Thursday, November 29

Now, that's a nice User-Agent

I was looking through my httpd-access.log today for something, and ran across this, (Yes, I have removed the IP):

"[29/Nov/2007:17:18:18 -0500] "GET /uploaded_images/questionmark-785318.jpg HTTP/1.1" 200 6203 "http://www.bloglines.com/myblogs_display?sub=44519724&site=8488306" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Internet Explorer'); DROP TABLE browsers;--"
 
Little injection attempt there?  Trying to drop the ol' browser table in some kind of stats db.  

So who cares.  Well it made me think of something.  If this person can obviously alter his/her User-Agent to do that, what is to make you think that the rest of the Agent string is valid?  How do we know that his person is really using "Internet Explorer"?

At what point does the trust break.  I've often gone with the adage of "don't trust anything", not a single packet.   What if you use p0f to passively fingerprint the OS'es of the machines attempting to access your network, okay, and I go in, compile my own kernel on my Linux box, and set my IP and TCP attributes such that it will appear to be Windows when I communicate with your network?

What can you trust on your own network?  If someone hacks into your web server, is there any merit in seeing what they did once they got on the machine?  You no longer can trust a single thing on the box, and definitely anything coming out of the box!   It has to be rebuilt.

Mod_security did not catch the above attempt btw.  (It will now)

Facebook

I've been hearing alot recently about the new way to communicate with the world, via social networks.  MySpace, FaceBook, Pownce and the like.  I've had a couple people encourage me to do it.  So I decided I'd at least join one.

So I grabbed a FaceBook account and requested a Pownce account.  I have my principles against joining MySpace.  (Which in my opinion is truly the biggest waste of bandwidth on the internet.)

So, if you want, hit me up on FaceBook.  See you there.

Update:  I now have a Pownce account.  Hit me up there too.  Username = joelesler

Wednesday, November 28

Facebook

I've been hearing alot recently about the new way to communicate with the world, via social networks.  MySpace, FaceBook, Pownce and the like.  I've had a couple people encourage me to do it.  So I decided I'd at least join one.

So I grabbed a FaceBook account and requested a Pownce account.  I have my principles against joining MySpace.  (Which in my opinion is truly the biggest waste of bandwidth on the internet.)

So, if you want, hit me up on FaceBook.  See you there.

Update:  I now have a Pownce account.  Hit me up there too.  Username = joelesler

Rebuilt Website

The machine I was running this website on wasn't handling the load too well.  Had to rebuild.  I had a server sitting around here, so I loaded it with freebsd, and put www.joelesler.net on it.  

Now it works much better.  Had to place it in the basement of the house though, it was kinda loud with all those fans running.  Had to drill a hole in the floor of my office to get the Cat 6 cable through the floor, but all is well now.

Tuesday, November 27

Okay Apple. Are you awake?

Friend of mine pointed this out to me. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0252
This vulnerability from 2002 appears to be the same vulnerability that was just found in 7.2 and 7.3 in Quicktime!

Except that the 2002 vulnerability was found in a piece of software called... Quicktime. Uh? And I thought Microsoft was the only company that re-introduced old vulnerabilities.

Come on Apple, I hold you to a higher standard than that! Let's go.

You get the moron label on this post.

UPDATE: The original vulnerability was for the Japanese version of Quicktime. You would think that Apple would update all their code.

Okay Apple. Are you awake?

Friend of mine pointed this out to me. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0252
This vulnerability from 2002 appears to be the same vulnerability that was just found in 7.2 and 7.3 in Quicktime!

Except that the 2002 vulnerability was found in a piece of software called... Quicktime. Uh? And I thought Microsoft was the only company that re-introduced old vulnerabilities.

Come on Apple, I hold you to a higher standard than that! Let's go.

You get the moron label on this post.

UPDATE: The original vulnerability was for the Japanese version of Quicktime. You would think that Apple would update all their code.

Monday, November 26

Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit

For those of you that have not seen it this morning, (actually, it was last week, but who cares), there is a PoC (and actual exploit code out for XP and Vista -- I have not seen any for OSX, just the PoC), for Apple Quicktime 7.3.  

While we are waiting for Apple to post a patch, please, please go here: http://zapatopi.net/afdb/build.html. And affix to head.

Uhhh thanks?  

Stupid advertising mistakes

W00t! I am Paypal, and I am going to give you 20% cashback, on all your purchases from all these fine retailers!!


Except we didn't have enough retailers to fill our graphic, so we took the same ones on the top, moved them around, and put them on the bottom too!  Look!  We have twice as many now!

Why do retailers feel the need to over inflate?  Sorry, I just needed to vent this morning.  Thanks.

Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit

For those of you that have not seen it this morning, (actually, it was last week, but who cares), there is a PoC (and actual exploit code out for XP and Vista -- I have not seen any for OSX, just the PoC), for Apple Quicktime 7.3.  

While we are waiting for Apple to post a patch, please, please go here: http://zapatopi.net/afdb/build.html. And affix to head.

Uhhh thanks?  

Stupid advertising mistakes

W00t! I am Paypal, and I am going to give you 20% cashback, on all your purchases from all these fine retailers!!


Except we didn't have enough retailers to fill our graphic, so we took the same ones on the top, moved them around, and put them on the bottom too!  Look!  We have twice as many now!

Why do retailers feel the need to over inflate?  Sorry, I just needed to vent this morning.  Thanks.

Sunday, November 25

joelesler.net

I decided I should go ahead and actually get a primary domain, instead of surfing off of esler.is-a-geek.net (which is a dynamic dns freebie domain (is-a-geek.net), and bought joelesler.net. I couldn't get joelesler.com, my long lost twin in Australia owns that one, and I am not a .org, so I didn't get that one. esler.org and esler.net were also taken, or I would have grabbed those as well. That way I could set up fun email address for the whole family.

The only one that was available is esler.com, but they want 2500 bucks for that one. I'm not going to pay 2500 bucks for my own damn last name. But esler.com used to be a website for an airport in Alexandria, Louisiana, (seriously! Esler airpark!), so someone has it parked, and has the stranglehold on that one currently. I actually landed at the airpark once when I was in the military. We were going to Fort Polk, and that's the airport we landed in. Of course I didn't know it until later.

I have email here, all the DNS zones I can handle, and loads of other goodies that you can do with your own domain. So I have changed my email on the right of page to reflect my new domain.

Esler.is-a-geek.net will still work for now, it's free! But eventually, when I get tired of renewing it every 90 days, I'll ditch it.


Saturday, November 24

M/S Explorer is sinking

No really.  The M/S Explorer has crashed, and is sinking.

"More than 150 passengers and crew have been rescued from a stricken tourist ship after it hit ice off Antarctica.  The M/S Explorer is now lying on its side close to the South Shetland Islands, in the Antarctic Ocean."

Okay, so it was a cheap poke designed to get you laughing.  As long as it worked then I am fine.


(That was a Microsoft Explorer joke..)

joelesler.net

I decided I should go ahead and actually get a primary domain, instead of surfing off of esler.is-a-geek.net (which is a dynamic dns freebie domain (is-a-geek.net), and bought joelesler.net. I couldn't get joelesler.com, my long lost twin in Australia owns that one, and I am not a .org, so I didn't get that one. esler.org and esler.net were also taken, or I would have grabbed those as well. That way I could set up fun email address for the whole family.

The only one that was available is esler.com, but they want 2500 bucks for that one. I'm not going to pay 2500 bucks for my own damn last name. But esler.com used to be a website for an airport in Alexandria, Louisiana, (seriously! Esler airpark!), so someone has it parked, and has the stranglehold on that one currently. I actually landed at the airpark once when I was in the military. We were going to Fort Polk, and that's the airport we landed in. Of course I didn't know it until later.

I have email here, all the DNS zones I can handle, and loads of other goodies that you can do with your own domain. So I have changed my email on the right of page to reflect my new domain.

Esler.is-a-geek.net will still work for now, it's free! But eventually, when I get tired of renewing it every 90 days, I'll ditch it.


M/S Explorer is sinking

No really.  The M/S Explorer has crashed, and is sinking.

"More than 150 passengers and crew have been rescued from a stricken tourist ship after it hit ice off Antarctica.  The M/S Explorer is now lying on its side close to the South Shetland Islands, in the Antarctic Ocean."

Okay, so it was a cheap poke designed to get you laughing.  As long as it worked then I am fine.


(That was a Microsoft Explorer joke..)

Friday, November 23

Thank you for watching


For those of you who read my next post and then took the URL in the log that I posted, and copies and pasted that into the address bar of your browser, and read the Microsoft label page, you are missing the point. 
-- Thank you for reading, but that's not what I am asking. --
Look at the log entry.  If you have access to apache logs yourself, go look at yours, or find some on the internet, then come back and tell me what is wrong with that log entry.
(BTW -- Those of you that cut and pasted, about 20 of you did it, so don't feel bad, you are not alone.)

Wednesday, November 21

Why would a browser do this?

First of all, tell me what's wrong with this picture, then explain to my why a browser would do this?

[21/Nov/2007:16:36:05 --0500] "GET http://esler.is-a-geek.net/labels/Microsoft.html HTTP/1.1" 406 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon)" - "-"

Maxthon is the name of the browser.

iChat Screen Names For Over 30 Apple Stores

Digg - iChat Screen Names For Over 30 Apple Stores:

I never even thought of doing this with all the Apple Stores that I have been to. Get the screen names for all the iChat's for the machines in the store? Someone add these all to your iChat buddy list and send me a screen shot. That would be hilarious.

iChat Screen Names For Over 30 Apple Stores

Digg - iChat Screen Names For Over 30 Apple Stores:

I never even thought of doing this with all the Apple Stores that I have been to. Get the screen names for all the iChat's for the machines in the store? Someone add these all to your iChat buddy list and send me a screen shot. That would be hilarious.

Sunday, November 18

Gas is stupid expensive, and Security 2.0

Yeah, I get it. If oil prices go up for this reason or that reason, gas prices are soon to follow. But costing me 60.00 to fill up the tank?

Come on. Is that truly necessary? There is nothing that can be done
about that at all?


On another note--

I've thinking about writing a blog entry about the state of modern security in computer networks. Does it work? Where are we at?  Are all the extremely restrictive policies in your corporate work environment working?  What can be relaxed?  Why?

Like to hear your thoughts. What does "security 2.0" mean to you?  

Gas is stupid expensive, and Security 2.0

Yeah, I get it. If oil prices go up for this reason or that reason, gas prices are soon to follow. But costing me 60.00 to fill up the tank?

Come on. Is that truly necessary? There is nothing that can be done
about that at all?


On another note--

I've thinking about writing a blog entry about the state of modern security in computer networks. Does it work? Where are we at?  Are all the extremely restrictive policies in your corporate work environment working?  What can be relaxed?  Why?

Like to hear your thoughts. What does "security 2.0" mean to you?  

Wednesday, November 14

Cabling

I have no idea where this picture came from, (well, the site I got it from is here, but I don't know what the picture is of) but I thought it was great.

Think you have issues with cabling in your network?
Think again.

Cabling

I have no idea where this picture came from, (well, the site I got it from is here, but I don't know what the picture is of) but I thought it was great.

Think you have issues with cabling in your network?
Think again.

Monday, November 12

Love it when I am right

I love it when I am right.

Remember this post?  I said that Apple and Starbucks should partner.  Imagine the possibilities.


800 posts, and mod_security blocking

Took a look at my mod_security logs tonight.  Apparently, if you use Google's Reader to my rss feed, then actually try to go to my website via the link in the RSS..  trying to do all this when you are behind a Bluecoat Proxy server on your internal network...

You get blocked.  The bluecoat proxy forwards your "X-forwarded for" header to the Google Reader, then, finally when you click on the link to come to my website, Google forwards your internal IP.

Which mod_security didn't like:

"!^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-
9][0-9]?)|)|unknown)$" at HEADER("X-FORWARDED-FOR")

It doesn't like you.   I commented out the rule, so everything should be fine now.

Love it when I am right

I love it when I am right.

Remember this post?  I said that Apple and Starbucks should partner.  Imagine the possibilities.


800 posts, and mod_security blocking

Took a look at my mod_security logs tonight.  Apparently, if you use Google's Reader to my rss feed, then actually try to go to my website via the link in the RSS..  trying to do all this when you are behind a Bluecoat Proxy server on your internal network...

You get blocked.  The bluecoat proxy forwards your "X-forwarded for" header to the Google Reader, then, finally when you click on the link to come to my website, Google forwards your internal IP.

Which mod_security didn't like:

"!^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-
9][0-9]?)|)|unknown)$" at HEADER("X-FORWARDED-FOR")

It doesn't like you.   I commented out the rule, so everything should be fine now.

MacBook Pro Goodness

I bit the bullet.

I went out this weekend and purchased my first Intel based Mac. I didn't buy the first gen (or the second gen for that matter) MacBook Pro (MBP), simply because, usually, it's a bad thing to buy Apple hardware in it's first gen. (Except for the iPhone currently)

But the MBP is excellent. It's not hot, it runs fast (even with it's stock 2 Gigs of RAM), and works flawlessly. The MBP had Tiger on it when I bought it, but came with a Leopard install disk, which is nice.

The only thing that I had problems with was, my old wireless card from AT*T was PCMCIA. The new MBP's have Express card slots. So, I had to get a new card. Which the guy at the store, let me tell you, was a prick. Dude, obviously, if I come in, ask for an exact model number for a laptop card, tell you I already have an account (which he had to verify, because he didn't believe I already had a SIM card), I have obviously already looked to see if my computer supports it.

He insisted that OSX was not supported and the card wouldn't work. Well uh, no, it's not supported by AT*T that doesn't mean that it's not supported by the card manufacturer. (Option) What a tool, anyway...

I get the card home, plug it in, and wtf. The lights are flashing.. huh? What did I do wrong? Oh, I had the SIM card inserted backwards. My bad.

Flipped it around, and it worked fine. In fact, not only did it work fine, but Leopard has NATIVE DRIVER SUPPORT for it. No loading 3rd party software, no wierd communications spyware... err.. manager i mean... It just works. Nice little toolbar access to the card. Very nice.

Anyway, I gotta go order my other two Gigs of RAM for this thing, so I can love on it some more.

MacBook Pro Goodness

I bit the bullet.

I went out this weekend and purchased my first Intel based Mac. I didn't buy the first gen (or the second gen for that matter) MacBook Pro (MBP), simply because, usually, it's a bad thing to buy Apple hardware in it's first gen. (Except for the iPhone currently)

But the MBP is excellent. It's not hot, it runs fast (even with it's stock 2 Gigs of RAM), and works flawlessly. The MBP had Tiger on it when I bought it, but came with a Leopard install disk, which is nice.

The only thing that I had problems with was, my old wireless card from AT*T was PCMCIA. The new MBP's have Express card slots. So, I had to get a new card. Which the guy at the store, let me tell you, was a prick. Dude, obviously, if I come in, ask for an exact model number for a laptop card, tell you I already have an account (which he had to verify, because he didn't believe I already had a SIM card), I have obviously already looked to see if my computer supports it.

He insisted that OSX was not supported and the card wouldn't work. Well uh, no, it's not supported by AT*T that doesn't mean that it's not supported by the card manufacturer. (Option) What a tool, anyway...

I get the card home, plug it in, and wtf. The lights are flashing.. huh? What did I do wrong? Oh, I had the SIM card inserted backwards. My bad.

Flipped it around, and it worked fine. In fact, not only did it work fine, but Leopard has NATIVE DRIVER SUPPORT for it. No loading 3rd party software, no wierd communications spyware... err.. manager i mean... It just works. Nice little toolbar access to the card. Very nice.

Anyway, I gotta go order my other two Gigs of RAM for this thing, so I can love on it some more.

Friday, November 9

Welcome back

iWeb is a great program, makes nice webpages, the problem is, it stores the entire website in one huge file called "Domain". So, I have taken the time to transition everything back to here.

Essentially, because iWeb keeps everything in that one file, I couldn't edit the webpage on multiple computers, nor could I edit it from the road. I used to keep the Domain file on my iDisk, so I could sync it between machines... Which was fine... except when it got to be like 250 Mb's. It was alot to sync. So, I decided to move everything back to my Linux server.

I'll probably lose some people in the transition between the iWeb domain, and bringing it back to my server, but hopefully they find me again.

Welcome back

iWeb is a great program, makes nice webpages, the problem is, it stores the entire website in one huge file called "Domain". So, I have taken the time to transition everything back to here.

Essentially, because iWeb keeps everything in that one file, I couldn't edit the webpage on multiple computers, nor could I edit it from the road. I used to keep the Domain file on my iDisk, so I could sync it between machines... Which was fine... except when it got to be like 250 Mb's. It was alot to sync. So, I decided to move everything back to my Linux server.

I'll probably lose some people in the transition between the iWeb domain, and bringing it back to my server, but hopefully they find me again.

Tuesday, November 6

TWiT -- This Week in Tech

This week I started listening to TWiT, otherwise known as This Week in Tech. With Leo Laporte and John Dvorak.

First of all, little bit of background, I listen to two (now three) podcasts. I listen to Diggnation (which is what got me started listening to Podcasts), and the Totally Rad Show. Both have Alex Albrecht in them, (he’s pretty funny), and the former has Kevin Rose, founder of Digg.com and both are from the TechTV show The Screen Savers. Which was a show ‘back in the day’ before G4 bought the channel and ruined it. Anyway...

I started listening to TWiT (Leo Laporte was also a host of The Screen Savers) today and kinda like it. There are just a couple things about it that I am not in total agreement with. First of all, it’s press and media ish people. There are no real real real geeks on the show. (Alex and Kevin have even lost a bit of touch.) Hello? There are geeks out there people that have the ability to talk to the public as well! (Uh, me?) People can joke and be knowledgeable at the same time.

Second, one of things I found interesting in the TWiT podcast was John Dvorak. Now we all know Dvorak as the guy who is really big into bashing all things everything. Apple, Microsoft, etc. He’s got something to say. Most of which I agree with (when it comes to Microsoft being an evil corporation), but some of it I do not. (Like his famed Apple punditry). But it was interesting to hear him (in TWiT episode 119) say basically, look people Microsoft is done. Buy a Mac. It’s over for MSFT. Something I have been saying for awhile, because I pretty much dislike anything MSFT. But it was interesting to hear Dvorak say that.

Third, Leo doesn’t read his email. (He said this on Episode 119) I don’t know how you can survive without reading or writing email, since that is the mainstream form of communication now adays. But anyway, to each his own.

On the email note, I recently received an email chastising me about not writing on the blog anymore. Truth is, I’ve been very busy and haven’t had time to do a proper review of any tech stuff, and I’ve been up to my eyeballs in packets. (which I suppose I could write about).

Thanks to the couple hundred readers that I do have, I’ll have to get back on the blogging wagon. I always think that no one reads this thing until I start getting emails asking me to “write something new!” “Haven’t heard from you in awhile!”

Back to podcasts --

I was actually asked to start a podcast on general tech/security stuff, but I declined. First of all, who has the time? I wouldn’t do it alone, and the people I would want to do a podcast with would probably make fun of me for asking them to do it. (Although, if they did, it would be the funniest podcast out there, bar none.)

If you have any podcasts out there that you think I should be listening to, please let me know!

TWiT -- This Week in Tech

This week I started listening to TWiT, otherwise known as This Week in Tech. With Leo Laporte and John Dvorak.

First of all, little bit of background, I listen to two (now three) podcasts. I listen to Diggnation (which is what got me started listening to Podcasts), and the Totally Rad Show. Both have Alex Albrecht in them, (he’s pretty funny), and the former has Kevin Rose, founder of Digg.com and both are from the TechTV show The Screen Savers. Which was a show ‘back in the day’ before G4 bought the channel and ruined it. Anyway...

I started listening to TWiT (Leo Laporte was also a host of The Screen Savers) today and kinda like it. There are just a couple things about it that I am not in total agreement with. First of all, it’s press and media ish people. There are no real real real geeks on the show. (Alex and Kevin have even lost a bit of touch.) Hello? There are geeks out there people that have the ability to talk to the public as well! (Uh, me?) People can joke and be knowledgeable at the same time.

Second, one of things I found interesting in the TWiT podcast was John Dvorak. Now we all know Dvorak as the guy who is really big into bashing all things everything. Apple, Microsoft, etc. He’s got something to say. Most of which I agree with (when it comes to Microsoft being an evil corporation), but some of it I do not. (Like his famed Apple punditry). But it was interesting to hear him (in TWiT episode 119) say basically, look people Microsoft is done. Buy a Mac. It’s over for MSFT. Something I have been saying for awhile, because I pretty much dislike anything MSFT. But it was interesting to hear Dvorak say that.

Third, Leo doesn’t read his email. (He said this on Episode 119) I don’t know how you can survive without reading or writing email, since that is the mainstream form of communication now adays. But anyway, to each his own.

On the email note, I recently received an email chastising me about not writing on the blog anymore. Truth is, I’ve been very busy and haven’t had time to do a proper review of any tech stuff, and I’ve been up to my eyeballs in packets. (which I suppose I could write about).

Thanks to the couple hundred readers that I do have, I’ll have to get back on the blogging wagon. I always think that no one reads this thing until I start getting emails asking me to “write something new!” “Haven’t heard from you in awhile!”

Back to podcasts --

I was actually asked to start a podcast on general tech/security stuff, but I declined. First of all, who has the time? I wouldn’t do it alone, and the people I would want to do a podcast with would probably make fun of me for asking them to do it. (Although, if they did, it would be the funniest podcast out there, bar none.)

If you have any podcasts out there that you think I should be listening to, please let me know!

Monday, November 5

Google Phone, Apple Stock, and other Random Blatherings

Today’s news has just been a buzz with Google’s announcement of their “gphone”. Wait...

Google’s phone is NOT a PHONE! It’s Open Software, FOR phones. Google isn’t making a phone (yet), and no products have been announced. So at this point, this is ‘releaseware’. Other phone companies (Motorola, Sony, Nokia, and the like) have to want to put Google’s software on their phones. Will they do that? When they have a significant investment in their own OS’es on their phones now? Time will tell.

Apple’s Stock Price --

I can’t complain. Everytime Apple’s stock price levels out and doesn’t go anywhere for awhile, they introduce something new. iPhone, iPod Nano, iPod Touch, 3rd Quarter earnings, new laptops... just keep on going Apple, keep on going.

Trolls--
I’ve noticed as of late alot of trolls in some IRC channels that I am in. Why would you come into a product channel and say “your product sucks because ”? Do I jump into the #windows channel and say “Control Panel sucks, therefore the whole OS sucks!” No!, because that’s called “Trolling”! Why would you pop in one of my channels, where clearly, there are alot of people that know more about the product then you and say something insane like.. “You can’t achieve >1 Gig speeds with your product!”.

Sorry, just needed to vent.

For those reading this blog looking for leopard feedback, here you go. I like it. There are only a couple things I can’t get to work. Back to my Mac for one (probably because of some firewall setting I have), local lan browsing always doesn’t work, and my laptop battery power really really sucks now. I can drain my whole laptop battery in about 10 minutes. Something isn’t right.

I really like Time machine, it’s great. I like alot of their new features, even though, I admit, leopard could have used a bit more testing before release.

Hopefully they release a fix-it pack soon. But I still like it!