Computer Journalism Rathole

PC Magazine is running a story, Texas PC Repair Now Requires PI License, which cites GearLog as its source (but no particular article). Gearlog, in turn, cites The CW33 via this article. CW33 is a television station newsroom which cites... nobody.

Through some other means, a friend turned up This KVUE story (another TV station), which mentions the "newly formed Institute for Justice." Googling with that phrase turns up the IJ press release, which might be the original source.

Holy hell. And nobody has even mentioned which new law we're talking about here, including the IJ.

Attention real journalists: Cite your damn sources. Sheesh.

Attention press release writers: Cite the law, please, so I don't have to paw around for that, too. I am very, very lazy.

Attention Mike Rife, owner of PCTech: If you're going to complain about getting a PI license, maybe you should button your shirt before you get mistaken for a real fake PI.

Update: Found it. My laziness was vanquished. Here is a writeup of the legislative text, thanks to some blog called "Post Process." Presumably, these guys are involved in forensics.

NB: Of all the people I know who practice network forensics in Texas (myself included), approximately zero percent hold a PI license, and the pre-2007 text seems to imply that all we Intrusion Analysts need a special Texas license, too. IOW, this sounds awfully unenforced, if not unenforceable.

Microsoft defaced... sort of

Well, you don't see that every day:



The working theory is that there's a new root name server in town, which has taken over the old IP address of the "L" root (story here).

And it's returning bad information for, among other sites, www.microsoft.com.

On Microsoft Tuesday.

Isn't that sweet?

You may want to remove any reference to the old-and-busted address of L on your network. If you're an end user, it looks like OpenDNS has done this for you.

Metasploit.com defaced... sort of

Well, I feel vindicated. Wired is reporting that Metasploit was defaced via ARP spoofing. While the issue was fixed reasonably quickly, I have a personal affinity for this particular attack. You see, at DallasCon 2003, I used the exact same attack to quote-deface-unquote the target web server set up for a capture the flag competition. Within about an hour and a half of the contest's start, I had rerouted all the incoming traffic to my own laptop's Apache server, claiming victory with some "joo r 0wned" web page.

Unfortunately for me, my attack was discounted by the judges, because it wasn't "realistic," and thus, I didn't win the prize -- some $50 peice of 802.11 hardware, IIRC. The following year, ARP spoofing was specifically outlawed as a valid attack.

I'm happy to see that ARP spoofing a target from within the same broadcast network is, in fact, being used "in the wild" as they say. And it would have been effective for trojaning users, at least; you could do a fair bit of damage by cloning and replacing Metaspliot's download link with a custom keylogger version of the venerable attack suite.

So take that, conference organizers from 5 years ago! Now gimme me prize!