tag:blogger.com,1999:blog-200758892008-04-28T09:52:55.926-05:00todbBlogger77125tag:blogger.com,1999:blog-20075889.post-13939738922757808122008-04-10T18:03:00.006-05:002008-04-11T10:31:25.982-05:00

Here's a link to solve your new Flash woes if you upgraded and suddenly your favorite Flash site doesn't work any more: Download old-libflashplayer.so I just uploaded a known working (pre-April 9, 2008) version of the Flash player plugin for Firefox for Linux to the above link at FileCrunch. Directions: Download the Flash player plugin somewhere, like your Desktop. Then run these commands in a

todbtag:blogger.com,1999:blog-20075889.post-55486644964831640012008-03-23T20:51:00.003-05:002008-03-23T20:58:16.997-05:00

HacketyHack is a Ruby sandbox designed to teach kids how to program in a way that emphasizes speed and fun. Since I'm attempting to devour anything I can find about Ruby these days, this popped up while surfing around the various "Ruby lifestyle" sites. Since I have a few kids of my own, I'm hopeful this will come in handy. Maybe I can get my four year old to implement a Ruby TNS listener for me.

todbtag:blogger.com,1999:blog-20075889.post-5907028671189464982008-03-05T15:27:00.003-06:002008-03-05T15:41:33.837-06:00

So, I've finally caught my breath. In the last month, I've a) bought a new house, b) rented out my old house, c) moved my family 7 miles, d) suffered (with said family) some horrible bronchial infection and e) got a new position at BreakingPoint Systems, where I've been doing nothing but brush up on my practical Ruby and XML, and learn various protocol specs so that I can actually perform the

todbtag:blogger.com,1999:blog-20075889.post-18189023529742647322008-02-04T15:23:00.000-06:002008-02-04T15:31:51.008-06:00

So, if you don't have an insurance card handy for when it's time to re-register your vehicle, it's permissible to just make one with your favorite document editor and your favored insurance company logo at the top. The logo seems to be key -- the county worker's eyes went straight to it, and she didn't bother to really read the rest of the surrogate card I produced (so she didn't notice that I

todbtag:blogger.com,1999:blog-20075889.post-29227934700396734182008-01-08T07:58:00.000-06:002008-01-09T08:28:49.111-06:00

At least, it was according to Ryan's new blog. Which seems a little embarrassing to their new owners, McAfee. Oops. According to the report, credit card numbers and CVCs may have been stolen -- which means that Scan Alert, just like most people, were probably storing CVCs along with CC#'s in an unencrypted format. Nice. Update 2008-01-09: The compromised site in question here is Geeks.com, not

todbtag:blogger.com,1999:blog-20075889.post-45542485475365478002008-01-04T13:24:00.001-06:002008-01-04T13:28:57.447-06:00

A cursory blurb over on ZDNet has dubbed social networking sites as the next hacker frontier. To which i say, "Avast!" since I like piratical metaphors for hax0ring more than cowboy metaphors.

todbtag:blogger.com,1999:blog-20075889.post-33056951779637034342007-12-24T13:41:00.000-06:002007-12-24T13:46:38.362-06:00

I find it maddening that when Firefox fetches a web page via SSL, it will also incorporate non-SSL items without explicitly telling you /which/ elements were transmitted in the clear. I've whined about this before. Now, it came up again when I started using HTTPS-ified iGoogle. So, instead of actually working on Xmas eve, I wrote a Greasemonkey Script to try to make these this kind of thing more

todbtag:blogger.com,1999:blog-20075889.post-51540099805374427552007-11-09T15:55:00.000-06:002007-11-09T16:08:44.584-06:00

Oracle's latest CPU mentions, Oracle will proactively create patches only for platform/version combinations that, based on historical data, customers are likely to download for the next Critical Patch Update. We create patches for historically inactive platform/version combinations of the Oracle Database and Oracle Application Server only if requested by customers. So, it reads like, if you're

todbtag:blogger.com,1999:blog-20075889.post-50887721651907966732007-10-27T08:08:00.000-05:002007-10-27T08:15:15.027-05:00

I posted to my work blog a little ditty about detecting the Gozi stuff circulating now, after noticing that only one variation of the PDF was hitting a more general detection mechanism, over and over again. This is further proof, at least to me, that the run-of-the-mill mass attacker still doesn't give a whit about evasion -- they're after people with no security mechanisms in place, so having

todbtag:blogger.com,1999:blog-20075889.post-3778995776358261272007-10-19T12:41:00.000-05:002007-10-19T12:50:10.137-05:00

Information Week is running a story on MP3-based spam, which they're calling SpaMP3. Oldtime readers know I am completely ga-ga over new names for old problems, so I'm totally in love with this story. What they fail to mention is how creepy it the low bitrate/low sample rate actually sounds. Click here to download and hear it yourself -- note AV scanners may block, though there doesn't look to

todbtag:blogger.com,1999:blog-20075889.post-39012501624748829432007-10-18T13:09:00.000-05:002007-10-18T13:13:55.015-05:00

CNET is running a surprisingly insightful article about the current state of the global malware/spam delivery system known as the Storm Worm Botnet. I don't want to spoil the ending or anything, but the Storm network is really pretty advanced. If you haven't read Shockwave Rider by now, you probably ought to in order to appreciate what the global network is going to look like when Storm and its

todbtag:blogger.com,1999:blog-20075889.post-20484356795496384722007-10-17T16:56:00.000-05:002007-10-17T17:02:57.232-05:00

This story is the silliest fluff piece about the Internet I've seen since the breathless piece on Twitter. It's a list of keywords sorted by country. Okay. The implication is that America is way more interested in burritos and Iraq than, oh, Sweden is. Shrug. I can only assume that they had this pretty cool picture of Google-colored glasses, but no actual story to go with it.

todbtag:blogger.com,1999:blog-20075889.post-42969085844350847602007-10-11T12:26:00.001-05:002007-10-11T12:39:04.461-05:00

...but they have the potential for badness, like a chainsaw or strong encryption. See my interview about social networking on Dark Reading. It's not earth shattering 0days that make these sites a liability, but the casual trust that users invest in them. Oh, and the 0days -- which are sometimes there by design.

todbtag:blogger.com,1999:blog-20075889.post-33566003590904607772007-09-28T15:44:00.000-05:002007-09-28T15:47:33.692-05:00

What a day. This morning, I read an announcement that my employer, 3Com, is going to be taken private, bought up for 2.2 billion samoleans. It's even on TechCrunch, and while it's not a done deal, it's pretty close enough. Rad. This afternoon, I go to log into my primary bank. Oops, it's gone. What the hell. It's even on the FDIC press page. Not so rad. I guess if I had been paying attention

todbtag:blogger.com,1999:blog-20075889.post-42005482555647246642007-07-11T10:16:00.000-05:002007-07-11T10:28:27.644-05:00

Just a quick note -- after reading about thor's IE-to-FF 0day, I noticed a neato extension that has nothing to do with this -- the Locationbar2 extension, which does some nifty highlighting and clickability transformations on the Location bar. It's included in CyberNotes' Top 10 list of Firefox URL extensions. I often lament that browsers don't do a very good job of making the "current" window

todbtag:blogger.com,1999:blog-20075889.post-60519753854158347222007-06-19T11:00:00.000-05:002007-06-19T11:02:38.444-05:00

Nothing inspires panic in the hearts of web application hax0rs quite like a retiree rent-a-cop. Now get the hell out of my food court.

todbtag:blogger.com,1999:blog-20075889.post-91771918311209646012007-06-13T10:35:00.000-05:002007-06-13T10:57:12.016-05:00

After a pretty funny marketing salvo dissing Microsoft security, Apple went and released Safari for Windows. Trouble is, it's full of bugs.

todbtag:blogger.com,1999:blog-20075889.post-82757411179146248992007-05-31T08:33:00.000-05:002007-05-31T12:09:23.725-05:00

Today, Paweł Pokrywka announced the release of Etherbat, a Linux application for mapping local networks. The cool part is that it does its magic through ARP spoofing. I have a soft spot for limited information network mapping and device identification, and this does both, which makes it cool++ in my book. I've long wondered what other practical effects you could achieve with ARP spoofing (aside

todbtag:blogger.com,1999:blog-20075889.post-73289395001445033152007-05-21T10:20:00.000-05:002007-05-21T15:20:06.842-05:00

This started popping up today (click to embiggen): So, what is a normal user supposed to do with the warning that "parts of the page" were not encrypted? Seems that if you, the user, were counting on your Gmail contents being secret (maybe you're reading Gmail in the same room as Robert Graham), and you get this big red warning on your location bar, it's either a) too late to do anything about

todbtag:blogger.com,1999:blog-20075889.post-29044367537665868552007-03-18T11:28:00.000-05:002007-03-18T11:34:55.721-05:00

So, over the weekend, this popped up on the usual mailing lists: Month of MySpace Bugs, Yes!, or MOMBY. Loyal readers will know I've poked at MySpace a time or two, and faithfully reported my findings to what I've guessed is the right place (security@myspace.com and abuse@myspace.com), to be met with indifference from News Corp and quizzical looks from peers as to why I'm even bothering. So,

todbtag:blogger.com,1999:blog-20075889.post-3486332037943933932007-03-15T11:50:00.000-05:002007-03-15T12:01:58.457-05:00

Just like using Linux doesn't automatically make you a criminal, I doubt that using Nginx (proncouned, "Engine-X") is necessarily a criminal act. But is it an indicator? I noticed it today as part of a light analysis of a real world exploit of the Overlong RTSP link bug for Quicktime. This is a lightweight http server that is now associated with at least one case of network crime by serving up a

todbtag:blogger.com,1999:blog-20075889.post-54042915901425698612007-03-06T13:10:00.000-06:002007-03-06T13:15:14.422-06:00

Weird little PoC popped up on milw0rm a few days back -- a buffer overflow in Netrek. Just made me chuckle. I haven't played Netrek in maybe, what, 15 years? Besides, everyone knows that Nethack is the best game ever, and that's one I still play (though usually in its Slash'em incarnation).

todbtag:blogger.com,1999:blog-20075889.post-22458146959403929872007-02-24T14:42:00.000-06:002007-02-24T14:46:09.010-06:00

Today, I discovered that Fry's Electronics, once a bastion of computer/network/electronics geekery, is now completely irrelevant. I was shopping for a new mini-PCI wireless NIC, since my Intel chipset whatever-its-called OEM NIC that came with my IBM/Legend ThinkPad has always been weird and flakey, and I finally got sick of it. So, I packed one of the kids up in the car and bopped over to Fry's

todbtag:blogger.com,1999:blog-20075889.post-61614037173780764342007-02-11T09:13:00.000-06:002007-02-11T09:47:19.238-06:00

Strikingly similar to the RSA SecurID, PayPal has rolled out their own two-factor authentication (2FA) dongle. While it's easy to dismiss random number key fobs as susceptible to man-in-the-middle attacks, I do think that if such this device were required on all accounts, it would significantly impact the effectiveness of traditional phishing scams -- assuming the attacker is actually going for

todbtag:blogger.com,1999:blog-20075889.post-1165872101839589342006-12-11T15:14:00.001-06:002006-12-11T15:21:41.856-06:00

Like TOR, e-gold is one of those Internet institutions which enjoys an aegis of libertarian-style privacy and freedom surrounding it. In that light, this Wired article is a fascinating read. On the one hand, E-gold is constantly getting harassed by the U.S. government for catering to international criminals, and on the other, e-gold is actively monitoring transactions and building associative

todb