Kalimat al-Mutafalsif

Well, I'm awake on time (9 am), done my workout, eating breakfast as we speak and I'm sqeeky clean from my shower. This new morning routine gives me lots of time to ponder before starting my day, and I was reflecting on an interesting happening yesterday. Quickly summing it up, I was able to apply a hacking method for hardware to an AIM conversation, fun huh?

Quick language lesson: Power Attack - The name of a certain type of attack, usually used on hardware, that determines information from power drawn. This was originally used on smart cards where one could determine the encryption key by measuring the power drawn off the card at certain points in authentication.

So yesterday I was having a somewhat personal conversation with a girl who does CS-like stuff at a really cool University (cool in my mind for some working agreements they have with notable social networking sites). She's a good friend and we'd discussed this topic in the past, but for whatever reason I was being very standoffish. I'll take this time to point out there's nothing illicit going on, I just respect the privacy of anyone I talk to, and the conversation topic might identify her to people that know her.

Well conversation turned to a lighter topic, and involved a scientific equation that I try to live by. At most two people in the world (aside from me) know this equation... and its a closely guarded Snarky-Secret, so it shan't be aired just yet, but after I mentioned this equation I noticed the little 'typing' icon on her GAIM window was on for about a minute. After which she replied "Absolutely true". I pointed out that that was an awfully long time to type such a small phrase, and was able to drag the real message out of her.

Now, that's just a stupid little case where a power attack actually worked, but I was darn proud. This shows that, for those of you who aren't hackers (probably a majority of my readers), you can still apply "hacker techniques" to any area of you life, regardless of if there's obvious overlap or not. Here a technique that's normally used against corporations (to find out when they're working), Smart Cards, and keyboards which effectively took down the most powerful defense known to man.... the female mind.

This is just a quick update about the story I posted last week regarding a nice security hole in a major Internet Site. The tech support there have actually been really, really great in working with me to fix this problem. They emailed me an intial "Hey we got your report" the day I sent it out, and later this email I'm sharing with you. I initially expected to lose that account (and at one point today, I kinda wish I had), but so far it hasn't been locked or damaged in any way that I can see. I got en email from them that I'd like to share as an example of doing things the right way.

Hi {Name},

We are aware of the issue that you described, and we will look into some possible solutions that won't disrupt page load times and general site performance. Thanks again, we appreciate the email and the blog post.

Thanks,

{Name}
{Title}
{Site}

I fully expected something more along the lines of a Cease and Desist letter, as I've got quite a few friends who managed to procur those from simply pointing out insecurities. Apparently some corporations feel the correct response to an academic report of a bug on their site is the same response one would use for a malicious hacker attempting to exploit their site. This company, however, was different and literally turned my perspective around. I really, really did not like them for a variety of reasons (mainly revolving around security) but after this they get an A in my book.

Bottom line: No code is flawless, its how you deal with the bug reports that sets your site apart, not how perfect you can make it in the first place.

These guys got it, and once the issue is resolved I might even put their name up here (with their permission) and support them openly because too few companies are that willing to accept criticism and security hole reports.

So I was feeling kinda down a few days ago, and I turned to the thing that always cheers me up, hacking. Nothing malicious, just seeing what bugs I could turn up. Found a great one dealing with why sites should use HTTPS instead of HTTP traffic by default. Oh, I've taken the liberty of attempting at clearing out all links to my accounts. Don't worry, my account doesn't use that security question any longer. Also, because this post isn't malicious, I'm omitting the name of the site I found this on (and really, it could be any of the major sites out there, they all act a lot the same and I've yet to go check some other major ones) because they deserve anonymity as much as I do.
Read More »

Last year I had a fairly, bleh, Valentine's day post. It was rushed, poorly done, and all over the place. This year, this year is different. You may notice that this is BEFORE Valentine's day... that's true. I'm putting this out early, with the same hopes as last year, that some geek out there might score a date for the rest of us! Now, my plan this year, is a personalized Linux LiveCD that I'm calling the LoveCD. So, this post is going to be 10 fun ways to personalize a CD for that special someone (or laptop, in my case).
Read More »

Saturday I got a letter that I thought I'd share. It's really interesting to me, since I've dealt a lot with phishing emails, and this real letter set does many of the things that both phisers, and unfortunately legitimate companies, do. If companies would stop doing these things, Phishing would get harder! This is gonna be a long post, please bear with me. Without further ado, I give you: The Car Registration Scam (which later turned out to be legit).
Read More »

So there I was.... sitting in "Popular Religion and Cyberspace" minding my own darn business when BAM, professor assigns a paper! Uncool... What did the paper have to be on? A form of folk, popular, or vernacular religion that we'd experienced. That was the entire assignment description. Right quick I'll tell you that these are folklore terms for religions that: differ from a formal religion slightly; are of a repressed group; or the personal beliefs of people and how they perceive religion, respectively.

Now I had an initial idea to write about the religion found in Walraven, but after talking with the creater for a bit, decided this wasn't gonna work. So, the other guys on the IRC channel (developers of walraven / friends of them) started throwing out other ideas related to coding, and I took them and ran with it. Here's what I came up with:
Read More »

So, everyone in this age has heard of the "eeeeeviiiil botnets", yes? They're shown all over the media threatening our livelyhoods, they're written about in the newspapers, and its obvious the world is going to end tomorrow due to these little buggers. Or is it? I for one am quite intriguied by botnets, and the viruses (I was formally corrected this weekend that viruses is the "correct" plural, so there ya go) that form them. In many ways these evil little guys are the best coding we see nowadays when OSes are.... abysmal to say the least. Now, of course I'm not intriguied enough to MAKE a botnet in the wild... that'd be evil and wrong, and obviously I'd be anti-freedom. But I'd still like to play with them, and to that end, I unveil the game Harkins and I were working on this weekend.

Botnet!

Now, that website is nothing more than a placeholder so ya'll don't browse my site... it'll get better I promise, as this game'll be advertised entirely online. Hopefully I can convince the God of CSS (Harkins) to bang out something flashy.

Basically the premise is that you are an upstart botnet mastermind. Your computer might not be the best, and your viruses a tad unstealthy (at first) but you want to make your mark on the world. You move through a "network" of system cards trying to complete missions, or destroy your opponent. Its different from other card games, with some influences showing through. Gameplay is not nailed down yet. So that's all I'll say for now.

One goal we are looking for, however, is to make it somewhat realistic. For instance: the cards all are real-life things, different OSes, ways a cracker might hack something, etc. We don't want to make something that'll just further the fear of teenage punks in dark basements sipping Jolt. Also, we want this to be simple... our first version might have been too simple.

Rules version 1 -

• For this version we did combat as follows: At the end of a turn, whichever side had more viruses on a system won it, and the others were removed. This proved to be a bit... weird... due to modifiers and deciding who was attacking whom. This has been scrapped.
• We did movement by having a limit to how many different viruses one can move, and how far they can move through the network. This slowed things down in the beginning, and is being reworked.
• Income was kept over turn endings, and couldn't be spent quick enough due to a small hand limit. This is definately changing in a few ways, as we'll probably make you clear your income every turn, among other things.
• All in all, it was a tad fun, and should be loads more once the game's sped up a bit, and you actually have to make decisions about spending money or saving it.

Those're my brief and very disorganized (still banging on xorg from my previous post) thoughts on the first system we play tested. Harkins, if you think of anything you'd like to add, feel free.

Current rules will be kept at: Here
Cards can be viewed and printed at: Here
Forums are: Here

So... I can run this laptop (Dell Inspiron 9100 with ALLLLLL the trappings) under Windows up at 1900x1200. Gorgeous display, really. Well, I've never actually had a hack session on my xorg.conf to get it going at that resolution (its only at 1280x768.... abysmal). Well... I think I found my problem...

Yup, according to that my screen is updating -15596 times a second. Huh... guess that explains why i get headaches from coding on MountainDont all the time. Hopefully I'll throw up a fixed version as soon as I restart the X server.

EDIT: Yup, with just a little tweaking the laptop now shows at 1280x800 and 60 Hz refresh. Much better place to start.

No, not a political essay, actually an interesting surge of visitors from other countries, mainly European. This interests me because I've also seen a surge of spam comments, about 300+ a week. Now, I can't really trace any of said spam comments back to those IPs, nor am I speculating that Europeans are the cause of spam. I'd be very interested to learn I have an international reader base, so feel free to comment to that regard if its true.

However, my theory goes like this. Recently there's been a huge surge in email spam. This is quite a well run operation out of Russia that uses gorgeous virii to send the spam. Why do I call them gorgeous? Because they all act in a Peer to Peer fasion, and have the ability to get around spam filters quite nicely. They do this by including random text (not so hard, but they don't pull from any one bank of words, so it breaks some heuristics) as well as including text in images that can be randomly tweaked, and each are completely different. Now that's cool. Plus it also has a built in virus scanner.
Read More »

I'll start by saying i had an awesome Thanksgiving break. I had been hoping to find something about it to post about (mainly because the drive is 10-12 hours to where I went, and I had tons of time to think) and... wow... got all I hoped for and more. To summarize: Food (Grandma cooking), no computers (relaxation), meeting new relatives (interesting), and getting to know my inner child (just plain fun). Also some other junk I'll throw in. No, this isn't an emo post about my life either, there were some interesting things that arose.

Read More »