SamuraiNet Blog

While working on my web-spider class for an application I was developing, I did some searching for efficiency of spidering algorithms. I came across this comparison of the depth-first versus breadth-first search algorithms. http://www.leekillough.com/trapopt.html

Using a combination of Javascript and CSS, it is possible to enumerate parts of a user’s history. This site demonstrates this with a “finding your gender” based on which sites you have viewed. http://www.mikeonads.com/2008/…-history-estimate-gender/

The following two links provide a breakdown of file systems based on capabilities (the wikipedia post) and performance (the linuxgazette post.) I’ve been using these lately while re-installing a few machines and have found them to be more than helpful.

http://linuxgazette.net/122/piszcz.html

http://en.wikipedia.org/wiki/Comparison_of_file_systems

Typo-squatting is a well known method of gathering data or presenting spam-sites. This article from TechRepublic gives a few methods for protecting against such a threat. http://blogs.techrepublic.com.com/security/?p=543&tag=nl.e036

This is a handy little web application that will generate your .htaccess file to restrict access based on what country the IP address is from. http://blockacountry.com/htaccess.php

If you are a programmer anything I like I am, you are constantly trying to find ways to better yourself or keep skills sharp. A friend of mine showed me this set of exercises designed to help keep things fresh. http://codekata.pragprog.com/2007/01/code_kata_backg.html

Windows has it’s place in today’s world. Here are some examples of places it is and really shouldn’t be. http://www.networkworld.com/community/node/29644

Many companies provide their employees with company cell phones. When text messaging is enabled a unique privacy issue develops regarding when the logs may be obtained. Techrepublic’s article explains how legality plays into this issue. http://blogs.techrepublic.com.com/security/?p=490&tag=nl.e036

Which browser is most secure? Which is best ‘out of the box’? This article goes through three popular browsers and discusses their security issues and strengths. http://itmanagement.earthweb.com/…E+vs.+Safari+vs.+Firefox.htm

I recently re-discovered this set of web-radio shows and thought I would post the link. They don’t have a huge selection of shows currently, but the 40 or so that are posted are really top notch. I have recently been working through the series on the Linux Boot Process and cannot recommend it highly enough. http://hackerpublicradio.org/

Quantum physics applied to security. That’s right. By keeping track of the quantum states of photons researchers have found a way to make a cryptographically secure transmission. Any eaves dropper would alter the current state and would therefor destroy the transmission. http://www.economist.com/sci…fm?story_id=11703138

Think you know everything there is to know about information security? This quiz is nowhere near comprehensive, but does ask a few interesting questions. http://www.newsfactor.com/…00Q2H0VF&page=5

Net Perspective has recently created a blog section for their developers and designers. As an ex-employee, I recommend keeping up with this set of blogs as these individuals are some of the top in the industry. http://blog.net-perspective.com/

“90% of emails sent are spam” is a statistic found on the following article. With such a large percentage of emails being considered spam protection techniques need to move to proactive, rather than reactive. One method being suggested is tracking the sources and flow of email traffic.http://sify.com/finance/fullstory.php?id=14698112

In my continuing search for information pertaining to cyber warfare I have found the following two articles. The first describes why global hackers are so hard to detect and the problems both security related and political this creates. The second article shows that France is making an effort to join the “digital front line.” It explains France’s strategy to get into the cyber warfare game. http://www.livescience.com/technology/080619-chinese-hackers.html http://news.xinhuanet.com/english/2008-06/19/content_8402780.htm

This article lists 10 of the most infamous “black hat’s” over the years along with what they are known for doing. Interestingly enough, the fact that they are known shows they are not quite as good as people make them out to be. http://www.itpro.co.uk/603831/ten-of-the-most-infamous-black-hat-hackers

With anti-virus software and firewalls on the rise, virus writes have moved to targeting routers. By changing the DNS settings on a router the attacker gains control of all traffic the infected network has access too. Pointing sites to malware ridden pages or conducting man-in-the-middle attacks are only the beginning of this potential. http://www.itpro.co.uk/603852/new-trojan-threat-able-to-control-network-routers

“Be careful what you say” is something we’ve all heard, but in the current day and age perhaps “be careful what you email” is more relevant. Two Bear Stearns hedge fund managers have been brought up on charges for misleading investors. Part of the evidence are email records proving that these two knew the market was not where they claimed it to be. http://biz.yahoo.com/ap/080620/bear_stearns_investigation.html

MySQL may be partially going closed source thanks to Sun, but IBM is taking DB2 to the open source market. It is not directly going to be put out for all eyes, but according to Chris Livesey it is inevitable that DB2 will end up in the open source world. Read more here: http://news.cnet.com/IBM-to-open-source-DB…1694.html?tag=html.alert.hed

For those of you old enough to remember some of Blizzard’s classics: Diablo and Diablo II (and Lord of Destruction), it seems Blizzard is going to be blessing us with Diablo III. So far 2 character classes have been released, the barbarian and the witch doctor. http://www.blizzard.com/diablo3/

Virtual machine’s use unique MAC addresses to access the internet. This article provides a listing of their identifiers so that you may asertain whether or not a particular machine is within a Virtual machine. http://blogs.techrepublic.com.com/networking/?p=538&tag=nl.e102

Botnets are no new threat and neither is the way they are used. The article shows some statics on just how powerful they are and what sorts of damages they are doing. The second link provided is from SANS and discusses a proactive, rather than reactive way to deal with the possibility of infection. The final link provided shows how bot herders are using their destructive potential to make money. With such a lucrative business in place it puts more and more pressure on security professionals to take the next step in securing their systems. http://www.sourcewire.com/releases/rel_display….9472&hilite= http://isc.sans.org/diary.html?date=2008-06-14 http://www.technewsworld.com/story/The-….Con-Game-63357.html

Again we find proof that hackers are compromising government systems and using the data attained to raise problems. What is possibly more disturbing is the government’s continuing lax efforts to deal with the issue at hand. It seems that just pushing it under the carpet is the defacto method of dealing with these problems, when the correct approach should be to deal with the problem at the source. Here we see that Chinese hackers actually managed to gain access to dissident lists and actually managed to find the people on those lists. http://ap.google.com/article/ALeqM5g….ZaBwez4_gq7mwD918ATTG0

Mozilla’s Firefox 3 was supposed to come packaged with “private browsing” a “no digital trail” method of surfing the net, however; because of the amount of code affected by this options it has been released without this feature. http://news.cnet.com/8301-10789_3-9967829-57.html

Restrictive passwords make cracking more difficult by requiring that users use a wider range of characters; however, can restrictive password policies actually decrease time required to crack? This blog goes into the math behind it. http://lukenotricks.blogspot.com/2008/03/more-on-counting-restrictive-password.htm

Mozilla has a new campaign to break the world record for number of downloads in 24 hours. They have even gone to allowing people to pledge downloads, to be sure they accomplish their goal. This is an interesting marketing campaign. http://www.spreadfirefox.com/en-US/worldrecord/

In a previous post (America’s Cyber defense or lack there of) I pointed out problems with foreign hackers and our government. Here are two articles as a semi-continuation of the saga. http://www.scmagazineus.com/Potential-security-breach-by-China/article/110790/ http://www.thehindubusinessline.com/2008/06/04/stories/2008060451781200.htm

If you are considering being in the IT field or are looking to hire new IT staff, this article is well worth a read. 30 items that IT staff should know. I don’t agree with all 30, but the list itself is something to be looked at and will help you evaluate yourself or potential staff. http://www.infoworld.com/article/08/06/02/23FE-how-to-fire-IT-staff-skills-list_1.html

After battling with an .htaccess problem all day long I ended up at this article. It didn’t solve my problem, but is a great source of information on all things .htaccess. http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

In the wake of so many ISP’s getting away with murder and the government looking the other direction it’s good to see that Florida is stepping in and fining Version for poor response time. http://news.cnet.com/Florida-…00-1036_3-6239655.html?tag=html.alert.hed

This is a great video for both optimizing and securing your Windows XP system. It shows exactly how to disable five services you probably don’t need to be running. http://blogs.techrepublic.com.com/itdojo/?p=120&tag=nl.e101

If you have ever had the “Warning: Using insecure memory” message display when using a tool such as GnuPG this article is for you. Not only does it explain exactly what that means it also goes into how to prevent the problem. http://blogs.techrepublic.com.com/security/?p=457&tag=nl.e036

Panda security has now launched thier Security as a Service for businesses. Among other services they will be offering: outsourcing of infrastructure, automated updates and patching, compliance checks, risk management, and remote management tools. http://sev.prnewswire.com/computer-software/20080519/LAM04119052008-1.html

I read this post on a friend of mine’s blog and thought it was rather useful. I’ve had PHP scripts running on cron before that had exactly this problem. They would lock up after a while and before I knew it, I had about 15 “undead” PHP processes just eating up my CPU. What was worse was that my shared host only allowed each user 15 processes at the same time, so slowly but surely the rest of my sites would go down. http://www.toosweettobesour.com/2008/05/21/amp-and-runaway-scripts/

I played with both of these plugins. The view formated source one didn’t do a whole lot for me, but the view source chart was a great improvement. It makes checking out HTML much easier, and with the added ability to collapse various blocks of code it makes it easier to sort through just what I want. http://blogs.techrepublic.com.com/programming-and-development/?p=670&tag=nl.e055

A friend asked me a few months ago to help him uninstall Internet Explorer 7 and it was more than a pain. Here is a great explanation of how to do it painlessly.http://blogs.techrepublic.com.com/window-on-windows/?p=680&tag=nl.e101

As security becomes more mainstream, solutions grow beyond the capabilities of do-it-yourself solutions. Here is discussed various ways to keep current and secure, without sacrificing stability and redundancy. http://blogs.techrepublic.com.com/security/?p=456&tag=nl.e036

As hacking becomes “more popular,” or perhaps simply easier with the availability of tools, proper attacks are not the elegant assaults of yesteryear. Now, brute force attacks are run simply because the tool is easily downloadable and anyone with an internet connection and a target can attempt to crack user accounts. Discusses her further is an example of just this situation. http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207603339&subSection=Cybercrime

I saw this site on a forum and it’s really wonderful. Has texts on all sorts of programming languages, networking, the works. http://stommel.tamu.edu/~baum/programming.html

It seems that even Mozilla cannot escape built in viruses these days. A language pack for FireFox was found to be corrupted with a trojan and was downloaded by users. http://www.scmagazineus.com/Compromised-file-found-in-language-pack-for-Firefox/article/109941/

After reading a few RFCs this week I have decided that I should setup support for RFC 2549. 2549 is simply a revised version of 1149 with QoS support. In today’s world with bandwidth being more and more of an issue this will help divert some of that traffic. RFC 2549 will also allow my blog and site to be viewable even during a Denial of Service attack. RCF1149 RFC2549

For those of you looking into future careers in the computer world I’m sure the thought has crossed your mind of what really is still relevant and useful for my career. I found this article earlier this week which pointed out a few things that are just rather pointless. If you know them, don’t sweat, its always something extra. Perhaps it’s just not something you want to be putting in bold on your CV or resume. http://blogs.techrepublic.com.com/career/?p=310&tag=nl.e101

First hybrid cars, now do-it-yourself gasoline? Not quite, but rather do it yourself fuel. Made by fermenting (yes, as in alcohol) your own fuel at home. The cost is supposedly 1USD / gallon to produce after purchasing the almost 10,000 USD machine. Not too bad in the long run and you get carbon credit coupons to boot. http://www.news.com/2300-13833_3-6239196-1.html?tag=ne.gall.pg

McAfee’s “Hacker Safe” sites apparently aren’t quite so “hacker safe.” Recently sites classified this way have been found to be vulnerable to Cross Site Scripting. McAfee comments that XSS isn’t a dangerous vulnerability which I believe actually makes their oversite worse. Rather than accepting that they made a mistake, they have shown ignorance for an obviously dangerous vulnerability. In a day an age with so much information stored in databases on websites ANY security hole should be an issue. http://www.scmagazineus.com/XSS-vulnerability-found-in-McAfee-HackerSafe-sites/article/109585/

AldarHawk has released a new forum for security, programming, networking, and a variety of other computer related topics. The forums are brand new and just getting the first few posts. Be sure to check it out. http://isecforce.com/

So you just ordered a Domino’s pizza and can’t wait for it to get to you. How much longer? This python script that runs at the command line (since GUI is so overrated) will check and let you know what the status of your pizza pie is. http://random.noflashlight.com/

A friend of mine showed me the following site after a discussion over what language was best for a problem. They have “benchmark problems” to test efficiency, memory size, etc. http://shootout.alioth.debian.org/gp4/

For those of you following the Hans Reiser case, he was convicted of killing his wife. This article goes into some detail over the case. The case was circumstantial at best. http://blog.wired.com/27bstroke6/2008/04/reiser-guilty-o.html

Chad Perrin explains a few different ways to close of unwanted ports on your linux system. Explaining both inetd and xinetd and how to manage them as well as ways to track down things that aren’t managed by either or for systems that run neither. http://blogs.techrepublic.com.com/security/?p=447&tag=nl.e036

Slackware 12.1 has been released. Now using the 2.6.24.5 kernel (SMP and non-SMP) and with added features. http://www.slackware.org/announce/12.1.php

Welcome back boys and girls,

I have some great articles for you this week.

Political Lobbying,.. the hacker way - An XSS vulnerability in Obama’s website was exploited to redirect visitors to Clinton’s website. Not the most difficult hack of the year by far, but still entertaining.

Hackers For Hire - News Corp. has been accused of hiring a hacker to do monetary damage to Dish Network Corp.

Interview with Matt Mullenweg - Matt Mullenweg gives his views on the future of WordPress as well as the internet social scene. (The video has alot of background noise, but is worth a watch)

Cyber-warfare - Cyber security students entered in the NSA’s competition must defend their networks from the NSA’s top hackers.

How green is green? - Is that printer you just bought “green enough” or was it another marketing scam?