Archive for April, 2005

Apr 28 2005

Be careful of misspelling URL’s

Published by under General

There have a rash of malicious sites that have URL’s that are one mistype away from other high traffic sites. This is nothing new, as there’ve been this type of site around since the creation of the modern Internet. Anyone remember whitehouse.com? The new sites are taking it a little farther than simply offering you porn; their apparently downloading software to your system automatically, with or without your permission. One report mentioned over 20 different spyware products that we’re being downloaded by a single site.

So watch your spelling.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Apr 27 2005

10k Hits, 1 year’s data

Published by under Site Configuration

Earlier this week marked one year’s worth of tracking traffic to my site. Around the same time, I received the 10,000th visit to my site. Lies, damn lies, and statistics. A cool milestone to hit, but the numbers don’t mean anything in the real wold.

I won’t be posting much for the next week or two. Heavy duty project coming up, need the time for preparations. Should be a fun IDS project. I’ll see what I can write about here without disclosing too much.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Apr 25 2005

Some site maintenance

Published by under Site Configuration

Performed some site maintenance over the weekend, retiring my Coyote Linux firewall, installing a new router, reconfiguring the web page due to some determined comment spammers. I need two aspirin and a nap. I even forgot my laptop at home this morning. I’m gonna take the rest of the day off.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Apr 22 2005

Customer Service: Good and Bad

Published by under General

First of all, this post has nothing to do with security, I just felt like ranting for a couple of minutes.

Over the last few days I’ve had two brushes with customer service, one of which left me feeling good, the other, well, the other just didn’t. Years ago I worked in the service industry, which left me with a critical eye for how others perform their customer service. As with many things in my life, I like to compliment the good behaviors and call out the bad ones. This is a rather long rant, so I’ve placed most of it in the extended entry.

Continue Reading »

One response so far

Apr 19 2005

Peer-to-peer in Longhorn

Published by under Microsoft

I received the following email from Michael Surkan at Microsoft. After asking him to verify his identity, a little looking around let me know I’m not the first to receive the same request. I’m posting the link because I think it’s more important to give feedback and have some small influence on the direction MS is going. The survey takes about 10 minutes to take, and is relatively innocuous. Make up your own mind about whether you want to take it or not.

And here’s a link to someone who did a lot more checking into Mr. Surkan, though this was about a different survey he was looking for input on. The author of this page declined Mr. Surkan’s request because he feels Microsoft is just trying to get something for nothing. I feel this is kind of like voting for President; if you didn’t vote, you have no right to complain.

Martin,

I am trying to collect customer input on some networking features Microsoft is considering in Longhorn that I thought you might want to pass on to some of your blog readers. If you think the current project I am working on would be of interest to your blog readers, I would love it if you could post my survey link. If you don?t think this would be of interest to your readers that?s ok.

The Microsoft network product team is investigating ways of resolving peer-to-peer connectivity problems in Longhorn, and we would like to get customer feedback to help validate some of the design proposals.

Today, there are many situations where users are unable to run such functions as remote assistance, voice/video conversations, and many other peer-to-peer functions because of firewalls, NATs and other network configuration problems. Our goal is to build networking technology into the operating system that will overcome many of these problems, allowing these peer-to-peer scenarios to ?just work?.

This survey outlines some of the proposals for resolving these connectivity problems, and asks for feedback on them. We would love to get the opinions from a wide range of users, and markets (e.g. consumers, large IT departments, etc) since this would have implications for everyone.

http://www.surveymonkey.com/s.asp?u=25832974669&c=mmb

Thanks,

Michael Surkan

Program Manager,

Networking & Devices

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Apr 19 2005

Currently Reading

Published by under General

Managing for Enterprise Security

Firefox Hacks

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Apr 15 2005

FEC?

Published by under General

RedState.org ||

I wasn’t even aware that the Federal Election Committee was trying to regulate the Internet, but I’m glad someone is trying to step up and stop them. I’ll be one of the first to admit that the ‘wild west’ environment of the Internet has to end some time, but the limitations the FEC would like to put in place are not the way to go. I’m also a big supporter of campaign finance reform, but I don’t think the Internet should fall under the FEC pervue.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Apr 14 2005

Cover up of security breaches

Published by under Phishing, scams, etc.

SecurityFocus HOME News: It’s official: ChoicePoint, LexisNexis rooted

The admissions – under oath, finally – that these companies gladly covered up their blunders and misdeeds, until required by California law to notify victims, proves that regulation is essential to keeping them honest.

I’m normally of the mindset that government should stay out of business as much as possible. But when I hear about what businesses are willing to do, and more importantly, what they’re willing to do to us, I feel myself wanting more government involvement. One thing that worries me about this is that SB1386 (the California law referred to in the article) specifically exempts state and federal governments. If businesses are willing to cover up comprimises, what’s to stop the government from doing the same?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Apr 14 2005

How to report a Microsoft Vulnerability

Published by under Microsoft

I recieved this in my email yesterday, courtesy of the NT BugTraq mailing list. Given the difficulty in contacting Microsoft some people have reported in the past, I’m glad they’re being proactive in getting this information out there. Now to wait and see if they actually respond in a meaningful way to issues reported through the email and web site.

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Hello!

The Microsoft Security Response Center investigates all reports of
security vulnerabilities sent to us that affect Microsoft products.
If you believe you have found a security vulnerability affecting a
Microsoft product, we would like to work with you to investigate it.

We are concerned that people might not know the best way to report
security vulnerabilities to Microsoft. You can contact the Microsoft
Security Response Center to report a vulnerability by emailing
secure@microsoft.com directly, or you can submit your report via our
web-based vulnerability reporting form located at:

https://www.microsoft.com/technet/security/bulletin/alertus.aspx.

Sincerely,
Microsoft Security Response Center

—–BEGIN PGP SIGNATURE—–
Version: PGP 8.1

iQIVAwUBQlbY4oreEgaqVbxmAQK5yhAAkm+H1/V69L5iLILNuSUSsgnd4Tw5Lzwj
uyhigxfdJR9WYXSNg/7WCoMI77G6No8QvKOfkrXqbyv6SYcR5ZVDWYzeE3+jgje+
AfqWT9r0du8Wj7q+Qby/j61OaezQkGoX/WRM+KV/RAhSVgXybcUMmdyeBNY9TiBg
ixlCuE75VndS0vMwkf8rzGaW/YXzMveLEXKGyYhkkZEDZ+Q2NZeFwxsXUEfw8yCL
nUYm6D9KAz5ekhRNtv22eoTXfTrXOfdziEAGGB1J6hKowEgeTaKcRPuTadz4A8YB
gGzJPN3J6t1Au1IHRsgfnVou9INFtahHA5B1NbfKyHGLsoztYKqXxLo4u7Z/b2+a
Vj8yiZNmaFD1IPzPnb4LS4RBZSgPMcwaB6pbXt7Y9n/g8VmrkqouDEdprHlMltoS
JpqYpnTdZtsxaGg6wimaFv7CocdV4CKAuOpVdjvlezc6jUYLQ/H/LzgDFDekTXZv
TNJ7qzRl4GFKt2fK7+7m60x3VukWNy3JGQSxgOX7mkftfglrHzyOL6AtDwhf2ff4
uNVbWek9bTgpVvmmpxnFGu/h5hLp5/Hqe98lv2axlbEFLP1ZD00rNPPSLCxRY/xL
8DGokeQT2Oc1HysO2jo7kpFjW4mCTTh9qK1lh0ju7gGQa66SMJ9woT2V6sSsOwpS
LO3tKPf9GIQ=
=kT17
—–END PGP SIGNATURE—–

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Apr 14 2005

SotM #34

Published by under General

SotM 34

The Honeynet Project Scan of The Month #34.

They list this as an intermediate skill level. I’ve tried a couple of these before, and their not easy. If I can find the time to run through this, I’ll post my results here. If you have the time to run through it, drop me a line so I can see what you found.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off

Next »

7ads6x98y