Tuesday, November 28, 2006

Wi-Spy Picture Album

Given the response from the pictures (and my own fascination), is anyone interested in building a "photo album" of Wi-Spy shots? If no one's done it yet, I'll donate space on the wiki.

Monday, November 27, 2006

Too cold?

Harold Welte has a gripe about air conditioning turned up too high. He managed to irk me.

He asks, "How weak have we become if we can't even tolerate temperatures up to, let's say, 30 centigrade?". My response is it's probably pretty weak if we can't tolerate a little cold, say 21 C?

It irks me because I'm from much further north and I'm quite comfortable in a server room kept at 13 C. I'm used to winter in Buffalo (snow depths measured in feet) and Chicago (sub-sub-zero wind chills). I actually suffer at 25 C.

My secondary response is to tell Harold to bring a jacket if he ever visits me. I won't visit him as there's only so much clothing I'm allowed (by law) to remove in public.

Oh, sorry: here's rough equivalents: 30C ~ 86F, 25C ~ 77F, 13C ~ 55F, 21C ~ 70F.

Sunday, November 26, 2006


For those interested, I've posted notes on my getting the Linux version of SageTV (including the MediaMVP module) up and running.

Saturday, November 25, 2006

For Dave

Dave: Here's the bookmarks. Look for the "video" and "streaming" tags in the right-hand column.


For those that care, I've copied the Wi-Spy screen captures into the wiki.

Friday, November 24, 2006

Wi-Spy Pic 4

This latest screenshot from the Wi-Spy is probably useless for everyone else.

What you're seeing is the traffic generated by my running "iwlist eth1 scanning" on the AP, over and over and over. Doing so revealed that the light noise between channels 10 and 13 isn't actually my neighbor's network. Rather, it's two neighbors' networks on channel 11. There was also another neighbor's network on channel 9 (weird choice).
I really need to get outside and map the neighborhood. I especially need figure out how much interference the video sender will cause if I leave it running on channe 4 (around channel 11 for 802.11 traffic).
Note to self: copy these pics into the wiki.

Thursday, November 23, 2006

Wi-Spy Pic 3

Here's another from the Wi-Spy. This one turned out to be quite valuable to me (or at least it explained a lot about some interference issues).

What you're seeing is a capture of the signals from each of the channels on my Grandtech AVW-1000 Video Sender that I use to send audio/video into the back of the house. The interesting part is channel 1 which obviously fails to conform to FCC interference regs. (It's an old piece of equipment though). The bad news is that I'm going to have to rethink my spectrum management now that I can "see" it.

Wednesday, November 22, 2006

Wi-Spy Pic 2

Here's the second screenshot from the Wi-Spy.

The red, yellow, green and orange dots are generated by my own access point, running in 802.11g mode on channel 6. The bar between channel 8 and 9 has me intrigued.

Tuesday, November 21, 2006

Wi-Spy Pic 1

Here's the first screen capture from the Wi-Spy. There's not much there as it's a picture of the background noise at my house.

The light noise scattered between 10 and 13 is actually a wireless network belonging to a neighbor, a few house up the street. I have no idea what that narrow band of signal between channel 8 and 9 is. Josh Wright had pointed out a similar band during a recent talk and indicated that it was a wireless camera. Maybe that's the case here too.

Weird spam

Just noticed the following... (Click to see photo). (89K)

Do you see it? (Hint: look at the body but not the text.)

I've got a growing collection of messages in which someone has gone to the trouble of adding little colored threads. It is not a picture as the text is normal. Though the threads are included as part of a graphic, they are inline. If I resize the window, no scrollbars appear (unless there's too much text).

This is too weird. Anyone have any ideas on what it is?

Monday, November 20, 2006


Once again, the Fed Ex delivery was waiting on my porch when I got home (I've already said that we'd asked them not to do that, right?) I'm not unhappy though. It was my Wi-Spy.

I've been playing with it for the last half hour after spending the first half hour building the software (didn't really take that long to build but I had to chase down a few libraries) and eating dinner.

In any case, over the next few days I'll post snapshots of various types of traffic.

Wiki update

For those that care, I've added some work to the wl page in the wiki and have removed the podcast items. The one menu looked horrible in IE.

Sunday, November 19, 2006



Various vaguely-related questions about Mr. Balmer's comments:

  • Why does this sound oddly familiar? (Okay, it's a leading question.)
  • Does this have anything to do with the sudden reversion to that truly horrible TCP/IP stack in the new version?
  • Do people yet realize that a covenant means that they won't sue but there's nothing to keep the originator from calling you a pirate, a thief, or worse?
  • Does Mr. Ballmer believe that the only way his company can profit is to keep the communities alienated? (There is a not-small population that lives in both. I'm one of them.)

I hereby call for Mr. Ballmer to list the misappropriated intellectual property used in Linux so it can be removed and we can get on with life. (Who needs yet another court case where the claim is that Linus or one of his fanatics stole from so-and-so?) (It's been four years and we still don't know what was stolen from SCO.)

Call me a pessimist but I think that PJ and crew are going to have enough material to keep them busy for a decade or more.

Oh, and before I get beat up for being anti-MS, remember that I usually don't criticize the OS. Rather, it's the company's marketing tactics that I am vocal about.

When does it stop? One pont to keep in mind is that the same tactics used against the open source community are readily adapted to the shareware and freeware programmers on both sides of the fence. Once a company decides that lawsuits are a legitimate (in their view) source of revenue, they will eventually strong-arm anyone they think is profiting (financially or otherwise) without "paying tribute" (MS's phrase, not mine). It might also be called "vig".

Saturday, November 18, 2006

Using spackle to seal the bullet holes in your foot

Andre Duran blogged about decentralized security and used the following picture.

The caption reads: "So where do I deploy my firewall now?"
My answer is: "You don't. You're screwed." And because each of those entities at the edge are likely to have similar looking networks, you're screwed.
En masse.
The decentralized border discussion has irked me for years because it makes some very bad assumptions concerning trust. Not trust in people, but in their behavior. Just about anyone that has worked network security for any large firm will tell you that people tend to drift towards practices which require the least activity on their part. In other words, people tend to procrastinate and some are downright lazy. Unless you can guarantee that each of those border entities conform to the letter and intent of your security policies, you're screwed.
En masse.
Your corporate network should reach farther than you can walk in 15 minutes and should only have users whose connection to your internal network can be terminated without a lawyer. The guy who has the power to hire and fire should also be within a 15 minute walk of your office (his pace, not yours).
Decentralized security (the transparent border) has been a rationalization used to spend less money on security and to justify the convenience of teleworking with minimal spending.
External people need access to a service or data set? Good. Stick that service in a DMZ and restrict who can access that. Even better, give them a laptop configured so that it is only capable of connecting to your DMZ. Block your internal users from accessing the DMZ too. If you have to supply access from between the internal network and the DMZ, use an application proxy and limit what can go through where, when (yes time limits) and how.
The only company whose network diagram should look like the picture above is one who gives away network access for free and doesn't require passwords. (In other words, they have no service or data set, only connectivity.)
Yeah, we're going to need identity-based security to be able to use IPv6, but that technology isn't available yet. And don't go pushing NAC at me. That only works when you own the network from end to end (i.e., it's centralized security and won't work with a decentralized network).
Gunnary writes that security models must mirror the changes in business and technology or it's going to be broken. I think he's over-simplified the issue. While the company's "mission" may change greatly (moving from selling sneakers to MP3 players), the reason that the network is there changes little (provide word processing and access to the database).
Decentralized security only works when your users cannot exert changes in any part of the network or even on their local system. If any one of them can connect their node to any other network then there's going to be trouble (ask CNN to tell the story about their senior management and the Welchia worm). If they can connect to yours and the other at the same time, you're screwed.
En masse.
Here's a hint: if you have a firewall like what Gunnar describes, with thousands of open ports, then your security domain is too big and your security policy is too generic. They should both be broken into communities of interest and protected as separate entities.
Don't believe me? Go interview any Fortune 500 company. I'm willing to bet they partition off specific pieces of the network from their own users, not to mention the rest of the world.

Friday, November 17, 2006

Thursday, November 16, 2006

The truck

Reminder to self: Watch for the next issue of Make Magazine. (It is supposed to have Ethan's truck in it!)

Update: It's on the newstands! Ethan's project is on page 151. Ironically, the cover has a pinball machine on the front of it which is what he's toying with now. For those that don't know, Ethan is the one who stood up RockTheSkillCrane.com.

Wednesday, November 15, 2006


I've finally shelled out the coin for my own Wi-Spy. If I beat the delivery home, my neighbors are likely to be treated to a geeky version of "Lady, where's my spy camera?"

IPv6 Security Issues

Here is a paper from Samuel Sotillo which describes some of the security issues associated with IPv6.

Tuesday, November 14, 2006


The fall issue of the International Journal of Digital Evidence is out (probably has been for awhile as I've not been tracking it). Again, it contains good topics. Topics this time out: memory analysis, SIM card forensics and Google Desktop as a source of evidence.

Monday, November 13, 2006


Here is the paper that appears to have started the battle between a security company and a spamming/malware group.

Sunday, November 12, 2006

Indian Head?

I'm Indian Head this week. On the map, it looks like an awfully small town. What is there to do in Indian Head, MD?

Saturday, November 11, 2006


Attention! Would the owner of the system at (in Middletown, NY) please take a look at his/her system? You are infected with a zipped/UPX-packed MyDoom variant and you are annoying the rest of the planet.

Also, would Stephanie Micheneau please review the need for response e-mails for detected infections? MyDoom forges source addresses and I do not run networked systems susceptable to W32 viruses. So please stop yelling at me... (heh)

More customer hell

This has to be the worst week I've ever had with other organizations' customer support. For those that are considering buying the Archos 404 (and possibly their other models), know this:
  • You're only buying basic capability. The ability to view those Hak5 or Digital Life vidcasts requires the purchase of additional plugins.
  • Archos has a really crappy interface for obtaining those downloads. The font on my product key didn't readily indicate the difference in similar characters so I typed in "O" when I should have typed in "0" (see?). The interface isn't written to self correct.
  • The interface has some serious logic issues. Using the activation code with a mistyped product key burns the activation code at the same time that it spits back an error code about the product key. In other words, you can't then fix the product key and legitimately use the activiation key with the good product key.
  • The interface has no way to fix the above. Customer support's fix for this is to refund your purchase (something that takes a number of business days to occur).
  • The interface is a piece of shit because it's just a digital front end to a manual process. I re-ordered the plugin at 1:45 today and they still haven't forwarded the purchase to processing (the site does have a tracking capability). Now that it's after "business hours", I have to wait until Monday to get this fixed. Needless to say, I'm on the road again, starting Sunday.

Really, a $20 purchase shouldn't be this much of a headache. If it's not fixed first thing on Monday, I'm considering siccing my wife on 'em. (heh)

Wednesday, November 8, 2006


Written last night...

One thing about monopolies. You can usually treat your customers as poorly as you can get away with, without the PUC stepping in. However, you can go too far. Point in case...

My wife ordered two DVR's from Cox Cable and even offered to pick them up at the local store. No, no, Cox insists on overnight shipping.

Three days later they're setting on our porch when we get home from work. One of them is missing it's power cord. After forty-five minutes of being on hold, we determine the other (obviously a refurb) can only display the schedule (no video).

One phone call later, we discover that they can't be shipped back, we have to take them in to the local store. This means that I either have to take a day off or burn a Saturday morning to visit the store.

Two days later, I'm standing outside the local store, waiting for it to open. Unfortunately, other people knew I was going to be there so they decided that they had to show their solidarity by also standing in line. Ahead of me.

Two hours later, I'm at the counter, explaining to the problem with the box to the guy behind the counter. He explains that due to a mix up at the warehouse, he cannot replace my box at this time and asks if I would like to schedule a visit to my house. A few questions later, I discover that I would be charged for this visit.

Five minutes later, I leave the store (with a receipt for the box I just turned in) with a promise that we would be called when a new box is available.

After a few stops at the local gas station, burger joint and shopping center, I arrive home to realize that I hadn't called my wife (when I left the store) to tell her "How The Cable Company Was Going To Fix Her DVR".

Fifteen minutes later, she's extracted a refund for the money paid for the service-so-far, a credit for $20, and a promise that the next available DVR would be shipped to the house. (Have I said that I am in awe of my wife sometimes?)

Five minutes later, I realize that the phrase "ship overnight" was used. (Have I mentioned that sometimes I'm a little slow on the uptake?)

Of course, three days later we arrive home to find that the delivery guy had left the box on the front porch again (we've asked them not to do that).

Ninety seconds later, we place the box on the dining table and open it to discover that the device delivered was a cable converter, not a DVR.

A split second later, I'm able to actually see the large capital letters as they pass through my wife's lips:AUGH!! (I think I know where Charles M. Shultz got the idea.)

Ten seconds later, my wife has dialed the phone to customer support. After the obligatory waiting period, during which the not-really-soothing hold-music is interrupted a number of times by your-business-is-important-to-us-please-hold messages, my wife has determined that: there are no DVR's available at this time as the ones available are reserved for people already on the list for replacement, there's been another mix up at the warehouse, we still don't want to schedule a visit, there's actually no supervisor on duty in the call center at the moment, the operator is unable to understand why my wife is angry, and, ooh!, a supervisor just walked in.

Two minutes later, my wife has a promise that someone will drive out to the house (from the only store in town) to hand deliver the DVR. (Have I said that I sometimes fear my wife?) Whether or not the device actually shows up remains to be seen. I'm not concerned about it though. In situations like this, I never am. It's always handled by my awesome/fearsome/loving wife who used to supervise customer support for a large Japanese conglomerate.

I will admit that I find these snafu's funny much, much earlier than she does. (I think that it's funny now.)

My advice to Cox: 1) Fire the guy in the warehouse (or the programmer that wrote the excuse generator). 2) Tell the poor schmuck who's delivering the box to smile and back away... 3) ...slowly... 4) ... from my wife. The dog only bites. 5) For lessons learned, write down that there exists an Ol' Girl Network (that didn't come out right but you get the idea), somewhat of a NANOG for current and former supervisors of customer service centers, where members have met at conferences, made friends, and know all of the office phone numbers and some of the home phone numbers of many of the OGN members. I doubt The Kevin Bacon Game works here (there's not that much separation) and, for me, "reach out and touch someone" has taken on a different meaning.

Uh, I did indicate that my wife can be scary sometimes?

Hint for those that still don't get it: my wife makes our Halloween costumes with a collection of t-shirts, cans of black and red spray paint, and whatever vehicle happens to be parked in the driveway. (We go as "road kill".) (The trick is to spray the tire as the vehicle is rolling.)

Update: The box was delivered. I discovered: he has a wife too, there really was a mix up at the warehouse (grain of salt needed here but...), and you can catch cold after getting extremely soggy, standing in the front yard, in the dark, in the rain, talking about your wife.

Tuesday, November 7, 2006


Discovered last Friday in Cheasapeake: Barnes and Noble now sells Hakin9 from the magazine rack.

Monday, November 6, 2006

Wicrawl and Backtrack

Squidly1, a friend, pointed this out a couple weeks ago (I'm only now catching up). Wicrawl is an access point auditor that was relased at Toorcon 2006. It has a "simple and flexible plugin architecture". The current list of plugins can be viewed here.

The video of the Toorcon 2006 presentation can be viewed here (hi-res), here (lo-res), or downloaded here (note: slow download).

There is a claim that the tool will be included in the next Backtrack CD which, BTW, has a beta of BT 2.0 out. There is also a training site for BT and a demo video for the new disk.

Sunday, November 5, 2006

No more forgers?

I attempted to find a good example of a forged email header, for a short demo that I'm writing, by wading through my quarantine folder. Guess what I've noticed: no one bothers to forge headers anymore. Why bother when you buy zombies for a few pennies per box?

Saturday, November 4, 2006

Friday, November 3, 2006

WiMAX poster

Learning about WiMAX? Got a wide printer? Here's a poster you might be interested in.

Thursday, November 2, 2006


It really doesn't look like a computer security site but it is. The WildList is a site devoted to listing "in the wild" viruses and related information.