Archive

Archive for March, 2009

People watching

March 30th, 2009 Comments off

Disclaimers: I would never get bored and distracted in class, and I would never fire up a sniffer just to see what’s comin’ over the radio waves.

But if I did both of those things today, here are some of the things my colleagues might have been up to:

  • Facebook (of course)
  • Meebo (I’d never heard of it; looks like something that integrates various IM protocols)
  • A World of Warcraft update
  • Spring Training MLB scores
  • A bunch of NFL stories
  • Weather
  • Spgc3.aftershocksf.com (a Mafia game available as an iPhone app)
  • Various personal emails (university, Yahoo, Gmail, Hotmail)
  • Twitter
  • News feeds
  • Music downloads (hmm. No headphones visible…)
  • A bodybuilding forum (eww.)
  • Windows Update (yay!)
  • Blogging on Stacksm- oh wait.

Well, that was mildly fun.  Or would have been, if I did it.

Categories: Misc, Wireless

Nooooooooooo!

March 26th, 2009 Comments off

I had high hopes for Sudoku as the CAPTCHA of the future, but some jerk went and solved Sudoku.

Categories: Misc

Get-rich-now scheme!

March 25th, 2009 Comments off

I’ll make my billions by creating anti-virus software for home routers!

Categories: Malware

Defense of US networks

March 20th, 2009 Comments off

A WaPo article discusses a recent congressional testimony from the General Chilton, the commander of US STRATCOM.  It doesn’t go too far in depth, but it seems to show that Gen. Chilton is on top of things, testifying that:

  • as a nation we have our cyber pants down
  • the military does not protect vital private networks
  • the NSA is currently the agency best suited to do everything cyber
  • offense and defense are inseparable

Side note: I wish more people appreciated this last point.  In computers, to be good at defense, you have to know offense, and vise versa.  Duh.  I’m sick of “ethical hacker” this and “white hat” that.  Policemen and soldiers don’t go around calling themselves “ethical marksmen” or “guys who only shoot people who really need to be shot.”  You don’t hear about pyrotechnicians licensed as “certified dudes who only blow things up with permission.”

Whatever.  Anyway, from the article, it looks like a refreshingly candid statement of the state of things.  It also looks like Gen. Chilton isn’t grabbing for power and the attendant funding.  Good to see.

I’ve always wondered where Article IV Section 4 of the US Constitution comes into play here:

SECTION 4. The United States shall guarantee to every State in this Union a Republican Form of Government, and shall protect each of them against Invasion; and on Application of the Legislature, or of the Executive (when the Legislature cannot be convened) against domestic Violence.

Is it Invasion if foreign folk break into my network?  Is the federal government therefore obligated to protect my network?  Does this apply even if my network is insignificant?

Cyber things generally form a big grey area of domestic law and policy, and an even greyer area of international law and policy.  It’s interesting to think about how it could all shake out some day.

Categories: DoD

Ur doin it wrong

March 14th, 2009 Comments off

CSO has the first part of a fun little article about a security breach at a company that had no security (I saw this on a post by michael at terminal23).  It looks like this company, whoever they are, could write the textbook on how to make sure you get caught with your pants down.  It’s scary that any classified information was involved.

I’m looking forward to Part Two.

Categories: Security incidents

WCGW: “Sixth Sense” technology

March 11th, 2009 Comments off

I read an article on Gizmodo today that falls squarely into the What Could Go Wrong category: “Sixth Sense Technology May Change How We Look at the World Forever.”  Excerpts:

The camera recognizes objects around you instantly, with the micro-projector overlaying the information on any surface, including the object itself or your hand. Then, you can access or manipulate the information using your fingers.

The true power of Sixth Sense lies on its potential to connect the real world with the Internet, and overlaying the information on the world itself.

Don’t get me wrong – this looks very, very cool.  I just don’t want to be wearing one when the spammers take over, with context-sensitive ads for all to see – or worse, context-unrelated ads (click to enlarge):

I do NOT want to be on a date when this happens.

I do NOT want to be on a date when this happens.

Yep.  Very cool idea, but what could possibly go wrong?

Categories: What could go wrong

“Rogue Wireless Gets Sneakier”

March 9th, 2009 Comments off

sherri at philosecurity posts excerpts from a SANS class by Josh Wright on Wireless Ethical Hacking: “Rogue Wireless Gets Sneakier.”

Bad.  Ass.  I also particularly love the wireless port knocking idea.  It puts the “door” into a network backdoor, making it so a Bad Guy’s rogue AP is only active when he wants access.  How would you detect that?  Dogs?  Bees?  Dogs with bees in their mouths?

Categories: Wireless

“What’s behind the rash of university data breaches?”

March 9th, 2009 Comments off

That’s the question posed by this ComputerWorld article.  Let me take a stab at answering it, using this MS Paint diagram:

University Data is the low-hanging fruit, because University admins are idiots.

University Data is the low-hanging fruit, because University admins are idiots.

Maybe I’m wrong.  My data is out there in the wild – someone tried to apply for a credit card with my information a few years ago.  I’m not gonna go around pointing fingers, but there’s probably an 80% chance it came out of my university. Call it an educated hunch.  Educated by how bad the people in charge of the systems are.  Half the time they don’t function at all; am I to believe they function securely?

Categories: Security incidents

Book Review: Computer Security Handbook, nth Edition

March 8th, 2009 Comments off

I see they’ve somehow come out with an even bigger, two-volume edition of the Computer Security Handbook, by Seymour Bosworth, M.E. Kabay, and a crapload of other authors.  I haven’t had a chance to actually read the new edition.  If someone sent me a review copy for some reason, I would probably not open it.

See, I did get to know the previous edition (#4 in the series).  It was used as the textbook for one of my classes.  I traded about a hundred dollars for it, thinking, “Hot dog!  There must be all sorts of cool things to learn in here!”  Well, after finishing that class, let me sum up my review of that book in three easy steps:

1) It’s garbage.

2) One of the chapters begins with a dictionary definition of its topic.  Yeah, I can remember times I opened an essay with a dictionary definition.  In third grade.

3) I have found a way to slowly get my money’s worth out of the book.  I believe I’m putting it to the best possible use this way, although kindling for a campfire is a close second.  Check it out:

This book is GREAT! as a monitor stand.

This book is GREAT! as a monitor stand.

Yep.  As far as this book goes, my recommendations are  “get something else,” or if it’s too late, “put something on top of it.”

Categories: Books

Introduction

March 8th, 2009 Comments off

Who am I?  I’m a college guy just about to graduate with some computer-related degrees.  Relatively late in my life I became interested in computer security.  My school has a computer security degree program which is enthusiastically promoted and less-than-enthusiastically taught.  Therefore I’m “a few decades behind on smashing the stack.”

I’m trying to learn, though, and I think sometimes I’ll have something useful to say, which is why this blog exists.  In the spirit of brevity, that’s all for now.

Categories: Misc