Thursday, December 30, 2004

Chaining Policies

Here
is a site discussing basic web proxy theory. An interesting part near
the end discusses "chaining" of proxies so that each department in an
organization can maintain its own usage policy while the organization
can impose its own set of rules. This effectively "chains" or
aggregates usage policies.

Monday, December 27, 2004

Frequency Chart

I made the following with PowerPoint and converted it to a GIF so it's a
bit basic. However, the information is valuable enough. The numbers
across the top is frequency in MHz.

Friday, December 24, 2004

Swiss Army disk

Normally I spend the first day of the weekend blogging most of the
following week. Today is an exception, for obvious reasons. I have
gifts to wrap, dishes to wash, animals to feed. Somehow I have to
figure out how to sneak my son's and his girlfriend's presents into the
house (past them). HBO is running Carnivale again this coming week so I
have to find time to set up the record schedule. You get the idea.

In any case, blogging
this week may be a little erratic. Here's today's...

IBM has an
article about <a href="http://www-106.ibm.com/developerworks/linux/library/l-
clustknop.html?ca=dgr-lnxw06ClusterKnop">building clusters with custom
Knoppix CD's. Knoppix seems to be one of those tools that finds its
way into everything. Since our appliances will soon have their own IPv6
addresses, what's next? Washing Machine Knoppix? Fish Tank Knoppix?
Lawn Mower Knoppix?

Don't laugh! Mix in a little wireless or
broadband-over-power-line and it's not that much of a stretch.

Thursday, December 23, 2004

Session Riding

The Web Applications Security mailing list has a pointer to a <a href="http://seclists.org/lists/webappsec/2004/Oct-
Dec/0427.html">paper which discusses "session riding", which appears
to amount to hijacking a user's access or data via methods such as
sending crafted instructions via html e-mail (when the user's e-mail
client loads the html, the exploit is executed).

Wednesday, December 22, 2004

More WEP problems

While we're on the topic of WEP problems, <a href="http://www.wifi-
toys.com/">WiFi Toys has an article on <a href="http://www.wifi-
toys.com/wi-fi.php?a=articles&id=53">breaking WEP really fast.

Tuesday, December 21, 2004

Why?

Microsoft has <a href="http://www.blackhat.info/live/modules.php?
op=modload&name=News&file=article&sid=4989">stated that they've
switched virus scanners to "provide a safer online experience for
consumers
". Considering that it's probably more of a financial
issue or a programming difficulty (e.g., can't interface the scanner
with the webmail), it's a bad choice of words for the supposed cause.

We may see a lawsuit because a corporation has taken a public
position on the quality of a competitors product (remember Microsoft purchased two
companies
last year for this purpose). It's one thing to say your
own product is better than everyone elses. It's another to say (or
directly imply) that a competitor's product is crap. Without proof,
that is.

HSC

Activeworx has released a new
verion of its Honeynet Security Console (for Win2K/XP). Screenshots are
here.

Monday, December 20, 2004

Bandwidth shaping

If you do more than the basic video streaming or VoIP on a small
network, it might be worthwhile to learn about <a href="http://www.linuxexposed.com/internal.php?
op=modload&name=News&file=article&sid=563">traffic shaping and bandwidth
management.

Sunday, December 19, 2004

News

More news from the wireless front:

WEP Problems

Here's part one
of a two part series on the current problems with WiFi encryption. The
focus in on WEP but it does touch on other topics.

One thing to keep
in mind: if WEP is the best you have, it's better than nothing and
overall WEP security can be improved via basic practices such as
periodically changing keys.

Friday, December 17, 2004

Thursday, December 16, 2004

tasklist.org

In doing work-ups for malicious code analysis, I've been using Full Disclosure as a source as it allows attachments. This allows me to download onto a non-MS machine, run a virus scanner and do other things while deciding to use the sample or not.

In the process, I usually hit Google also. In trying to figure out "You_are_dismissed.com" (it's Bagle.Ap) I found tasklist.org. It appears to be a really good source for identifying unknown (unauthorized) processes.

Tom Dunigan

Tom Dunigan has a very large security-related link list.

JPeg Vulnerability

InfoSec Writers has a good analysis of the JPEG Processing Buffer Overrun.

Wednesday, December 15, 2004

Putty

Here's an online howto for configuring Putty to tunnel your email traffic safely.

Deb Radcliff

Yesterday I posted about a blog run by Deb Radcliff. It appears she has quite an anthology of articles.

Tuesday, December 14, 2004

Free classes

Don't know if I've blogged about it before but HP's free classes site is still online. Topics include firewalls, desktop publishing, MS, Linux, virus protection best practices, organize your life, and many more.

More blogs

Picked up a couple new blogs: Security Awareness (run by Greg Hoffman) and Security Chief (run by Deb Radcliff). Both people are associated with Winn Schwartau, a "security type" and a real character. My first "run in" with him was when someone bulk emailed an employer with tons of wierd email (looked like mail bugs) and the source had his name in the registry.

Monday, December 13, 2004

Dave Dittrich

Here's Dave Dittrich's home page. Of note are the link's on the left hand side of the page. He maintains some really good lists of site related to various security topics.

Detecting Complex Viruses

Here's a good article which discusses the difficulties in detecting complex viruses.

Sunday, December 12, 2004

Firewalls book

It's almost a decade old but still a good read. Here's the online version of Firewalls and Internet Security: Repelling the Wily Hacker.

Network Attacks

Here's a good article which discusses network attacks and breaks them down into five basic types.

Saturday, December 11, 2004

Free training

Tony Bradley has posted about a site with free CISSP training. This is one of the certifications that will become a bit more valuable in the near future. The Federal Trade Commission is currently suing two companies for lack of GLB compliance. The orders they're trying to get signed include the directive to obtain an satisfactory assessment of their network with 180 days and includes the following statement:

Each assessment shall be prepared by a person as a Certified Information System Security Professional (CISSP) or as a Certified Information Systems Auditor (CISA); a person holding Global Information Assurance Certification from the SysAdmin, Audit, Network, Security Institute (SANS); or by a similarly qualified person or organization approved by the Associate Director for Enforcement, Bureau of Consumer Protection, Federal Trade Commission.

Prediction: You'll see the quals thing get out of hand, even some fakery/foolery that will require either tighter control of quals or the government will create their own quals requirements.

Stand by for an industry shift!

Friday, December 10, 2004

Phreaking

This article is a bit sensationalist ("piles on" semi-unrelated facts in order to scare you) but is mostly accurate.

Anyone seen "Sweet Tooth" in action? (No, not the Pogo game!)

The Broken

For entertainment, try viewing the videos at The Broken. They're made by a couple of recognizable faces. I'm not sure if what they're showing is illegal or not, most of it is pretty mild or very old.

For you conspiracy types, it proves that there was dark forces behind that TV show. Hacking with Ramzi is really, really bad.

Thursday, December 9, 2004

Another semester ends

If you're reading this around 7 p.m. EST, I'm at the Biergarden on High Street in Portsmouth, overdosing on an odd version of potato soup and helping to run a local version of geek trivia. It's part of what is becoming a tradition in that the last (unofficial) day of class is held at the Biergarden.

I'm addicted to the potato soup, which I'm not supposed to have due to its content. I don't have the recipe for it (hope to though) but it contains what looks like small bits of pot roast, potatoe slices, and spaetzle in a clear beef broth. Occasionally, another veggie may make a cameo appearance but the base recipe is delicious. Anything with spatzle can't be all that bad, right?

If you can find someone who makes good spatzle, heifering, and dumpfnodle hire 'em, marry 'em, or otherwise move in with them. Same goes for lumpia and pansit. And before you food vacuums at 757 ask, mine's only passable so you ain't moving in with me.

Apologies for the spelling.

fe3d

Interesting visualization tool. I don't expect it to go anywhere but it is a different approach (see the screenshots). Decent GL links on the page to. (via HITB)

Wednesday, December 8, 2004

SMB

Ubiqx.org has everything you ever wanted to know about SMB (and probably much, much more).

Questions to Ask

I think "Ten Questions to Ask About Application Security Systems" is appropriate, especially when a lot of our applications are moving onto the web server. They are appropriate elsewhere, especially when the other "move" is away from application proxies and towards "deep packet inspection" (which is inappropriate for HTTP traffic).

Tuesday, December 7, 2004

Spammer update

Roughly two weeks have gone by. Total number of spams, three. Two from the same jerk at/via 81.27.200.49, trying to be funny. The other at/via 24.69.65.52. Both of them entered via the web page (vice the CGI interface). Both added to the blacklist. It's probably not helping that I talk about it but since this is the last week in the semester, I have a bit of free time to run the donkey at the windmill.

Cell phone glossary

Mobiledia has a glossary of cell phone related terms.

Windows Tips

Here's a good site for various Windows Tips: Win NT/2K/2K3/XP Admin Knowledge Base.

Monday, December 6, 2004

Wireless protocols

Palo Wireless is a site with in-depth explanations of most (if not all) of the wireless protocols/technologies.

Fighting comment spam

Just in case anyone wanted to know, I modified the writeback plugin so that it's non-standard. Just come up with a word that isn't used in any of the code (to keep things simple) and substitue it for writeback in all of the code. For now, it's a bit of a manual process but it doesn't appear to all that hard to automate (changing that is). It may drive the spammers back to posting via the interface, where fight can be on a more even ground.

Sunday, December 5, 2004

Spammer list for 4DEC04

Following is the list of IP's that attempted to connect to the old-style comment system. The only "things" that attempt this are automated programs of one of two types: either search engine spiders (such as Google's below) or comment spammers. Do what you will with the list, just don't hold me responsible for it.

2 12.158.228.18
1 168.143.113.5
5 193.95.113.114
12 194.213.41.11
127 194.213.41.12
26 194.213.41.13
72 194.213.41.14
1 194.7.246.43 uu194-7-246-43.unknown.uunet.be
1 195.132.141.251 m251.net195-132-141.noos.fr
4 195.27.14.2
1 200.12.238.23
40 200.21.45.4 mangostino.ut.edu.co
3 200.212.114.3
4 200.34.99.9
1 211.239.170.46
1 212.138.47.16 cache6-1.ruh.isu.net.sa
1 212.138.47.20 cache10-4.ruh.isu.net.sa
1 212.138.47.21 cache13-4.ruh.isu.net.sa
1 212.138.47.26
10 213.172.36.62
12 213.41.1.222 wan-222.1.rev.fr.colt.net
8 213.41.1.226 wan-226.1.rev.fr.colt.net
19 217.144.0.137
5 218.4.189.197
1 218.57.113.11
6 219.93.211.74
11 64.125.108.114 64.125.108.114.available.above.net
42 65.54.188.139
1 66.249.64.146 crawl-66-249-64-146.googlebot.com
1 66.249.64.156 crawl-66-249-64-156.googlebot.com
1 66.249.64.160 crawl-66-249-64-160.googlebot.com
1 66.249.64.198 crawl-66-249-64-198.googlebot.com
4 68.167.94.202 h-68-167-94-202.chcgilgm.covad.net
6 68.98.206.172 wsip-68-98-206-172.ks.ok.cox.net
5 80.65.102.162 ip102-162.introweb.nl

Defeating Encryption

One thing that is not said all that often is that even the good guys have to know things like what's in this paper. It's not just the "good guys" that use encryption.

Saturday, December 4, 2004

Free time

Now that I'm not spending a hour or so per day mopping up comment barf (spam), I've had time to fix the comment script to all ,

and
, work on comment titles, and generally get back to tweaking the site. Are there any features that you'd like to see?

I'm considering dumping the Blogroll and replacing it with a links list or putting a "recent comments" frame there.

DYI

Ryumaou has pointed out that O'Reilly has a new magazine called "Make". It's aimed at the hardware geeks. (Telmnstr! This one looks like one of yours.)

Thursday, December 2, 2004

Christmas music

Chalk this one up as a pointless temper tantrum...

What kind of person (that's the nice version) thinks it's important to post their Winamp-generated playlist to the Internet? (Hint: there's quite a few of them.)

I went shopping for a album, containing a Christmas song that I've not heard in fifteen years by Kevin Bloody Wilson (Hey Santa Claus...). It was amazing, the number of fake sites and playlist sites that I had to wade through before finding a legit site offering Kevin's albums.

Maybe I should write one?

living next door to spammers

Survey of Odd Security

Via Need To Know and an odd Shmoo, here's A Survey of Novel Approaches to Network Security.

Wednesday, December 1, 2004