Friday, June 30, 2006
Thursday, June 29, 2006
Wednesday, June 28, 2006
Making TeX Work
Tuesday, June 27, 2006
I rec'd a 98 on today's test. Completely blew one question by scratching out the wrong letter (I actually knew the answer). Problem is I've had the theme song to AskANinja playing in my head all day. It makes thing a bit difficult when you have to name 10 piece when the professor plays "Name That Tune" with Baroque music.
Damn you, Neu Tickles!! (heh)
Monday, June 26, 2006
Sunday, June 25, 2006
Saturday, June 24, 2006
Friday, June 23, 2006
Thursday, June 22, 2006
I cleaning out various pieces of luggage, I discovered some of my notes from this year's ShmooCon, specifically the Wi-Fi Trickery lecture. Here's some disjointed notes:
- raw injection can corrupt a WIDS
- FakeAP is only effective against novice wardrivers (as a defense) and WIDS (inserts bad or junk info into the database)
- FakeAP can be detected by looking at timestamps (usually too low), sequence numbers (often reset or too low), and other misbehaving parameters.
- A good number of frames are not normally analyzed by WIDS (e.g., ACK frames), thereby allowing for the existance of covert channels
The tools/topics discussed in the lecture included: Enhanced FakeAP, GlueAP, MitM attacks and covert channels.
Wednesday, June 21, 2006
Tuesday, June 20, 2006
NIST Draft Pubs
- The Information Security Handbook: A Guide for Managers
- The Guide to IEEE 802.11i: Robust Security Networks
- PIV Data Model Test Guidelines
Note: the deadline for comment for this last one closes June 22nd. (You'd better hurry!)
Monday, June 19, 2006
Sunday, June 18, 2006
Many seem to have forgotten the condescending, often pompous, position of the illuminati that Windows was the most secure and best tool for the job. True or not, it was the position marketed and accepted by the general populace. (Apple seems to be repeating the process.)
Microsoft has a new chance with the coming release of Vista. Hopefully they realize that with a new product, they've reset the KLOC counter to a high value and will need to work their way back down (again). That the product has several new technologies built into its foundation will cause numerous problems once the outside world (black, white and grey-hat) begins to understand its workings.
Hopefully the MS marketing department will be constrained from promoting the new OS as being the most secure on the planet as was done with previous versions. If they don't we'll have to suffer through yet another generation of programmers and admins whose declarations of better security are based solely on party line and the fact that it's the only OS they know. (i.e., those admins who manage systems in multiple worlds have favorites but they're not rabid purists). If they do avoid the used car salesman approach, I believe that, in the long run, Vista will be a much more successful product.
Saturday, June 17, 2006
It is a PITA though.
Friday, June 16, 2006
Thursday, June 15, 2006
NIST Hash Workshop
The pieces are short but they poing to quite a few interesting papers.
Wednesday, June 14, 2006
Layer 2 Tool Analysis
Tuesday, June 13, 2006
Reading Mail Headers
Keep in mind the article may or may not be entirely accurate as each piece of software that handles e-mail has its own "standards" for doing things. An example of this is that MsgID's are valid only on the machines that generated them, especially on firewalls. Assuming that MsgID's are constant from source to destination will quickly get you lost.
Also, each mail handler has its own way of generating those ID's. Sendmail's ID's are a combination of timestamp and process number. (Beginners should consult the Bat Book to learn how to decode them.) MS Exchange ID's appear to be totally random. (For years, I've been looking for a source of info for this.)
Also, some organizations purposely munge headers in an attempt to "hide" their internal architecture. This sword cuts both ways though as it also complicates troubleshooting.
In any case, the article explains the basics of reading headers and basic forgery detection. Count it as a need-to-know.
Monday, June 12, 2006
Sunday, June 11, 2006
How to report it
Saturday, June 10, 2006
Friday, June 9, 2006
Thursday, June 8, 2006
RAM Dumping issues
Wednesday, June 7, 2006
Malware Analysis for Admins
Tuesday, June 6, 2006
Monday, June 5, 2006
- Go here.
- Hit "stop" before the page redirects.
- Right click on "click here" and select "copy link location"
- open a terminal and type mplayer (don't hit return yet)
- paste the link (copied earlier) into the command line and hit enter
Depending on the age of this hint, you should start hearing the KFI feed.