimented with getting a uPNP Media Server built (so's I can watch various podcasts/vidcasts in the living room via a DLink media converter).

MediaTomb failed early, complaining that the environment couldn't compile C++ programs.

uShare did compile with a bit of tweaking. I've put my notes here. I can now watch my ShmooCon vids in the living room, on a decent-sized screen.

If you use my notes to build your own, please let me know. If you figure out how to add capabilities, also please let me know.