Friday, June 30, 2006


InfosecWriters has a pointer to a paper by Sam Sotillo which discusses how Phil Zimmerman's Zfone works.

Thursday, June 29, 2006

Google Maps

For those of you that like playing with Google Maps, they've added a few new functions. Here is a tutorial for messing with the API and the new features.

Wednesday, June 28, 2006

Making TeX Work

Found during research on business cards: SourceForge has an online copy of "Making TeX Work" by Norman Walsh.

Tuesday, June 27, 2006


Hacker Media has a pointer to a video entitled "Intro to TrueCrypt".


Oooohh! My brain is full! You ever have that feeling that if you crammed one more fact into it, you'd start losing other stuff? That's me. Today. Mid-terms (pursuing another degree). I've learned more about the late Baroque period in the last four weeks than I did during remainder of my life.

I rec'd a 98 on today's test. Completely blew one question by scratching out the wrong letter (I actually knew the answer). Problem is I've had the theme song to AskANinja playing in my head all day. It makes thing a bit difficult when you have to name 10 piece when the professor plays "Name That Tune" with Baroque music.

Damn you, Neu Tickles!! (heh)

Monday, June 26, 2006


For you crypto and programming types, Wikipedia has a page of algorithms. While it doesn't usually explain the algorithms themselves, it does have pointers to the info you're looking for.

Sunday, June 25, 2006

Angle Cards

I've been researching a possible project which involves putting various info on business cards and have run across some other people's interesting work. Here's one: a business card for estimating angles and, with a bit of math, distance.

Saturday, June 24, 2006


Here is a paper which discusses the D-Link NTP ddos and includes other ddos attacks as historical examples.

Friday, June 23, 2006

Thursday, June 22, 2006

Wireless notes

The following is mostly for my benefit...

I cleaning out various pieces of luggage, I discovered some of my notes from this year's ShmooCon, specifically the Wi-Fi Trickery lecture. Here's some disjointed notes:

  • raw injection can corrupt a WIDS
  • FakeAP is only effective against novice wardrivers (as a defense) and WIDS (inserts bad or junk info into the database)
  • FakeAP can be detected by looking at timestamps (usually too low), sequence numbers (often reset or too low), and other misbehaving parameters.
  • A good number of frames are not normally analyzed by WIDS (e.g., ACK frames), thereby allowing for the existance of covert channels

The tools/topics discussed in the lecture included: Enhanced FakeAP, GlueAP, MitM attacks and covert channels.

Wednesday, June 21, 2006


For you webmaster types, Panda offers a collection of online tools that you can stick on your web site.

Tuesday, June 20, 2006

NIST Draft Pubs

NIST has three draft publications for which they're accepting public comment:
  • The Information Security Handbook: A Guide for Managers
  • The Guide to IEEE 802.11i: Robust Security Networks
  • PIV Data Model Test Guidelines

Note: the deadline for comment for this last one closes June 22nd. (You'd better hurry!)

Monday, June 19, 2006


I find myself wading through my 300+ Bloglines subscriptions and unsub'ing from feeds that think that articles like "Microsoft's vulnerabilities turned into exploits" are news.

DNS attacks

Amit Klien has an interesting article which discusses various issues with DNS security at the registrar level.

Sunday, June 18, 2006

Outside too

Philip Su's article talks about the political and emotional abuse that runs rampant inside the company. What's glossed over is the same behavior occuring within the user community (not that it is limited to the Microsoft realm).

Many seem to have forgotten the condescending, often pompous, position of the illuminati that Windows was the most secure and best tool for the job. True or not, it was the position marketed and accepted by the general populace. (Apple seems to be repeating the process.)

Microsoft has a new chance with the coming release of Vista. Hopefully they realize that with a new product, they've reset the KLOC counter to a high value and will need to work their way back down (again). That the product has several new technologies built into its foundation will cause numerous problems once the outside world (black, white and grey-hat) begins to understand its workings.

Hopefully the MS marketing department will be constrained from promoting the new OS as being the most secure on the planet as was done with previous versions. If they don't we'll have to suffer through yet another generation of programmers and admins whose declarations of better security are based solely on party line and the fact that it's the only OS they know. (i.e., those admins who manage systems in multiple worlds have favorites but they're not rabid purists). If they do avoid the used car salesman approach, I believe that, in the long run, Vista will be a much more successful product.

Saturday, June 17, 2006


Okay, this is getting out of hand. I was out of town for a week and was able to sift through the comment queue only once (on Tuesday). Since then the comment spammers have dumped a little over 21,000 spams into the queue. Luckily, I'm not limited to manual delete.

It is a PITA though.

Friday, June 16, 2006

Thursday, June 15, 2006

NIST Hash Workshop

Here's Bruce Shneier's posts on last year's NIST Hash Workshop:

The pieces are short but they poing to quite a few interesting papers.

Wednesday, June 14, 2006

Layer 2 Tool Analysis

I may have blogged this one before but here is an interesting piece on analysis of wireless "discovery" tools (yeah, another of Josh Wright's pieces). One thing to keep in mind is that he's discussing "active" tools. Passive tools are rarely discovered and then mostly by accident.

Tuesday, June 13, 2006

Reading Mail Headers

One of the things that you will eventually do if you work in network security is read the header of a piece of email. Whether it's troubleshooting a problem, backtracking spam, or just trying to figure out where a message has been, you need to be able to interpret what you're reading. "Reading Email Headers" explains the basics.

Keep in mind the article may or may not be entirely accurate as each piece of software that handles e-mail has its own "standards" for doing things. An example of this is that MsgID's are valid only on the machines that generated them, especially on firewalls. Assuming that MsgID's are constant from source to destination will quickly get you lost.

Also, each mail handler has its own way of generating those ID's. Sendmail's ID's are a combination of timestamp and process number. (Beginners should consult the Bat Book to learn how to decode them.) MS Exchange ID's appear to be totally random. (For years, I've been looking for a source of info for this.)

Also, some organizations purposely munge headers in an attempt to "hide" their internal architecture. This sword cuts both ways though as it also complicates troubleshooting.

In any case, the article explains the basics of reading headers and basic forgery detection. Count it as a need-to-know.


Note to anti-virus companies: Please add the feature where if the malware is known to steal, borrow or otherwise forge the source address on an infected email, the code will NOT send an email back to the supposed source. I'm now getting complaints about my non-existent MS mail client in Italian.


Monday, June 12, 2006

Malicious Crypto

SecurityFocus has a two-part article on malicious cryptography (part 1, part 2). You'll probably find the references listed at the end of each part interesting.

Sunday, June 11, 2006

How to report it

Just in case you're wondering how to do it, the DoJ has a page entitled "How to Report Internet-Related Crime". Keep in mind that most cybercrime fails to meet the minimum requirements for law enforcement to act on as there's only so many investigators and there's so much crime. If you can prove a crime (that doesn't meet the damage minimum), you might consider civil prosecution or private investigators.

Saturday, June 10, 2006


If you're willing to dig a bit, this class blog might be a good starting point for surfing crypto/security-related reading.

Friday, June 9, 2006

Thursday, June 8, 2006

RAM Dumping issues

NTSecurity has an article which discusses the issues associated with dumping memory for forensic purposes. Not how, but what might complicate the practice.

Wednesday, June 7, 2006

Malware Analysis for Admins

Here is a SecurityFocus piece entitled "Malware Analysis for Administrators".

Monday, June 5, 2006

KFI Live

Since KFI updated their streaming software, us non-MS users have had issues in listening to the live stream. Mplayer doesn't work because it claims that it's missing a codec and it really doesn't like the multiple forwarders that the web client employs. Try this:
  1. Go here.
  2. Hit "stop" before the page redirects.
  3. Right click on "click here" and select "copy link location"
  4. open a terminal and type mplayer (don't hit return yet)
  5. paste the link (copied earlier) into the command line and hit enter

Depending on the age of this hint, you should start hearing the KFI feed.

Saturday, June 3, 2006

Thursday, June 1, 2006


Correct me if I'm wrong but neither Google nor Digium had anything to do with the connection, though they both acknowledge it. I'd thought that it was developed by a third party.