Thursday, June 30, 2005

Wednesday, June 29, 2005


I've gotten rusty. I spent two hours troubleshooting software that I
hadn't touched in two years. What should have taken me 5 minutes to
trace took me 2 hours. You can consider me as wearing the "bonehead"
sign around my neck, at least, thru the weekend.


Tuesday, June 28, 2005

I'll argue the point

The author of this WatchGuard really admires Skype's ability to evade firewall controls and thereby void security policy. While Skype might be hard to block, it is easy to detect and the author seems to have forgotten the most effective countermeasure for preventing the use of any tool: public executions.

If all of the network's users are aware of the consequences of violating policy (and know it's being enforced), incidents won't occur that often. As a former network hitman, I've seen this one in action. No matter what you think of it, it's a method that does work.

Monday, June 27, 2005

Who's your favorite?

I won a Shuffle in a drawing at a recent conference and have been using
it to listen to various Podcast (hate the name) shows. I also burn a
lot of those shows to disk and listen to them during my one hour+
commute to/from work. I'm interested in maintaining a list (in the
wiki) of good geek/tech shows. Here's my favorites:
  • any of the
    Leo Laporte shows (TLR, TWIT, the KFI shows)
  • /bin/rev (although
    I don't like Stank's personality, he does have a good
  • Slashdot review
  • Geek News Central
  • Chris

Others I've been monitoring (haven't decided if I
like yet) include:

  • Infonomicon
  • Linux Link Tech
  • Mondays
  • LQ
  • Linux Link Tech
  • most of the stuff in HackerMedia

Leave a
comment and I'll add the sources to the wiki.

Sunday, June 26, 2005

Thanks George

Just got done watching Troops
and I.M.P.S.. Good stuff.
I.M.P.S. is a bit more subtle (for humour) but both are good. Love the
references to MST3K and Predator.

Kismet + GPSDrive

One thing that Kismet demo's don't often include is GPSDrive, a program
that will detect Kismet and add additional capability to the surveyor's
toolkit. Here is Anthony Stone's presentation on the topic. I especially like the slide showing the relationship between the OSI and TCP/IP models (though it doesn't have much to do with wireless).

Friday, June 24, 2005

Thursday, June 23, 2005

IPv6 papers

Here's the North
American IPv6 Task Force's list of "Articles of Interest".

Wednesday, June 22, 2005

A challenge?

Say that it'll
take $2K
to build something, someone will take it as a challenge and
probably come up with something just as effective for $50, which
somebody else will mass produce for $20.

Something to keep an eye on,
both the bad guy tech and what the manufacturers are going to do to
counter the problem.

Tuesday, June 21, 2005

HTTP Header Exploitation

Here is William Bellamy's SANS/GSEC paper on HTTP Header Exploitation. Note: it has nothing to do with the recent exploits which I'll blog about later in the week.

Monday, June 20, 2005

Call me a skeptic

Here's another article on the .xxx domain. If you read the article, certain alarms should be ringing in your head. It's probably not comprehensive, but here's what irks me:
  • ICM will charge $60-$70 dollars, $10 of which would fund someone else's agenda (ICANN also gets a cut)
  • the "non-profit" will be comprised of what appears to be groups that will be most biased in the first place: adult material perveyors, privacy advocates, and "child-advocacy concerns" (what are those, exactly?).
  • the sentence "Even if it's voluntary, supporters say, adult sites will have incentives to use .xxx.". What incentives might that be? It's certainly not monitary in nature! I think the only other remotely available incentives in existence are moral and penal. Since adult web sites are already considered to be against community morals, the only other incentive is going to be fines/jail time.
  • the phrase "required to follow yet-to-be-written 'best practice' guidelines, such as prohibitions" is a triple negative. "Required to follow best practice" sounds like a law. "Prohibitions" does nothing to lessen the impression. Beside, spamming and malicious scripts (code) is already illegal.
  • domain managers have had a very spotty history of assigning domains based on qualifications. Outside of the ".mil" and ".gov" domains, chaos prevails. Now we're supposed to believe that an organization made up of members with conflicting agendas is going to be different?

Let me repeat myself: I'm quite skeptical that this situation lead to anything good.

Sunday, June 19, 2005


I still haven't decided if this is a new fad, an overblown art project, or someone attempting to astroturf a fad so they can collect e-mail addresses (or worse).

Saturday, June 18, 2005


Here's an article which discusses the tech that has many security officers banning iPods in the workplace. Personally, I think it's a bit over the top and entirely for the wrong reason. If you're worried about corporate data leaving the workplace (or programs being brought in), you should also worry about those thumb drives that the company signs out, all of the e-mail and web traffic, CD burners, hard copy, what's in employees' heads... (do I need to go on?)

You should worry about iPods (or any other USB device) that have alternate OSs because of the DMA issues but banning them because they're temporary storage (without banning all other forms of temporary storage) is prejudicial in nature and basically ignorant.

Friday, June 17, 2005

DHCP error

Note to self: when dhclient responds with:

configuration for eth3 not found

take a look in
/etc/sysconfig/network-scripts and make sure that ifcfg-eth3

I'm such a bonehead at times. This caused a situation where a
friend's windows laptop would connect to the network just fine but my
kluge-box wouldn't. Nothing was getting logged. I didn't notice until
I started running all of the commands manually.

Based on the number of
times this shows up in Google, this is a common problem.

Thursday, June 16, 2005

Have fun

In wandering around the net, I tripped over the NIST Virtual Library.
Most of the articles are over my head but I do understand a few of them.

Wednesday, June 15, 2005

Crypto Basics

Here's a site
that gives the basic theory behind most of the crypto systems in use.

Tuesday, June 14, 2005


I was in Raliegh-Durham today for the VMWare demo (so call me a swag whore 'cause I like free copies of commercial software). Two things that could have made the demo a bit better:

1) GIVE BETTER directions to the place. The RD Hilton is at the east end of Page Road. However, the only thing on Page Road signifying the existance of the Hilton is a tiny 6" x 8" sign that appears to be pointing to the Sleep Inn parking lot. I missed this sign the first time through and spent the next hour exploring every inch of Page Road (and it's only a few miles long). Thanks to the manager at the Days Inn for pointing the way.

2) If you're going to present to a roomful of geeks, give 'em tables to work on. Just stuffing a small room with chairs makes the entire experience uncomfortable for everyone, especially when there's a full house.

To give them credit, the presentation was interesting.

The title is "lost" because, as usual, I got lost on my way to where I was going. It's something that I've learned to live with, and my wife has learned to tolerate (our first date, we aimed at a restaurant in the next city... ended up in the next state). This time I did end up at the proper place (after asking directions twice) but I did get to see an ominous crime scene, complete with the population from 6 police cruisers and 3 news vans. Also on scene was 100+ feet of yellow police tape and what looked like a black bicycle laying on the ground. Anyone know what it was?

Monday, June 13, 2005


For you Jason Scott fans, here's an article on the problems with (and reasons for) archiving the Internet. It's interesting that the average lifespan of a web page is 44 days. It's annoying that some consider it illegal to archive public content.

Sunday, June 12, 2005

Of course

The media is getting some pretty decent mileage on "Is IPSec on borrowed
time?". What hasn't been said is that each has its own advantages,
disadvantages and best use. The values that (can) differ with both
implementations include: the layer(s) where encryption occurs,
authentication mechanisms, the layer(s) where encapsulation occurs, and
situations where it's best employed.

I think what we'll see is
peaceful co-existance, in the toolbox.

Saturday, June 11, 2005

Don't give 'em any ideas!

Webroot is predicting that spyware will be embedded in RSS feeds by the end of the year. While it's possible, I think that the limitation is that it requires compromise of the feed source.

Friday, June 10, 2005

More on XXX

CircleID has another view from a different author on the upcoming XXX domains.
Mr. Javed has come up with a couple points that I hadn't thought of.

Thursday, June 9, 2005

No spam

Weird, the comment spammers must have taken me off of their list. I
haven't received any (and I'm not asking for it!!) in a couple weeks.

Spring cleaning

Those of you that actually visit the site have probably noticed that I'm
cleaning up some of the code on the site. Experiments and anti-spammer
tweaks have left the back end in a horrible mess. Between that and
work, I haven't had much time to research entries for the site. Please
bare with me for a bit longer and I apologize for the current font set.

Wednesday, June 8, 2005

Bullet hole

HigB did something that we're all prone to do in the long run: <a href="
aim-and-i.html">shot himself in the foot. However, he caught it in
time and did an quick analysis of the trojan.

Tuesday, June 7, 2005

Ouch! Ow!

There is something more painful that being a level III Unix admin and
being forced to watch level I training CBT's. It's being forced to
watch level I training CBT's that were produced in the mid-1990's!

Brain hertz!

Monday, June 6, 2005

Things could be worse

I often complain about the four networks that I can "see" from my chair in the front room. Wormulon seems to have it much worse than I do. And before you comment, yes, I do have to run one of those APs unencrypted. The device on the other end cannot "do" any form of encryption.

Not even WEP which, if it's all you have, you should still be using. My neighbor thinks I'm hacking his systems because I know the names of his machines. He is a heavy MS user (including SMB) and doesn't understand that when he turns off his AP (for security reasons) his machines will join any other wireless network. My network monitors are full of entries about "MoonGodess".

I guess it could be worse.

Sunday, June 5, 2005

Security Links

Bob Cromwell maintains a link farm of
security-related sites. It's worth exploring, there's some "doozies" in
there (try the "Privacy" or "Downright Scary Threats" links).

Saturday, June 4, 2005

BOHICA (More of my pessimism)

Here are a couple ComputerWorld and CBC articles about the new .xxx domains coming into being. This topic has been discussed on this blog and other forums previously.

Expect this domain adoption to lead to an extended excercise in frustration, polictics, censorship and name-calling. ICANN is making the TLD available (for $75 per domain) so that porn sites can move in. What's not being said is that most porn sites probably won't move there because it makes censorship of their site(s) extremely simple.

An good example of this is "". The site uses that domain for two reasons: notariety and to attract fat-fingered surfers.

What happens when ICANN figures out that very few web sites are buying their $75 .xxx domains and are sticking with their $5 .com/.net domains? It's likely to involve parental controls, loud proclamations of "we're doing it to protect the children", and attempts to force migration to the .xxx realm.

It'll only get nastier after that. Because I periodically write about things that are unpleasant to some (and sometimes include the word "fuck"), does this site deserve an adult rating? Who gets to categorize the site? How long before people realize that the Internet is an adult tool, not a child's playground?

Hopefully, the .xxx domain will exist to hold only those sites that want to be there but (feel free to call me a pessimist) I don't believe it'll exist more than 6 months before either the legislative branch or the media calls out the lynch mob.

Friday, June 3, 2005

Networked evidence

Here is a short paper on the issues involved with collecting forensic evidence in a distributed environment, (i.e., the typical corporate network).

Thursday, June 2, 2005

Wednesday, June 1, 2005

GPS stuff

To go along with the recent GoogleMaps content, here is a site with a lot of GPS and map links.

What happens when we get broadband connectivity in our cars? Tieing gpsd to GoogleMaps isn't that difficult.