...making Linux just a little more fun!
Thu, 27 Apr 2006
From Rick Moen
Quoting Keith Owens (kaos@ocs.com.au): > A survey of DNS security[1] has this lovely quote > > "A cracker that controls a nameserver at Monash University in > Australia can end up controlling the resolution of the web site for > the Roman Catholic Church in Ukraine. Legacy DNS creates a small > world after all". > > It is scary to see how [potentially] insecure the DNS mesh is.
Dan Kaminsky gave an amazingly entertaining and enlightening lecture at the LISA 2005 conference, in part about his own studies of the global DNS, to determine among other things how vulnerable to cache poisoning it is: Answer: a great deal. There are way, way too many vulnerable BIND8, BIND4 and other (e.g., Microsoft) vulnerable nameservers out there.
Dan was able to set up a machine with sufficient bandwidth and horsepower that it's been able to conduct scans of all IP space, everywhere, doing various tests and mapping out all responding nameservers. He says he "got calls from some very scary places" in so doing (since such scans normally precede a large-scale network attack), but he's been able to placate them. (The IP reverse-resolves to "infrastructure-audit-1.see-port-80.doxpara.com", the Web pages on which explain his probes when they're active, and include his cellular number for any inquiries.)
Also, if you do a "whois" on his netblock, you get return values that include these lines:
Comment: This is a security research project, please send all Comment: abuse and alert requests to dan@doxpara.com.
His summary results (from 50GB of collected data) included:
As an afterthought, he realised that his test harness also enabled him to estimate the penetration of Sony's infamous Windows rootkit, as measured by its effect on the world's nameservers: All infected machines' rootkit software feeds data back to connected.sonymusic.com, reached by hostname (thus entailing resolution at some local nameserver, which thus loads its cache). Dan thus used his census of the world's nameservers to send each a non-recursive "A" query: This returned the matching IP if and only if the value was already cached.
Result: He found 556 thousand nameserver hosts with the cached value -- a quarter of the world. (This is after massive publicity and large-scale attempts to purge the rootkit.) Oddly, these were across 165 countries, and suggests this reflects bootlegging of USA-labelled music CDs.
Interesting remaining questions include estimating (through traffic-level studies) how many infected Windows clients this result reflects.
...and he's working on other ways to further exploit his DNS data.
Dan's a maniac. At the prior LISA conference, he'd demonstrated streaming audio over DNS packets -- to illustrate exactly how porous most people's "firewall" strategies are. Because he heard that many people had dismissed that as "Well, that's just low bitrate; couldn't be significant", this year, he demonstrated streaming video over DNS.
You can get the slides and complete MP3 of this talk from USENIX, at https://www.usenix.org/events/lisa05/tech It was called "Network Black Ops: Extracting Unexpected Functionality from Existing Networks". Recommended.
> https://beehive.cs.cornell.edu:9000/dependences?q=<your site name>. > Mine comes out at 282 name servers!
22 for linuxmafia.com, and only the ones that need to be there.
Forgot to mention: The DNS survey Keith Owens refers to is described at https://www.cs.cornell.edu/people/egs/beehive/dnssurvey.html .
Thu, 25 May 2006
From Lodes U. Currying
Buenos dias!
Nuestra compania se llama Magnat Trading Group.
Nuestra especializacion es ayudar a empresarios a vender o comprar el articulo en la subasta mundial Ebay. Como un resultado del trabajo intenso la compania en 4 anos pudo lograr el nivel mundial y segun los expertos ser una de las 20 mas influyentes companias, que proponen los servicios de comercio. En Espana empezamos a trabajar recientemente y en relacion con eso tenemos una vacancia de manager financiero supernumerariom, quien va a ser representante de nuestra compania en Espana. Los requerimientos basicos son los siguientes:
Por buen cumplimiento del deber prometemos alto nivel de beneficio, tiempo de trabajo flexible.
El pago se comete sin retraso. Le pagamos a Usted 150-500 euro por cada operacion .
Si esta Usted interesado en nuestra proposicion, puede recibir mas detalles por e-mail: magnat_group@km.ru
Gracias por la atencion a nuestra proposicion, La adminisracion de Magnat Trading Group
[clarjon1] well, for anyone who cares, this is spam... I like the translation this one web service gave me for it
Good day! Ours compania is called Magnat TRADING Group. Our specialization is to help industralists to sell or to buy I articulate in the world-wide auction Ebay. Like a result of the work intense compania in 4 anuses could manage the world-wide level and segun influential the the 20 experts to be one of but companias, that they propose the services of commerce. In Espana we began to recently work y in relation with that we have a vacancia of manager financial supernumerariom, who is going to be representing of ours compania in Espana. The basicos requirements are the following ones: - computer, Internet, email, I telephone - the banking account in Espana By good fulfillment of having we promise to stop benefit level, flexible working time. The payment is committed without delay. We paid to You 150-500 to him euro by each operation. If this You interested in our proposition, it can receive but details by email: magnat_group@km.ru Thanks for the attention to our proposition, Adminisracion of Magnat TRADING Group
My favorite part is the '4 anuses could manage the world-wide'!
[Ben] I just knew there had to be a Spam Cabal somewhere out there, pulling all the strings... and now, little by little, we're beginning to gather information about the exact composition of this Dark Council.
Tue, 09 May 2006
From Rick Moen
Our cherished Ma Bell reincarnation, SBC (which is in the middle of re-naming itself to AT&T, thus completing the circle), found a creative way to screw up relocation of our telephone service: They unilaterally rescheduled it (for fairly dumb reasons) -- and then decided not to tell us. As a reminder, this matter affects lists.linuxgazette.net's online presence because its Raw Bandwidth Communications DSL service piggybacks atop SBC's line.
What happened, you ask? Here are my wife and me, about 5:20 pm Monday, sitting on the living room floor, calling Ma Bell from our still-active telephone:
Deirdre: "Hey, what happened to the telephone move order you guys agreed with me to perform today for 650-561-9820? It's not happening." SBC: "Er, that job is listed in our records as rescheduled to Wednesday." Deirdre: "WHAT? Why?" SBC: "Well, the outgoing occupants had not released the line, and so it would not be available to you until they did, which would be when they scheduled shutoff, i.e., Wednesday." Deirdre: "And you were somehow incapable of ascertaining this fact at the time you committed to a _Monday_ due date -- because, what, you're more accustomed to hanging draperies for a living? And you were incapable of calling my contact telephone number to advise us of the delay because you needed, what, smoke signals? Semaphores? Telegraph lines? Carrier pigeons?" SBC: {mumble} {snivel}
Anyhow, considerations of logic and customer service do not apply, so it's going to be Wednesday -- which means our new house will be sans telephone and DSL service until then. Our old house still has service, and our servers are still camped out on the living room floor -- but I'm removing them tonight in order to turn over the house to the landlords. So, from around 10 PM tonight until SBC/AT&T reconnects telphone service, and then I reconnect the DSL -- probably around a full day, unless things get further screwed up.
Wed, 03 May 2006
From Jimmy O'Regan
I meant to say "I'll do it, but this is where the files are, should I be hit by a bus/abducted by aliens etc."
[Ben] If the latter, send us a postcard. If the former, be sure to let us know well ahead of time so we can initiate Plan B.
...to send the aliens to pick me up, gotcha. I'm sure that, with their superior technology, they can shrug their shoulders and say "yep, he's a goner" in a room with much more blinking lights.
I'm not clear on what to do if I get hit by an alien bus, though - send a postcard ahead of time?
[Ben] C'mon, Jimmy, trivially-easy answer. Borrow a time machine, come back to when you're about to send the email replying to this one, and include the information - GPS coordinates, exact time, etc. Sheesh, do I have to do the thinking for all the aliens around here?
Hmmm... I must be late - I haven't seen me yet.
[Rick] 'Ah, that takes me back. Or is it forward? That's the problem with time travel; you can never tell.' -- The Doctor
[Martin] Rick not sure where you are in the world.. But have you seen any of the new series??
https://www.bbc.co.uk/doctorwho
Although this is getting too off-topic now, unless the good Doctor uses Linux in his time machine!!
[Rick] How could I possibly miss it? For those of us who grew up on the Doctor (my canonical one being Jon Pertwee, the third Doctor), it's a veritable dream come true. I'm undecided whether "Father's Day" or "Dalek" should get my vote for the short-form Best Dramatic Presentation Hugo Award: They both blew me away.
BTW: I'm about 60km south of San Francisco, in the Silicon Valley Desert -- and am indeed guilty of being a Yank. However, I grew up in 7B Bowen Road flat 19A, Victoria, Hong Kong, Royal Crown Colony, where your only choices in television were Rediffusion Television (sort of a Granada/Carlton ancestor, under the 1968 ITV franchise round) or Cantonese opera.
I saw a great deal of 'Doctor Who' and first-run 'The Prisoner', in consequence -- not to mention coming up with much fine MST3K-style replacement dialogue for Cantonese operas, with my mother. All of which explains a great deal, I'm sure.
> Although this is getting too off-topic now, unless the good Doctor uses ^^^^^^^^^^^^^^^^^
Ah, I see. You've only just joined the list, but we've met you before because you travelled^Wwill travel backwards in time. That's dedication!
> Linux in his time machine!!
Sure. Kernel 6.8 came^Wcomes^Wwill come with Tardis support. Hate to think what'd happen if you get an "Oops!", though.
[Breen] The universe screams "Aieeee!! Killing the interrupt handler"...
You'll forgive me if I don't send flowers[1]
[1] The story's in the Launderette...
[Ben] [laugh] Yeah. I do read things before pubbing them, y'know.
Heh. The next time I saw her, she looked like she wanted to say something difficult - starting to talk, but not; red face; voice cracking... and I laughed, told her what happened, and everything went back to normal. (I suppose, in hindsight, I could have made a bit more effort with the first explanation. Oh well.)
Except then, later that evening, I went to visit some friends: I wanted to bring something with me, and had to tell the story, so I bought flowers. Two bunches, because another couple I know were going to be there... and as I was standing at the checkout, her brother passed me. I've never seen such a look of horror... I guess she didn't tell him the rest of the story :0)
[Jimmy] I later asked if I should try to smoothe things over with him... by giving him flowers. It's a good thing she can't make a proper fist
[Ben] Y'know, Jimmy - I've read French farces that weren't nearly this good. It takes a special talent to invent this kind of low drama and ludicrously embarassing malapropos acts and misunderstandings... oh, wait, you _didn't_ invent them. Sorry, no credit to you, better luck next semester!
Well, looking on the bright side, at least I got a good story out of the experience, and I will never forget the Polish for 'pint glass' (kufel) -- though I've been told since then that 'waza' (vase) is an acceptable substitute
It did cause a bit of an awkward silence on Saturday, at my former room-mate's wedding, though, as nobody wanted to try to tell a story to follow mine
Tue, 30 May 2006
From Thomas Adam
Hello,
I was reading the esoteric hello-world page [1] when it mentioned a very obscure language called piet [2]. I have to say I have never heard of it until now --- little pictures to represent programs. And they're colourful. Go take a look, it's quite clever.
[1] https://en.wikipedia.org/wiki/Hello_world_program_in_esoteric_languages
[2] https://www.dangermouse.net/esoteric/piet.html
[Kapil] How about "Ook!"? That would make all readers of Terry Pratchett happier.
Nah -- I never did like him. This does look interesting however:
https://en.wikipedia.org/wiki/Chef_programming_language
[Pedja] If you'd like to see Web or e-mail as spoken by Chef,checkout Bork Bork Bork extension for Firefox/Thunderbird
https://www.snert.com
https://addons.mozilla.org/firefox/507/