Warspying
Posted by creining | Filed under Security
Warspying aka wireless video camera sniffing.
PHP easter egg
Posted by creining | Filed under Uncategorized
Appending the string ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 to a PHP page will show an easter egg of the pointy hair walrus-looking author.
How to change caps lock key to escape
Posted by creining | Filed under Linux/BSD
Caps Lock is a waste of a key to me and I wanted it to become Escape especially for Vi(m) convenience. Easy to remap under X with the following in ~/.Xmodmap.
! ~/.Xmodmap ! change Caps_Lock to Escape clear lock keycode 66 = Escape
New ibooks
Posted by creining | Filed under Uncategorized
I’ve been waiting a few months for Apple to update their ibook line and yesterday they finally did it. Not a big update as it was only a hdd size increase, 100MHz boost, and 32mb dedicated video across the board. Unfortunately, for the entire 12″ line they have adopted the unpainted inner plastic and opaque white outer casing instead of the previous translucent-shell-painted-white exterior, silver interior and metallic silver hinge – here’s a comparison, pic1 pic2 pic3 pic4. I really don’t like the cheap aesthetics of the new 900MHz ibooks and will probably buy one of the old 12″ 800MHz ComboDrive models.
OpenBSD 3.3: ProPolice and W^X
Posted by creining | Filed under Security
OpenBSD 3.3 will be officially released on May 1st. I’ve only been using OpenBSD since 3.0 but have been truly impressed with the path that it has taken in that short time. In 3.3 Theo and company have attacked executable buffer overflow problems in a fundamental and logical way by implementing ProPolice and marking memory pages non-writeable and non-executable where possible using W^X. Also little things like reduced setuid/setgid programs, chrooting of Apache, X Windows privilege seperation, systrace which is a system call access manager, and the excellent packetfilter, pf, keep me coming back.
Undetectable backdoor SAdoor
Posted by creining | Filed under Security
There’s a neat backdoor program called SAdoor that can be compiled on *nix platforms. You run SAdoor server on the …ahem… remotely administered box, which pcap filters
(non-listening mode, won’t show up in a port scan for example) looking for a
particular sequence of tcp packets. This sequence can consist of the
ports and tcp flags of your choosing and come from spoofed addresses.
When this initial sequence is completed successfully by running the
SAdoor client, the server will listen for the right combination of source
address, tcp flag, and port for the command that is to be executed. The
SAdoor client and server communicate using libblowfish by default. Very cool.
Automated DoS via US Post Office
Posted by creining | Filed under Security
Automated denial-of-service attack using the US Post Office. While this is a very interesting attack in its own right, the larger implication is the computer world being bled into spatial independence. A similar attack is that of using a war dialer to either A) dial a pager every N minutes with a different call back number effectively disabling the pager B) dial N pagers serially with the same call back number, DoS’ing the victim with phonecalls.
Mapping social networks
Posted by creining | Filed under Uncategorized
I was reading an article the other day about how social network mapping of online communities started and wondered when someone would start a project to map one of the biggest social networks today, AOL Instant Messenger. Well, lo and behold, today Buddy Zoo was announced. This morning when it hit slashdot I surfed on over and there were around 10,000 people signed up. As I write this there are now over 400,000. Wow, what the slashdot effect can do. Keep in mind that there are millions of AIM users and I can only drool over the type of social network analysis that AOL can do.
Harvard students and p2p
Posted by creining | Filed under Uncategorized
At Harvard, students caught sharing copyrighted songs and movies online more than once will lose their network access for one year. Great! This will likely push file sharing further underground. Perhaps some geeky Harvard students will develop a new P2P network that is encrypted, anonymous (the client-side encrypts with a series of keys of the nodes it will pass through), and stealthy (thwart detection techniques like traffic analysis). Will file trading ever be immune to legal attack from the MPAA and RIAA?
Urban sprawl
Posted by creining | Filed under Uncategorized
I was reading an article in the local newspaper about the fight over a tract of farm land between local citizens and the big box retailers, Wal-Mart, Target, Home Depot. I am not convinced that the addition of these stores provide any benefit except to the greedy corporations bottom lines. And there are plenty of negatives, such as the reduction of wildlife, increased traffic congestion plus the cost of the infrastructure development, threats to water quality and poorly implemented stormwater and sewage, and they are, plainly put, an eyesore. Also, think about how many abandoned shopping malls and big boxes are seen when travelling, affirming the possibility that in the near future the corporations will re-locate or close their stores. In my small hometown the urban sprawl that took place around 10 years ago is quite apparent. It is somewhat like a donut where the asphalt suburban shopping malls and big boxes form a ring around the decaying downtown. Nobody really seems to care though.