Friday, March 31, 2006

Thursday, March 30, 2006

root-tail

root-tail is one of those tools that remains valuable, even though it was written years ago. It allows you to tail multiple log files at the same time.

Wednesday, March 29, 2006

Wi-viz

(*sigh*) It's getting crowded around here. Used to be it was just Retch and my network 'round here. (heh)

Bluetooth Security

Bluetooth is one of those services that highlights the fact that people are willing to give up security for convenience. Last night I realized just how convenient it is. This is my first phone with a Bluetooth headset. It also has voice dial which I've gotten into the habit of using. I parked in front of a store and called my wife while I walked in. It wasn't until I was in the dairy section that the call dropped out and I realized that my phone was still in the car. (heh)

In any case, here is a large link page for Bluetooth-related info.

Tuesday, March 28, 2006

Links

Here is a link page for network protection and law-related topics.

Monday, March 27, 2006

DNS attacks

This kind of attack has been around for years but for some reason, DNS amplification attacks seems to be the attack de jour. The panicky types have recommended recommended all sorts of action to protect their networks but it has little effect because it doesn't change the fact that recursive DNS servers exist and will probably continue to exist. Also, if DNS amplification attacks are ever fixed, there's always some other protocol available that will return larger packets in response to a spoofed input.

Sunday, March 26, 2006

E.S. Posthumus

Thanks to Ithilion for pointing out E. S. Posthumus's site. They've had two songs picked up as themes for CBS and the others are interesting also (though I don't have the same like for Pompeii that Ithilion did). He also pointed out the Trans-Siberian Orchestra (you know, the one that produced the song used in that we-all-wish-we-had-that-neighbor-annoying-Christmas-light-show--from-hell video).

Saturday, March 25, 2006

FC5

A friend (hi Dave) and I grabbed Fedora Core 5 the day after it was available and built a VM out of it. I think that this is the first version from Red Hat (FC RHEL, and the older distros) that didn't have an error during install. Maybe things are improving? Finally?

Then again, I could be doing something wrong (you ever have that feeling?). An install of the latest OpenBSD also went off without a hitch.

Friday, March 24, 2006

Wikipodia

Note to self: try installing Wikipedia on the iPod if you find the original dd for the old iPod.

Thursday, March 23, 2006

Shmoocon - 23 March 2007

We actually made good time getting here (less than 4 hours). We're actually staying at a pretty nice hotel in Bethesda, MD and taking the train in. It's actually a much nicer hotel than the 5-star Wardman Park Marriot and we're saving $150 per night.

Caught J0hnny Long's talk on "No Tech Hacking". As usual, it was worth seeing. (Dave bought the DVD the next day.)

It's old home week at Shmoocon. The usual Shmoo's and non-Shmoo's are here. (Shouts to Telmnstr, Count, Remad, Jeff W., Rob, Squidly1, Hurd, and anyone that I've missed so far.)

I think that this Con is a bit of a let down after the previous two. This one suffers a lot from timing as the hotel is under construction and the restaurant has been moved into where us lay-abouts would normally take up space on the lobby furniture (i.e., a lot of the chattering has been moved into the bars up the street). Syngress did not show up (no books this year) and the WiFi vendor didn't bring any Bluetooth gear (what I was hoping for). I did get a new card and a fistful of adapter cables though...

In any case, I'm having fun catching up with people I haven't seen in a year and trying to not overdose on the Starbucks.

XXX

For those that haven't noticed, the .xxx debate is coming around again. Personally, I don't think that it's a good idea, for reasons already stated.

Wednesday, March 22, 2006

Airpwn

Defcon attendees are already familiar with the tool but here is an article on airpwn, the traffic injection tool that made some guys butt shot famous.

Tuesday, March 21, 2006

Recovery

I was able to recover some of the work that was lost during the 757 server switches. The Kismet and Perl has been restored thanks to Google caching pages from the old users-x page.

Monday, March 20, 2006

Wireless calculators

If you work with wireless, especially the long-range stuff, Zytrax's wireless calculators page might come in handy.

Sunday, March 19, 2006

Saturday, March 18, 2006

802.11 redir

Here is a paper on SSID redirection. It sucks as a feature due to the various ways manufacturers implemented the firmware. It makes a better denial of service attack but that isn't saying much either. It still sucks due to the various ways different cards respond. It is a nice-to-know though.

Friday, March 17, 2006

Thursday, March 16, 2006

Tax trouble

I messed up my taxes? Heck, how'd that happen? I haven't filed yet.

Just kidding. I managed to receive four e-mails containing supposed IRS notices saying that I'm owed money and that I should click on a link and fill out the form there.

It doesn't lead anywhere but here's some of the particulars:

From admin@irs.gov (the system administrator for the IRS cares about me!)
The header graphic is from irs.gov.

Del'd byReturn-PathIMP IDClicking link leads to:
61.221.79.115test@simhope.com.tw9Uhz1U02V2VGYjh0000000http://200-158-140-157.dsl.telesp.net.br/update/IRS/caseid886432/
61.221.79.115test@simhope.com.tw9Url1U00c2VGYjh0000000http://200-158-140-157.dsl.telesp.net.br/update/IRS/caseid886432/
61.221.79.115test@simhope.com.tw9UnS1U01n2VGYjh0000000http://200-158-140-157.dsl.telesp.net.br/update/IRS/caseid886432/
61.221.79.115test@simhope.com.tw9YMR1U0212VGYjh0000000http://test.spnet.ne.jp/Gmark/image/caseid886432/

Note that I've said "IMP ID" and not "MSG ID". This and info available about simhope.com.tw leads me to believe that they're an ignorant middle-man. It's the links that the message tries to trick recipients into clicking on that are interesting. Three were from 200-158-140-157.dsl.telesp.net.br and one was from test.spnet.ne.jp. Let's try those.

The nslookup on 200-158-140-157.dsl.telesp.net.br returns 200.158.140.157. A whois lookup on that IP indicates that it belongs to Telecomunicacoes De Sao Paulo S.A. (Sao Paulo Telephone?). Almost obviously a DSL account.

The nslookup on test.spnet.ne.jp returns 211.12.208.189. A whois on that IP indicates that the IP belongs to "Japan Network Information Center". Another telephone company?

Connection attempts to 200.158.140.157 time out. However, connection attempts ("wget -S") to 211.12.208.189, indicate that it's an Apache 2.0.40 server running on Red Hat Linux. The default page was last modified approximately 22 1/2 hours prior to my accessing the server. Oh, and the default page amounts to an open-html tag, an open-body tag, a close-body tag, and a close-html tag. An attempt to visit the page in the link returns a 404 error. However, clicking on the link in the email returns a page containing Japanese sentences. A Babel Fish translation of those pages returns "There was no information which agrees with search. Doing, please try searching for the second time e.g., keyword, category and the commodity etc. are modified. Swallow" followed by a series of untranslated characters.

So it's more or less a dead end. If there was anything there, it's inaccessible now (short of having physical access to the machine). Hopefully you weren't one of the ones that fell for it.

Wednesday, March 15, 2006

Bulwer-Lytton

I posted this last August as a reminder to myself. I'm not sure of the
actual date that submissions will start to be accepted but I think that
there's approximately 30 days left to submit entires to the Bulwer Lytton Fiction Contest.
Yes folks, this is a writing contest for the worst prose. Single
sentence submissions only. Visit the site for the offical rules.

Tuesday, March 14, 2006

Recon vids

Derez has pointed out that the Recon folks have posted the videos from the 2005 con here.

Sunday, March 12, 2006

Nixie Tube Watch

I can wax nostalgic as well as the next guy but $395 dollars for a Nixie tube watch that I could build out of $5 in parts is a bit much. Oh well, for the old fart geek that has everything, right?

Saturday, March 11, 2006

Friday, March 10, 2006

The Measurement Factory

Don't let the front page fool you, The Measurement Factory has a treasure trove of infomration on its site. Uh, DNS-related that is.

Thursday, March 9, 2006

Captchas

Sam Hocevar's PWNtcha site has an analysis of the strengths (and weaknesses) of various Captcha implementations. It's a few months old but still interesting.

Wednesday, March 8, 2006

Tuesday, March 7, 2006

Back to basics

In Information Systems, there are always trade-offs and contentions. There are also basic "rules of thumb" and best practices. Oh, and let's not forget basic human psychology. The problem is that various "industry leaders" seem to periodically forget these tenets and attempt to introduce something new.

The current in-vogue practice is to declare the use of passwords as "old school" and hint that it is the least secure method of protecting your information. Example: Microsoft wants you to switch to token-based authentication, claiming that we should give up using passwords. The truth is that they are only telling your half of the story. What's actually being done is they are not replacing passwords with token-based authentication. You still need some form of password (pin number, pass phrase, etc.) as part of your login process. Contrary to what the media has interpreted/spouted (yeah, even Gartner), passwords are still there.

If any system claims to be more secure by replacing passwords with such-and-such a method, I don't recommend that you buy/use it. Until such time that biometrics become more accurate (much fewer false positives/negatives) and secure, passwords will remain the foundation upon which to build highly secure control systems (keep in mind that this means: authentication, non-repudiation, and identification). For passwords:

  • there are much less control problems
  • inventory and distribution issues don't exist
  • controls over type, length, rotation, etc. are much more flexible
  • there are far fewer false positives than any other form of authenticaion (i.e., you don't get in by mistyping your password)

Passwords major drawbacks are:

  • there are far too many tools to create defeat password based systems. However, it's the old arms race again. Whatever form of authentication is dominant will be the one that is attacked the most.
  • People will take the path of least resistance and use the most easily remembered passwords, also making them the most easily guessed. However, there are available controls to counter this problem.

Tokens and biometrics have a long way to go before they replace passwords as the primary form of access control and authentication. Hopefully the hype will fade into background noise shortly.

Monday, March 6, 2006

Out of date books

Argh!! I've got out of date manuals! The book on Postfix that I own is now five years old and is now obviously out-of-date as I had to Google for the proper configuration for aliased/fancy addressing. I wonder if electronic paper will ever get to the point where we can have portable 10-15 page devices that contain entire (multiple) manuals that are automatically updated? I'd pay a small fee for the service.

Sunday, March 5, 2006

SFE

Spark Fun Electronics was pointed out on the Zipit mailing list as a source of interesting project modules and tutorials. I wonder if some of the modules would work with Derez's Gumstix projects...

Also pointed out was E-Clec-Tech which carries the door locks that Telmnstr was looking for (Arcade section).

Saturday, March 4, 2006

Viewing Word

Hoyt, on the TWUUG mailing list, has pointed out a Linux.com article which discusses various tools for viewing MS Word files.

Friday, March 3, 2006

Sleep

Things I've noticed from multiple trips in the recent past:
  • No matter how big you think the airport is, there's one larger, elsewhere (Dallas, Denver and O'Hare so far)
  • The size of the rental car you drive should match your own car as closely as possible
  • eat food before you get on the plane but limit fluid intake until after your arrive (I won't explain that)
  • no matter how much extra space you leave in your suitcase, you'll always not have enough room to bring everything back
  • What's considered polite in one location can be extremely rude in another (I won't explain that either)
  • I have a serious Starbucks addiction
  • You can get jet lag from as little as a one-hour time difference
  • The TSA should be empowered to pull people out of line and force them to bathe prior to boarding (there's a difference between long-distance sticky and long-distance slimy/greasy)
  • And finally, if you show up the suggested two hours early, the flight will inevitably be delayed at least two hours.

Thursday, March 2, 2006

Zipit

Picked up a Zipit to play with recently. Was able to reflash it with "Adam's Alternate ROM load". I now have a small/portable wireless SSH terminal. Gotta find the Dremel and mod a booklight for it now as the LCD screen isn't that readable in anything but sunlight. I wonder how long the battery will last...

Wednesday, March 1, 2006

Frys

I can finally say that I've been to a Frys. I visited the Plano, TX store, last night after class. Things I liked: the size of the store and the variety of stuff. Things I didn't like: the mail-in rebate crap (ala CompUSA) and that they really didn't have a lot of new stuff. They also didn't take my credit card so I missed out on a refurbed Nokia 770. (*SNIFF*) All in all, it was a lot like Best Buy on steroids with a KB Toys mixed in. It's a good thing there's not one near where I live as I'd probably be broke all of the time.