Next generation gaming and continued Linksys failures

Today I needed functionality and was unwilling to tolerate bad consumer implementations any longer.My household network may include the following devices at any given time:• a couple of OSX 10.4 macs• at least one Windows XP workstation or laptop• a Nintendo Wii• a Sony Playstation 3• assorted other laptops• A Zaurus• at least one visiting smartphone or IP phone• Sony PSPs• and other such widgets and devicesOddly enough for whatever reason, the PS3 was not fitting into my brave new world of WPA2. Sony doesn’t (even after the last firmware 1.5 update) support WPA2, but does manage WPA [AES].Sadly after a fair amount of trial and error, I was able to determine that the Linksys firmware does infact not offer WPA [AES], but only WPA [PSK]…. Who cares.I sshed into the now OpenWRT access point and the following commands got things where I needed them to be:ipkg updateipkg install nasrebootA really excellent feature of OpenWRT, I noticed, was that it can support WPA2 and WPA devices supporting both AES and PSK at the same time…. After the usual security warnings about how windows can be owned at any moment by anything (which prefaced the installation instructions), I installed the uPnP module via their somewhat odd procedure:cd /tmpwget http://members.optusnet.com.au/edwardluck/openwrt/packages/libupnp_1.2.1a_mipsel.ipkipkg install libupnp_1.2.1a_mipsel.ipkwget http://members.optusnet.com.au/edwardluck/openwrt/packages/linux-igd_1.0.1.ipkipkg install ./linux-igd_1.0.1.ipk/etc/init.d/S65upnpd startThe PS3 then reported that I was running a type 2 NAT (in place of the previous type 3) and that uPnP was now operational.Thank you OpenWRT for giving me the chance to distract my competition with words and laugh at them when I blow them up.

Read Article →

SEO blog defacements

Jeremy Schoemaker asked me to write up a little something regarding the recent string of SEO web defacements for a non-technical audience which he posted in his blog.The SEO industry is very focused on being SEOs.Like many professionals, many attempt to avoid time consuming activities that are not core to their business…. This is a perennial theme of information security writings and I myself have touched on itWeb defacements are nothing new, but the media attention to SEO superstars is notable and makes their online presence an attractive high-value target. The recent mass defacement of SEO wordpress blogs that was launched from a technical adversary using tor is an example of what has become a not uncommon occurrence.What can SEOs, and bloggers in general, do to lessen the risk of public embarrassment from defacements, hacktivism, and information leakage?… (For example, the bugfix for Wordpress v2.0.6 addressed a correction for those webservers that had left register_globals set to “on.” Not recommended in the first place.)Hardening the web services themselves with security modules.Use of a NIDS or HIDS that will actively block or alert upon detection of questionable behaviors.All of these methods involves time and resources that could best be applied to doing what they do best, in this case, being a SEO.

Read Article →

A review of Marcus Sachs: “Behind the Scenes at the Internet Storm Center [ISC]”

Hi Marc-not-Marcus,I wanted to give you some feedback on your presentation this evening atthe ISSA because, frankly, I was a disappointed with some of yourconclusions.First, the whole “the internet is an organism” concept of virus andmalware propagation.Lots of people have said this which, I suppose, makes it a kind ofconventional wisdom speaking point. I don’t agree with it and I’ll tellyou why. It centers around the recurring commentary that many in ourindustry have spoken about regarding shoddy software devdelopment.

Read Article →