Archive

Archive for May, 2007

Python: Download Heroes Graphic Novels

May 23rd, 2007 2 comments

I'm a big Heroes fan... but something I didn't do was read the graphic novels available online... I'm not sure if reading them after the season is over will have the same affect but I guess I'll find out. Anyways NBC has 34 of these novels now and I decided I wanted to grab them all... Instead of using some wget-fu (since my wget-fu isn't so good) I decided to throw together a little python script to do the job. I'm adding the result here just in case anyone else wants all of these downloaded.

getHeroes.py

Categories: Python Tags:

AK-47, SCUD, RADAR, QoS… Huh?

May 14th, 2007 3 comments

Sometimes the sheer... I'd rather not use stupidity here so... ignorance of some groups astounds me. I'm not an American citizen but I can only imagine the loss of morale among both men and women overseas and their families in the US. For those of you that aren't sure what I'm talking about, I came across a post today over on Bits from Bill, which referenced a memo to the troops. Moments after reading the post, and making a mental note to blog about it later, I came across mention of it on the Register.

At first when I read this I outraged for those service men and women who must deal with this... They are cut off from communicating with their loved ones... but then I rethought it... Although I still feel it wasn't the proper way for the US military to deal with the problem... I don't think it should be that disheartening to those people overseas and their families... Yes that contradicts what I initially said... because I'm sure they are experiencing a decrease in morale, but I don't think they should be.

Let's look at the sites affected:

  • youtube.com
  • 1.fm
  • pandora.com
  • photobucket.com
  • myspace.com
  • live365.com
  • hi5.com
  • metacafe.com
  • mtv.com
  • ifilm.com
  • blackplanet.com
  • stupidvideos.com
  • filecabi.com

I'm actually ashamed to say that even though I spend a great deal of time around my computer, some of those sites are foreign to me. So why isn't the blocking of these sites a big deal? There are no communication forms blocked there... Sure people may use MySpace to communicate with friends and family and they may post pictures to photobucket or even home videos to YouTube (or so they may claim). Who cares (and maybe this is my ignorance because I don't know what's in place)? I don't see Hotmail, GMail, Yahoo Mail or any other email sites that have large mail boxes and allow for attachments. They can easily be used for communication still. I see media sites being blocked and social networking sites being blocked... I think this is legitimate.

So where does my problem lie? With the US Military saying they are filtering because of bandwidth problems... The US Military spends plenty of money... I'm sure they've got decent tech support and network admins. Any network admin that's any good would tell you the solution isn't filtering the sites but implementing proper QoS. As other blogs have pointed out, the soldiers will find ways around the filters (proxies or alternate sites). If it really is an issue of bandwidth interfering with legitimate operations... then QoS should have been implemented. Perhaps this acronym is not familiar with the network techs in the US Military... if so, I'd say the US has bigger problems than what's going on overseas right now... If their techs are unfamiliar with QoS then I'm wiling to bet they have gaping holes all over their network.

Now if the filtering of these sites is due to security risks... The set of sites filtered should be much larger, however it should still be done in tandem with QoS.

My last comments take me back to the SC Magazine blogs... they also posted an article on this issue. They pointed out that the memo also stated that these sites caused a "significant operational security challenge". The problem I have with that is that they filtered a small subset of these sites, not all of them. The author of the SC Magazine article also points out that if soldiers are clogging up the network that the Army didn't make a bad decision. I would think that SC Magazine would have technical people working for them... so once again I'll scream, "QoS".

The SC Magazine article finished with the following paragraph, which left me speechless:

But when you’re faced with the already daunting task of training tens of thousands of young men and women to guard against insurgent attacks and roadside bombs, somehow I don’t think also educating them on safe computing is an efficient undertaking.

Educating people in the US Army that are using US Army computers don't need to be educated in safe computing? This takes the cake. The author of this article has no clue when it comes to IT Security... I can't believe he'd suggest something like this... it's an insult to everyone who labels themselves IT Security Professionals... The first thing that should be happening in the US Army before an individual is allowed to access a computer is that they should under go safe computing training... I'm shocked and speechless than anyone would say this.

Categories: IT Tags:

Command History in Windows Command Prompt

May 6th, 2007 6 comments

I always love learning something fairly basic, that in the long run will make my day run more smoothly. Even better than that is learning it by mistake. That's what happened to me today. I managed to accidentally hit F7 and up popped a history in my command prompt. Every command I had typed in was laid out nice and neatly for me. (Yes... all those commands are legit.. the first thing I do with a Windows box is install the unixutils package). Anyways you can scroll up and down and then press enter to re-execute a command. I tried this on XP (both Home and Professional) but not on other versions of Windows. It's probably existed for quite some time and it's probably common knowledge... but it's something I just picked up.
Command History

Categories: IT Tags:

Your Car is Spying on You

May 4th, 2007 8 comments

I came across an interesting article today. The article, "Is Big Brother in your car?" (via Thoughts of a Technocrat), informed me that cars have a "black box"... Not all cars, the manufacturers are listed in the article as: Ford, Mazda, Mitsubishi, Subaru, General Motors, Isuzu, and Suzuki. Harris Technical (a black box recovery company has a "complete" list of cars with black boxes (or EDR/CDRs). Apparently more than half of all new cars carry these devices, located in the cars underbelly, tied into the air bag system.

These "black boxes" (actually silver boxes) are being called a privacy concern by the ACLU. Both the police and your insurance company could have access to these devices to know all the details of how you were driving when an accident occurred.

I see this as a minor issue... I actually was more interested in learning that these devices existed... I decided to contact one of the companies that provide Crash Data Recovery, Harris Technical, and get answers to a few questions I had... I was impressed with how quickly Jim Harris replied to me. Below you will find the questions I posed to Jim as well as the excellent answers that he provided. Thanks Jim.

1. What details, exactly, are stored by the CDR?
The data stored by an EDR varies by year, make, model and sometimes by
options or sub-models (GT, XLS, etc). For pre-2000 GM vehicles, it is
mostly crash data. This is the velocity change of the vehicle through
the crash and does not include pre-impact data such as speed or brake
application. For post-2000 GM vehicles, through 2006, crash data plus up
to 5 seconds of pre-crash data including speed, brake application,
engine speed and throttle position may be stored. For some 2007 GM
vehicles, 2.5 seconds of pre-crash data is stored but much more
technical information regarding occupant restraints is also stored. For
most Fords, only crash data, however, in some models, Crown Vics for
one, up to 20 seconds of pre-crash data and crash data may be stored.

2. Do you have a sample of the output of the CDR that could be published?
On our web site, at http://www.harristechnical.com/media.htm you can
find a pre-crash graph for a 2002 Saturn along with a photo of the
vehicle. A complete example report for a GM vehicle is attached in pdf
format. There are great variations between reports for different
vehicles but this is one that is currently common.

3. Is the data stored in any sort of encrypted/encoded format? Could
anyone, given the proper equipment, obtain data from any CDR?
Yes, the data is encoded in hex format. Translation of the hex values
requires software and hardware available from Vetronix, Corp. of Santa
Barbara, CA. http://www.vetronix.com The equipment is available to
anyone that wants to buy it. This equipment does not support all
vehicles with EDRs as the vehicle manufacturers have not yet released
the required information. A list of currently supported vehilces is on
our web site at http://www.harristechnical.com/downloads/cdrlist.pdf
Other vehicles may (do) have an EDR on board but data can only be
accessed, at this time, by the manufacturers, not the dealer technicians.

4. What sort of equipment is required to access a CDR? Is the
connection a standard data connection or proprietary? Could a
home-brew system be built?
The Vetronix CDR Tool is required at this time. While the Diagnostic
Link Connection, one method to obtain data from an EDR in certain
circumstances, is standard, direct connections to the EDR modules
requires proprietary cables. An interface box is provided in the CDR
Tool kit. CDR Tool software is also required.

5. Can this data be accessed on the fly? For example, could someone
with the proper equipment read the current data off the device, even
if it hasn't been written due to an impact. Could I drive a car into
your building and have you access any data off the CDR.
Crash data is recorded only in the event of a crash. Primarily this is
when there is an air bag deployment event or air bag deployment level
event. The deployment level event is when there is a crash that would
have ordered an air bag deployment but it was not for a variety of
reasons, driver out of position, etc. A non-deployment file may also be
written, such as hitting a pothole. This is a temporary file that will
either be erased after about 3 months or overwritten by an event of
greater magnitude. Without an event, there is no data stored.

6. Can the device be accessed without damaging a vehicle?
Yes. Unless access via the Diagnostic Link Connection does not work due
to damage to the vehicle's electrical system, then direct access must be
gained to the module. This usually involves cutting some carpet under a
seat or removing a center console.

7. Do you see any privacy concerns with the CDR?
The data recorded is not "private" information in the sense of SSN,
address, medical or financial records. However, it is private property.
A list of states with laws specific to accessing EDR data is available
at http://www.harristechnical.com/cdr7.htm All 50 states also have
computer trespass laws that may apply to gaining access to EDRs. This
last item has not been tested in court to my knowledge.

8. Do these devices have a maximum lifetime? Will they operate the
full life of a vehicle, or are they useless after an accident? If they
are useless, can a replacement be purchased and installed?
EDRs are a component part of the air bag system. They are dependent
upon data from various sensors and other components operating correctly.
EDRs are expected to last the life of the vehicle.After an air bag deployment crash, the EDR, which is part of the air
bag control module, must be replaced to repair the air bag system. New
replacement modules are available through dealer parts departments. It
is recommended that only dealer technicians, with the proper training
and equipment, repair air bag systems. Buying a used one, even if the
seller "guarantees" it works, is a bad idea as you cannot tell if it is
going to function correctly when most needed.

Jim was also kind enough to include a Sample Report. I found all of this rather interesting... Is it a big invasion of privacy... not really, could it affect insurance claims definitely... Anyways... now you know as much as I do on the subject.

Categories: Personal Tags:

New TLD – .asia

May 4th, 2007 1 comment

An email just came across the DNS Operations mailing list:

I realize I'm a little late, but .ASIA entered the root last night
with revision 2007050201. Congratulations to all those involved. For
those that have an interest in such things:

Serial: 2007050301

Statistics
==========
Number of gTLDs:                 21
Number of ccTLDs:               246
Total number of TLDs:           267

Number of IPv4 hosts:           958
Number of IPv4 addresses:       940

Number of IPv6 hosts:            90
Number of IPv6 addresses:        87
TLDs with IPv6 glue:             98

Total TLD name server hosts:    958
Total TLD ns addresses:         1027

The TLD is so new that at this point the Root-Zone Whois Information Page doesn't yet exist... (It may exist as you read this, but as I typed this it was a 404...)

Categories: IT Tags:

Small Note: DST Problems with Wordpress

May 4th, 2007 No comments

It seems that Wordpress, this wonderful blogging software has a flaw... It doesn't support DST. At first I thought that perhaps due to the change in date for DST that the server hosting this blog hadn't been updated properly... I soon discovered this wasn't the issue. So tonight, irritated that my server was an hour off... I searched around and found this site, which makes mention of a TimeZone plugin for Wordpress that solves the DST issue. It definitely does and I'm glad I found it... Now my time of posting is accurately displayed.

Categories: Site Related Tags:

Has My Webmail Been Hacked?

May 4th, 2007 1 comment

Jeremiah Grossman has an interesting post up over on his blog titled, "How to check if your WebMail account has been hacked." The post discusses using an older concept of "Web Bugs" to monitor your web-based email account to see if it has been accessed. This is (or was), if I recall correct, one of the methods used by ReadNotify to determine if a recipient had read an email you sent them.

It really is an interesting concept and it's not a bad idea to employ the method... The problem, not everyone has access to their own server where they can set this up. Jeremiah's suggestions of getting free hosting or using the account that comes with your internet connect (since most include a small web site these days) is reasonable, but these accounts don't always include access to logs.

After thinking about this, I decided to play around with a simple method of automating the image creation so that images on a single server, for multiple people, and in a way that the images would be random and difficult to guess. I've come up with what I believe is a suitable method and I've decided to make it available here. Unfortunately I don't have a means for people to easily access my logs. So for now, if anyone wants to make use of it for lack of a better option, feel free to do so and contact me if you suspect your account as been accessed... I'll check my logs for the name of the file generated for you. In the future I hope to implement a system that will allow users to log in and check all access to that email, we'll see if anyone tries it this way and if the demand is worth the effort.

In the mean time if you want to use the simple method I came up with, simply visit this page and generate yourself an image.

Categories: IT, Security Tags:

May Microsoft Advanced Notice Bulletin

May 3rd, 2007 No comments

So we've got a Patch Tuesday coming up... Microsoft has released the advanced notification... If we expect a patch for the DNS vuln... that's one remote code Execution vuln but both Exchange and BizTalk servers are listed, so they could potentially be remote code execution as well... I guess we'll know on Tuesday...

Here's the vital parts of the Microsoft notification email:

Security Updates

.       Two Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.

.       Three Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These
updates may require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.

.       One Microsoft Security Bulletin affecting Microsoft Exchange.
The highest Maximum Severity rating for these is Critical. These
updates will not require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.

.       One Microsoft Security Bulletin affecting CAPICOM and BizTalk.
The highest Maximum Severity rating for these is Critical. These
updates will not require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer and the Enterprise
Scan Tool

Categories: IT, Security Tags: