Wednesday, May 30, 2007
for i in `ls urls_*`; do ruby dns.rb $i & done
#main section from dns.rb
ip_addresses.each {|id,url|
begin
host = parse_host(url)
ip = get_ip(host)
if not ip.nil?
addresses = Ipaddress.new
addresses.address = ip
addresses.review_id = id
addresses.save
end
rescue Exception=> e
results.write("#{e},#{id},#{host}\r\n")
end
}
Wednesday, May 30, 2007
“Just pay us the money and you get your photos back unharmed. No one wants to see any pixels get hurt here, just pay up”
actual text from my account
You’ve run into one of the limits of a free account. Your free account will only display the most recent 200 photos you’ve uploaded. All of your photos beyond 200 will remain hidden from view until you either delete newer photos, or upgrade to a Pro account.
None of your photos have been deleted, and if you upgrade, they’ll all come back unharmed.
Friday, May 25, 2007
I’m drafting some narrative about the last year of badware and one of the incidents that stand out to me is the Superbowl hack.

Below are some relevant links:
Websense advisory announcing the hack
* http://www.websense.com/securitylabs/alerts/alert.php?AlertID=733
Related Microsoft vulnerabilities exploited by the attack
* http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
* http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
Saturday, May 19, 2007
For realtime updates check Fenopy Fake Finder:
These torrents and trackers are reported as fake and setup by the MPAA and RIAA or their affiliates. Any network data recorded by them bearing your IP address could lead to legal action. It may be advisable to block all traffic with fake trackers at your network borders.
Saturday, May 19, 2007
I was amusing myself with the Microsoft “Get the Facts on Windows” site and the case studies they publish are fairly unbelievable. The Wipro report in particular rings hollow and reeks of numbers manipulation. It essentially offers the following
I am in the middle of finals so I can’t spend much time debunking these claims however with a minimum of spadework I offer the following:
They show this graph which contends that Windows 2003 has fewer security patches in 2007

However eEye Digital Security has at least one flaw which was reported over 140 days ago. And eEye allows vendors 60 days in which to produce a patch which means this vulnerability has been known for 200 days and counting. So one has to ask if that blue bar representing Microsoft is low because of the long turn around time on patches. It’s only the month of May after all and the Linux community seems to have their updates in place a little sooner then Microsoft. Also since Linux operating systems have the ability to come with extremely large amounts of other free software all the “updates” come through the same channel. It would be interesting to see if they counted every update for mpeg123 along with critical security updates in this bar chart.
I’m going to go back to studying however it would be interesting to see some light shed here.
Saturday, May 19, 2007
This is a topic I’d like to research a little more and apply towards my research at Stopbadware.
Meta Topics
- Dynamic Time Warping: aligning time series and a specific word template so that some distance measure is minimized
- n-by-m plane or grid
- Monotonicity
- Continuity
- Warping Window
- Slope Constraint
- Boundary Conditions
Once we can detect patterns we can then express higher level relationships or “knowledge” as rules.
source: “Finding Patterns in Time Series: A Dynamic Programming Approach”, Berndt & Clifford, Advances in Knowledge Discovery and Data Mining (1996)
Tuesday, May 15, 2007
I’m not sure what this new proposal [pdf] is attempting to allow but here is a thought. The CNET Article quotes the DOJ as saying, “It is a general tenet of the criminal law that those who attempt to commit a crime but do not complete it are as morally culpable as those who succeed in doing so.”
So if fake Bittorrent trackers were to record a person attempting to download material could this be construed as an “attempt”? I’ve been following along with the fake trackers for months now but all the RIAA can do now is record the IP and file against John Doe. This legislation could mean attempting to download a fake tracker results in a confiscated computer, jail time, and maybe the death of Bittorrent.
Tuesday, May 15, 2007
verbatim copy of letter from Stanford:
Illegal use of file-sharing technology continues to be a critical
problem at Stanford. In spite of our efforts to advise students about
the serious consequences that can result from illegal distribution of
copyrighted materials there is clear evidence that this is a growing
phenomenon that is not going away.
As a result, the university is announcing a change in the policy
governing DMCA (Digital Millennium Copyright Act) complaints. The new
policy involves an Internet reconnect fee and represents a significant
change in actions the university will take in addressing violations.
For information on the new policy please see:
http://www.stanford.edu/dept/legal/recen….
If you have questions about the DMCA Reconnect Fee policy, please contact
Lauren Schoenthaler (at: <private>@stanford.edu), Senior University Counsel.
Regards,
Greg Boardman
Vice Provost for Student Affairs
Filed in Rights Online
|
Comments Off on Stanford Now Charging Students for Becoming Target of DMCA Investigation |
Permalink
Tuesday, May 15, 2007
I was scooped by Matasano AGAIN on the all new CitySec site which actually refers back to last months announcement.
The next Beansec! is imminent and one of the tripartite forces of the Beansec! has provided a Google calendar to help keep track.
If you are afraid of Google owning your calendaring information then scribble Wednesday down on some tin foil along with this description:
BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area. Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.
Map to the Enormous Room in Cambridge.
Enormous Room: 567 Mass Ave, Cambridge 02139

Sunday, May 13, 2007
The letter begins by stating, “You further acknowledge that such conduct by you is illegal and wrongful.”
Yet in the recitals it specifically says that you don’t admit wrong doing.
EDIT 5/13: It was pointed out that the letter specifically states that nothing in this agreement denies wrongdoing. I had misinterpreted that as a denial of wrongdoing which was incorrect. So this statement does match up with the earlier admission of guilt.
“4. You acknowledge that we have advised you that you may consult with counsel of your choosing prior to entering into this Agreement and that you have entered into this Agreement of your own free will, without any promise or inducement not stated in this Agreement. You further acknowledge that nothing contained in this Agreement constitutes a denial of wrongdoing by you. The Record Companies each reserve all rights not expressly waived herein.”
Then goes on to say that you may not speak about the agreement in public if it is inconsistent however; the agreement is inconsistent with itself. So what can really be said after one is forced to sign this?
“5. You agree not to make any public statement that is inconsistent with any term of this Agreement.”
Judge for yourself and read the full contract
edit: the MIT article this came from also noted the following:
not all students who receive DMCA notices necessarily violated copyright law.
it is becoming “quite difficult” to ensure IP addresses were actually used for infringement.
It would be great to see more schools step up protection of their own students instead of sacrificing them to RIAA and their enforcement arms. Professor Nesson had some great ideas along these lines.