Posts

While my family was preparing for a nice get-together back home (sorry I couldn’t make it, I’ll be there in August!), I spent my Saturday putting together my new bookcase from Ikea and preparing for a special night out on the town. I had it all planned out. A nice, fun dinner at the Bubba Gump Shrimp co., take in a movie (the new Charlie and the Chocolate Factory at the local IMAX), and then perhaps, but only if I got reeeeeallly lucky, some fireworks while experiencing the ferris wheel at Navy Pier. A little cheesy, yes, but fun nevertheless. And I’ve lived in/around Chicago for over three years now and only been to Navy Pier once or twice before. ...

I learned on Slashdot this morning that there is a new exploitable bug with USB. I’ve always wanted to be able to just plug in a usb key and have it run autohack.bat. ;) But, SPI come on…what kind of responsible disclosure is this?! A quote on eWeek from your CTO?! Not to mention openly admitting that you haven’t informed Microsoft of the issue yet (even though it is a hardware issue) and then proceeding to promote your talk at Black Hat next week! Come on, SPI…I thought you were better than that. Or is this just some sort of security bug premature disclosure because you got so excited about finding a bug, you just couldn’t control yourself?

Code Red or Poison I scored 10 out of 13. I’m a survivor. How’d you do? Time for another…ppphhssssshhhhttt

Like others, I woke up to find my Bloglines feed empty! It seems the subscriptions are still there, though, since being the inquisitive person I am I clicked on the “feeds” link and it loaded every single entry from my n-hundred subscriptions… Guess I don’t have to worry about it coming back, since it’ll take me a while to comb through that! Their devs must be asleep cuz I don’t see the lovely bloglines plumber around anywhere… ...

I came across a fairly large lists of hosts I had to paste into a document tonight, some of which were in contiguous ip ranges, but all of which were listed as single ip’s. For example, I had 192.168.1.1 192.168.1.8 192.168.10.3 192.168.1.9 192.168.1.10 192.168.10.2 192.168.1.2 192.168.10.1 and I wanted 192.168.1.1-2 192.168.1.8-10 192.168.10.1-3 See…it’s a little bit cleaner, isn’t it? So what better to do than put on some music to code by, grab a Hacker-Pschorr, and start doing a little shell scripting. An hour or two later, I whipped out this little sucker below. (in which I already found and corrected a bug while writing this post…) So, needless to say, you’re on your own with the code and I assume no responsibility. ;) Just make a file name hostlist with the list of ip addresses (doesn’t need to be sorted or even unique), and run the shell script and it will output the condensed list. Need I say how much I love automation. :) ...

Bummer…I was one of the people to receive the feedlounge alpha invite, but for some reason I didn’t get it until 5pm tonight…and it was sent out this morning. There were more than 175 replies in the first 10 minutes, so it’s probably not too likely I’ll be doing any alpha-testing soon. Next time…next time I tell ya, I’ll be ready. user:~$ tail –follow=name /var/log/mail.log | grep feedlounge

This is extremely frightening - Greasemonkey allows a malicious site to read any file on your computer! You’re only vulnerable for the sites listed in your included pages, but of course by default this is “*” - every site, unless the author has changed it. I knew there was a reason I never enabled scripts for all sites. Javascript, ajax, xmlrpc, etc seems like the next ripple in the ever-widening pool of web application security. (How poetic…) ...

Once, in a post long, long ago, I reminded myself how to compile xkey, a lovely tool for snooping on open X servers, but not necessarily a standard part of every distribution. ;) It was easy enough last time: {% codeblock %}gcc -g -v -Wall -L/usr/X11R6/lib -lX11 -lXtst xkey.c -o xkey{% endcodeblock %} But for various reasons, I needed to compile it statically. Being a novice programmer, I simply tagged a {% codeblock %}-static{% endcodeblock %} onto the end of the command. However, that only resulted in various undefined reference errors to such functions as ‘XQueryTree’, ‘XSelectInput’, ‘XOpenDisplay’, and ‘XLookupString’…which means that the X11 libs/includes were not being referenced properly. Tossing a {% codeblock %}-I/usr/X11R6/include{% endcodeblock %} in didn’t help things any. After googling around for a while, I was reminded that gcc can be very picky with respect to the order of its arguments. By placing the source filename before the lib arguments, I got a little bit closer. I was now only getting one error - undefined reference to `pthread_equal’. ...

Being a somewhat frequent traveler, I get to experience first-hand the sad state of airport security as it exists today. As Bruce Schneier points out, it seems the Department of Homeland Security is concerned that allowing broadband on airplanes will allow terrorists to exploit this service to activate bombs. Therefore, that is adequate justification to allow relatively immediate eavesdropping on such connections. Bruce puts it best Terrorists never use SSH, after all. Just more legislation to make it ever more difficult for the regular person to make a living with little or no reduction in threat. One has to wonder where this country is headed.

Well as I mentioned yesterday, I got to go to an early private screening of Wedding Crashers last night. Somebody that Stacey works with managed to get tickets somehow and couldn’t use them, so thanks to her we were able to get in. Apparently, this is a fairly common occurence, and I even found a site that lists screening give-aways. Of course, you have to live in a fairly large city to be privy to these types of events. ...