Many of you have heard about the Cisco cover-up at Black Hat this year. You know, your normal gestapo presentation suddenly cancelled, pages literally ripped from the conference book, etc. The link to Lynn’s presentation on the Black Hat Multimedia page had also been removed. Now…you think they would have removed the actual pdf as well, don’t you? I mean…this is the hottest news in the past few days and everybody that wasn’t at Black Hat wants to get their hands on this information. And most of these “hacker-types” are fairly resourceful. So you would think that Black Hat would be smart enough to remove the actual pdf…

Well they weren’t. Up until sometime this morning, the contents of that pdf that people had been hired to rip out of the conference book still remained at a predictable URL on the Black Hat site. Intentional? Maybe…but it’s gone now.

While my family was preparing for a nice get-together back home (sorry I couldn’t make it, I’ll be there in August!), I spent my Saturday putting together my new bookcase from Ikea and preparing for a special night out on the town. I had it all planned out. A nice, fun dinner at the Bubba Gump Shrimp co., take in a movie (the new Charlie and the Chocolate Factory at the local IMAX), and then perhaps, but only if I got reeeeeallly lucky, some fireworks while experiencing the ferris wheel at Navy Pier. A little cheesy, yes, but fun nevertheless. And I’ve lived in/around Chicago for over three years now and only been to Navy Pier once or twice before.

So we got to the restaurant only to find that it was going to be a 45 minute wait. And even though we were two hours early, that was still cutting it close. My hopes fell, along with the darkening clouds indicative of a sure-fire rain shower coming our way. We found another place just in time, but the wait there turned out to be almost as long. I was getting pretty down until the Anheuser-Busch promotion guy came over and offered some free beer (apologies to my cousin, but I don’t think she minds anymore). Well dinner went fine and we made it out just in time for the movie. It was spectacular. The big IMAX screen was a little imposing…not used to seeing movies 40,000 times the size of a regular television set…but still good.

And then came the finishing touch. The ferris wheel. Of course, once we got tickets I ran like a little kid to go get an icee while others waited in line. Had it not been for a couple other people that managed to time it perfectly and actually go back to the end of the line one time, it would not have worked out nearly as well. We wanted to be on the ferris wheel at the same time the fireworks started. 7.5 minutes is how long it takes to go around once and we hard boarded just seconds before they were scheduled to start. As the ferris wheel passed its first 1/4 turn, I was worried that they wouldn’t start, despite it being time. It had to work out, it had to. Then, just as we were nearing perhaps 3/8 of the way around, the first fireworks rocketed into the sky. Ah, perfection. There was only one thing left to do. As the ferris wheel reached the apex, I reached into my pocket and wrapped my fingers around a small package, lifting it out delicately and deftly. I then presented to her…a simple lollipop that she had seen earlier and I had picked up when I went back to get my icee.

What a great night.

I learned on Slashdot this morning that there is a new exploitable bug with USB. I’ve always wanted to be able to just plug in a usb key and have it run autohack.bat.

But, SPI come on…what kind of responsible disclosure is this?! A quote on eWeek from your CTO?! Not to mention openly admitting that you haven’t informed Microsoft of the issue yet (even though it is a hardware issue) and then proceeding to promote your talk at Black Hat next week! Come on, SPI…I thought you were better than that. Or is this just some sort of security bug premature disclosure because you got so excited about finding a bug, you just couldn’t control yourself?

Code Red or Poison

I scored 10 out of 13. I’m a survivor. How’d you do?

Time for another…*ppphhssssshhhhttt*

Bummer…I was one of the people to receive the feedlounge alpha invite, but for some reason I didn’t get it until 5pm tonight…and it was sent out this morning. There were more than 175 replies in the first 10 minutes, so it’s probably not too likely I’ll be doing any alpha-testing soon.

Next time…next time I tell ya, I’ll be ready. user:~$ tail –follow=name /var/log/mail.log | grep feedlounge

I came across a fairly large lists of hosts I had to paste into a document tonight, some of which were in contiguous ip ranges, but all of which were listed as single ip’s. For example, I had

192.168.1.1
192.168.1.8
192.168.10.3
192.168.1.9
192.168.1.10
192.168.10.2
192.168.1.2
192.168.10.1

and I wanted

192.168.1.1-2
192.168.1.8-10
192.168.10.1-3

See…it’s a little bit cleaner, isn’t it? So what better to do than put on some music to code by, grab a Hacker-Pschorr, and start doing a little shell scripting. An hour or two later, I whipped out this little sucker below. (in which I already found and corrected a bug while writing this post…) So, needless to say, you’re on your own with the code and I assume no responsibility. Just make a file name hostlist with the list of ip addresses (doesn’t need to be sorted or even unique), and run the shell script and it will output the condensed list. Need I say how much I love automation.

Show/Hide Code

1. #!/bin/sh
2. SORT_CMD="sort -n -u -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4"
3.  
4. # IP_0 needs to be initialized
5. IP_0=`$SORT_CMD hostlist | head -n 1`
6. OC_0_4=`echo $IP_0 | cut -f4 -d\.`
7. OC_0_13=`echo $IP_0 | cut -f1-3 -d\.`
8. START_IP="$IP_0"
9.  
10. for IP in `$SORT_CMD hostlist | grep -v "$IP_0"`
11. do
12. IP_1="$IP"
13. OC_1_4=`echo $IP_1 | cut -f4 -d\.`
14. OC_1_13=`echo $IP_1 | cut -f1-3 -d\.`
15.  
16. # If the octets don't match we need to echo out this range
17. if [ "$OC_1_13" != "$OC_0_13" -o "$OC_1_4" -ne "`expr "$OC_0_4" + 1`" ]
18. then
19. if [ "$IP_0" = "$START_IP" ]
20. then
21. # Simply echo it out - there was just one
22. echo "$IP_0"
23. else
24. # Echo the range
25. echo "$START_IP-$OC_0_4"
26. fi
27.  
28. # Init the start ip
29. START_IP="$IP_1"
30.  
31. fi
32.  
33. # Shift the variables
34. IP_0="$IP_1"
35. OC_0_4="$OC_1_4"
36. OC_0_13="$OC_1_13"
37. done
38.  
39. # Echo out the last range
40. if [ "$IP_0" = "$START_IP" ]
41. then
42. # Simply echo it out - there was just one
43. echo "$IP_0"
44. else
45. # Echo the range
46. echo "$START_IP-$OC_0_4"
47. fi
48.  
49. Download this code: condense_hosts.sh

This is extremely frightening - Greasemonkey allows a malicious site to read any file on your computer! You’re only vulnerable for the sites listed in your included pages, but of course by default this is “*” - every site, unless the author has changed it. I knew there was a reason I never enabled scripts for all sites.

Javascript, ajax, xmlrpc, etc seems like the next ripple in the ever-widening pool of web application security. (How poetic…)

Update: lol, there’s already nomoremonkey apparel. Poor little frowny guy.

Like others, I woke up to find my Bloglines feed empty!

It seems the subscriptions are still there, though, since being the inquisitive person I am I clicked on the “feeds” link and it loaded every single entry from my n-hundred subscriptions…

Guess I don’t have to worry about it coming back, since it’ll take me a while to comb through that!

Their devs must be asleep cuz I don’t see the lovely bloglines plumber around anywhere…

Update: They’re back!

Once, in a post long, long ago, I reminded myself how to compile xkey, a lovely tool for snooping on open X servers, but not necessarily a standard part of every distribution. It was easy enough last time: gcc -g -v -Wall -L/usr/X11R6/lib -lX11 -lXtst xkey.c -o xkey

But for various reasons, I needed to compile it statically. Being a novice programmer, I simply tagged a -static onto the end of the command. However, that only resulted in various undefined reference errors to such functions as ‘XQueryTree’, ‘XSelectInput’, ‘XOpenDisplay’, and ‘XLookupString’…which means that the X11 libs/includes were not being referenced properly. Tossing a -I/usr/X11R6/include in didn’t help things any. After googling around for a while, I was reminded that gcc can be very picky with respect to the order of its arguments. By placing the source filename before the lib arguments, I got a little bit closer. I was now only getting one error - undefined reference to `pthread_equal’.

Granted, I had no clue what that meant, but once again google to the rescue and all I needed to do was add a -lpthread (duh) to the libs. So the final command to make a static compilation of xkey.c is this.

gcc -g -v xkey.c -L/usr/X11R6/lib -lX11 -lXtst -lpthread -Wall -static -o xkey

Now I have a handy binary I can easily use on a system without the proper headers even if it is 30 times as large!

Being a somewhat frequent traveler, I get to experience first-hand the sad state of airport security as it exists today. As Bruce Schneier points out, it seems the Department of Homeland Security is concerned that allowing broadband on airplanes will allow terrorists to exploit this service to activate bombs. Therefore, that is adequate justification to allow relatively immediate eavesdropping on such connections. Bruce puts it best

Terrorists never use SSH, after all.

Just more legislation to make it ever more difficult for the regular person to make a living with little or no reduction in threat. One has to wonder where this country is headed.