28 August 2007

Stop Wirelifting Dead

Wirelifting. You know, like shoplifting, except wireless Internet style. Do you hate it when your neighbors steal your bandwidth? Yeah, well, so does this guy. Check out his tips and tricks for discouraging neighbors from Intersquatting:

The Upside-Down-Ternet

We should build a statue in this guy's honor! Maybe in the shape of a nutria...?

26 August 2007

The drought is over

The IT Crowd, Season 2 has started! The first episode aired on BBC on Friday night. I found it here. It was pretty funny (yaay for Richmond and Moss!), but based on my calculations, the next episode will be funnier. Why, you might ask?

Well, it all started with Season 1. Episode 1, pretty funny. Episode 2, extremely funny. Episode 4, really funny. The rest were funny, but not quite as funny. Following the pattern, that means the 8th episode will be very funny. Using some really tricky math that is way too complicated to explain to mere mortals, I have concluded that this means the 2nd episode of the 2nd season will be very funny.

And yes, I hyperlinked as many things in this blog as I possibly could.

22 August 2007

Good ol' fun

This happened back in 2001, but that doesn't make it any less funny. I can just picture some young manager thinking this would be a funny joke:

"Toy yoda." And Snopes says it's true. Yay litigiousness. It reminds me of the little "I'll give you a hundred doll hairs" thing we did when we were 8 or do. Never did trick anyone with that. I wonder why not...

L33t hax0r pwned by Teen Jeopardy

Well, at least he got the final answer right...

Oops. Um. Spoiler alert for your left-coast types... Sorry. (ah, well, maybe it's just a rerun anyway...?)

21 August 2007

Map Everything!

I just realized that Google Maps now allows you to embed maps in pages! Hooray! Is this new, or am I slow in finding these things? I guess they got tired of having people copy their imagery and post it to their blogs, etc.

For your entertainment, a demonstration, using the Jello Museum in Le Roy, New York as an example:

View Larger Map

How to use it: Find what you want to include in your map. Then click "Link to this page" (toward the top right of the page). Copy the link and/or HTML, and paste it into your blog, e-mail, or whatever. Note that it keeps your query terms in the link (q=blah blah blah).

While we're talking about Google Maps, check it out -- you can view imagery of Mars!

Map away!

19 August 2007

Because privacy is overrated

As soon as I saw this, it reminded me of a certain little apartment in Iasi (that's pronounced "Yash"), Romania:


Melissa knows what I'm talkin' about. :)

17 August 2007

Synchronization Rocks

Philippines. Prisoners + Michael Jackson = amazing choreography.

Or maybe they just have a warden who is really into dance...

08 August 2007

Hen Lotto II

I'm one of about a dozen Americans who watches the Fox show On The Lot regularly. Tonight's episode... not so hot. America somehow voted Zach Lipovsky off, to my dismay. It really should've been Jason Epperson. Oh, well. At least Will Bigham is safe. He has consistently produced the funniest videos. His film this week--Yes Men--continued the hilarity trend. (note that it's not yet available at thelot.com. I'll edit my post and add a link when it's online)

And then there was Adam Stein's video. All three of the show's judges called it out as being the most creative of the night. Um, not so much. I'll post a link to that one as well, when they update the site. I found it very similar to two of my favorite Twilight Zone episodes:

- "Five Characters in Search of an Exit": (video) a bunch of dolls who don't know they're dolls in a bucket at a yard sale of sorts.
- "Stopover in a Quiet Town": (video) a couple is kidnapped by aliens and end up inside an alien child's dollhouse.

Was it just an innocent mistake? For his sake, I hope so!

Update -- Here are the video links:

- Will's movie
- Adam's movie

06 August 2007

OK Computer

Defcon is now over. As you'd expect, the bottom line is that security is nonexistent, blatant holes are everywhere, and we should move back to paper and pencil communications (or maybe even stone tablets). The usual.

The conference was great. Here are some of the highlights of Defcon 15:

- 11 hours of classes with no breaks--yaay! Those of you who don't know me probably think, "surely she's being sarcastic." I'm not, for once. I like technology, I like classes and lectures, and I don't like breaks. I'm not just a workaholic, I'm an infoholic. If I'd taken a break, I would have missed something! I got tons of notes, too.

- The badge, as I mentioned in an earlier blog. Though sometime yesterday mine started freezing up. I noticed that the same thing was happening to other people too... I guess they followed the Microsoft model when they developed it. "Reboot required." (despite the glitch, the badge is still awesome)

- The whole issue with the NBC Dateline reporter. Yeah, I know, I talked about that already, too. It seemed to be the unintentional theme of Defcon 15.

- The poor guy in the "Hacking Social Lives: Myspace.com" (Rick Deacon's "assistant") who accidentally typed both his username and password in the login box... for a couple thousand people to see. Time to change the password for that account! And for all the other accounts that use the same password... :)

- Speaking of revealing passwords, I found the Wall of Sheep very entertaining. That's where they sniff the network for people using insecure logins for various things. They post the username and password (redacted, of course) for all to see. Hmm... searching "Wall of Sheep" on flickr led to this picture. What I actually meant was this.

- The wedding at the end of the award ceremony, for the new game, "Marry the Fed." IMHO, they should raise the bar next year by adding an extra rule: require that the two people who get married at the end of the conference must demonstrate that they were not dating at the start of Defcon. Hmm, I sense reality show material here...

- Priceless quotes (accurate? close enough). Sergey Bratus - "I developed a converter to convert Klingon to English so I could read the text of Hamlet like it was in its original Klingon." Jason Scott - "Wikipedia: It's like you built a really nice car, and then let 12-year-olds drive it into a wall repeatedly 24 hours a day."

- The TCP/IP Drinking Game was amusing. I actually knew some of the answers that the intoxicated experts didn't get (so maybe I had a sobriety advantage)...

- Entertaining shirts, various nerd slogans. "Legolas is my house elf." "Bic Pen Tester." (the latter was actually at Black Hat, not Defcon)

- The Black and White Ball. Great for people watching!

- Last, but not least, really good information. My favorites were "Aliens Cloned My Sheep," "CiscoGate," "Social Attacks on Anonymity Networks" (partly because I think Nick Matthewson has a great voice), "The Inherent Insecurity of Widgets and Gadgets" (though the speakers kept cracking jokes that the audience wasn't reacting to, like "If you're a werewolf, like I am, you probably are interested in adding a widget to tell you when the moon is full." No audience reaction.), and "Storing and Serving Malicious Content from Well Known Web Servers." I'm too tired to post recaps right now. Maybe later...

And I'll end this blog by posting a video to enlighten you on the grand beginnings of the Defcon enterprise:

04 August 2007

Blondes are not to be trusted

The big news from Defcon 15 is that an NBC Dateline reporter snuck into the conference, pretending to be "just another attendee." Apparently she was planning this big expose, trying to find some 13 year old and make him confess to breaking into the Pentagon computer with his PSP (as the Dark Tangent described it). Nice. Understandably, people were not pleased. So the Defcon organizers established a new game: Spot the Reporter!

Early in the day they showed pictures of this reporter. Eventually they outed her, and she fled from the conference. This article contains a video of what went down. Note that you can see my rental car when there are 26 seconds left in the video.

Honestly, though, I was absolutely ecstatic about this entire event from the start. First thing in the morning, they flashed this picture on the screen of a thin, pretty blonde woman and said, "Don't trust her." As a brunette woman, I was very pleased with the effect. It was as if the organizers decreed, "OK, you thousands of attractive male nerds out there... be suspicious of any pretty blonde woman you see. Blonde women can't be trusted. Go for brunettes instead." Thank you, Defcon organizers, for encouraging a healthy fear of blondes.

Now if only that could just spread a bit wider...

03 August 2007

My Defcon 15 Badge

This thing is awesome. The display starts out saying "I <3 DEFCON 15," but you can program the lights to display a <= 16 character scrolling message. Hmm. I want to figure out how to make animated characters.

Let's see... what else is on this thing?

At the bottom, on the back, it says "0100011101001111001000000101011001001111010010010100001101000101" ("GO VOICE" in ASCII).

The coordinates 42.34202 -71.069441 are at the top of the badge. According to Google, that's on Waltham Street, in Boston, MA. The closest address I can find is 44 Waltham Street, which appears to be the address of "Boston Pest"...?

Hmmm... gotta think thru this...

Update (8/4/2007):

After Kingpin's "Making of the Defcon Badge" session yesterday morning, people asked about the geocoordinates and "GO VOICE" in binary. He didn't explain the geocoordinates (said it was a part of hacker history that we should all know), but he did explain "GO VOICE." It's a tribute to the good ol' days of the Internet--after talking to someone on IRC or in your trusty BBS, you'd say "go voice" instead of "call me." Too bad; I was hoping it was something awesome like secret voice activation (visions of Denholm at the end of Yesterday's Jam run thru my mind).

No luck yet with the "hacker historical reference." I've googled names, technologies, locations... nothing. Let me know if any of you out there figure it out.

Update (8/5/2007, really, really early in the morning):

Aww, maaan, it was so obvious! I even thought of it earlier, but apparently didn't google the right things. 42.34202 -71.069441 are the geocoordinates for the old location of "l0pht heavy industries" (which later became @stake, which was even later sucked into Symantec). Kingpin, the badge designer, was in l0pht. They were located at 46 Waltham Street, Boston. I was so close!! Sorry for the delay in getting the info out. I'll do better next time, I promise.

I will add that Google Maps thinks 44 Waltham Street is at that location, not 46 Waltham Street. Bad software. Bad!! No treats for you.

Allez Fuzzing!

Sadly, Black Hat 2007 is now over. My first Black Hat. I learned lots. It inspired me to become even more of a nerd than I currently am. I <3 U, technology. Here's the short version ('cuz I wanna go play with my defcon badge. more on that later):

Black Hat low points:
- The annoying "Hackistan" guy. Seriously. Obnoxious.
- Too much red meat. Three out of four lunches this week were beef. What, did the organizers think all those nerds needed to beef up a bit? Sheesh.

Black Hat high points:
- Iron Chef: Black Hat. It was by far my favorite session. It was the static exploitation tool guys versus the runtime guys. The static guys found way more vulnerabilities, but weren't able to get an exploit tool running in the allotted 45 minutes, so the runtime guys won. Awesome. I hope they bring Iron Chef back next year!
- No-Tech Hacking with Johnny Long.
- Web 2.0 is fundamentally flawed. Amazing that most fancy new sites (gmail, hotmail, and whatever else uses Ajax and authenticates up front then pushes you into an insecure session) are vulnerable--just sniff the URLs visited, pull out one with a sessionid, paste it into your browser, and you're in their account! Doesn't matter if they change their password--you're in anyway! Gmail users--turn on SSL. For other sites... well, let's just hope that talk inspired people to secure their authentication systems!
- Satellite navigation injection attacks. I'd read about this on The Register several months ago, but it was entertaining to see their demos. I love the fact that you can broadcast a message like "bullfight in progress" and have it display in the middle of a freeway or something. Oh, I mean, what a terrible vulnerability. Shocking.

Enough for now. I'll probably think of more later.