SamuraiNet Blog

After nearly a month of no updates, I have returned to post again. Just because I haven’t been posting doesn’t mean that articles aren’t in the works. There are quite a few posts sitting in various stages of partial completion that I will be working to get posted soon. This week’s Reading Rainbow will encompass many of the achieved articles I’ve read since the last episode so it alone should make for decent reading.

Here’s a sneak peak at what’s in store:

• Backtrack2 Wireless Shell-script
• A continuation of the penetration testing series focusing on RefControl and the User Agent Switcher
• My commentary on the “hacker mindset”

It seems that even Mozilla cannot escape built in viruses these days. A language pack for FireFox was found to be corrupted with a trojan and was downloaded by users. http://www.scmagazineus.com/Compromised-file-found-in-language-pack-for-Firefox/article/109941/

After reading a few RFCs this week I have decided that I should setup support for RFC 2549. 2549 is simply a revised version of 1149 with QoS support. In today’s world with bandwidth being more and more of an issue this will help divert some of that traffic. RFC 2549 will also allow my blog and site to be viewable even during a Denial of Service attack. RCF1149 RFC2549

For those of you looking into future careers in the computer world I’m sure the thought has crossed your mind of what really is still relevant and useful for my career. I found this article earlier this week which pointed out a few things that are just rather pointless. If you know them, don’t sweat, its always something extra. Perhaps it’s just not something you want to be putting in bold on your CV or resume. http://blogs.techrepublic.com.com/career/?p=310&tag=nl.e101

First hybrid cars, now do-it-yourself gasoline? Not quite, but rather do it yourself fuel. Made by fermenting (yes, as in alcohol) your own fuel at home. The cost is supposedly 1USD / gallon to produce after purchasing the almost 10,000 USD machine. Not too bad in the long run and you get carbon credit coupons to boot. http://www.news.com/2300-13833_3-6239196-1.html?tag=ne.gall.pg

McAfee’s “Hacker Safe” sites apparently aren’t quite so “hacker safe.” Recently sites classified this way have been found to be vulnerable to Cross Site Scripting. McAfee comments that XSS isn’t a dangerous vulnerability which I believe actually makes their oversite worse. Rather than accepting that they made a mistake, they have shown ignorance for an obviously dangerous vulnerability. In a day an age with so much information stored in databases on websites ANY security hole should be an issue. http://www.scmagazineus.com/XSS-vulnerability-found-in-McAfee-HackerSafe-sites/article/109585/

AldarHawk has released a new forum for security, programming, networking, and a variety of other computer related topics. The forums are brand new and just getting the first few posts. Be sure to check it out. http://isecforce.com/

So you just ordered a Domino’s pizza and can’t wait for it to get to you. How much longer? This python script that runs at the command line (since GUI is so overrated) will check and let you know what the status of your pizza pie is. http://random.noflashlight.com/

A friend of mine showed me the following site after a discussion over what language was best for a problem. They have “benchmark problems” to test efficiency, memory size, etc. http://shootout.alioth.debian.org/gp4/

For those of you following the Hans Reiser case, he was convicted of killing his wife. This article goes into some detail over the case. The case was circumstantial at best. http://blog.wired.com/27bstroke6/2008/04/reiser-guilty-o.html

Chad Perrin explains a few different ways to close of unwanted ports on your linux system. Explaining both inetd and xinetd and how to manage them as well as ways to track down things that aren’t managed by either or for systems that run neither. http://blogs.techrepublic.com.com/security/?p=447&tag=nl.e036

Slackware 12.1 has been released. Now using the 2.6.24.5 kernel (SMP and non-SMP) and with added features. http://www.slackware.org/announce/12.1.php

Welcome back boys and girls,

I have some great articles for you this week.

Political Lobbying,.. the hacker way - An XSS vulnerability in Obama’s website was exploited to redirect visitors to Clinton’s website. Not the most difficult hack of the year by far, but still entertaining.

Hackers For Hire - News Corp. has been accused of hiring a hacker to do monetary damage to Dish Network Corp.

Interview with Matt Mullenweg - Matt Mullenweg gives his views on the future of WordPress as well as the internet social scene. (The video has alot of background noise, but is worth a watch)

Cyber-warfare - Cyber security students entered in the NSA’s competition must defend their networks from the NSA’s top hackers.

How green is green? - Is that printer you just bought “green enough” or was it another marketing scam?

I’ve been doing quite a bit of reading lately and have a few great articles for this week. I’ve been reading alot into VoIP and VoIP security so expect a post about that soon.

Vista is annoying… no, really - Turns out the UAC ( User Account Control ) feature of Vista was design purposely to annoy us.

Castle Wars - Ok, I’m not really a gamer, but this game just works for me. It’s akin to Magic: The gathering, if anyone else played that.

Google, Gmail, and Snooping - Here we see more talk about the wondrous privacy issues google brings up. Big Brother? Perhaps…

ActiveX Control found to be source of Windows 0-day - Windows Server 2003 and 2008, XP, and Vista are all affected by this which allows malicious code to be run as LocalSystem giving the exploit code a high level of privileges.

That’s it for this week. I’m working on an article on some fun with VoIP so look for that soon-ish. Also, I’ll be posting about a new project I’m going to be starting. Keep tuned in.

Welcome to the Reading Rainbow. Here I plan on making a weekly post of what I’ve been reading and short commentaries on some of the articles.

For those of you too young to get the joke: http://www.youtube.com/watch?v=c6j8EiWIVZs , yes, I actually watched that show as a kid.

This weeks reading:

Security Risk Management - A different paradigm for a risk management model. Interesting read but not a whole lot of technical specifics.

Windows Still Phone’s Home - Jaqui Greenlees pops open a windows .DLL and finds some interesting ‘features’.

Your Next Text Message Could Be From the FCC - The FCC are looking to use text messaging as an alert system for national trouble, Amber alerts, and weather updates.

Sorry this weeks was short, I want to release on Sundays and I just set up wordpress today. Next week’s will be longer.