Nothing all that exciting, just made a version of the Similicio.us bookmarklet that opens the result in a new window.
Here they both are:
Search similicio.us
Search similicio.us in a new window
a bunch of fiction with a few hacky tech articles
Nothing all that exciting, just made a version of the Similicio.us bookmarklet that opens the result in a new window.
Here they both are:
Search similicio.us
Search similicio.us in a new window
I read a rather sad article on Slashdot this morning about China’s Construction Bank servers being hacked and conducting phishing scams. In many of the comments I see users being blamed for being stupid, and one poster even refered to the majority of American internet users as “a bunch of mouth breathing, knuckle-dragging morons.” This kind of attitude only continues the “class war,” if you will, between IT and users. When you spout off with elitist comments you will be seen as elitist. (Imagine that.)
I submit that the majority of users are not stupid (or even “mouth-breathing, knuckle-dragging morons”), but are uneducated in the field of IT security. I am not advocating teaching every user every aspect of security (firewall construction to net monitoring, packet filtering to reverse-engineering malware), but the simple parts that directly affect them. How to tell a legitimate email from their bank/paypal/ebay/etc from a phishing scam. How to use antivirus and anti-spyware programs and keep them up date. How to make sure they are getting the proper updates for their OS and programs.
Some of it may seem like common sense to someone in the IT field, but that only comes after you have learned it. It is too easy to forget that once we, too, were ignorant of these things and they had to be learned. None of us were born with an instinctive knowledge of how to check the source code of an html email and see that the links go somewhere other than where they appear to, or how to install and configure an antivirus program, or any of the rest. The trick is to pass the knowledge on to users in such a way that it becomes common sense to them as well.
Ok, I will be the first to admit that this is nothing new, however I just found out it about today! It seems that all this time I have been using nano for my default linux editor, completely unaware that it has the capacity for syntax highlighting. (DOH!)
It seems that with a simple .nanorc file you can set the highlighting colors for just about any kind of file. I found a very good example at http://osx.hyperjeff.net/MyApps/nanorc, although the Python highlighting he has uncommented has a mal-formed regex in the first line. (I just deleted that one and uncommented the one above and it works great.)
There are two examples at the bottom of the page at http://article.gmane.org/gmane.linux.gentoo.user.german/9565 – the page is in German but the .nanorc files are there. The first is for use with a black screen, the second for use with a white screen. (The hint here is don’t use black on a black screen or brightwhite on a white screen, and brightyellow is unreadable on a white screen as well.)
There are enough examples to get you started, and it shouldn’t be too difficult to come up with your own color schemes that fit the way you work best.
If you haven’t yet heard, there is a nifty new site, www.similicio.us, that helps you find sites similar to what you are currently looking at. As the site author puts it:
This is a mashup of del.icio.us and easyutil.com. It’s an experiment on my part to see whether I can quickly find relevant web sites based on people’s tags/bookmarks on del.icio.us, using the engine from easyutil.com. It answers the question “people who tagged this site also tagged what other sites”. I am using it mostly to find blogs that are similar to the ones I read, and to find new popular web sites that are in my area.
To make things easier I have created a Mozilla / Firefox bookmarklet. To add this just click and drag the link below to your bookmark bar.
Well, this has got to be the most annoying piece of spam I have received recently. It seems that now even the crack-scripting community is using spam to advertise their “services.” I have included a copy of the email – the more disturbing items I have emphasized in bold. The email:
From: noreply-52@ww-nn.web-hack.ru
Bcc:
Return-Path: noreply-52@ww-nn.web-hack.ru
X-OriginalArrivalTime: 06 Mar 2006 13:36:47.0450 (UTC)
FILETIME=410ABA0:01C64123]
Date: 6 Mar 2006 04:36:47 -0900
Dear Sir/Madam, Hello!
We are internet hackers crew – Web-hack. We propose you for sale some interesting things: – private exploits – http://forum.web-hack.ru – stolen credit cards and bank accounts – http://forum.web-hack.ru – we infect users pc’s with your trojan for low prices (10000 infected pc’s for 25$) – http://forum.web-hack.ru – bulletproof domains and hosting – http://forum.web-hack.ru Best offer – bulletproof domain + hosting =0 usd/week. You can use this hosting for any scam/fraud and nobody will close it! For more information look at – http://forum.web-hack.ru P.S. We are registering bulletproof domains on our partner site http://www.r01.ru/ there we have “our” people to guarantee stability of our domains and hosting so any organization like spamhaus.org cannot down our hosting and domains. We are now spaming 5 000 000 people look out the domain is alive as always and never gonna be down !! Please go and order our services at: http://forum.web-hack.ru Msg-ID: 12543
Whois:
forum.web-hack.ru
ww-nn.web-hack.ru
217.107.217.167
217.107.217.168
OrgName: RIPE Network Coordination Centre
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
Comment:
RegDate:
Updated: 2004-12-13
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 217.0.0.0 – 217.255.255.255
CIDR: 217.0.0.0/8
NetName: 217-RIPE
NetHandle: NET-217-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2000-06-05
Updated: 2005-07-27
# ARIN WHOIS database, last updated 2006-03-05 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.
www.r01.ru
195.24.65.17
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
% Information related to ‘195.24.64.0 – 195.24.71.255’
inetnum: 195.24.64.0 – 195.24.71.255
netname: PARKLINE-1
descr: Garant-Park-Telecom
descr: Science Park, MSU
descr: Lebedeva St., Leninskie Gory
descr: Moscow 119899, Russia
country: RU
admin-c: PAN-RIPE
tech-c: PAN-RIPE
status: ASSIGNED PI
mnt-by: PAN1-RIPE-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: PAN1-RIPE-MNT
source: RIPE # Filtered
person: Alexander V Panov
address: MSU, Science Park, Garant-Park-Telecom
address: Moscow
address: Russia
remarks: phone: +7 095 7898207
phone: +7 495 7898207
remarks: fax-no: +7 095 9308800
fax-no: +7 495 9308800
e-mail: panov@parkline.ru
nic-hdl: PAN-RIPE
mnt-by: PAN1-RIPE-MNT
source: RIPE # Filtered
remarks: modified for Russian phone area changes
% Information related to ‘195.24.64.0/21AS25537’
route: 195.24.64.0/21
descr: Garant-Park Telecom Block 3
descr: Science Park, Moscow State University
descr: Lenin’s Hills, Moscow, Russia
origin: AS25537
mnt-by: PAN1-RIPE-MNT
source: RIPE # Filtered
Definitely ones to watch for in your log files.
Well, I tried the gtk+ based graphical installer on a VMWare virtual machine. I am sad to say it failed painfully – and did so after many hours of emerging and compiling. Part of the problem was in the fact that I had selected to install enlightenment, fluxbox and blackbox (to play around with some different wm’s I hadn’t messed with previously) and the installer chose to install those and gnome and kde. Needless to say, it was many hours to go. Thankfully (?) after about 4 hours the installer failed on some ebuild or other (I don’t recall what it was right now) and that was that.
I tried it again. With the exact same results. The definition of insanity: doing the same thing over and over and expecting different results. So, now I have a working VMWare install of Gentoo 2006.0 using the minimal install disk and am building enlightenment, fluxbox and blackbox the “older fashioned” Gentoo way – via a simple emerge call.
Final score: VMWare: 2, Gentoo Graphical Installer: 0, Gentoo minimal installer: The winner by default.
Gentoo have finally released a version with a graphical installer: 2006.0. The gui uses gtk+ and is available on the x86 Live CD .
I haven’t had a chance to play around with it yet, but I can tell you that it has reduced the installation instructions by what seems to be more than half! All you gui installer fans: here you go!
While looking through my del.icio.us links I found a couple that I haven’t had time to check in on lately. It is telling, really, that the sites I have not visited recently are those related to security best practices.
It is really entirely too easy to get sucked into other areas at work and rely on past practices to maintain security. But as things go in the world of tech, the rules, tools and environment change almost (it seems) daily.
With that in mind it is time to look again at the NIST Information Technology Security guidelines and the Center for Internet Security benchmarks.
There has been a large amount of FUD generated in the last week regarding the ICANN VeriSign settlement. It seems that most that I have seen has been coming from name registrars, and notably the blog of Bob Parson (founder and president of GoDaddy).
It seems that Bob is trying to encourage people to write to their congressmen to get involved and squash the deal. I find this interesting that this post is from last Wednesday (2/15/06) while the deal was penned sometime prior to October 24, 2005. If this is such a big deal why did it take Bob so long to respond?
Most of the FUD is along the lines of an evil empire-type scheme to raise the prices for .com registration so VeriSign can fill their coffers with the money of the poor, down-trodden netizens. This is, of course, based on the pricing information in section 7.3.d which states:
Maximum Price. The Maximum Price for Registry Services subject to this Paragraph 7.3 shall be as follows:
- from the Effective Date through 31 December 2006, US$6.00;
- for each calendar year beginning with 1 January 2007, the smaller of the preceding year’s Maximum Price or the highest price charged during the preceding year, multiplied by 1.07.
Does this mean that VeriSign is going to rush out raise the price as much as possible? No. VeriSign is a solid, reputable company that has been in the market long enough to know how to set (and if need be raise) prices in a manner that will not negatively impact the market.
ICANN was never meant to be a regulator, but a coordinating body. I’m sure that Paul Twomey and Vinton Cerf knew what they were doing in setting up this deal. For a more logical look at the implications check out this article by Keith Teare from November 30, 2005, or look at the documents yourself and make your own decisions.
I was over at the Internet Storm Center and saw a simple how-to on retrieving viruses from the AVG vault for sending in to malware testers.
From the article:
Steps to export viruses from the AVG vault for analysis.
- Create a directory to store the files in.
- Open avg.
- Select the virus vault.
- Click on the virus you wish to restore.
- Choose restore, that will prompt you for the directory to restore the virus into.
- Select the directory created in step 1
- avg will alert again if its in active monitoring mode. choose continue.
- Turn off avg resident shield protection if you plan to package the viruses up for submittal for malware analysis.
- Select the AVG resident shield and unselect “turn on avg resident shield protection”, Click apply.
Remember to turn resident shield back on as soon as your [sic] done with the virus.
There are further instructions in the article, including how to package a virus for sending for analysis. If you want to test this on your own machine so you know how to do it use the eicar test file (literally the following 68 characters: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* saved as a .com file) which will show up as a virus without actually doing or attempting to do any damage to your system.