I'm a big Heroes fan... but something I didn't do was read the graphic novels available online... I'm not sure if reading them after the season is over will have the same affect but I guess I'll find out. Anyways NBC has 34 of these novels now and I decided I wanted to grab them all... Instead of using some wget-fu (since my wget-fu isn't so good) I decided to throw together a little python script to do the job. I'm adding the result here just in case anyone else wants all of these downloaded.
getHeroes.py
Python
Sometimes the sheer... I'd rather not use stupidity here so... ignorance of some groups astounds me. I'm not an American citizen but I can only imagine the loss of morale among both men and women overseas and their families in the US. For those of you that aren't sure what I'm talking about, I came across a post today over on Bits from Bill, which referenced a memo to the troops. Moments after reading the post, and making a mental note to blog about it later, I came across mention of it on the Register.
At first when I read this I outraged for those service men and women who must deal with this... They are cut off from communicating with their loved ones... but then I rethought it... Although I still feel it wasn't the proper way for the US military to deal with the problem... I don't think it should be that disheartening to those people overseas and their families... Yes that contradicts what I initially said... because I'm sure they are experiencing a decrease in morale, but I don't think they should be.
Let's look at the sites affected:
- youtube.com
- 1.fm
- pandora.com
- photobucket.com
- myspace.com
- live365.com
- hi5.com
- metacafe.com
- mtv.com
- ifilm.com
- blackplanet.com
- stupidvideos.com
- filecabi.com
I'm actually ashamed to say that even though I spend a great deal of time around my computer, some of those sites are foreign to me. So why isn't the blocking of these sites a big deal? There are no communication forms blocked there... Sure people may use MySpace to communicate with friends and family and they may post pictures to photobucket or even home videos to YouTube (or so they may claim). Who cares (and maybe this is my ignorance because I don't know what's in place)? I don't see Hotmail, GMail, Yahoo Mail or any other email sites that have large mail boxes and allow for attachments. They can easily be used for communication still. I see media sites being blocked and social networking sites being blocked... I think this is legitimate.
So where does my problem lie? With the US Military saying they are filtering because of bandwidth problems... The US Military spends plenty of money... I'm sure they've got decent tech support and network admins. Any network admin that's any good would tell you the solution isn't filtering the sites but implementing proper QoS. As other blogs have pointed out, the soldiers will find ways around the filters (proxies or alternate sites). If it really is an issue of bandwidth interfering with legitimate operations... then QoS should have been implemented. Perhaps this acronym is not familiar with the network techs in the US Military... if so, I'd say the US has bigger problems than what's going on overseas right now... If their techs are unfamiliar with QoS then I'm wiling to bet they have gaping holes all over their network.
Now if the filtering of these sites is due to security risks... The set of sites filtered should be much larger, however it should still be done in tandem with QoS.
My last comments take me back to the SC Magazine blogs... they also posted an article on this issue. They pointed out that the memo also stated that these sites caused a "significant operational security challenge". The problem I have with that is that they filtered a small subset of these sites, not all of them. The author of the SC Magazine article also points out that if soldiers are clogging up the network that the Army didn't make a bad decision. I would think that SC Magazine would have technical people working for them... so once again I'll scream, "QoS".
The SC Magazine article finished with the following paragraph, which left me speechless:
But when you’re faced with the already daunting task of training tens of thousands of young men and women to guard against insurgent attacks and roadside bombs, somehow I don’t think also educating them on safe computing is an efficient undertaking.
Educating people in the US Army that are using US Army computers don't need to be educated in safe computing? This takes the cake. The author of this article has no clue when it comes to IT Security... I can't believe he'd suggest something like this... it's an insult to everyone who labels themselves IT Security Professionals... The first thing that should be happening in the US Army before an individual is allowed to access a computer is that they should under go safe computing training... I'm shocked and speechless than anyone would say this.
IT
I always love learning something fairly basic, that in the long run will make my day run more smoothly. Even better than that is learning it by mistake. That's what happened to me today. I managed to accidentally hit F7 and up popped a history in my command prompt. Every command I had typed in was laid out nice and neatly for me. (Yes... all those commands are legit.. the first thing I do with a Windows box is install the unixutils package). Anyways you can scroll up and down and then press enter to re-execute a command. I tried this on XP (both Home and Professional) but not on other versions of Windows. It's probably existed for quite some time and it's probably common knowledge... but it's something I just picked up.
IT
I came across an interesting article today. The article, "Is Big Brother in your car?" (via Thoughts of a Technocrat), informed me that cars have a "black box"... Not all cars, the manufacturers are listed in the article as: Ford, Mazda, Mitsubishi, Subaru, General Motors, Isuzu, and Suzuki. Harris Technical (a black box recovery company has a "complete" list of cars with black boxes (or EDR/CDRs). Apparently more than half of all new cars carry these devices, located in the cars underbelly, tied into the air bag system.
These "black boxes" (actually silver boxes) are being called a privacy concern by the ACLU. Both the police and your insurance company could have access to these devices to know all the details of how you were driving when an accident occurred.
I see this as a minor issue... I actually was more interested in learning that these devices existed... I decided to contact one of the companies that provide Crash Data Recovery, Harris Technical, and get answers to a few questions I had... I was impressed with how quickly Jim Harris replied to me. Below you will find the questions I posed to Jim as well as the excellent answers that he provided. Thanks Jim.
1. What details, exactly, are stored by the CDR?
The data stored by an EDR varies by year, make, model and sometimes by
options or sub-models (GT, XLS, etc). For pre-2000 GM vehicles, it is
mostly crash data. This is the velocity change of the vehicle through
the crash and does not include pre-impact data such as speed or brake
application. For post-2000 GM vehicles, through 2006, crash data plus up
to 5 seconds of pre-crash data including speed, brake application,
engine speed and throttle position may be stored. For some 2007 GM
vehicles, 2.5 seconds of pre-crash data is stored but much more
technical information regarding occupant restraints is also stored. For
most Fords, only crash data, however, in some models, Crown Vics for
one, up to 20 seconds of pre-crash data and crash data may be stored.
2. Do you have a sample of the output of the CDR that could be published?
On our web site, at
http://www.harristechnical.com/media.htm you can
find a pre-crash graph for a 2002 Saturn along with a photo of the
vehicle. A complete example report for a GM vehicle is attached in pdf
format. There are great variations between reports for different
vehicles but this is one that is currently common.
3. Is the data stored in any sort of encrypted/encoded format? Could
anyone, given the proper equipment, obtain data from any CDR?
Yes, the data is encoded in hex format. Translation of the hex values
requires software and hardware available from Vetronix, Corp. of Santa
Barbara, CA.
http://www.vetronix.com The equipment is available to
anyone that wants to buy it. This equipment does not support all
vehicles with EDRs as the vehicle manufacturers have not yet released
the required information. A list of currently supported vehilces is on
our web site at
http://www.harristechnical.com/downloads/cdrlist.pdf
Other vehicles may (do) have an EDR on board but data can only be
accessed, at this time, by the manufacturers, not the dealer technicians.
4. What sort of equipment is required to access a CDR? Is the
connection a standard data connection or proprietary? Could a
home-brew system be built?
The Vetronix CDR Tool is required at this time. While the Diagnostic
Link Connection, one method to obtain data from an EDR in certain
circumstances, is standard, direct connections to the EDR modules
requires proprietary cables. An interface box is provided in the CDR
Tool kit. CDR Tool software is also required.
5. Can this data be accessed on the fly? For example, could someone
with the proper equipment read the current data off the device, even
if it hasn't been written due to an impact. Could I drive a car into
your building and have you access any data off the CDR.
Crash data is recorded only in the event of a crash. Primarily this is
when there is an air bag deployment event or air bag deployment level
event. The deployment level event is when there is a crash that would
have ordered an air bag deployment but it was not for a variety of
reasons, driver out of position, etc. A non-deployment file may also be
written, such as hitting a pothole. This is a temporary file that will
either be erased after about 3 months or overwritten by an event of
greater magnitude. Without an event, there is no data stored.
6. Can the device be accessed without damaging a vehicle?
Yes. Unless access via the Diagnostic Link Connection does not work due
to damage to the vehicle's electrical system, then direct access must be
gained to the module. This usually involves cutting some carpet under a
seat or removing a center console.
7. Do you see any privacy concerns with the CDR?
The data recorded is not "private" information in the sense of SSN,
address, medical or financial records. However, it is private property.
A list of states with laws specific to accessing EDR data is available
at
http://www.harristechnical.com/cdr7.htm All 50 states also have
computer trespass laws that may apply to gaining access to EDRs. This
last item has not been tested in court to my knowledge.
8. Do these devices have a maximum lifetime? Will they operate the
full life of a vehicle, or are they useless after an accident? If they
are useless, can a replacement be purchased and installed?
EDRs are a component part of the air bag system. They are dependent
upon data from various sensors and other components operating correctly.
EDRs are expected to last the life of the vehicle.After an air bag deployment crash, the EDR, which is part of the air
bag control module, must be replaced to repair the air bag system. New
replacement modules are available through dealer parts departments. It
is recommended that only dealer technicians, with the proper training
and equipment, repair air bag systems. Buying a used one, even if the
seller "guarantees" it works, is a bad idea as you cannot tell if it is
going to function correctly when most needed.
Jim was also kind enough to include a Sample Report. I found all of this rather interesting... Is it a big invasion of privacy... not really, could it affect insurance claims definitely... Anyways... now you know as much as I do on the subject.
Personal
An email just came across the DNS Operations mailing list:
I realize I'm a little late, but .ASIA entered the root last night
with revision 2007050201. Congratulations to all those involved. For
those that have an interest in such things:
Serial: 2007050301
Statistics
==========
Number of gTLDs: 21
Number of ccTLDs: 246
Total number of TLDs: 267
Number of IPv4 hosts: 958
Number of IPv4 addresses: 940
Number of IPv6 hosts: 90
Number of IPv6 addresses: 87
TLDs with IPv6 glue: 98
Total TLD name server hosts: 958
Total TLD ns addresses: 1027
The TLD is so new that at this point the Root-Zone Whois Information Page doesn't yet exist... (It may exist as you read this, but as I typed this it was a 404...)
IT
It seems that Wordpress, this wonderful blogging software has a flaw... It doesn't support DST. At first I thought that perhaps due to the change in date for DST that the server hosting this blog hadn't been updated properly... I soon discovered this wasn't the issue. So tonight, irritated that my server was an hour off... I searched around and found this site, which makes mention of a TimeZone plugin for Wordpress that solves the DST issue. It definitely does and I'm glad I found it... Now my time of posting is accurately displayed.
Site Related
Jeremiah Grossman has an interesting post up over on his blog titled, "How to check if your WebMail account has been hacked." The post discusses using an older concept of "Web Bugs" to monitor your web-based email account to see if it has been accessed. This is (or was), if I recall correct, one of the methods used by ReadNotify to determine if a recipient had read an email you sent them.
It really is an interesting concept and it's not a bad idea to employ the method... The problem, not everyone has access to their own server where they can set this up. Jeremiah's suggestions of getting free hosting or using the account that comes with your internet connect (since most include a small web site these days) is reasonable, but these accounts don't always include access to logs.
After thinking about this, I decided to play around with a simple method of automating the image creation so that images on a single server, for multiple people, and in a way that the images would be random and difficult to guess. I've come up with what I believe is a suitable method and I've decided to make it available here. Unfortunately I don't have a means for people to easily access my logs. So for now, if anyone wants to make use of it for lack of a better option, feel free to do so and contact me if you suspect your account as been accessed... I'll check my logs for the name of the file generated for you. In the future I hope to implement a system that will allow users to log in and check all access to that email, we'll see if anyone tries it this way and if the demand is worth the effort.
In the mean time if you want to use the simple method I came up with, simply visit this page and generate yourself an image.
IT, Security
So we've got a Patch Tuesday coming up... Microsoft has released the advanced notification... If we expect a patch for the DNS vuln... that's one remote code Execution vuln but both Exchange and BizTalk servers are listed, so they could potentially be remote code execution as well... I guess we'll know on Tuesday...
Here's the vital parts of the Microsoft notification email:
Security Updates
. Two Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.
. Three Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These
updates may require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.
. One Microsoft Security Bulletin affecting Microsoft Exchange.
The highest Maximum Severity rating for these is Critical. These
updates will not require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.
. One Microsoft Security Bulletin affecting CAPICOM and BizTalk.
The highest Maximum Severity rating for these is Critical. These
updates will not require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer and the Enterprise
Scan Tool
IT, Security
allied pickfords;
Allis Chalmers G back acne treatment
adverse reactions bactrim
Botox Cream aspirin
skin rash allergy
Allergy Symptons food allergy recipes?
georgia accutane lawyers
San Jose Botox bactrim used for!
ibuprofen allergy
Infant Allergies botox for migraine
allergies and vertigo
Botox Treatment Houston amoxicillin dose;
cheapest ativan online?
Ambien No Prescription botox ads
amlactin lotion,
Abilify botox parties australia
nut allergies!
Acne Natural Treatment buying adderall online
budesonide
Sulfa Drug Allergy botox houston,
allied bolt
Bisacodyl Suppository allegra horse feed!
dogs with allergies
Alli Diet Aid arkansas botox law
bicalutamide
What Is Amitriptyline allergies and dogs
allergies and dogs
Fiat Allis Dozer fiat allis 21c
boxer dogs allergies
Treating Dog Allergies botox treatment
dog aspirin
Alli Diet Plan blueberry allergy
allegra cole
Metal Allergy astelin 160
advair discus
Blueberry Allergy allied interstate inc?
bactroban
Allegra amoxicillin dose;
buy botox online
Antara Del Barrio arsenic symptoms
Allied healthcare arkansas botox 928.
Albuterol Be Harmful allegra bonfiglio;
iodine allergy symptoms
Busty Alli back acne treatment
adverse reactions bactrim
Cheap Ambien aspirin
skin rash allergy
Accutane 4 Mg food allergy recipes?
armour thyroid medication
Botox Singapore bactrim used for!
ibuprofen allergy
Red Beet Betaine botox for migraine
allergies and vertigo
Allied Wheel amoxicillin dose;
new mexico botox;
Traverse City Botox botox ads
amlactin lotion,
Flea Allergy Dermatitis botox parties australia
nut allergies!
Allergys buying adderall online
budesonide
Ft Worth Botox botox houston,
allergy remedy
Mold Allergy allegra horse feed!
dogs with allergies
Allied Uk arkansas botox law
bicalutamide
Aleve During Pregnancy allergies and dogs
allergies and dogs
Treatment Of Acne fiat allis 21c
goodyear allegra
Coffee Allergy botox treatment
bevacizumab
Accutane blueberry allergy
allegra cole
Biaxin Antibiotic astelin 160
advair discus
Biotin Hair Growth allied interstate inc?
bactroban
Arkansas Botox Law amoxicillin dose;
buy botox online
Botox Tv Commercials arsenic symptoms
Allied healthcare arkansas botox 928.
Butorphanol Tartrate allegra bonfiglio;
iodine allergy symptoms
Acne Treatments Mannatech back acne treatment
adverse reactions bactrim
Bumex aspirin
skin rash allergy
Ambien Online food allergy recipes?
georgia accutane lawyers
Ambien Abuse bactrim used for!
flour allergy
Ambien Vs Lunesta botox for migraine
allergies and vertigo
Canine Aspirin amoxicillin dose;
cheapest ativan online?
Alavert D botox ads
amlactin lotion,
Adenosine botox parties australia
nut allergies!
Seafood Allergy buying adderall online
budesonide
Oral Allergy Syndrome botox houston,
allergy remedy
Allied Tube allegra horse feed!
ambien without prescription
Mango Allergy arkansas botox law
bicalutamide
Bactrim No Prescription allergies and dogs
allergies and dogs
Foreign Alprazolam fiat allis 21c
goodyear allegra
Aerobid botox treatment
bevacizumab
Botox Marketing blueberry allergy
allegra cole
Durham Botox astelin 160
advair discus
Allis Chalmers Forklift allied interstate inc?
bisacodyl;
Allerx Df amoxicillin dose;
buy botox online
Amoxicillin Dose arsenic symptoms
Allied healthcare arkansas botox 928.
Generic Advair allegra bonfiglio;
allied health care
Skin Allergies Itching back acne treatment
adverse reactions bactrim
Baclofen aspirin
skin rash allergy
Adderall Tic Treatment food allergy recipes?
georgia accutane lawyers
Allergy Biodiesel Kit bactrim used for!
ibuprofen allergy
Ambien 10mg Ambien botox for migraine
allied tool company
Organizacion Eventos Actos amoxicillin dose;
cheapest ativan online?
Botox Print Ads botox ads
amlactin lotion,
Asthma And Allergies botox parties australia
san jose botox
Allis Chalmers Decals buying adderall online
budesonide
Adderall Addiction botox houston,
allergy remedy
Allied Pickfords allegra horse feed!
dogs with allergies
Amoxicillin Insert arkansas botox law
bicalutamide
Citric Acid Allergy allergies and dogs
allergies and dogs
Alesse Birth Control fiat allis 21c
goodyear allegra
Alora Leath botox treatment
bevacizumab
Aspirin Addiction blueberry allergy
allegra cole
Ambien Overdose astelin 160
advair discus
Adalat Cc allied interstate inc?
bisacodyl;
Allergy Tests amoxicillin dose;
buy botox online
Ambien Memory Loss arsenic symptoms
wheat allergy symptoms,
Alkeran allegra bonfiglio;
iodine allergy symptoms
Betamethasone Cream back acne treatment
adverse reactions bactrim
Cerebral Palsy Botox aspirin
skin rash allergy
Allied Healthcare Products food allergy recipes?
georgia accutane lawyers
Adderall Rx bactrim used for!
ibuprofen allergy
Acne Treatment Product botox for migraine
allergies and vertigo
Alli Sims amoxicillin dose;
cheapest ativan online?
Better Than Botox botox ads
amlactin lotion,
Natural Allergy Remedies botox parties australia
nut allergies!
Actonel 75mg buying adderall online
budesonide
Allergy Report botox houston,
allergy remedy
New Mexico Botox allegra horse feed!
dogs with allergies
Egg Allergies arkansas botox law
bicalutamide
Allied Moving allergies and dogs
allergies and dogs
Botox Cosmetic Texas fiat allis 21c
goodyear allegra
Acne Alternative Treatment
botox treatment
new york botox!
Allergy Hives blueberry allergy
allegra cole
Actos For Diabetes astelin 160
advair discus Arsenic Filters allied interstate inc?
bactroban
Amoxicillin Allergy amoxicillin dose;
buy botox online
Dallas Botox arsenic symptoms
wheat allergy symptoms,
Arsenic Symptoms allegra bonfiglio;
iodine allergy symptoms
Cuisine Americaine back acne treatment
adverse reactions bactrim
Allis Chalmers 5050 aspirin
skin rash allergy
Amyl Nitrite food allergy recipes?
georgia accutane lawyers
Wc Allis Chalmers bactrim used for!
ibuprofen allergy
Milk Protein Allergy
botox for migraine
allergies blackberry
Utah Botox amoxicillin dose;
cheapest ativan online?
Actos Medication botox ads
amlactin lotion,
Avelox Antibiotic botox parties australia
nut allergies!
Atrovent Nasal Spray buying adderall online
budesonide
Prescription Acne Treatment botox houston,
allergy remedy
Ambien Mexico allegra horse feed!
dogs with allergies
Antabuse arkansas botox law
bicalutamide
Bontril 105 allergies and dogs
allergies and dogs
Carpet Allergies fiat allis 21c
goodyear allegra
Ambien Taper botox treatment
bevacizumab
Treatment For Acne blueberry allergy
allegra cole
Niacin Allergies astelin 160
advair discus
Herbal Acne Treatment allied interstate inc?
bisacodyl;
Buy Adderall Online amoxicillin dose;
buy botox online
Bontril Purchase arsenic symptoms
wheat allergy symptoms,
allegra bonfiglio;
allied health care
Dog Allergy Medicine back acne treatment
adverse reactions bactrim
Snorting Adderall aspirin
skin rash allergy
Buspirone For Cats food allergy recipes?
georgia accutane lawyers
Augmentin 875 bactrim used for!
ibuprofen allergy
Dog Arthritis Aspirin botox for migraine
allergies and vertigo Allergy Buyers Club amoxicillin dose;
new mexico botox;
Butorphanol botox ads
allergy to penicillin
Natural Allergy Relief botox parties australia
san jose botox
Georgia Accutane Lawsuits buying adderall online
hives skin allergies
Flour Allergy botox houston,
allergy remedy
Allied Systems allegra horse feed!
dogs with allergies
Dogs With Allergies arkansas botox law
bicalutamide
Allied Barton allergies and dogs
allergies masks
Allergy Forecast fiat allis 21c
boxer dogs allergies
Atorvastatin botox treatment
bevacizumab
Botox Results blueberry allergy