The IVR Cheat Sheet™ by Paul English
Browsing Posts published in January, 2006
NSA’s Trailblazer loses way:
Sun’s Schwartz talks about licensing Solaris under the GPL3:Sun continues its dance with open source as it contemplates changing the license under which the Solaris source code is released. Is Sun finally serious about working with the open source community?
Shmoocon 2006: The Church of Wi-Fi presents: An evil bastard, a rainbow and a great dane!: The Church of WiFi gave a presentation on some of their recent projects.The first was coWPAtty, aprogram for brute forcing WPA-PSK…. WPA-PSK isseeded using the SSID of the router, so they grabbed the top 1000 SSIDs from Wigle.netand calculated the hashes when using a 170,000 word dictionary. Now they are able to check 18,000 keys/sec instead ofjust 12 keys/sec…. It is similar toRogue Squadron which is a firmware designed to spoof anaccess point and collect user information by phishing…. Iteven features a “Point ‘n 0wn” interface that lets you just click on the target you want to automatically spoof.
OpenWrt nears prime-time:OpenWrt, the GPLed Linux distribution for wireless routers, is at RC4 and is nearing the 1.0 release. We looked at RC2 last August, but things have changed since then — for the better.
Solaris OS Networking — The Magic Revealed (27 Jan 2006):Detailed article describing networking under Solaris.“This paper discusses the networking advancements in the Solaris 1 OS, as well as the evolution of networking in previous releases. Topics include TCP, UDP, IP, the device driver framework, and tuning for performance.”
Ins and Outs of WPA2:Network Computing covers the tiny details that make WPA2 work: If you wanted to know the ugly innards of the beast that is the WPA2/802.11i implementation of Advanced Encryption System (AES) ciphers, read on. Frank Bulk dissects how the AES keys work within the certified WPA2 framework, including in an 802.1X environment….
Wireless Man in the Middle Attack Part I:Typical hacks against both wired and wireless networks include traffic sniffing. Man-in-the-Middle attacks are really a derivative of packet sniffing. Instead of listening to all packets that pass through a network, man-in-the-middle attacks attempt to pick one or more hosts with which to interfere.
Chrooted SSH HowTo:This tutorial describes how to install and configure OpenSSH so that it will allow chrooted sessions for users. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of.
Sun wants Linux on T1:Sun is keener than ever to port Linux to its new multicore T1 chip, even if it’s not expected to happen for six to nine months. The company has made T1 servers available to Linux developers and is working with unnamed Linux distributors to develop the port.
DORMITORYWhen you rearrange the letters:DIRTY ROOMPRESBYTERIANWhen you rearrange the letters:BEST IN PRAYERASTRONOMERWhen you rearrange the letters:MOON STARERTHE EYESWhen you rearrange the letters:THEY SEEGEORGE BUSHWhen you rearrange the letters:HE BUGS GORETHE MORSE CODEWhen you rearrange the letters:HERE COME DOTSSLOT MACHINESWhen you rearrange the letters:CASH LOST IN MEANIMOSITYWhen you rearrange the letters:IS NO AMITYELECTION RESULTSWhen you rearrange the letters:LIES – LET’S RECOUNTMOTHER-IN-LAWWhen you rearrange the letters:WOMAN HITLERSNOOZE ALARMSWhen you rearrange the letters:ALAS!
A Statistical Review of 1 Billion Web Pages:“As part of a recent examination of the most popular html authoring techniques, my colleague Ian Hickson parsed through a billion web pages from the Google repository to find out what are the most popular class names, elements, attributes, and related metadata. We decided that to publish this would be of significant utility to developers. It’s also a fascinating look into how people create web pages. For instance one thing that surprised me was that the <title> is more popular than <br>. The graphs in the report require a browser with SVG and CSS support (like Firefox 1.5!).
CLI Magic: OpenSSH + Bash:User level: Advanced Other system administrators have fantastic toolboxes for their work. My tools consist of two everyday programs: OpenSSH and the GNU Bourne-Again Shell (bash). No other tool, whether console-based or GUI, has been so consistently useful to me as these two programs.
Add an extra layer of security with systrace:Niels Provos’ Systrace is a utility that monitors and controls what an application can access on a system by creating and enforcing access policies for system calls. For the Linux crowd, it’s something like the US National Security Agency’s SE Linux, but it’s more flexible and, if used properly, it can improve a system’s overall security by “sandboxing” untrusted applications and users.
Cheat Knoppix to Improve Performance:Learn how to run your personal, live-Knoppix configuration on any PC. MozillaQuest Magazine (MozillaQuest.Com) reports: “. …. in Part 4 of our Knoppix cheats article, you will learn how to put together all the stuff you learned in Parts 1 through 3 to make a very portable, Live-Knoppix setup. It’s really very slick and it is very handy too .
Threat level definitionSearch: Home Bugtraq Vulnerabilities Mailing Lists Security Jobs ToolsNewsInfocusFoundationsMicrosoftUnixIDSIncidentsVirusPen-TestFirewallsColumnistsMailing ListsNewslettersBugtraqFocus on IDSFocus on LinuxFocus on MicrosoftForensicsPen-testSecurity BasicsVuln DevVulnerabilitiesJobsJob OpportunitiesResumesJob SeekersEmployersToolsRSSNewsVulnsProduct Search Phone record revelationPublished: 2006-01-24In order to obtain the information necessary to pull off a convincing imitation, details about the person are often needed. This is where the phone record companies turn to public data providers such as ChoicePoint and LexisNexis for enough information to build a profile on the individual, according to a Network World article.This affiliation with legitimate data providers was not expected by many, and explains some of the ease and proficiency with which records are obtained.
Threat level definitionSearch: Home Bugtraq Vulnerabilities Mailing Lists Security Jobs ToolsNewsInfocusFoundationsMicrosoftUnixIDSIncidentsVirusPen-TestFirewallsColumnistsMailing ListsNewslettersBugtraqFocus on IDSFocus on LinuxFocus on MicrosoftForensicsPen-testSecurity BasicsVuln DevVulnerabilitiesJobsJob OpportunitiesResumesJob SeekersEmployersToolsRSSNewsVulnsProduct Search Online crime matures beyond adolescencePublished: 2006-01-24Cybercrime is moving from broad ego-driven outbreaks to much smaller targeted attacks aimed at stealing sensitive data or extorting money from companies, IBM stated in its 2005 Global Business Security Index Report released on Monday.The conclusion explains the apparent drop in high-profile attacks in 2005, a year that saw only moderate threats such as the Zotob worm and the Sober virus.
Improving your SQL skills:I used to be almost exclusively a database developer, writing complex queries and stored procedures in Oracle and MySQL. Of late I’ve been doing more and more web based work, HTML, JavaScript, CSS, PHP and Perl, this means of course that I’m doing less and less SQL especially the more complex stuff that I would have been doing in the past.
BitTorrent Clients Reviewed:“PC Magazine is running a review of several popular BitTorrent clients. They review uTorrent, an app that ‘packs an outstanding array of features in 107KB, and doesn’t even create a folder in your Program Files’ and give it 4.5 stars. BitTorrent Client from BitTorrent.com, ‘whose clean interface has three basic elements: a large progress bar for each torrent you’re working on, a slider that controls your maximum upload rate, and a link to the BitTorrent Search engine’, gets 4 stars. BitPump ‘features an attractive interface that sacrifices a detailed feature set for BitTorrent tweakers in favor of simplicity and ease of use’ and gets 4 stars. Finally, Azureus, ‘a favorite with advanced users, who enjoy its plug-in system and huge range of tweakable settings’, gets 4.5 stars.
Apple’s New Intel Macs: Wouldn’t you know it just a few weeks after I bought my father a Mac for Christmas, Steve Jobs beats his previous target dates by announcing and shipping Intel-based Macs at MacExpo last week. I don’t think my father is enough of a power user to notice the difference, but for most Mac heads, the new Intel-based Macs are nothing but good news. Not only do a lot of the MySQL developers and the open source community in general use and love the Mac, it seems to be an increasingly popular platform among our customers. In our most recent user survey over the holidays, Mac OS/X users accounted for about 12% of respondents. This is an increase over the last year, and puts the Mac on par with Solaris. It’s still a far cry from Linux or Windows, but the trend for the Mac is going up whereas the trend for Solaris, AIX, HP-UX, Netware is not. Thanks to some fast work from our build team and the web team, we now have Mac intel binaries of the MySQL community edition available for download. Since MySQL runs on more than 2 dozen platforms, it was a pretty straightforward recompile with GCC; but its still great to have it so quickly. Apple’s reasons for switching to Intel are clear. They can deliver higher performance CPUs with lower power consumption and ride the Intel commoditization curve making their machines more competitive…. The new Intel iMac’s run at a theoretical speed that is 2-3x faster than the old G5 processor, but that’s based on somewhat arbitrary (and unrealistic) benchmarks. For most casual users, you might notice a modest 25-30% performance on some tasks. That’s not bad, but it’s an incremental improvement at best. For certain CPU-bound tasks, like crunching video files, there can be more significant improvements. However, it does appear that the I/O is more efficient on the Intel-based Macs, so copying files and presumably compiling source code or running a database should see more significant improvements. One of our partners, Zimbra, has seen significant performance improvements on the Intel-based Macintoshes.For now, all of the Apple supplied software has been ported to the Intel chip set with nice performance improvements for QuickTime, iTunes, iLife etc. We’re also starting to see a steady supply of announcements form third party Mac ISVs who have or are planning on native ports to Intel. Most older Mac software will run automatically using the built-in Rosetta fancy-pants dynamic binary translator software developed by the high-IQ code wonks from a company called Transitive. The added oomph of the Intel Core Duo will be pretty much offset by the Rosetta translator, so its a bit of a wash. Graphics programs, like PhotoShop are the programs that will most benefit from native Intel performance, so you may wish to wait until they’re available before switching to Intel.For more info, take a look at the articles and links below. And if anyone wants to report on their experience with the Intel Macs, post comments and let me know.
