.:Computer Defense:.

I remember one day in elementary school when we were dressing up for our future careers. I don't remember why they had us perform this ridiculous act, but I do remember it happening. I got up that morning, got ready for school, dressed up in nice clothes and picked up my "brief case", in reality it was a cassette carrying case with the dividers removed but it served it's purpose. I was going to be a teacher. Then when I was old enough to see the looks in my teachers faces in high school... the face palms, the head shakes and the rolling of the eyes as they dealt with student after student, I quickly changed my mind. After about 20 other options, I settled on IT and then narrowed the field and ended up in IS.

I can't say that I've never looked back and had a "what if" moment. In fact, I had many "what if" moments over the years and I always told myself I'd make a great teacher. Unfortunately, no matter how many letters I sent to the Ontario College of Teachers, they were convinced that computers were not a "technology" course but rather general education... which meant a university degree (something I don't have) is required to teach computers. So teaching was always put on the back burner, something I would do as soon as I went back to school to turn my three year diploma into a degree.

In the end though, it turns out I can teach... I just can't teach high school. Where do you put someone you don't feel is educated enough to teach teenagers? In college . Earlier this year I was contacted to develop a new course on computer security, and after the course was submitted I was asked if I was interested in teaching it. I jumped on the opportunity and I'm now a teacher.

So now I'm sharing it with all of you... why? Because my students are required, as one of their assignments, to blog on the course and what the learn... I figure I should be subject to the same requirements (and it's another excuse to find time to blog).

I have to admit that on that first day, I was scared shitless... still am really but I'm having a lot of fun. So far it's been pretty basic stuff, setting up VMs, installing some tools, talking about malware and playing with python but it's been really good. There's something great about watching someone figure out the next line of code in a small python script or getting back thoughtful discussion comments to questions you pose. I'm really looking forward to seeing where the rest of the semester goes.

There are a few things to get used to though. One of those is that not everyone is at the same level, some people need more help and some people don't want help. I should have remembered this from when I was in college, but somehow it had slipped my mind. The really odd thing is being called 'sir'. I'm sure the last time I was called sir, it was followed by, "Would you please leave, you're making a scene." I'm from the same generation as a lot of my students, so hearing 'sir' actually feels rather awkward. That being said, it's a small price to pay to do something I've always wanted to do.

So, that's my story... I teach 6 hours a week, and probably spend another 20 hours working on class related material (sending emails, reading labs and thinking about what we're doing next). And on that note, this Friday we cover reverse engineering and I've got some prep to do.

In 4 hours I'll be on a plane to Vancouver to enjoy CanSecWest. If you're going to be there ping me and we'll grab a beer. You can find me on twitter (treguly) or email me ht [at] this domain.

I got my first smart phone about 2 years ago. It was the UTStarcom 6700, a rebranded HTC Apache. I used it for ~8 months and was a big fan of the phone but it had major battery issues, and even getting a replacement battery didn't seem to help. So I finally got fed up and took advantage of a Blackberry Pearl promotion. Since then, my HTC has sat, untouched. Recently I contemplated installing some sort of Linux on it, and using it as a PDA. It has a large touch screen, a slide out keyboard (that I find rather useable) and WiFi. Then I stumbled across this website, where someone is building Android for the Apache.

The project is still in alpha, and while it states that CDMA is working, the currently release doesn't seem to have working CDMA (I eagerly await the next release). Anyways, I installed it and played and I must say I'm rather impressed with Android. I'd imagine on a phone that's been engineered for it, it's probably amazing. Even on the Apache it looks and feels great. I imagine if I used an iPhone that I'd see these similar slide menus, but I have, so far, successfully stayed away from the iPhone.

Once this build gets to be further along, I think I'll be fairly happy with it. It's fast and looks great. I may even go find a extended battery and carry it instead of my blackberry.

I came across this blog post on the Official Google Blog, which discusses a YouTube Symphony. This is one of the coolest things I've seen online in a long, long time. Perhaps it's the music lover in my that makes me simply love the idea, to the point that it makes me sad that I pawned my trumpet while I was in college. I do have a few other instruments and a few potentially "unique" ideas to submit. Either way I'm excited to submit a couple of videos to this and possibly convince my wife to as well.

This is a "wish post". I'm a huge fan of Google Apps, I love using my @computerdefense.org email address with everything Google and having it inside of GMail is great. However there are a number of labs features that I would love to have access to and don't get because I use Google Apps intead of GMail. So this is a request that Google make the Labs feature of GMail available to Google Apps users.

So I finally got a ASUS EEE PC. I've wanted a small laptop for a while now, and there happened to be a great mail rebate option (valid in Canada until Aug 31st for anyone thinking about getting one).

I went with the 900 in Galaxy Black. The first thing I did was set it up to use Advanced Mode... the second thing I did was install nmap. It's quite a bit of fun... even in basic mode, I could see it being useful to a lot of people. I have a USB Enclosure and a spare DVD-RW, I'm going to assemble it and hook it up and see if it's detected. If it is, then it'll be perfect.

Attn Parents: If you're sending your kids away to college (it is that time of year), consider getting them one of these, and consider the Linux version. Really it has everything they need... it's nicely secured (compared to getting a full blown laptop)... In basic mode the ease of use is way up there and with a USB DVD-RW and maybe an external monitor, they have everything they need. Although the screen would be ok for watching DVDs.

I went with the solid state drives, but there is a option with a 80GB drive (I believe it was 80GB). Simply to play with solid state, and because it seems more logical for something that might get tossed around a bit.

Specs on mine:
8.9" Screen
900Mhz Celeron Processor
1GB RAM
4GB OS Drive (1.5GB seems to be used, with the remainder holding an image that I can restore to by holding F9 on boot (apparently)).
16GB Storage Drive (mounted as /home)
1.3M WebCam
3 x USB, 1xHeadphone, 1xMic, 1xVGA, 1xSD

Previously I've blogged on Comcast hijacking Live Search Results. That didn't affect me, but I felt it was worth sharing... This time I'm affected. Rogers Cable is my ISP... today I sat down and opened Firefox, planning to visit a site I enjoy, AntiOnline.com. I accidently typed antionline and hit enter without adding the .com... now normally this wouldn't be a problem.... except today it was, I ended up at a Rogers search engine (powered by Yahoo). I looked at the page briefly and found an opt-out button, however the opt-out button simply means I won't get the search results... they still hijack the text I pass my browser. I typed in antionline again and hit enter, this time I ended up at http://www20.search.rogers.com/not_found. I was rather confused, so I opened up a command prompt and tested with netcat. Check this out

C:\Documents and Settings\treguly>nc antionline 80
GET / HTTP/1.0

HTTP/1.1 404 Not Found
Content-type: text/html

<html><head>
<title>404 Not Found</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script>
 var value;
 value = 'se';
 document.location = 'htt' + 'p://www20.'
 + 'search.rogers.com/' + value + 'arch?qg=%20&r' +
 'n=oVbVbPY7LO34d36';
</script>
</head>
<body>404 Not Found</body></html>

I can't believe they are doing this. I called Rogers and got to speak to a foreign call center (what a joy that always is... ) After about 5 minutes of explaining to the guy that I didn't need step by step explanations from him on how to opt-out and explaining to him that the service to opt-out only sets a cookie, it doesn't delete one. He finally announced that they were simply hijacking DNS queries and that any NXDomain was sent there. If I were to change my DNS server then I would no longer have this issue. I think it's time to start using my own internal DNS server. I'm sure if I pressed the matter I'd be told that this is, in some way, a partial solution to Kaminsky's DNS vuln. To me... it's a pain in the ass... get rid of it.

I figured I'd switch to OpenDNS, so I dropped the OpenDNS servers into my m0n0wall install and tried to make use of them. I've only ever used OpenDNS from the command line but surprise surprise... in your browser, the exact same thing happens... You get a nice search results page. Why does everyone feel the need to make money off my typos? What happened to the good old days, where you could type 'antionline' in your browser and it would automatically end up at 'antionline.com', I miss those days...

We need to stop making the Internet easier for the stupid and incompetent... it just encourages them to use it. Let me find out that I've got a typo, let me type in shortcuts... let me mix the two and end-up at a phishing site. That's my problem... Something is going to make me go... 'D0h!' and realize my typo. If we got rid of the stupid people... the ones who buy from spam, the ones who are taken by phishing sites... then spammers and phishers wouldn't exist... So let's stop turning the internet into the internet for dummies and instead just keep the dummies off the internet.

Now I have to go and build my own DNS server so that things function the way they should and not the way the idiots need them to to avoid being taken advantage of.

Well... I guess that was a bit of a rant... but I find it frustrating... very very frustrating.

There seems to be a Blackberry Outage in the GTA (Toronto, Ontario). Does anyone have any details?

Hey All,

Time for a personal post... The next two weeks I probably won't be blogging much (or necessarily even acknowledging the blog exists).... then again maybe I will. Either way, I'm getting married on May 17th (back home in Sault Ste. Marie). Shortly after the wedding we'll be going on a brief honeymoon to Chicago and then it's back here to Toronto.

Anyways... Just wanted to share.

A couple of weeks ago I posted about certain GMail features not being available in Google Apps for Domains. I was out of town last week and other than taking in RENT last night on stage, I've pretty much been asleep the entire time. I just logged into my Google Apps for Domains account for the first time since getting back and I was surprised to see that all that lost functionality was now available. I don't know if someone from Google saw this and made the changes or if it was entirely coincidental, but either way... Thanks Google!