Tuesday, January 31, 2006

Monday, January 30, 2006


I don't see a whole lot of value in it but the Mailinator is an interesting diversion. It uses Google Maps to track spam sources.

Sunday, January 29, 2006

DAZ Studio

For those interested, you can still get a free copy of DAZ Studio, a 3D studio app for Windows and the Mac.

Saturday, January 28, 2006

Don't tell!

A common theme in discussions at ShmooCon causd me to posit the following...

The dirty secret in network security is that, in organizations that do not budget for network security and training, the network administrators often look forward to the next major outbreak as it's the only time that the company will spend money to fix existing problems.

Thursday, January 26, 2006

Asterisk VM

For those that want to experiment with Asterisk without having to install Linux, AstLinux has a VM that you can run on VMware's VMPlayer.

Wednesday, January 25, 2006

Battery U.

It's massive overkill but Battery University has just about everything you ever wanted to know about batteries. So much so that the FAQ is broken into three parts and each question links to its own page. (Thanks to adminfoo for pointing it out.)

Tuesday, January 24, 2006

Asterisk Book Online

For those interested, O'Reilly's new book "Asterisk: The Future of Telephony" is available online. It's a good book to have if you're working with Asterisk, in print or online, especially in print (Hint! Hint!)(Buy the hardcopy!)

Look for the "Read the book online!" link under "Project Information" on the left.

Monday, January 23, 2006

Richard Betjlick

Richard has a good synopsis of what he saw at ShmooCon. Reading the comments are worthwhile too.

In answer to the question about taking the Metro, I can't. Hanashi took me on a nickel tour of the local metro station (yeah, you can call me a n00b tourist) and the thing that sticks in my mind the most is that second escalator. Combine my bad eyes/feet/knees with the non-perpedicular seams in the cement walls, the encline, and the fact that the handrails were moving at a different speed than the stairs and my thoughts were: It'd be painful to fall off a step. I wonder if anyone has?

Given the distance traveled, I imagine that falling from the top of the up escalator to be much worse (there's further to go). Next year, I'll have to try taking a picture.

Update: Oh! Thanks for the book, Richard!

Sunday, January 22, 2006

New podcast

For those interested, the TMBG site has the second podcast posted.

NIC whore

Simple Nomad's ShmooCon presentation raised a few eyebrows for those that didn't know about the "feature". That article gives a good description of the problem and has the usual "this is a bug?" comments. Chalk me up as having the same light bulb response as the AirMagnet guy.


Evidence of one of the cons-within-a-con (or at least Bruce abuse):

That and ShmushiCon...
Apologies for the quality. I noticed that use of the flash quickly annoyed people so I experimented with taking much slower pictures (you'll see the "effects" that caused in the remaining pictures). Click on the picture for the larger version.

Saturday, January 21, 2006


A lot of crap gets cached in Google. I'm having trouble with various searches this morning as the majority of them default to a page at search.ug. I wonder how long it'll take until someone at Google catches on and cleans the sludge out of their caches. There's a lot of talk about it in various forums.

Friday, January 20, 2006


My apologies for not posting over the last few days. The end of the con also butted up against another trip so I've been out of town for awhile. I've backfilled posts for the last few days.

Thursday, January 19, 2006


For those not paying attention, the first draft of 802.11n is on the streets. Please note that this is a first draft, open for public comment. It means that, vendor claims aside, buying that "pre-n" equipment off of the shelf may get you into trouble in the long run.

Update: It appears that there's some products that are now WiMAX certified.

Wednesday, January 18, 2006

Root Cause Analysis

It's a bit wordy but if you can do what this paper on root cause analysis describes, you'll make a decent sys/net-admin. Thanks to admin.foo for pointing it out.

Monday, January 16, 2006


I'm not asking to anger anyone, I'm asking an honest question: Is the Web Application Firewall Evaluation Criteria absolutely necessary? I mean, applicaton layer firewalls, Common Criteria and the like have been around for years. Where's the need?

Sunday, January 15, 2006

Misc. Shmoo notes

I didn't post much about day 2 as I was dog tired by the end of the day. The rest of this is just misc. notes, in no particular order.

Because most of the con was at a club across town, soaking up free drinks, it was pretty quiet in the hotel. I was able to talk with Rob, Doug, Howard (both from Rob's class), Hanashi and Telmnstr. Various other con members wandered in and out but it was much quieter.

The Shmoozers had something else to do at that time (their con was still in full swing, with stomping, singing and chanting at 10 p.m.). Though one drunk Shmoozer did run through the lobby screaming. (What was that about?)

Only a few Shmoo'ers were shot with ping pong balls. (No Shmoozers were targeted.)

In any case, I crashed at 10 p.m. and didn't get up until the following morning. Sunday went by pretty quickly, with two morning sessions followed by Johnny Long's presentation (J.L. ripped on Bruce) and the Shmoo Group's closing comments.

Audio and video from the con should be available shortly. The code for various projects, including the Hacker Arcade stuff, will also be available shortly.

I expect the audio/video stuff to be made available via BT only so please be nice and share at least the same amount as you leech. I recommend at least the ones that are wireless-related, which is what was the most-populated topic. The Asterisk talk was a bit basic, being aimed at someone considering it's use, not at someone who's actually set a box up. Heck, if you've got the space, get all of them.

I asked Heidi about the rumor about self-inflicted wounds and she stated that, yes, some people had cut themselves with their badges.

To clear up a bit of confusion, the MK console also belongs to Telmnstr.

General impression: the Con was worth attending. It needs to be longer though. Two days of talks isn't enough.

I have a few more pictures but won't have the time to post them until this weekend.

Saturday, January 14, 2006


Here's a few pics from the Hacker Arcade at Shmoo 2006:

More later (maybe). Some here don't like the flash.

ShmooCon 2006, Night 1

Uh, I actually miss the religious groups that were here last year. I mean, they left us alone, we left them alone. This year, there's at least three MLM groups in the upstairs conference rooms. There's still the old-time religion style of singing, clapping and haleluyah'ing, it just doesn't involve God this time. The motivation for this bunch is "money".

The Shmoozers see the Shmoo'ers as "opportunities". The Shmoo'ers see the Shmoozers as "victims". Things only get uglier if you mix in $4 beers, $7 mixed drinks, the free MLM-brand hi-caffeine drinks (ala Red Bull-dosage) and their free pizza ("while you eat that, let me tell you about...").

Oh, and we can't forget the ping-pong shooters that various attendees were carrying. By the end of the night, every time there was a loud poompf from one of the shooters, the Shmoozers would duck and look to see where it was coming from.

To make matters worse, it wasn't just one MLM group. It was three rival groups! One even had a youth group that sat on the floor behind the escalator and said things like "My goal is...", prior to being applauded by the rest of the group.

In any case, we're proably going to hear about this during Beetle's "Administrative Remarks" first thing in the morning.

Friday, January 13, 2006

ShmooCon 2006, Day 1

Due to traffic and having to re-arrange next week's schedule, I arrived late and missed the opening comments by Bruce Potter and Dan Geer's keynote. Was able to find a parking spot (finally) and unpacked the car.

For the first session, I sat in on "Behavioral Malware Analysis Using Sandnets" by Joe Stewart from LURHQ. It's an interesting approach, using real machines (as opposed to virtual) that are instantiated via scripts and dd. It's the Internet that is virtual and before-and-after snapshots are diffed to see what the malware changed.

The "Asterisk: VoIP for the Masses" by Damin was a bit basic (for me). I went back to the arcade and took some pictures (viewable tomorrow).

For the last lecture of the day, I sat in on "The Church of Wi-Fi presents: An Evil Bastard, A Rainbow and a Great Dane!". In short, if you're using WPA-PSK, change your SSID's often and don't base 'em on dictionary words. Renderman also pointed out or demo'd a few tools that I didn't know about and am interested in experimenting with.

All in all, a good start to the con.


I'm on the road to ShmooCon. More later.

Thursday, January 12, 2006


Last night's HRSUG meeting went pretty well. David used us as guinea pigs, trying his presentation on us prior to the "formal" presentation on Saturday at Shmoo. It was enough to rekindle my interest in Sguil, something that had died a painful death years ago due to extreme difficulty in getting all of its components up and running.

There are now two easy ways to get Sguil up and running: the VM (blogged previously) and InstantNSM, which is a bundling of the usual components in one package.

One thing to keep in mind: this is a security monitoring tool, not a Snort event browswer. The differnce (other than the quantity of the data and the number of tools providing input)(Snort is not the only input) is that Sguil is a way to manage those events, i.e., categorize them, escalate them, or correlate them.


Auch! My wife is such a geek! She gets paid to program in a dead language (SmartForms) and gets excited about learning new syntax for Excel.

(heh) Hi hon!

Wednesday, January 11, 2006


For those not paying attention, the January HRSUG meeting is tonight. David is showing of Sguil and talking about the WMF bug. Hopefully I'll be able to make it this time.

Tuesday, January 10, 2006


Only two shopping days left until ShmooCon 2006. This year should prove interesting. Bring extra quarters (you'll need 'em for the arcade) and your moose repellant. (They say there's no moose but there were rumors of someone sneaking one into the building. I think it was spotted at the Interzone party.)

Monday, January 9, 2006


Here's a couple free tools that are valuable to have...

Richard Bejtlich (Tao Security) has developed a Squil VM that you can run using VMware's VMware Player.

If you're interested in learning about Snort, Sguil, VMware, or any of the other tools that Richard as gathered into the VM, this is a good collection of tools with which to experiment. (I've always had trouble getting Sguil up and running.) Thanks Richard!

Update: Richard's follow-on posts about the VM are also valuable. Be sure to read: this, this, this and this.

Sunday, January 8, 2006

How far?

So just how much milage can you get out of just one joke? Funny! I recommend reading the comments too.

Saturday, January 7, 2006

Missing something

Can anyone explain the missing pieces in the news article about the high school senior arrested for pushing F5? I have this feeling that it involves a really bad assumption and overacting (over-reacting?) by school officials.

Correct me if I'm wrong but doesn't hitting F5 in IE cause the page to reload? And just how much "damage" can multiple refreshes do?

Friday, January 6, 2006


It's not hard to tell that there's something going on within Cox.net. I'm watching the arp requests hitting my gateway and there's at least 4 IP's attempting to access every IP in the local class C's.

Thursday, January 5, 2006


(heh) You should not open doors on moving trains.


I spent most of last weekend playing with the NSLU2 and miscellaneous stuff from my junk box. So far, I've only got one "project" up and running: serving files off of the iPod to a television set via MediaMVP. It's of some interest but the one limitation is especially annoying: videos are limited to MP1 and MP2. Given that I'm only trying to loop a 3-5 minute video for public consumption, I may just drag my laptop along and plug the monitor into that. I'm not saving myself that much work by using the NSLU2.

Wednesday, January 4, 2006


How often do you need to hear "enhanced user experience" (para. #2) before it sets off alarms in your head.

Tuesday, January 3, 2006


If you're looking for something interesting, you might try taking a look at what's going on behind the scenes (sort of) on the Internet. The Internet Research Task Force (IRTF) is sponsored by the Internet Engineering Task Force (IETF) and the Internet Society (ISOC). It's stated mission is "To promote research of importance to the evolution of the future Internet by creating focused, long-term and small Research Groups working on topics related to Internet protocols, applications, architecture and technology."

Research groups under the IRTF include:

If you look close enough, I think you'll find some sort of activity that interests you.

Sunday, January 1, 2006

DNS Name Prediction

I managed to trip across Johnny Long's article on DNS Name Prediction. He'd briefly discussed it at Defcon/Blackhat this past year and, apparently, has a short article out on the topic.