Wednesday, October 14, 2009
Myspace Uses Flash Drives
Computer World Article
Using the new solid state memory instead of hard drives saves more than 99% of the power used by the servers, but solid state memory only has a limited number of write cycles, somewhere between 1,000 and 100,000 depending on the type. Then the disks are fried.
Someone write a program to constantly update and upload information to their my space account.
Thursday, April 23, 2009
Spanning Tree Protocol
The thing is, the packet was in plain-text and not validated so I decided to do some research to see whether STP in conjunction with MAC spoofing could be used to DOS a network.
Spanning Tree Protocol works by creating a minimum spanning tree of the network switches so no loops are established. The packet flow created is not the minimum spanning tree of the entire network, but a minimum spanning tree from a given node elected to be the root node.
STP is designed to help elect a root node.
This is exploitable because an attacker can disrupt a minimum spanning tree and force a new election. By creating packets from a fake switch and getting elected root node by setting the ID to 1, an attacker can send the networks switches into a constant state of re-election. A more detailed explanation can be found as well as proof of concept code at http://lucastomicki.net/attacking.stp.php.
Free Stuff On the Internet
www.thunderfap.com
www.totallyfreestuff.com
I also got a bunch of free boxes from USPS. Of course they are all for mailing stuff. Doing otherwise could be a felony. But there are a bunch of cool youtube videos of things to do with free USPS or DHL boxes.
-TWG
Tuesday, February 17, 2009
Go away, we're not home
Turning to the web for answers, we realized that these machines that we had stumbled upon, 5 to be exact, were most likely a part of the storm botnet. After collecting a few more pieces of data we decided to leave the machines alone.
Today I was reading a little more about the botnet on the web when I came across a webpage on which Microsoft takes credit for dismantling the storm botnet.First of all the storm botnet is hardly dismantled. Second, its Microsoft's fault the botnet got as large as it did in the first place. Even if they did reduce it in number, thats nothing to brag about. Their product is hosting something with enough power to mess up the Internet across the globe. Its not the time for bragging.
Proprietary software makes me ill.
Monday, February 9, 2009
Removing Ads from Free Web Hosting
After uploading a sample webpage, I navigated and veiwed its source. After re-uploading, a few slightly modified versions of that page I noticed that the hosting service was appending the code for all of its ads right after the first <body> tag. I experimented with comments, trying things like <body <!-- but whenever I placed the last > the ad code would escape the comment.
I decided to bend the rules of HTML. To solve the problem I made the first <body <!-- tag and then another <body> after it. The ad code generated by the HTML parser ended the comment and my second body tag worked perfectly. Wa-lah, no ads. Mark one loss for HTML parsers. Mark one win for me.
Sunday, February 8, 2009
Hacking using GRUB Bootloader
For example, root access on a Unix machine with Grub can be as simple as restarting the machine, waiting for the grub bootloader to run, highlighting the operating system to boot and pressing 'e' to edit the bootloader settings for that entry. Administrative access is granted on Unix machines in single user mode, or run level 1. This mode can be accessed by adding the word 'single' to the end of the kernel line. After booting to single user mode, an attacker can drop to a root terminal and create a new user with administrative access or install another backdoor. System compromised.
When Security goes Bad
My older laptop is a Toshiba Satellite M105 with a Phoenix Trusted Core BIOS. One day as part of an experiment, I set a BIOS password on the computer. A week passed before I returned to thus particular project, and I could no longer remember the BIOS password. I thought it was no big deal, and looked up the Phoenix backdoor passwords which included BIOS, CMOS, phoenix, and PHOENIX. After trying the first three, my computer shut off, and after the last I was still locked out. An hour later I had disassembled my laptop and taken a soldering iron to the BIOS battery. A few hours later I hoped the BIOS would forget the password. I got a bad checksum error, but when I tried to continue I was again prompted for the password. I understand the backdoor passwords not existing, because thats just stupid, but there is no way for me to recover this password short of reprogramming part of the BIOS and replacing a chip. There is a plausible possibility that I might not get to use that computer ever again.$700 down the drain to good security.
Monday, January 26, 2009
The Fight Against the DRM
In recent years, the aforementioned groups as well as many others, have worked hard to educate the public about the use of DRMs and generate public opposition. After all the use of DRM only serves to inhibit the user from using their purchase as they wish. Fortunately, in the past few months it seems as though the fight against the DRM may be starting to pick up. As of January 8, 2009 Apple announced that all music downloads will now be DRM free. However, don't give Apple too much credit. If it weren't for the public putting so much pressure on the record companies to remove the DRM and the record companies forcing Apple to remove it, it would surely still be around. Not to mention that DRM-free songs cost $.30 more. In fact, according to http://www.defectivebydesign.org/itunes-drm-free Apple still employs the DRM to restrict many of its other technologies:
- DRM is used to lock iPhones to AT&T, and other networks around the world.
- DRM is used to lock downloads from the App Store, even downloads at no-charge.
- DRM is used to prevent iPod/iPhone being used with software other than iTunes.
- DRM is used to prevent OS X from loading on generic PCs.
- DRM is used to prevent the latest MacBook computers from working on certain types of monitor and HDTV.
- DRM is used to keep accessory vendors for the iPod and iPhone limited to a subset of the devices features via an "authentication chip."
- DRM is used to lock up movies, TV shows, ringtones and audiobooks purchased through the iTunes Store.
So although this was a win in the fight against the DRM, there is still a long ways to go.
But Apple is certainly not the only company at fault. With DRMs being used on MSN Music to lock songs to the phone it was downloaded to, Microsoft is still adamantly defending the DRM, though very very poorly. It is almost humorous how terrible their defense is, merely suggesting that some people may only want music on their phone. I encourage you to read Microsoft's terrible defense of the DRM. Other companies including Sony and Walmart to name very few also continue to use the DRM despite public opposition. We will just need to keep telling these companies we refuse to purchase products we are not free to use, and buy our music from DRM-free music stores, such as Amazon.
Saturday, January 24, 2009
Free Software is not a Threat to the IT Industry
Free software does not have the ability to cause catastrophic damage to the software industry. Proprietary software that spies on and restricts the freedoms of users will be eliminated, but such a change is for the better. More jobs will be created for programmers by companies who want specific changes made to their software. Such jobs are currently not available under the use of proprietary software. Now if a company decides it would be in its best interests to have a piece of software modified to better suit the companies needs, they cannot simply hire a programmer to make the changes. Under proprietary licenses, the company does not have the freedom to modify software that they own. And the programmer who could make the changes doesn't have a job.
IT is in the best interests of society to switch to free software. Free software will eliminate government and company enabled back doors that allow such corporations to easily spy on the user of the software. Free software will give everyone the freedom that the technological world so desperately needs. To put the icing on the cake, it will not negatively affect the programming industry. If anything, it could increase jobs in the sector. Examples of jobs already created because of free software can be found at http://www.fsf.org/resources/jobs/listing. I hope you all see the light.
Thursday, January 22, 2009
GNU vs. Linux
GNU began as a free operating system in the 1980's, the brainchild of Richard Stallman and his Free Software Foundation. Stallman together with the foundation, set to creating the operating system, and within a few years had the entire operating system completed, except for one vital component: the kernel. The free software foundation tried to develop a kernel over an existing freeware micro-kernel, but the project was met with limited success. The answer to the problem came in 1991 when the ever-famous Linus Torvalds created the Linux kernel, under his own open-source software license. When news of this kernel reached the Free Software Foundation, the simply used the Linux kernel to complete the GNU (GNU not Unix) operating system.
Today, most people simply refer to their GNU/Linux operating systems as Linux, but this obviously isn't giving credit where credit is due. Without GNU, none of us would be able to have the operating systems that we all know and love today, yet we still give all of the credit to Linus. Richard Stallman and Linus Torvalds never even shared the same point of view. Whereas the Free Software Foundation was interested in free software, Linus was actually a huge supporter of proprietary software, and the existence of non-GNU proprietary Linux flavors is proof of this. Today, the Free Software Foundation doesn't really even support many flavors of GNU/Linux for the fact that the distros contain proprietary software or firmware, with the exception of a few obscure distros such as gnusense. But, the point of the story has been made. From now on, try to give credit where it is due, refer to your operating system as GNU/Linux or GNU with a Linux kernel, not just Linux.
Wednesday, January 21, 2009
America Online is a Disease
Back in the day when I was but a wee lad, my parents used to lease an internet connection through America Online. Those words still make me cringe today. I would think the various unethical consumer abuses and all out terrible service would be enough to put AOL under, but I guess the family-friendly con artists have more resilience than I would have initially guessed.
My first qualm with AOL stems from what seems to be its inferiority complex. As soon as you install it it hijacks your browser, if I remember correctly by replacing registry values in Windows machines to make the browser title say “Brought to you by America Online.” Honestly its been a while since I've used windows and a much longer while since I've used AOL, but thats how I remember it at least. I don't understand why they have to attach their name to your browser if they have nothing to do with it. They should lease you an IP address like a good little ISP and call it a day.
Then you take the inferiority complex and mix it with lies and deception. AOL claims to have built in spam control, which it does, but now allows companies sending spam mail to pay to allow the mail to be passed through filters as certified mail. When an online petition formed trying to stop this policy, AOL blocked all emails containing the web address of the online petition. When called out on it, they called the phenomenon a glitch. I encourage you to read the whole story here http://news.cnet.com/AOL-charged-with-blocking-opponents-e-mail/2100-1030_3-6061089.html.
On top of all of these ethical violations and terrible customer abuse (I encourage you to follow the link in the first paragraph), AOL just provides crappy service. The only reason people choose AOL as a service is because parents who don't know much about the internet are captivated by the words “parental controls.” I'm sure if it weren't for AOL leeching off the over concerned portion of the population ignorant to other ISPs, AOL would be out of business. At least I think it should be.
Tuesday, January 20, 2009
Windows Rot
I haven't been able to find any data suggesting that anyone had taken it upon themselves to quantify this Windows Rot, but im pretty sure everyone knows its true. I myself have a few conspiracy type theories revolving around Windows Rot, including that Windows contains code to purposely slow itself so users are forced to buy the upgrade, but as a Linux lover my opinion may be somewhat biased. However, we all know Windows Rot is true, so I am here to offer two feasible non-conspiracy related theories of why this may occur.
The first reason, and the most popular theory among beleivers of Windows Rot includes the fact that Windows operates around the registry. Ever time a program is called, its default values need to be accessed from the registry. As more and more programs are installed on the computer the registry grows in size, and the time taken to load a program will increase O(n) time where n is the number of newly installed programs. And when programs are constantly installed and uninstalled registry values are not always deleted properly further adding to the rot. This phenominon does not seem to take place in Unix systems for the simple reason, it doesn't. Most programs have a config file the corresponds to that specific program so all of that time is not wasted searching through the registry.
The second problem that may contribute to Windows Rot is the organization of the NTFS filesystem. An oversimplified representation of the NTFS for windows is as follows, a pagefile which is all contiguous, a MFT section which is all contiguous, and the files. The MFT is a sort of indexing in the beginning of the partition that indexes all of the files to a memory location. As more and more files are added and this indexing file increases by size n, this too will cause an O(n) increase in disk access time. Especially if the files are fragmented.
Well there you have it two valid theories for Windows Rot. But dont rule out the conspiracy theory either.
Monday, January 19, 2009
The Pros and Cons of 64 Bit Architechture
Pros of 64-bit software...
If you are running 64-bit software, it will run much faster than its 32-bit counterpart (on the order of picoseconds). However, functionally you may not even be able to perceive the difference depending on the size and complexity of the program.
Cons of 64-bit software...
Cross-compatibility. Many programs that are available commercially and as open-source software may not be compatible with 64-bit software.
Haha I was planning on saying much more, but I think that pretty much about says it all. Unless you want to deal with the potential of a lot of software being incompatible with a 64-bit operating system I would personally stick with the 32-bit operating systems for the next few months at least, unless you are planning on processing massive amounts of scientific data or something.
Ummmm....
I know I'm new at blogging and I shouldn't really be putting down other people's blogs but I'm not new to computers and I can't believe what I just read.
The rest of the directions involved typing ipconfig /release and ipconfig /renew into the command prompt and wah-lah ip changed. Who would promote such ignorance in the name of hacking. Hacking revolves around understanding. There is no room in hacking for ignorance.
The article I'm complaining about doesn't consider many things. The first is the reader of the article is left with nothing about how ip addresses worked, and if anything a false impression of how they work. Depending on how the DHCP server is configured, ipconfig /release ipconfig /renew may not even change your ip address. Secondly, and most importantly, this assumes that the user is using Windows, which is entirely inappropriate for a hacking website. I'm flabbergasted.