Friday, September 30, 2005

Wish list

The following from PCPhoneLine
are going onto my wish list:

Anyone know of any reason why I shouldn't?

I didn't add the VPT1000 to the list because it's a corded (USB) phone, something I'm not looking for at this time.

Thursday, September 29, 2005

Trojan ports

You may find it useful (I don't): Rob (NetSec) has a Excel spreadsheet of well-known trojan ports. I don't like it because it's just a spreadsheet of ports and names; it contains no extra data.

Wednesday, September 28, 2005


Open ITWorld has an article
entitled "Finding Text in Context" which talks about using grep. This is another one of those good-to-knows.

Tuesday, September 27, 2005

Extending Nagios

Unix Review has an article about extending Nagios, a good tool for monitoring metrics and various statuses within your network.

Monday, September 26, 2005


Could it be that Touchstone Pics "gets" it?

I've just watched the DVD
for Hitchhiker's Guide and the previews were a menu option, not a
required series of bits that you passed through on the way to the movie.
Heck, after watching the movie, I went back and watched the two previews
that interested me.

Sunday, September 25, 2005

Saturday, September 24, 2005

Registry Listing

(from adminfoo) Microsoft has a listing of registry keys. It's a bit blind for third party software but is a good resource for Microsoft keys.

Friday, September 23, 2005


It's interesting and frustrating when you're doing research (in this
case, for the Kismet::Client wiki entry) and search engine searches
return your own work-in-progress. Arg! (heh)

I've finished sorting
out the Kismet tags and I'm trying to fill out the descriptions of each.

Thursday, September 22, 2005

Audio Processing

A classmate recently used my iPod and a iPod microphone to record a
class that I could not attend. Needless to say, the audio was extremely
poor. I've managed to clean up the audio by running it through a few of
the filters in Audacity but I'm still not that happy with it.

I was
able to find this list
of tools available for Linux but it's obvious that I have no clue about
where to start. Anyone have any good how-to's or a list of recommended
books? It appears that this is going to become more and more important
for me as the topic of recording lectures has come up quite often

Wednesday, September 21, 2005

Hash Function Workshop

NIST is planning on hosting a Hash Function Workshop to solicit public
input in how best to respond to the issues arising from Wang, Yin, and
Yu's paper on SHA-1 collisions.

Tuesday, September 20, 2005

Monday, September 19, 2005


Well the spaceship failed to appear on time and rescue me. I'm faced
with having to experience yet another Talk-Like-A-Pirate Day


p.s., Anyone know if you-know-who dressed-the-part


Are some people are entirely too paranoid? I find the idea that eavesdroppers can figure out what you're typing after 15 minutes of eavesdropping, while technically possible, just a bit over the top. Things like this, while feasible in the lab, tend to be impractical in real life.

In any case, for you tin-foil hat people, here's a list of countermeasures so the black helicopters don't get you:

  • Never use the same computer for more than 15 minutes
  • never use that computer in the same location
  • construct a "glove box", with sound dampening material, to contain the keyboard (helps block those evil shoulder surfers too!)
  • Intersperse a significant amount of random letters in your text and then go back and remove them with the mouse
  • purposely mispell your "Letters to the Editor" to throw off the statistical analysis (it won't change the Editor's opinion of you any)

Can anyone else think of any? (heh)

Audio Analysis

(This is a repeat but...) Rob and I are going to have to talk about this tonight. Very few of use should be concerned about password (or other text) capture via audio analysis.

That is, unless you're worried about who's listening via the microphone that you're absolutely sure is in the smoke detector, along with the radioactive source the government put there to slowly kill you.

Sunday, September 18, 2005


The joatWiki has been moved to the new server. Although the
host name may be transitional, that is where the data is located. I
will start deleting information on the old server shortly.

The Side Channel Cryptanalysis Lounge

Via NetSec: here is the Side
Channel Cryptanalysis Lounge

Saturday, September 17, 2005

Star Wars

From the too-much-time-on-their-hands category: You can view the
animated text version of Star Wars by telnet'ing to

It appears to be full-length but I didn't have
the time to watch it all the way through (got as far as Luke meets Obi-
Wan). Is the story line that bad without the special effects?

Oh, it's safe to ignore the IPv6 comments. It'll still play.

Friday, September 16, 2005

You know you're a dad when... hear (or find yourself saying) this or
"Put the hammer down and let go of the cat!" or "That's not what that's
for!" and you don't even bother to look up.

Wednesday, September 14, 2005


Still more fun with Kismet::Client in the Wiki. Experiments in determining the Perl-accessible variables in Kismet.


As a counter-weight to Marcus Ranum (yesterday's post), here's an example of what Marcus was talking about...

Uh, could someone take a handful of clues and slap David Coursey with them? I was just pointed to DC's June article where he promotes what amounts to censorship, though he claims it's not.

Originally, I wrote a long, rambling vent about how ignorant DC is. Thanks to the recent outage, I've reconsidered my thoughts and have slightly more PC recommendations: David, go take a civics class (to find out how government works) and then take a criminal justice class (to find out how law & law enforcement work).

For any law students reading this, here's a quiz: what were the errors in his article? (5 points each) Answers later.

Tuesday, September 13, 2005

6 Dumb Ideas

Marcus Ranum has an interesting article on "The Six Dumbest Ideas in Computer Security".

I agree with "Default Permit", "Penetrate and Patch" and "Action is Better Than Inaction". I could do without the Sun Tzu reference, regardless of what he did or did not say. That reference gives the impression that your management isn't to be trusted. (See "user" reference below.)

I had to read all of "Enumerating Badness" before agreeing with it. It's AKA "log file reduction".

I slightly disagree with his position in "Hacking is Cool", only for the factor that the only available alternative (currently) amounts to "ignorance is bliss".

I have issue with his "Educating Users" section as it comes across as "don't trust your users" and the need to "protect people from themselves". However, I'm not saying that I disagree with him. I just don't like how he stated the issue.

"The Minor Dumbs" are mostly spot-on, though the root of the problem (IMO) is the security vendors that promote those ideas in the first place. Every single "minor dumb" originates in the marketing fluff that management reads on a regular basis.

Monday, September 12, 2005


My apologies. I ran afoul of an experiment with group quotas. The powers-that-be have fixed the issues (thanks Count!).

Update: I've reposted the missing posts. Anyone who'd left comments between 9 Sep and 12 Sep, please repost them.

Sunday, September 11, 2005

Wiki - Kismet

I've put some more work into the "Kismet & Perl" wiki page. (Still more to come.) Take a look at it here.

Saturday, September 10, 2005


The blog may be a bit dodgy this month for a couple of reasons:
  • I plan on adding memory to the cantankerous antique of a machine that I call my desktop system
  • the powers-that-be at 757 have said that the current system has a very nasty wobble and that we should migrate to another server

Please bear with me/them.

Update: OMG! I should have added that memory years ago. It probably would have saved me the cost of the two hard drives that I wore out (from almost incessant page swapping). I actually like Windows boot-up speed for once (it's that noticeable)!

Update II: In performing clean-up for the move, I've taken a lot of older non-joat content offline, such as the files from last year's ShmooCon. If something's listed-but-offline, ask.

Thursday, September 8, 2005


It's basic but it's good to know: TCPWrappers.

If you have a *nix system, you should be using this in conjunction with some sort of packet filtering software (IPTables, BPF, IPFS, IPFW, etc.), even if it's an internal system.

Wednesday, September 7, 2005

Sysadm Law

If you administer a system/site for anyone, even for family members,
it's a good idea to be familiar with the topics described in David
Loundy's E-Law4.

Tuesday, September 6, 2005

9 Questions

ComputerWorld published a
valuable article almost a year ago that will probably be applicable for
a very long time: Nine
questions to ask when evaluating a security threat

Things to
keep in mind when asking yourself these questions: the underlying
assumptions are not static and other "forces" may change the questions.
To be able to answer the questions effectively, you need to have
intimate knowledge of your infrastructure (well-maintained documention)
and you need to know what "normal" traffic looks like (well-monitored

Monday, September 5, 2005

Kismet and Perl

I managed to find some of my original notes on using Perl with Kismet.
There were a lot of errors so I'm redoing all of the work while I'm
adding it into the Wiki. Take a look (here)
at what I've got so far.

Bluetooth spam

Bluetooth spam is coming into existence. Bruce Schneier has talked about some of it.

My thought is that this will lead to physical vandalism of a number of vending machines, due to the short transmission ranges involved. In other words, rabid "no spam" types may assault the local soda machine because they receive unwanted "Drink Pepsi" ads every time they walk by it.

This could lead to some interesting developments. I can see just about every type of spam (porn and "your system is insecure" included) being transmitted in public places.

Saturday, September 3, 2005

Worm invades!

Pete Lindstrom hit it right on the funny bone. Mebbe he should included a comment about [the author's agenda to change something] or how the author released the worm because he/she [verbs|has a secret verb] for [person|place|thing]?

Friday, September 2, 2005

No op

Nothing much to talk about today. I'm just getting back up to speed
after taking a certification test two weeks ago. Except for a few
posts, you've been reading from my backlog. The test was so rough that
it put me "off my feed" for the better part of two weeks. Tonight is
the first time that I've typed (non-work-related) for more than 5

The test was horribly convoluted, the questions poorly
worded, and overly rationalized. I got the feeling that they were
testing more for the ability to pick the question apart rather than for
problem solving or knowledge.

And, yes, I did pass. Just don't ask me
to say anything nice about the course or the certification. I don't
feel that anyone, having passed the exam, has accomplished anything.
It's ironic that the certification is promoted as one of the leading
accomplishments in the field. The course and test bank strongly needs
accreditation by an external entity.

Note: this is not the
certification that I talked about last weekend.

Thursday, September 1, 2005


Anyone know of a short-haul star freighter in the area that can get me off of the planet by the evening of September 18th? Why? Because September 19th is "Talk Like A Pirate Day"! Something I can't avoid even by staying in bed that day.

Hmm... Mebbe if I use a hammer on the only house phone?