Skip to main content

Posts

Showing posts from March, 2008

Comment becoming a post

Got this as an anonymous comment on my last post:

"anonymous said...
How is it even remotely weak? Considering most virii spreading around these days is done via browser related vulnerabilities, I hardly would consider it "weak".

If it is so easy to discover browser vulnerabilities then how come IE7 held up on the Windows box (until the 3rd day when it was owned by flash)? How come you don't have any browser vulnerabilities credited to your name?

I hate to be "that guy", but the guy that won Pwn2Own walked away with $10k and a new laptop. I doubt he cares too much what bloggers think of him or his vulnerability, especially someone that hasn't done any similar research. Don't bash someone else's work unless you can reproduce it yourself.

Mon Mar 31, 08:55:00 AM"

My response:

Dear person-who-didn't-leave-their-name,

Who says I was bashing work? I still think it's a weak vulnerability.

I'm not saying that the guy that discovered it is st…

New Calendar phishing

The 419's will stop at nothing to scam you.  Now they are forging legit looking Calendar requests.  (Actually, this was a LEGIT calendar request!)  To get me to meet with them because I had won the death lottery.  Awesome.
Keep an eye out for these!  Classic.
Subscribe in a reader

Pwn2Own

People have been writing into me asking what I think of the Mac getting owned in the pwn2own contest at CanSecWest.
Truth is, two things.  I don't know about the exploit other than it was Safari related. And second, browser vulnerabilities suck.  No matter the browser, simply because there are so many exploits for every browser that is out there, and they pop up, then are quickly squashed all the time.  Plus, it's way too easy to just switch browsers now a days.  Many computers are starting to have more than one browser on them now..  not by default, but just by sheer happenstance.
All in all, I am going to say the same thing I said last year when the same thing happened at CanSecWest when a Mac was owned via the browser, then that's all I am going to say about it.
Weak.
Subscribe in a reader

New Calendar phishing

The 419's will stop at nothing to scam you.  Now they are forging legit looking Calendar requests.  (Actually, this was a LEGIT calendar request!)  To get me to meet with them because I had won the death lottery.  Awesome.
Keep an eye out for these!  Classic.
Subscribe in a reader

Top 30 podcasts in iTunes

Not only did our podcast finally get indexed (correctly) by iTunes yesterday, but today I looked in there, and our podcast is in the top 30!  Now, I know that the algorithm that manages the top "whatever" is done by how many people subscribe all at once and new subscribers and that kind of thing, so naturally, we are going to shoot up at first..  But I thought it was cool.  (No I don't really know how the algorithm works, it's just a hunch, and I know it will be different on other people's computers...
So, thanks.    Subscribe through iTunes here!
Digg it here.



Subscribe in a reader

Top 30 podcasts in iTunes

Not only did our podcast finally get indexed (correctly) by iTunes yesterday, but today I looked in there, and our podcast is in the top 30!  Now, I know that the algorithm that manages the top "whatever" is done by how many people subscribe all at once and new subscribers and that kind of thing, so naturally, we are going to shoot up at first..  But I thought it was cool.  (No I don't really know how the algorithm works, it's just a hunch, and I know it will be different on other people's computers...
So, thanks.    Subscribe through iTunes here!
Digg it here.



Subscribe in a reader

A new podcast hits the airwaves

Last night Dr. Johannes and I sat down and recorded the first podcast of the Internet Storm Center.  Episode One.  The audio on my mic at the beginning is a bit low (I wasn't close enough to the mic), and Johannes's mic almost the whole way through was red peaking.  (I had him turned up too loud).  We recorded the whole thing over Skype, and I used Garargeband to master the sound.  It was pretty cool.  I am still learning how to use Garageband, so you might have to bear with me for a couple podcasts still, but I'm getting it.  In total there are about 8 tracks on the podcast, all requiring equalization and mastering, fading in and out, album art... etc.  So, it was kind of interesting.  
You can get the podcast through iTunes here.  (Hit subscribe, it'll download the newest one)  Or for you non-iTunes users, you can get it here.  Right now I only have it available in m4a (aac compression), but we should get the mp3 up very soon.  (I ran out of time last night, screaming…

A new podcast hits the airwaves

Last night Dr. Johannes and I sat down and recorded the first podcast of the Internet Storm Center.  Episode One.  The audio on my mic at the beginning is a bit low (I wasn't close enough to the mic), and Johannes's mic almost the whole way through was red peaking.  (I had him turned up too loud).  We recorded the whole thing over Skype, and I used Garargeband to master the sound.  It was pretty cool.  I am still learning how to use Garageband, so you might have to bear with me for a couple podcasts still, but I'm getting it.  In total there are about 8 tracks on the podcast, all requiring equalization and mastering, fading in and out, album art... etc.  So, it was kind of interesting.  
You can get the podcast through iTunes here.  (Hit subscribe, it'll download the newest one)  Or for you non-iTunes users, you can get it here.  Right now I only have it available in m4a (aac compression), but we should get the mp3 up very soon.  (I ran out of time last night, screaming…

Happy Birthday OSX!

Seven years old today.  Happy Birthday OSX.  March 24, 2001, Apple Releases OS X (10.0) Code-named Cheetah.  Remember those days?  I was to meet my wife (to be) a week later...  What is now the Apple Store in my local mall used to be a 5-7-9.  My primary operating system at the time was Redhat/XP.  A year later I bought a Mac.
Time flies.  Remember pre-OSX?   Now remember seven years ago... No iPod's?  No iPhones?  No Apple Stores?  
Subscribe in a reader

Happy Birthday OSX!

Seven years old today.  Happy Birthday OSX.  March 24, 2001, Apple Releases OS X (10.0) Code-named Cheetah.  Remember those days?  I was to meet my wife (to be) a week later...  What is now the Apple Store in my local mall used to be a 5-7-9.  My primary operating system at the time was Redhat/XP.  A year later I bought a Mac.
Time flies.  Remember pre-OSX?   Now remember seven years ago... No iPod's?  No iPhones?  No Apple Stores?  
Subscribe in a reader

Happy Easter

Just wanted to wish a Happy Easter to everyone.  Take time and spend it with your loved ones.
Subscribe in a reader

Happy Easter

Just wanted to wish a Happy Easter to everyone.  Take time and spend it with your loved ones.
Subscribe in a reader

APPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1

I just posted this over at the ISC as well, but I thought i'd post it here as well in case people don't read both.

Fresh on the heels of yesterday's huge Apple Security Update 2008-0002, today Apple released 2008-03-19 firmware update for the current (and pre-gigabit) Airport Extreme Base Stations.AirPort Extreme Base Station with 802.11n*
CVE-ID: CVE-2008-1012
Available for: AirPort Extreme Base Station with 802.11n*
Impact: A maliciously crafted AFP request may lead to a denial of
service
Description: An input validation issue exists in the AirPort Extreme
Base Station's handling of AFP requests, which may cause file sharing
to become unresponsive. This update addresses the issue by performing
additional validation of AFP requests. This issue does not affect
Time Capsule or AirPort Express. The fix for this issue is available
in the following separate updates:
- - AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1
- - AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1
Credi…

APPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1

I just posted this over at the ISC as well, but I thought i'd post it here as well in case people don't read both.

Fresh on the heels of yesterday's huge Apple Security Update 2008-0002, today Apple released 2008-03-19 firmware update for the current (and pre-gigabit) Airport Extreme Base Stations.AirPort Extreme Base Station with 802.11n*
CVE-ID: CVE-2008-1012
Available for: AirPort Extreme Base Station with 802.11n*
Impact: A maliciously crafted AFP request may lead to a denial of
service
Description: An input validation issue exists in the AirPort Extreme
Base Station's handling of AFP requests, which may cause file sharing
to become unresponsive. This update addresses the issue by performing
additional validation of AFP requests. This issue does not affect
Time Capsule or AirPort Express. The fix for this issue is available
in the following separate updates:
- - AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1
- - AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1
Credi…

Verizon sets rules for Open Development

I don't want to retype a whole bunch of nonsense, but Verizon has finally published it's specs for Open Development as it promised last month.
Click here for the link.  So this essentially lets anyone develop a phone for Verizon's network, as long as it functions correctly.
Subscribe in a reader

Verizon sets rules for Open Development

I don't want to retype a whole bunch of nonsense, but Verizon has finally published it's specs for Open Development as it promised last month.
Click here for the link.  So this essentially lets anyone develop a phone for Verizon's network, as long as it functions correctly.
Subscribe in a reader

Questions I was Googled for today

In my first installment of "you came to my website because you Googled for something", I take your questions and answer them:
"gdbm invalid argument" -- you were probably trying to install gdbm on osx, where the bin group doesn't exist.  Go here.
"leopard graphics update" -- you were probably wondering what the hell it is.  I don't know.  But here's the post about it.
"the punisher" -- You were probably looking for the movie.  But you came to my site because of a friend of mine whose site is called "The Punisher".
"when was nuclear fusion discovered" -- I have no idea how you wound up at my site.  Here's Wikipedia.  But it appears the answer is "1932".
"make looped ringtones" -- I talked about this on my Garageband post.
"how to airport extreme powerbook"  -- You were probably looking for how to install an airport extreme card into a powerbook.  Uhhh, unless you have a really really old…

Science fiction author Arthur C. Clarke dies aged 90

As if you haven't read it in 90 other publications already,  Arthur C. Clarke died today at the age of 90.  The man who wrote "The Sentinel"  (No, not the movie with Michael Douglas and Keifer Sutherland in it), the book on which "2001:  A Space Odyssey" was based.
R.I.P.
Subscribe in a reader

Questions I was Googled for today

In my first installment of "you came to my website because you Googled for something", I take your questions and answer them:
"gdbm invalid argument" -- you were probably trying to install gdbm on osx, where the bin group doesn't exist.  Go here.
"leopard graphics update" -- you were probably wondering what the hell it is.  I don't know.  But here's the post about it.
"the punisher" -- You were probably looking for the movie.  But you came to my site because of a friend of mine whose site is called "The Punisher".
"when was nuclear fusion discovered" -- I have no idea how you wound up at my site.  Here's Wikipedia.  But it appears the answer is "1932".
"make looped ringtones" -- I talked about this on my Garageband post.
"how to airport extreme powerbook"  -- You were probably looking for how to install an airport extreme card into a powerbook.  Uhhh, unless you have a really really old…

Science fiction author Arthur C. Clarke dies aged 90

As if you haven't read it in 90 other publications already,  Arthur C. Clarke died today at the age of 90.  The man who wrote "The Sentinel"  (No, not the movie with Michael Douglas and Keifer Sutherland in it), the book on which "2001:  A Space Odyssey" was based.
R.I.P.
Subscribe in a reader

Microsoft Polishes a Turd with SP1

Microsoft released their big SP1 update for Vista today.  Check out the Vista team's blog here.  Good luck with SP1.  I've heard it doesn't improve much, including most of the things that caused it to be largely rejected by the Windows community overall.
Subscribe in a reader

Answering Googled questions

Since my blog is indexed by Google, Yahoo, MSN, and whatever else search engines have found me, I get alot of hits from people searching for simple answers to questions.  When I look at them, I realize that there probably isn't a good way to answer the questions that are asked.  Obscure questions like "What does it mean to close port 80?".
So, I had a thought, maybe I'll take these every once in awhile and make a post to answer these questions.   So, what I'll do is grab some of these, write a blog entry and put it up.  So basically, if you have questions, feel free to ask em..  If I don't know the answer, I know someone who does.
Subscribe in a reader

Mail and it's conversion

I recently had to move a ton of email (several hundreds of thousands) from one server to another.  (Damn you Gmail IMAP).  On one server all my email was in Maildir and in order to move all that email to the server I wanted it on, I had to import it into Mail.app.  Mail.app imports from a number of formats, the one I was interested in was mbox.  So, I scp'ed all my email down from server #1, of course, in Maildir.  So I needed some conversion from Maildir to mbox.  I found this script online with a quick Google search:
#!/bin/bash
echo search mdir-files in $1 and send them to mbox: $2
for file in `find $1 -type f`
do
echo parsing: $file
cat $file | formail >> $2
done
It took a long time to do, but now all my email is comfortably resting on server #2.  
Subscribe in a reader

Microsoft Polishes a Turd with SP1

Microsoft released their big SP1 update for Vista today.  Check out the Vista team's blog here.  Good luck with SP1.  I've heard it doesn't improve much, including most of the things that caused it to be largely rejected by the Windows community overall.
Subscribe in a reader

Answering Googled questions

Since my blog is indexed by Google, Yahoo, MSN, and whatever else search engines have found me, I get alot of hits from people searching for simple answers to questions.  When I look at them, I realize that there probably isn't a good way to answer the questions that are asked.  Obscure questions like "What does it mean to close port 80?".
So, I had a thought, maybe I'll take these every once in awhile and make a post to answer these questions.   So, what I'll do is grab some of these, write a blog entry and put it up.  So basically, if you have questions, feel free to ask em..  If I don't know the answer, I know someone who does.
Subscribe in a reader

Mail and it's conversion

I recently had to move a ton of email (several hundreds of thousands) from one server to another.  (Damn you Gmail IMAP).  On one server all my email was in Maildir and in order to move all that email to the server I wanted it on, I had to import it into Mail.app.  Mail.app imports from a number of formats, the one I was interested in was mbox.  So, I scp'ed all my email down from server #1, of course, in Maildir.  So I needed some conversion from Maildir to mbox.  I found this script online with a quick Google search:
#!/bin/bash
echo search mdir-files in $1 and send them to mbox: $2
for file in `find $1 -type f`
do
echo parsing: $file
cat $file | formail >> $2
done
It took a long time to do, but now all my email is comfortably resting on server #2.  
Subscribe in a reader

PaulDotCom Community Blog

So, over on the PaulDotCom mailing list several of us were discussing the idea for a wiki strictly for the security community.  Sections for malware, IDS's, Anti-virus and such.  I thought this was a good idea.  Then we said, "Hey, since the new mainstream media for people in our line of work is quickly becoming blogs and online journalism, why don't we start a blog.  But instead of just one person being able to blog, open the blog to lots of people.  People we know of course, but more than just a couple people.  How diverse would that be?
Well, Paul (of PaulDotCom) started the blog over at http://pauldotcommunity.blogspot.com and is going to be adding bloggers soon.  I think this might be a very interesting experiment.  
I've also linked it over on the blog roll on the right ----->
Subscribe in a reader

Internet Zoning Initiative, and why it's stupid

Usually I'm not very vocal about 'policy' ideas.  Things that may become law in other words..  But I read this article as a recommendation from Marc Sachs.  We were sitting in the ISC chat room last night, he asked us if we had read it, and I said no.  So I grabbed the pdf and here I am blogging about it.
So essentially what the Internet Zoning Initiative is, is the ability (trying to become a requirement) for lawmakers to tell web providers to essentially make different "channels" out of the web.
For instance, if you had a website that had normal content and adult content, it would require you to run a "Child-free" website on port 80, then, using virtual hosting, run your adult website on port 69.  (Or whatever.)  Here's an example they give in their pdf:
Now, this, to me, is like asking a kid to click on, "Are you above the age of 18?  Yes, or No".  If a teenager (or adult for that matter) wants to go and look at whatever they want to look …

PaulDotCom Community Blog

So, over on the PaulDotCom mailing list several of us were discussing the idea for a wiki strictly for the security community.  Sections for malware, IDS's, Anti-virus and such.  I thought this was a good idea.  Then we said, "Hey, since the new mainstream media for people in our line of work is quickly becoming blogs and online journalism, why don't we start a blog.  But instead of just one person being able to blog, open the blog to lots of people.  People we know of course, but more than just a couple people.  How diverse would that be?
Well, Paul (of PaulDotCom) started the blog over at http://pauldotcommunity.blogspot.com and is going to be adding bloggers soon.  I think this might be a very interesting experiment.  
I've also linked it over on the blog roll on the right ----->
Subscribe in a reader

SANSFIRE 2008

Found out yesterday that i'll be giving a talk at SANSFIRE 2008.  I have a topic (I don't want to publicly share it yet, as the title might change a bit) and it'll probably be one of the evening talks.
I don't know yet where or when the talk/speech will be (of course at SANSFIRE, but I mean, room and time)  so we'll see.  I'll keep the blog updated with more info as I find out.
Subscribe in a reader

SANSFIRE 2008

Found out yesterday that i'll be giving a talk at SANSFIRE 2008.  I have a topic (I don't want to publicly share it yet, as the title might change a bit) and it'll probably be one of the evening talks.
I don't know yet where or when the talk/speech will be (of course at SANSFIRE, but I mean, room and time)  so we'll see.  I'll keep the blog updated with more info as I find out.
Subscribe in a reader

Port 7100/udp part deux

I wrote about port 7100/udp before.  We had a bunch of packets submitted at the ISC, all rather random.  
Buddy of mine wrote this about it: "The overrall packet size is very strongly 104 bytes. So a set hash length. and packets all doing about the same function.  A handful have been observed (like maybe 400 out of 2 million) with a length of 1144 bytes."

Nothing ever came of it.  You can see the graph here.  We still don't know what to make of it, so if you know what the deal was, or have any more intel, feel free to write in and let us know.  
Subscribe in a reader

Apple TV, my personal review

By now, you have probably heard of the Apple TV, a device that is essentially a fancy-pants iPod for your TV.  Allowing you to take your media that is in your iTunes and have it play on or through your TV.
iWanted one when it first came out, but I couldn't bring myself to buy it.  Couldn't justify it.  Hard drive was too small, price point too high.
Then Apple came out with a second version, with way more harddrive space, (160 G's) but the price point was too high for the features that you get.  (You still had to buy movies on your iTunes on your computer, then transfer them over to the AppleTV when it got done downloading.)
Then Steve Jobs came out with the "AppleTV: Take two".  They lowered the price point, and made the ability to rent movies directly from my couch possible.  Excellent.  This is exactly what I was waiting for.  So, being such that it was my birthday, I went down to the local Apple Store and bought one.  The bigger one that was 329.00.  
Brought it …

Port 7100/udp part deux

I wrote about port 7100/udp before.  We had a bunch of packets submitted at the ISC, all rather random.  
Buddy of mine wrote this about it: "The overrall packet size is very strongly 104 bytes. So a set hash length. and packets all doing about the same function.  A handful have been observed (like maybe 400 out of 2 million) with a length of 1144 bytes."

Nothing ever came of it.  You can see the graph here.  We still don't know what to make of it, so if you know what the deal was, or have any more intel, feel free to write in and let us know.  
Subscribe in a reader

Apple TV, my personal review

By now, you have probably heard of the Apple TV, a device that is essentially a fancy-pants iPod for your TV.  Allowing you to take your media that is in your iTunes and have it play on or through your TV.
iWanted one when it first came out, but I couldn't bring myself to buy it.  Couldn't justify it.  Hard drive was too small, price point too high.
Then Apple came out with a second version, with way more harddrive space, (160 G's) but the price point was too high for the features that you get.  (You still had to buy movies on your iTunes on your computer, then transfer them over to the AppleTV when it got done downloading.)
Then Steve Jobs came out with the "AppleTV: Take two".  They lowered the price point, and made the ability to rent movies directly from my couch possible.  Excellent.  This is exactly what I was waiting for.  So, being such that it was my birthday, I went down to the local Apple Store and bought one.  The bigger one that was 329.00.  
Brought it …

Subscribers Part 2

In my previous post I said that I lost about 100 subscribers.  Looks like one of the url's that I had through Google Reader didn't transfer over, and one of the url's that bloglines grabs didn't transfer over.
See the problem is this:   Some people subscribed to esler.is-a-geek.net Some subscribed to www.joelesler.net
Under those two domain names, some people subscribed to the rss.xml, and others subscribed to the atom.xml.  (Little did you know, it was the same exact file.. heh)
That's a potential of 4 different subscription points.  Then, as I have been trying to do, I had everyone (using mod_redirect) reading the feeds from feedburner.  At this url: http://feeds.feedburner.com/RandomThoughtsFromJoelsWorld.  This is the url that is now managing all the feeds.
So what it looks like happened is, I lost all the people that were subscribed through Google Reader and Bloglines at the esler.is-a-geek.net url.   I can correct some of that, by using webhops and redirects, but I…

Subscribers Part 2

In my previous post I said that I lost about 100 subscribers.  Looks like one of the url's that I had through Google Reader didn't transfer over, and one of the url's that bloglines grabs didn't transfer over.
See the problem is this:   Some people subscribed to esler.is-a-geek.net Some subscribed to www.joelesler.net
Under those two domain names, some people subscribed to the rss.xml, and others subscribed to the atom.xml.  (Little did you know, it was the same exact file.. heh)
That's a potential of 4 different subscription points.  Then, as I have been trying to do, I had everyone (using mod_redirect) reading the feeds from feedburner.  At this url: http://feeds.feedburner.com/RandomThoughtsFromJoelsWorld.  This is the url that is now managing all the feeds.
So what it looks like happened is, I lost all the people that were subscribed through Google Reader and Bloglines at the esler.is-a-geek.net url.   I can correct some of that, by using webhops and redirects, but I…

Subscribers

Seems when I moved my blog I lost about 100 readers, and a bunch of people have been Googling me and successfully finding me again..  So, hopefully they don't get too lost..  My rss feed is below.  I serve my rss and atom feeds through Feedburner.  Lets me keep all the readers in one place.  More predictable that way.
When I was on my previous cable provider I had unfiltered inbound port 80.  Now I am on Verizon FIoS, and I don't have that luxury without paying for a business account.  So I moved the blog to Google's servers.  Not only is it faster for me to update the blog (instantly, there used to be a 5 minute delay), but I don't have any of the maintenance anymore. Cool
Subscribe in a reader

Live from the Apple SDK event

No, I'm not actually there.  But Engadget is.  Hit the link.
So far -- -- ActiveSync, Native iPhone with Exchange.  Including calendar, contacts, GAL, etc.. -- Remote wipe -- SDK
Check out the link above.
Subscribe in a reader

Subscribers

Seems when I moved my blog I lost about 100 readers, and a bunch of people have been Googling me and successfully finding me again..  So, hopefully they don't get too lost..  My rss feed is below.  I serve my rss and atom feeds through Feedburner.  Lets me keep all the readers in one place.  More predictable that way.
When I was on my previous cable provider I had unfiltered inbound port 80.  Now I am on Verizon FIoS, and I don't have that luxury without paying for a business account.  So I moved the blog to Google's servers.  Not only is it faster for me to update the blog (instantly, there used to be a 5 minute delay), but I don't have any of the maintenance anymore. Cool
Subscribe in a reader

Live from the Apple SDK event

No, I'm not actually there.  But Engadget is.  Hit the link.
So far -- -- ActiveSync, Native iPhone with Exchange.  Including calendar, contacts, GAL, etc.. -- Remote wipe -- SDK
Check out the link above.
Subscribe in a reader