Thursday, June 30, 2005
Wednesday, June 29, 2005
Arg!!
hadn't touched in two years. What should have taken me 5 minutes to
trace took me 2 hours. You can consider me as wearing the "bonehead"
sign around my neck, at least, thru the weekend.
D'oh!
Tuesday, June 28, 2005
I'll argue the point
If all of the network's users are aware of the consequences of violating policy (and know it's being enforced), incidents won't occur that often. As a former network hitman, I've seen this one in action. No matter what you think of it, it's a method that does work.
Monday, June 27, 2005
Who's your favorite?
it to listen to various Podcast (hate the name) shows. I also burn a
lot of those shows to disk and listen to them during my one hour+
commute to/from work. I'm interested in maintaining a list (in the
wiki) of good geek/tech shows. Here's my favorites:
- any of the
Leo Laporte shows (TLR, TWIT, the KFI shows) - /bin/rev (although
I don't like Stank's personality, he does have a good
show) - Slashdot review
- Geek News Central
- Chris
Pirillo
Others I've been monitoring (haven't decided if I
like yet) include:
- Infonomicon
- Linux Link Tech
Show - Mondays
- LQ
- Linux Link Tech
Show - most of the stuff in HackerMedia
Leave a
comment and I'll add the sources to the wiki.
Sunday, June 26, 2005
Thanks George
Kismet + GPSDrive
that will detect Kismet and add additional capability to the surveyor's
toolkit. Here is Anthony Stone's presentation on the topic. I especially like the slide showing the relationship between the OSI and TCP/IP models (though it doesn't have much to do with wireless).
Saturday, June 25, 2005
HTTP Request Smuggling
Friday, June 24, 2005
Thursday, June 23, 2005
Wednesday, June 22, 2005
A challenge?
take $2K to build something, someone will take it as a challenge and
probably come up with something just as effective for $50, which
somebody else will mass produce for $20.
Something to keep an eye on,
both the bad guy tech and what the manufacturers are going to do to
counter the problem.
Tuesday, June 21, 2005
HTTP Header Exploitation
Monday, June 20, 2005
Call me a skeptic
- ICM will charge $60-$70 dollars, $10 of which would fund someone else's agenda (ICANN also gets a cut)
- the "non-profit" will be comprised of what appears to be groups that will be most biased in the first place: adult material perveyors, privacy advocates, and "child-advocacy concerns" (what are those, exactly?).
- the sentence "Even if it's voluntary, supporters say, adult sites will have incentives to use .xxx.". What incentives might that be? It's certainly not monitary in nature! I think the only other remotely available incentives in existence are moral and penal. Since adult web sites are already considered to be against community morals, the only other incentive is going to be fines/jail time.
- the phrase "required to follow yet-to-be-written 'best practice' guidelines, such as prohibitions" is a triple negative. "Required to follow best practice" sounds like a law. "Prohibitions" does nothing to lessen the impression. Beside, spamming and malicious scripts (code) is already illegal.
- domain managers have had a very spotty history of assigning domains based on qualifications. Outside of the ".mil" and ".gov" domains, chaos prevails. Now we're supposed to believe that an organization made up of members with conflicting agendas is going to be different?
Let me repeat myself: I'm quite skeptical that this situation lead to anything good.
Sunday, June 19, 2005
Astroturf?
Saturday, June 18, 2005
Slurping
You should worry about iPods (or any other USB device) that have alternate OSs because of the DMA issues but banning them because they're temporary storage (without banning all other forms of temporary storage) is prejudicial in nature and basically ignorant.
Friday, June 17, 2005
DHCP error
/sbin/dhclient-script:
configuration for eth3 not found
take a look in
/etc/sysconfig/network-scripts and make sure that ifcfg-eth3
exists.
I'm such a bonehead at times. This caused a situation where a
friend's windows laptop would connect to the network just fine but my
kluge-box wouldn't. Nothing was getting logged. I didn't notice until
I started running all of the commands manually.
Based on the number of
times this shows up in Google, this is a common problem.
Thursday, June 16, 2005
Have fun
Most of the articles are over my head but I do understand a few of them.
Enjoy!
Wednesday, June 15, 2005
Tuesday, June 14, 2005
Lost
1) GIVE BETTER directions to the place. The RD Hilton is at the east end of Page Road. However, the only thing on Page Road signifying the existance of the Hilton is a tiny 6" x 8" sign that appears to be pointing to the Sleep Inn parking lot. I missed this sign the first time through and spent the next hour exploring every inch of Page Road (and it's only a few miles long). Thanks to the manager at the Days Inn for pointing the way.
2) If you're going to present to a roomful of geeks, give 'em tables to work on. Just stuffing a small room with chairs makes the entire experience uncomfortable for everyone, especially when there's a full house.
To give them credit, the presentation was interesting.
The title is "lost" because, as usual, I got lost on my way to where I was going. It's something that I've learned to live with, and my wife has learned to tolerate (our first date, we aimed at a restaurant in the next city... ended up in the next state). This time I did end up at the proper place (after asking directions twice) but I did get to see an ominous crime scene, complete with the population from 6 police cruisers and 3 news vans. Also on scene was 100+ feet of yellow police tape and what looked like a black bicycle laying on the ground. Anyone know what it was?
Monday, June 13, 2005
Sunday, June 12, 2005
Of course
time?". What hasn't been said is that each has its own advantages,
disadvantages and best use. The values that (can) differ with both
implementations include: the layer(s) where encryption occurs,
authentication mechanisms, the layer(s) where encapsulation occurs, and
situations where it's best employed.
I think what we'll see is
peaceful co-existance, in the toolbox.
Saturday, June 11, 2005
Don't give 'em any ideas!
Friday, June 10, 2005
More on XXX
Mr. Javed has come up with a couple points that I hadn't thought of.
Thursday, June 9, 2005
No spam
haven't received any (and I'm not asking for it!!) in a couple weeks.
Spring cleaning
cleaning up some of the code on the site. Experiments and anti-spammer
tweaks have left the back end in a horrible mess. Between that and
work, I haven't had much time to research entries for the site. Please
bare with me for a bit longer and I apologize for the current font set.
Wednesday, June 8, 2005
Bullet hole
aim-and-i.html">shot himself in the foot. However, he caught it in
time and did an quick analysis of the trojan.
Tuesday, June 7, 2005
Ouch! Ow!
being forced to watch level I training CBT's. It's being forced to
watch level I training CBT's that were produced in the mid-1990's!
Ow!
Brain hertz!
Monday, June 6, 2005
Things could be worse
Not even WEP which, if it's all you have, you should still be using. My neighbor thinks I'm hacking his systems because I know the names of his machines. He is a heavy MS user (including SMB) and doesn't understand that when he turns off his AP (for security reasons) his machines will join any other wireless network. My network monitors are full of entries about "MoonGodess".
I guess it could be worse.
Sunday, June 5, 2005
Security Links
security-related sites. It's worth exploring, there's some "doozies" in
there (try the "Privacy" or "Downright Scary Threats" links).
Saturday, June 4, 2005
BOHICA (More of my pessimism)
Expect this domain adoption to lead to an extended excercise in frustration, polictics, censorship and name-calling. ICANN is making the TLD available (for $75 per domain) so that porn sites can move in. What's not being said is that most porn sites probably won't move there because it makes censorship of their site(s) extremely simple.
An good example of this is "www.whitehouse.com". The site uses that domain for two reasons: notariety and to attract fat-fingered surfers.
What happens when ICANN figures out that very few web sites are buying their $75 .xxx domains and are sticking with their $5 .com/.net domains? It's likely to involve parental controls, loud proclamations of "we're doing it to protect the children", and attempts to force migration to the .xxx realm.
It'll only get nastier after that. Because I periodically write about things that are unpleasant to some (and sometimes include the word "fuck"), does this site deserve an adult rating? Who gets to categorize the site? How long before people realize that the Internet is an adult tool, not a child's playground?
Hopefully, the .xxx domain will exist to hold only those sites that want to be there but (feel free to call me a pessimist) I don't believe it'll exist more than 6 months before either the legislative branch or the media calls out the lynch mob.