Crackers getting more sophisticated
Know Your Enemy: Statistics analyzes the numbers and types of attacks. Among the findings:
Some blackhats have streamlined their scanning process to merely look for a specific service. If they find the service, they launch the exploit without even first determining if the system is vulnerable, or even the correct system. This aggressive approach allows blackhats to scan and exploit more systems in less time.
Besides general port scanning, DNS version queries and queries to RPC service, remained the most popular way for outsiders to try to get into Honeynet boxes.
Advertisement: |
The paper ends with an attempt to begin building a predictive model to help prepare for future attacks.
Via Slashdot.
Sex and Microsoft Office
No, I wouldn't think there's a connection, either. But in a Swiss TV commercial you may have already heard of, Microsoft tries to get in a little foreplay in an ad for Office (sorry, should've had this up days ago; the sweltering New England heat slowed my brain).
The wonders of science, part MXXII
You're workin' hard and you're buildin' up whole boatload of sweat. But who has the time to roll up their sleeves? Science to the rescue. As New Scientist reports:
A shirt which rolls up its own sleeves when you get too warm has been unveiled by a tech-savvy Italian fashion house. And what's more, its inventors say it will never need ironing.
The fabric for the prototype shirt is woven from fibres of the shape-memory alloy nitinol, interspersed with nylon. The alloy can be deformed, and then returned to its original shape when heated to a certain temperature.
Via Boing Boing.
07/26/01
Finally, a useful virus
Yes, by now you're completely sick to death of the Sircam virus, the one that installs its own SMTP engine to mail copies of itself all over.
Who knew it could help solve a crime? Guy comes home recently to find somebody had broken into his house and taken, among other things, his computer (and all his beer!). Then his friends start getting mail with his return address, along with other items from his hard drive. Seems the thief (or whoever he sold the computer to), opened up the guy's e-mail and then clicked on a Sircam-infested attachment (data point: Criminals don't read virus alerts).
So, using the e-mail header info from all those messages, can the victim track down the thief? Read the whole account on Slashdot.
A shocking game controller
A company called Mat Catz has developed a game controller with electrodes that shock users when their on-screen characters get injuried. See what it looks like. Adds Associated Press:The must-have gift for video game fanatics this Christmas could well be a gadget that momentarily paralyzes your hands when your character takes a hit in cyberspace.
Hmm, I bet there's an end user or two you'd love to give this to...
07/25/01
Big Ball of Mud school of programming
What happens when extreme programming meets The Big Ball of Mud?
Brian Foote and Joseph Yoder of the Department of Computer Science at the University of Illinois at Urbana-Champaign, have written an entire paper on the theory of sloppy programming:
A BIG BALL OF MUD is a casually, even haphazardly, structured system. Its organization, if one can call it that, is dictated more by expediency than design. Yet, its enduring popularity cannot merely be indicative of a general disregard for architecture.
These patterns explore the forces that encourage the emergence of a BIG BALL OF MUD, and the undeniable effectiveness of this approach to software architecture. What are the people who build them doing right? If more high-minded architectural approaches are to compete, we must understand what the forces that lead to a BIG BALL OF MUD are, and examine alternative ways to resolve them.
Two vitally important new resources
The Flangy News would just be another one of those boring online diaries except for the fact that the guy who writes it not only works for Microsoft but gives you just enough inside criticism to make it like peanuts:
A new non-word has been seeping into the Microsoft lexicon recently. This isn't suprising, considering that the computer industry uses plenty of jargon, slang, etc.
It's not in any dictionary I've checked, but the engineers at Microsoft seem to think that performant is a perfectly cromulent word.
I suppose it fills the need for an adjective signifying that something performs well, but the word just doesn't look right.
The Talking Moose is sort of like that dot-com deadpool site we can't name would be like if it were written by a talking moose living in Wyoming. Or something like that. A hot topic of late has been guessing who the moose really is.
07/24/01
Adobe: Ooops
Tough-talking Adobe Systems decided yesterday it doesn't really want to prosecute that Russian programmer who showed how easy it is to crack security on its PDF files. The company even sort of, almost admitted that maybe it realized it had spawned a public-relations nightmare, according to the Wired account:
"We strongly support (federal copyright law) and the enforcement of copyright protection of digital content," Colleen Pouliot, general counsel for Adobe, said in a statement. "However, the prosecution of this individual in this particular case is not conducive to the best interests of any of the parties involved or the industry."
Of course, the genie's out of the bottle now: Just because Adobe now wants to drop the criminal charges doesn't mean equally tough-talking federal prosecutors, eager to prove copyright violations warrant the same punishment as drug dealing, will actually let the guy go.
Eudora Welty, dead at 92
Welty was best known for her depictions of life in small-town Mississippi. But she was also the inspiration for a popular e-mail client. In an interview a few years back, Steve Dorner, who created Eudora, explained how he named it:There's a story I first read in college that I'll always remember entitled "Why I Live At the P.O.," written by a wonderful American writer, Eudora Welty.
This story inspired my original slogan, "Bringing the P.O. to Where You Live," because instead of living at the post office, Eudora brings the post office to you. So I named the program in honor of Ms. Welty.
07/23/01
Centralizing Unix administration in Perl
Teodor Zlatanov has written an interesting article on IBM's developerWorks site on using Perl to centralize your Unix configuration management.
A big reason that UNIX administration is challenging is that every UNIX vendor believes standards are for weak-minded fools. Thus, even operating systems from the same vendor (SunOS 4.x and Solaris 5.x) can be fundamentally different. In some instances, a vendor doesn't even exist. Linux, for example, has no single vendor (although Red Hat is currently the biggest Linux distribution), and every subtype of Linux has its own quirks. POSIX standardization is a step in the right direction to solving this problem, when it's done right. Unfortunately it only guarantees a small subset of the functionality needed for system administration.
Zlatanov focuses on cfengine, a tool aimed at testing and configuring software across a network:
The idea of cfengine is to create a single file or set of configuration files which will describe the setup of every host on your network. Cfengine runs on every host and parses one file (or file-set), which specifies a policy for configuration of the system; the configuration of the host is checked against this model and, if necessary, any deviations are fixed.
Spellchecking the entire Web
It's always one of the more annoying aspects of life on Usenet: spelling flame wars. Human Spellcheck takes it to its logical next step: complaining about stoopid spelling errors on Web sites.
Apparently, there are enough people scouring the Web for typos to provide for bi-weekly and sometimes even weekly updates.
Via Memepool.
Note: Some links may no longer work.
RELATED LINKS
Compendium archive: Week of 01/21/02 Week of 01/14/02 Week of 01/07/02 Week of 01/02/02 Week of 12/03/01 Week of 11/26/01 Week of 11/19/01 Week of 11/12/01 Week of 11/05/01 Week of 10/29/01 Week of 10/22/01 Week of 10/15/01 Week of 10/08/01 Week of 10/01/01 Week of 9/24/01 Weeks of 9/10/01 - 9/17/01 Week of 9/3/01 Week of 8/27/01 Week of 8/20/01 Week of 8/13/01 Week of 8/6/01 Note: Compendium's entire staff took the week of 7/30 off. Week of 7/23/01 Week of 7/16/01 Week of 7/9/01 Week of 7/2/01 Week of 6/25/01 Week of 6/18/01 Week of 6/11/01 Week of 6/4/01
Tracking down a stolen Mac; Dead C Scrolls; Googlewhacking; How bad is it in the Valley?; Storage lessons from the Wayback Machine; The pub-seeking handheld; Internet gang wars; Outlook XP breaks MIME.
Why should iMac owners have all the eye candy?; Luxo Redux; So you think your job is bad; Google as a DNS replacement? Not so fast; Nokia exec cites stock plunge in speeding-fine appeal; The tragedy of the .coms; The Google parlor game; Some people *like* Steve the Dell Guy; Ban all Microsoft attachments?
Dot-com to bare all; iMac Dance; Wendy's remembers Dave; Search engine bites the dust; Wendy's Web site ignores Dave's death; Geek comic strip; Youngest security expert ever; Spam poetry; Confessions of a hacker; Breathless Apple; Dave Barry does Windows XP.
Dropping everything to vote; The best Apple rumors, ever; Guess Steve Case isn't getting into Harvard; Make your own O'Reilly cover; Boosting your wireless juice; Telnet lives!
This space intentionally left blank (vacation).
The most useless software ever; Is Microsoft getting ready to squash PC vendors?; Excite@Home: The Watergate of the New Economy?; No more 3Com Park. Is CMGI Field next?; Are you an e-bore?; This site'll have you coming and going; Entertainment Weekly's loss of innocence; Ensign Crusher as Entertainer of the Year; Oh, for the old days.
The Museum of Broken Packets; Just in time for Thanksgiving; Tourist Guy found; Why virtual offices suck; A domain ruling that sucks; Hacking the iPod.
Why you shouldn't ship computers via UPS; When .Net requires Java; High-tech grafitti artists; Spam from beyond the grave; New group tries to oversee the whole Internet; Paging Dick Tracy; Students use PDAs to cheat; Windaz for Aussies, Newfies; Another alternative to Passport; A virtual honeynet
Bill Gates: Father of open source; Verizon exec: Monopoly is good; Weird molecule names; E-mail: too much of a good thing?; A cluster of one; More woes for dot-bombers; Spam as weapon in the war on crime; Just when you think the Web can't get any better; Just when you think the Web can't get any worse; More proof I shouldn't be a wiseass; Using your Web logs to ID hacker attacks; Help save the FAQs; Who do you trust, baby?; Powerpuff Girls powerless against virus; Big IP pipe between US, Europe.
The profit of turning thugs into programmers; Work Name Generator; A programmer's lament; The world's best ATM; Are anti-spammers killing people?; Web services and storage; Get your Aerons here; Perl for the XXI-imum century; Microsoft's blocking of non-IE browsers.
Government info taken off the Web since 9/11; Beware hackers who talk too much; A contest you can enter sitting down; Now don't try this in the office; Bob Patterson must die; Finally, a useful 404 page; Tech calls from hell; Teletubbies XP; More XP fun; Anthrax and e-mail; Larry's ID card; World's longest gum-wrapper chain.
Let's drop PDAs on Afghanistan; Voice control? Try grunt control; Spam gets back to business; A content-management portal; Share your system tray with the world; Would you let the recording industry onto your network?; Al Queda's low-tech high tech; 9/11 archive; Shoe company gets open source after all; Pod people, coming soon to a cube near you.
Larry and Scott's dueling ID cards; Cringely: Broadband is dead; The dangers of Photoshop; The dangers of copy protection; Microsoft mining whois for telephone solicitations?; How to REALLY throw a LAN party; Good fences don't make good 'Net neighbors; How Google adapted to 9/11 news; Web services as over-hyped hooey; Why shoe guys shouldn't do open source; Online air hockey.
AT&T waives 9/11 wireless charges for some; Shifting gears; Craig Burton on the Novell/Microsoft suit; In search of the post-PC interface; Vibrating PDAs and wearable phones; Gary Condit's Web site; No, that isn't a real photo of a WTC tourist; How to throw a LAN party; How sucky is your intranet?
For grizzled 'Net veterans; UK ISP forced to pull deceptive ads; Pretty Good encryption controversy; Are you as smart as Miss America?; Really securing your computer; Still lots of insecure IIS servers; Kids, don't try this at home; Anthrax Kills; Larry's national database; Nimda hysteria?
Attack and post-attack items.
999,999,999 bottles of beer on the wall; Finally, a wind-up cell phone; Enough with the ringing!; The VoIP calculator; 802.11b insecurity; Hank the Angry Drunken Dwarf explains IOS DHCP; Is ENUM the mark of the devil?; AOL gives user permanent demerit; The Ballmer music video; Cleveland news flash: Y2K was last year.
Re-routing around censorship; Us vs. them in scripting; The boss button; Fighting off the hackers for fun; Peer computing as a weapon of war; Unix poetry; The Windows Fatal Exception Decoder; New Fusion widget: Getting rid of spyware; The sound of 200 cell phones going off at once; Taleban Web site hacked; Hey, sysadmin, remember Sircam?
On the importance of flame wars; Bill Gates sees dead people?; A markup language for grunts and groans; Is Microsoft leaking those Ballmer dance videos?; Good Samaritan not so good?; Steve Ballmer works up a sweat; Open-source wireless cracking; When technology goes too far; Another dumb computer arrest?; Is Cisco Communist?
Moron marketers threaten 'Net users; Finding free wireless access; Complete wastes of time; OS holy war flares in North Carolina; Are programmers weird?; Somebody actually buys an X10 camera; We're number, uh, two!; Those after-hours computer discussions; An entire city running on Linux; Distributed spam fighter under development; Could a Warhol virus infect the entire 'Net in 15 minutes?; Tell AOL what to do with its CDs.
Fusion shatters a myth; Bridging .Net and Java?; AT&T Broadband cuts off non-IIS servers to fight Code Red; Bluetoothless; Tennessee town bites into Apple; And you thought TI-99/4A fans were over the edge; Biometrics coming to your local supermarket; Steve Ballmer a-hootin' and a-hollerin'; Speaking of Web images; Just how far PC prices have fallen; Does Starbucks' CEO get his own wireless strategy?
Crackers getting more sophisticated; Sex and Microsoft Office; The wonders of science, part MXXII; Finally, a useful virus; A shocking game controller; Big Ball of Mud school of programming; Two vitally important new resources; Adobe: Ooops; Eudora Welty, dead at 92; Centralizing Unix administration in Perl; Spellchecking the entire Web.
Worm turns on Microsoft Web servers; The day the ISP died; Cell-phone users have no shame; Even Internet consultants can screw up the 'Net; Symphony for Dot Matrix Printers; The ultimate cup of coffee; The solar-powered ISP; Everhost; Internet VCer: Oops; The Lego Palm and the pink fuzzy laptop; The Microsoft-English dictionary; Putting a loved one in the home.
Saving those all important VoIP calls; This site is a bright idea; Could wireless end messy divorces?; How much will that software really cost you?; Ghosts of failed dot-coms; The spy's guide to securing your Cisco routers; Oprah for Internet czarina?; What's Microsoft doing at an open-source conference?; Like a big pizza pi; Cyber-bullies; Better check your phone bill; Have some birthday pi.
How HP wastes energy to save energy; New toy for the bored and lonely; Weird programming languages; When sponsors are speakers; The case of the disturbing backwards monitor; Congress to ICANN: Drop dead; Yet another video game made into a movie; Smile, you're on Candid (Police) Camera; High-speed hotels; Network Solutions blocking name transfers?
One of the fathers of Usenet dead at 45; Are you ready for insta-spam?; Diary of a site collapse; Skirting the issue; Assimiliating the Web; Trolling for help; Software wars; Rating the rater; True tales from the help desk; How about spam embedded in your mail?
Unix diapers; A beautiful waste of time; A P2P taxonomy; This page is too stupid; Homeless dot-commer bogus?; Whee, Linux is fun!; Blue Screens everywhere; Forget viruses: This fungus eats CDs; Microsoft revises Smart Tags a bit; Homeless dot-commers.
Slashdot crashes the NSA; They may be Smart Tags, but they're not Original Tags; What open source and California wines have in common; Jakob Nielsen no tyro; How to make Windows 2000 really, really secure; Where the Internet begins; A useful computer bug; The clothes make the geek; The end of the Internet; Why PDF bites; Novel use of a wireless phone; Hidden info; When Web sites tell too much.
DSL modems are so '90s; Bye-bye Netscape; Get ready to upgrade those mail servers; The anti-.Net; The real reason to buy a Palm; Anatomy of a DDoS attack; Pain is good.
