Skip to main content

Posts

Showing posts from November, 2007

Now, that's a nice User-Agent

I was looking through my httpd-access.log today for something, and ran across this, (Yes, I have removed the IP):
"[29/Nov/2007:17:18:18 -0500] "GET /uploaded_images/questionmark-785318.jpg HTTP/1.1" 200 6203 "http://www.bloglines.com/myblogs_display?sub=44519724&site=8488306" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Internet Explorer'); DROP TABLE browsers;--" Little injection attempt there?  Trying to drop the ol' browser table in some kind of stats db.  
So who cares.  Well it made me think of something.  If this person can obviously alter his/her User-Agent to do that, what is to make you think that the rest of the Agent string is valid?  How do we know that his person is really using "Internet Explorer"?
At what point does the trust break.  I've often gone with the adage of "don't trust anything", not a single packet.   What if you use p0f to passively fingerprint the OS'…

Facebook

I've been hearing alot recently about the new way to communicate with the world, via social networks.  MySpace, FaceBook, Pownce and the like.  I've had a couple people encourage me to do it.  So I decided I'd at least join one.
So I grabbed a FaceBook account and requested a Pownce account.  I have my principles against joining MySpace.  (Which in my opinion is truly the biggest waste of bandwidth on the internet.)
So, if you want, hit me up on FaceBook.  See you there.
Update:  I now have a Pownce account.  Hit me up there too.  Username = joelesler

Facebook

I've been hearing alot recently about the new way to communicate with the world, via social networks.  MySpace, FaceBook, Pownce and the like.  I've had a couple people encourage me to do it.  So I decided I'd at least join one.
So I grabbed a FaceBook account and requested a Pownce account.  I have my principles against joining MySpace.  (Which in my opinion is truly the biggest waste of bandwidth on the internet.)
So, if you want, hit me up on FaceBook.  See you there.
Update:  I now have a Pownce account.  Hit me up there too.  Username = joelesler

Rebuilt Website

The machine I was running this website on wasn't handling the load too well.  Had to rebuild.  I had a server sitting around here, so I loaded it with freebsd, and put www.joelesler.net on it.  
Now it works much better.  Had to place it in the basement of the house though, it was kinda loud with all those fans running.  Had to drill a hole in the floor of my office to get the Cat 6 cable through the floor, but all is well now.

Okay Apple. Are you awake?

Friend of mine pointed this out to me. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0252
This vulnerability from 2002 appears to be the same vulnerability that was just found in 7.2 and 7.3 in Quicktime!

Except that the 2002 vulnerability was found in a piece of software called... Quicktime. Uh? And I thought Microsoft was the only company that re-introduced old vulnerabilities.

Come on Apple, I hold you to a higher standard than that! Let's go.

You get the moron label on this post.

UPDATE: The original vulnerability was for the Japanese version of Quicktime. You would think that Apple would update all their code.

Okay Apple. Are you awake?

Friend of mine pointed this out to me. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0252
This vulnerability from 2002 appears to be the same vulnerability that was just found in 7.2 and 7.3 in Quicktime!

Except that the 2002 vulnerability was found in a piece of software called... Quicktime. Uh? And I thought Microsoft was the only company that re-introduced old vulnerabilities.

Come on Apple, I hold you to a higher standard than that! Let's go.

You get the moron label on this post.

UPDATE: The original vulnerability was for the Japanese version of Quicktime. You would think that Apple would update all their code.

Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit

For those of you that have not seen it this morning, (actually, it was last week, but who cares), there is a PoC (and actual exploit code out for XP and Vista -- I have not seen any for OSX, just the PoC), for Apple Quicktime 7.3.  
While we are waiting for Apple to post a patch, please, please go here: http://zapatopi.net/afdb/build.html. And affix to head.
Secunia gives us advice: "Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files." Uhhh thanks?

Stupid advertising mistakes

W00t! I am Paypal, and I am going to give you 20% cashback, on all your purchases from all these fine retailers!!

Except we didn't have enough retailers to fill our graphic, so we took the same ones on the top, moved them around, and put them on the bottom too!  Look!  We have twice as many now!
Why do retailers feel the need to over inflate?  Sorry, I just needed to vent this morning.  Thanks.

Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit

For those of you that have not seen it this morning, (actually, it was last week, but who cares), there is a PoC (and actual exploit code out for XP and Vista -- I have not seen any for OSX, just the PoC), for Apple Quicktime 7.3.  
While we are waiting for Apple to post a patch, please, please go here: http://zapatopi.net/afdb/build.html. And affix to head.
Secunia gives us advice: "Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files." Uhhh thanks?

Stupid advertising mistakes

W00t! I am Paypal, and I am going to give you 20% cashback, on all your purchases from all these fine retailers!!

Except we didn't have enough retailers to fill our graphic, so we took the same ones on the top, moved them around, and put them on the bottom too!  Look!  We have twice as many now!
Why do retailers feel the need to over inflate?  Sorry, I just needed to vent this morning.  Thanks.

joelesler.net

I decided I should go ahead and actually get a primary domain, instead of surfing off of esler.is-a-geek.net (which is a dynamic dns freebie domain (is-a-geek.net), and bought joelesler.net. I couldn't get joelesler.com, my long lost twin in Australia owns that one, and I am not a .org, so I didn't get that one. esler.org and esler.net were also taken, or I would have grabbed those as well. That way I could set up fun email address for the whole family.
The only one that was available is esler.com, but they want 2500 bucks for that one. I'm not going to pay 2500 bucks for my own damn last name. But esler.com used to be a website for an airport in Alexandria, Louisiana, (seriously! Esler airpark!), so someone has it parked, and has the stranglehold on that one currently. I actually landed at the airpark once when I was in the military. We were going to Fort Polk, and that's the airport we landed in. Of course I didn't know it until later.

I have email here, a…

M/S Explorer is sinking

No really.  The M/S Explorer has crashed, and is sinking.
"More than 150 passengers and crew have been rescued from a stricken tourist ship after it hit ice off Antarctica.  The M/S Explorer is now lying on its side close to the South Shetland Islands, in the Antarctic Ocean."
Okay, so it was a cheap poke designed to get you laughing.  As long as it worked then I am fine.
All passengers and crew were evacuated, so we can laugh.
(That was a Microsoft Explorer joke..)

joelesler.net

I decided I should go ahead and actually get a primary domain, instead of surfing off of esler.is-a-geek.net (which is a dynamic dns freebie domain (is-a-geek.net), and bought joelesler.net. I couldn't get joelesler.com, my long lost twin in Australia owns that one, and I am not a .org, so I didn't get that one. esler.org and esler.net were also taken, or I would have grabbed those as well. That way I could set up fun email address for the whole family.
The only one that was available is esler.com, but they want 2500 bucks for that one. I'm not going to pay 2500 bucks for my own damn last name. But esler.com used to be a website for an airport in Alexandria, Louisiana, (seriously! Esler airpark!), so someone has it parked, and has the stranglehold on that one currently. I actually landed at the airpark once when I was in the military. We were going to Fort Polk, and that's the airport we landed in. Of course I didn't know it until later.

I have email here, a…

M/S Explorer is sinking

No really.  The M/S Explorer has crashed, and is sinking.
"More than 150 passengers and crew have been rescued from a stricken tourist ship after it hit ice off Antarctica.  The M/S Explorer is now lying on its side close to the South Shetland Islands, in the Antarctic Ocean."
Okay, so it was a cheap poke designed to get you laughing.  As long as it worked then I am fine.
All passengers and crew were evacuated, so we can laugh.
(That was a Microsoft Explorer joke..)

Thank you for watching

For those of you who read my next post and then took the URL in the log that I posted, and copies and pasted that into the address bar of your browser, and read the Microsoft label page, you are missing the point.  -- Thank you for reading, but that's not what I am asking. -- Look at the log entry.  If you have access to apache logs yourself, go look at yours, or find some on the internet, then come back and tell me what is wrong with that log entry. (BTW -- Those of you that cut and pasted, about 20 of you did it, so don't feel bad, you are not alone.)

Why would a browser do this?

First of all, tell me what's wrong with this picture, then explain to my why a browser would do this?

[21/Nov/2007:16:36:05 --0500] "GET http://esler.is-a-geek.net/labels/Microsoft.html HTTP/1.1" 406 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon)" - "-"

Maxthon is the name of the browser.

Gas is stupid expensive, and Security 2.0

Yeah, I get it. If oil prices go up for this reason or that reason, gas prices are soon to follow. But costing me 60.00 to fill up the tank?Come on. Is that truly necessary? There is nothing that can be done
about that at all?
On another note--I've thinking about writing a blog entry about the state of modern security in computer networks. Does it work? Where are we at?  Are all the extremely restrictive policies in your corporate work environment working?  What can be relaxed?  Why?Like to hear your thoughts. What does "security 2.0" mean to you?

Gas is stupid expensive, and Security 2.0

Yeah, I get it. If oil prices go up for this reason or that reason, gas prices are soon to follow. But costing me 60.00 to fill up the tank?Come on. Is that truly necessary? There is nothing that can be done
about that at all?
On another note--I've thinking about writing a blog entry about the state of modern security in computer networks. Does it work? Where are we at?  Are all the extremely restrictive policies in your corporate work environment working?  What can be relaxed?  Why?Like to hear your thoughts. What does "security 2.0" mean to you?

Cabling

I have no idea where this picture came from, (well, the site I got it from is here, but I don't know what the picture is of) but I thought it was great.
Think you have issues with cabling in your network? Think again.

Cabling

I have no idea where this picture came from, (well, the site I got it from is here, but I don't know what the picture is of) but I thought it was great.
Think you have issues with cabling in your network? Think again.

800 posts, and mod_security blocking

Took a look at my mod_security logs tonight.  Apparently, if you use Google's Reader to my rss feed, then actually try to go to my website via the link in the RSS..  trying to do all this when you are behind a Bluecoat Proxy server on your internal network...
You get blocked.  The bluecoat proxy forwards your "X-forwarded for" header to the Google Reader, then, finally when you click on the link to come to my website, Google forwards your internal IP.
Which mod_security didn't like:
"!^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-
9][0-9]?)|)|unknown)$" at HEADER("X-FORWARDED-FOR")
It doesn't like you.   I commented out the rule, so everything should be fine now.

800 posts, and mod_security blocking

Took a look at my mod_security logs tonight.  Apparently, if you use Google's Reader to my rss feed, then actually try to go to my website via the link in the RSS..  trying to do all this when you are behind a Bluecoat Proxy server on your internal network...
You get blocked.  The bluecoat proxy forwards your "X-forwarded for" header to the Google Reader, then, finally when you click on the link to come to my website, Google forwards your internal IP.
Which mod_security didn't like:
"!^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-
9][0-9]?)|)|unknown)$" at HEADER("X-FORWARDED-FOR")
It doesn't like you.   I commented out the rule, so everything should be fine now.

MacBook Pro Goodness

I bit the bullet.

I went out this weekend and purchased my first Intel based Mac. I didn't buy the first gen (or the second gen for that matter) MacBook Pro (MBP), simply because, usually, it's a bad thing to buy Apple hardware in it's first gen. (Except for the iPhone currently)

But the MBP is excellent. It's not hot, it runs fast (even with it's stock 2 Gigs of RAM), and works flawlessly. The MBP had Tiger on it when I bought it, but came with a Leopard install disk, which is nice.

The only thing that I had problems with was, my old wireless card from AT*T was PCMCIA. The new MBP's have Express card slots. So, I had to get a new card. Which the guy at the store, let me tell you, was a prick. Dude, obviously, if I come in, ask for an exact model number for a laptop card, tell you I already have an account (which he had to verify, because he didn't believe I already had a SIM card), I have obviously already looked to see if my computer supports it.

He…

MacBook Pro Goodness

I bit the bullet.

I went out this weekend and purchased my first Intel based Mac. I didn't buy the first gen (or the second gen for that matter) MacBook Pro (MBP), simply because, usually, it's a bad thing to buy Apple hardware in it's first gen. (Except for the iPhone currently)

But the MBP is excellent. It's not hot, it runs fast (even with it's stock 2 Gigs of RAM), and works flawlessly. The MBP had Tiger on it when I bought it, but came with a Leopard install disk, which is nice.

The only thing that I had problems with was, my old wireless card from AT*T was PCMCIA. The new MBP's have Express card slots. So, I had to get a new card. Which the guy at the store, let me tell you, was a prick. Dude, obviously, if I come in, ask for an exact model number for a laptop card, tell you I already have an account (which he had to verify, because he didn't believe I already had a SIM card), I have obviously already looked to see if my computer supports it.

He…

Welcome back

iWeb is a great program, makes nice webpages, the problem is, it stores the entire website in one huge file called "Domain". So, I have taken the time to transition everything back to here.

Essentially, because iWeb keeps everything in that one file, I couldn't edit the webpage on multiple computers, nor could I edit it from the road. I used to keep the Domain file on my iDisk, so I could sync it between machines... Which was fine... except when it got to be like 250 Mb's. It was alot to sync. So, I decided to move everything back to my Linux server.

I'll probably lose some people in the transition between the iWeb domain, and bringing it back to my server, but hopefully they find me again.

Welcome back

iWeb is a great program, makes nice webpages, the problem is, it stores the entire website in one huge file called "Domain". So, I have taken the time to transition everything back to here.

Essentially, because iWeb keeps everything in that one file, I couldn't edit the webpage on multiple computers, nor could I edit it from the road. I used to keep the Domain file on my iDisk, so I could sync it between machines... Which was fine... except when it got to be like 250 Mb's. It was alot to sync. So, I decided to move everything back to my Linux server.

I'll probably lose some people in the transition between the iWeb domain, and bringing it back to my server, but hopefully they find me again.

TWiT -- This Week in Tech

This week I started listening to TWiT, otherwise known as This Week in Tech. With Leo Laporte and John Dvorak.

First of all, little bit of background, I listen to two (now three) podcasts. I listen to Diggnation (which is what got me started listening to Podcasts), and the Totally Rad Show. Both have Alex Albrecht in them, (he’s pretty funny), and the former has Kevin Rose, founder of Digg.com and both are from the TechTV show The Screen Savers. Which was a show ‘back in the day’ before G4 bought the channel and ruined it. Anyway...

I started listening to TWiT (Leo Laporte was also a host of The Screen Savers) today and kinda like it. There are just a couple things about it that I am not in total agreement with. First of all, it’s press and media ish people. There are no real real real geeks on the show. (Alex and Kevin have even lost a bit of touch.) Hello? There are geeks out there people that have the ability to talk to the public as well! (Uh, me?) People can joke and b…

TWiT -- This Week in Tech

This week I started listening to TWiT, otherwise known as This Week in Tech. With Leo Laporte and John Dvorak.

First of all, little bit of background, I listen to two (now three) podcasts. I listen to Diggnation (which is what got me started listening to Podcasts), and the Totally Rad Show. Both have Alex Albrecht in them, (he’s pretty funny), and the former has Kevin Rose, founder of Digg.com and both are from the TechTV show The Screen Savers. Which was a show ‘back in the day’ before G4 bought the channel and ruined it. Anyway...

I started listening to TWiT (Leo Laporte was also a host of The Screen Savers) today and kinda like it. There are just a couple things about it that I am not in total agreement with. First of all, it’s press and media ish people. There are no real real real geeks on the show. (Alex and Kevin have even lost a bit of touch.) Hello? There are geeks out there people that have the ability to talk to the public as well! (Uh, me?) People can joke and b…

Google Phone, Apple Stock, and other Random Blatherings

Today’s news has just been a buzz with Google’s announcement of their “gphone”. Wait...

Google’s phone is NOT a PHONE! It’s Open Software, FOR phones. Google isn’t making a phone (yet), and no products have been announced. So at this point, this is ‘releaseware’. Other phone companies (Motorola, Sony, Nokia, and the like) have to want to put Google’s software on their phones. Will they do that? When they have a significant investment in their own OS’es on their phones now? Time will tell.

Apple’s Stock Price --

I can’t complain. Everytime Apple’s stock price levels out and doesn’t go anywhere for awhile, they introduce something new. iPhone, iPod Nano, iPod Touch, 3rd Quarter earnings, new laptops... just keep on going Apple, keep on going.

Trolls--
I’ve noticed as of late alot of trolls in some IRC channels that I am in. Why would you come into a product channel and say “your product sucks because ”? Do I jump into the #windows channel and say “Control Panel sucks, therefore…