Kalimat al-Mutafalsif

Ok, the title lies. but I’m cleaning up my desktop, and came across a screenshot from a few days ago. It is a CAPTCHA that I, for the life of me, could only make sense of as: Six E Pi Pi. So, in this case it worked, right? The human figured out what the letters should be, except as clearly as those are Pi’s, Pi is not a letter on my keyboard. I figured I should get a screenshot to show where CAPTCHAs are going:

Sadly, CAPTCHAs are a technology we need to combat spam, which accounts for at least 80% of email today, not to mention message boards, instant messages, or text-messages. However, we’re merely engaged in a technology arms race with spammers, this is *not* a technology that is winning any fights, we just try to stay one step ahead. This is increasingly hard with CAPTCHA entry being a job in countries with lower incomes, spammers cheating by offering porn in return for solving a CAPTCHA, and (in a case that doesn’t just apply humans) CAPTCHA breaking drives AI research. Basically, no ‘new’ CAPTCHA technology is going to keep spammers out for long. A bleak future indeed. On the other hand, we already have 80%, how much worse can it get? I think the real answer lies in spam filters, although for the most part those are also in a mere arms race, but at least then you can control your own computer, not just leave the image out there for another human to crack.

Tragically, there was another school shooting at the beginning of this week. This one was in Finland, and their second in 12 months which left 10 dead, 11 including the shooter. We can expect the cry for more gun control, both domestically, and in Finland, so I pulled out a post I’ve been saving due to not having time to finish it.

As I mentioned before, I’m putting together an AR-15, and my next few posts will be the story of how its been put together. I’m also using this project to test out Picasa, so I’ll use that to post my images (just as soon as it finishes scanning a few of my automated rip folders, such as icanhascheezburger, forgot I had all them!)

Before I begin, I’d like to link to a schematic which can be found here. This way when I mention random parts you can find them and play along!

At some point in the recent past my site was compromised by Wordpress.net.in spam. I don’t know exactly when the back door was put in place since I haven’t been very active on this site, though I do know that on March 20th 194.110.162.23 hit default-filters.php and uploaded the malicious code to inject spam into the footer of my pages. Unfortunately the attack is for a different version of Wordpress so rather than infect me with ads, it just screwed things up royally. Maybe that’s a good thing as I noticed it.

A great write up of how to clean this mess up can be found here.

To sum it up:

• Remove wp-includes/class-mail.php, its fake.
• Take out the lines hooking into the footer in wp-includes/default-filters.php
• Remove the line from the top of wp-includes/default-filters.php that accepts a file given a random GET variable.

The take away lesson here is: Even if you’re not actively publishing on your blog, you better make sure your software is up to date. I’ve been busy with other stuff and neglected mine, unfortunately.

EDIT: I’ve done some poking. 194.110.162.23 is out of “Extended Host” in New York City. I’ll refrain from scanning it, though I am darn tempted to see what back doors were opened on that box. As it is, I’ll just email the host and inform them of the troubles.

Happy Thanksgiving! I’m spending the break catching back up on the state of Bluetooth security because, hey, I love the subject. Everyone has a phone with Bluetooth, just about, and many overlook it as a security hole because they feel there’s nothing insidious that can be done with just replacing wires with some radio broadcasts. I’ll give a quick rundown on how to get Bluetooth working under Linux, then the software I use, and finally give a tool I wrote watching the Dallas Game to speed up identification of Bluetooth devices.

A friend of mine passed on his used 60GB video iPod to me, which was very much appreciated as my old Sony MD-Walkman still works, but is hindered by all kinds of nasty DRM. Nasty enough that I have been unable to even change any songs on there in the past three years as I lost the software. Nasty enough that nobody has bothered to reverse engineer it because even with documentation it’s a bear. So I had been planning on getting something, and this was quite a nice graduation present. I immediately replaced the firmware with something a bit more “free”, Rockbox, and named her ‘Katana’. Now I’ve got a nice flat file browser that lets me drop in almost any type of file I want. This doesn’t stop at music and videos, I can also read text files, view pictures, etc. Naturally, that’s not enough for me *wicked grin*. Read on to see some fun hacks that can be had with your iPod.

I saw a commercial on TV the other day that made me laugh. I’m sure normal people see this commercial as a sign of how advanced our technology is, and how convenient modern life is, but all I see is theft.

If you follow my blog, and sadly most of my readers have stopped checking, you’ll remember the security hole I found on a major website around Valentine’s Day. You should also remember I had a very good experience with the developers there, in terms of their competance and politness.
Well, I just tried to log [...]

I’m in a bad way right now. Personal issues just about every week have made this semester the semester from Hell. Well, today was the worst, I’ve almost snapped from stress, depression, lots of stuff. Not meaning for this to be emo, just want to set up what goes into these posts more. Anyways I went running tonight. Car’s messed up, needed to get out so I just lit out runnin. Ended up (so far, no where near done) at the school library, wanting to do some hacking. A lot of my hacking is done when I’m trying to clear my mind of larger issues, which is how I get issues so bottled up inside that I can snap. This is an problem, but tonight, I just need an escape. So I *just* hit publish on a semi-decent write up of fun I’ve had with printers, I want to show you some more in depth.

I’d like to start with saying I’m not doing this to be malicious… I’m just curious about these printers. Nothing I do will be aimed at hurting the printer in any way, nor the school network. I’m not doing anything here because I’m bitter or have pent up stress, I need an escape, and here’s a great way to spend 30 minutes off in a wonderful world of binary choices where everything works out right. Without further ado: a look at my schools printers.

So, if you’ve never read this blog before, quick fact: I have issues with my school’s networks. I’ve been kicked off them before for “SSH brute forcing” a server set up to BE brute forced. I’ve been denied various requests for accounts being transferred to me due to being a student and the the administration not thinking I need said account. I’ve had money paid to other people with almost my same name because the administration was too lazy to use my email address…. or something, still not sure how that happened. Moral of the story, there’s a lot of annoyances I deal with regarding this network, though its probably mainly my fault for being the way I am.

Now, for the lighter side of things, fun times that can be had with large networks of computers.