KnowtheNetwork.com

Watershed: A critical point that marks a division or a change of course; a turning point.

I have seen the future of using the internet and the future is now. I’m pleased to introduce you to the latest offering by Mozilla Labs, Ubiquity.

Ubiquity is difficult to explain. Mozilla calls it an “experiment into connecting the Web with language in an attempt to find new user interfaces that could make it possible for everyone to do common Web tasks more quickly and easily.”

Consider how often you search a term, map a location, email a webpage, or check the weather online. To do any of these tasks you have to visit a webpage and then perform the task. What if you could interface with that task from wherever you are on the internet. That is the purpose of Ubiquity. It aims to empower the user by providing an entire new method of using the web.

Aza Raskin has produced a fantastic screencast that displays the power of Ubiquity. Check out the screencast, Download Ubiquity (direct download link),  and enjoy a new connected web. Please note that this is still an experimental prototype but it is already so good you should adopt it immediately.

Ubiquity for Firefox from Aza Raskin on Vimeo.

Ubiquity Direct Download Link
Ubiquity User Tutorial
Ubiquity Introduction

If you haven’t heard already I’m a big fan of friendfeed and I wanted to share a cool new tool for connecting with other friendfeed users. If you aren’t on friendfeed and you blog/twitter/share/tumble or anything else you should really get involved in this community. Remember the internet is not just a spectator sport.

Hao Chen has written a terrific page that allows you to see which services other friendfeeders participate in.

I found it very useful for finding Friendfeeders’ twitter, disqus, & tumblr accounts so I can connect with them through those services as well. Just enter your username and then choose the services you want it to list.

Thanks Hao.

In the midst of change and emerging communities it is easy to miss the macroshifts. As a participant in a culture or community we simply are often blind the the overall effect of the community therefore it is absolutely essential that thinkers and researchers examine these communities and shifts so that they can remind us of how truly amazing our world can be. Consider YouTube, the land of skateboarding dogs and lonelygirl15 drama. It is easy to discount the importance of a technology OR more appropriately how we as humans incorporate the technology into our lifestyles but once you consider the effect of YouTube’s ubiquitous video for the masses it teaches you a whole new respect for what we are doing collectively.

Last night I discovered the amazing work of Dr. Michael Wesch, Anthropologist at Kansas State University. It would do him a great injustice for me to summarize his work so I shall simply point you to the only video on YouTube over 5 minutes that I’ve ever watched in full.

An anthropological introduction to YouTube by Dr. Michael Wesch, professor of Digital Ethnography.

The video is a 55 minute presentation of a speech he gave at the Library of Congress. His work and perspectives are absolutely amazing.

He has several videos to his credit. His first and most famous is also a must see. The Machine is Us/ing Us

Both of these are well worth your time. Take a moment and look at the macroshift that we are all apart of.

Blackhat USA 2008 was an amazing experience this year. The first four days of training could not have gone better. Since SCuD only ran the one class this year it was a lot less work and stress on the Hired Guns. The students were great and we are fortunate every year to have some of those students become our friends that we look forward to seeing every year. Blackhat is as much a Reunion of friends and colleagues as much as a security conference.

The briefings were really good but very crowded. I hope to see Blackhat better distribute the talks between both floors of the conference center next year. Also I think they should create a dedicated area for vendors. Having vendor booths in the main hallway contributes to a terrific traffic jam. The congestion was so bad people were using service/employee hallways to get between talks. It is a known fact that attendees will go see vendors regardless of location and having the vendor circus show in the hallway is just not fun anymore. As an aside, I saw several vendors pulling stunts that would cause me to never consider them for business. One vendor had leather clad skanks to draw attention to their products and that simply insults my intelligence and professionalism. T-shirts and Prize wheels are one thing but tasteless promos are simply childish.

The talks themselves were fantastic. Blackhat has made it’s mark by having the best of the best of this industry present talks and research and this year once again expanded on that theme.

The DNS talk by Kaminsky was good. I wish he had spent more time on the actual attack and research instead of validating the danger of a DNS attack. The majority of the talk focused on how many different technologies could be vulnerable due to a DNS flaw. I think most of us realize the pervasiveness of DNS and inherent ramifications of any DNS attack. I wanted more time spent on the actual attack. Some of the interesting facts about the DNS patch. The patch was reverse engineered in 51 hours by Pieter de Boer and a full paper was written by Sec-consult.com within 5 days of release. Keep in mind that the patches were specifically crafted to make reversing more difficult. Dan stated, “This proves any patch can be reverse engineered”.

The actual attack built upon previous research as well as some new vectors discovered by Dan. I won’t delve into the specifics of the attack because his slides will provide any of the info you need. Black Ops 2008: It’s the End of Cache As We Know It (ppt). Slides 10 - 18 are the real meat of the attack. Dan’s major addition is that since multiple requests for 1.foo.com will be suppressed by TTL all the attacker needs to due is make subsequent requests for 2.foo.com, 3.foo.com and so forth. If an attacker is asking for multiple subdomains and therefore not limited by TTL and the attacker is trying 100 answers per resolver request this greatly increases the chances of hitting the right transaction ID number and becoming the “DNS server” for *.foo.com

As interesting as the attack is the unique response of the vendors. This response of behind-the-scenes collaboration and the coordinated multivendor patch is the first time we’ve seen such a group response to a security vulnerability. Obviously the nature of the protocol flaw and implementation of not so random transaction ID’s necessitated such a coordination but one dares to hope this is a harbinger of things to come. Perhaps, we shall see.

The most fascinating talk was Felix (FX) Linder’s talk on Developments in Cisco IOS Forensics. The talk dealt with the difficulties and tactics of detecting a binary level comprimised Cisco router. We now IOS is becoming a larger target. Two of the other talks at BlackHat concentrated on Cisco IOS hacking and vulnerabilities. FX’s work on Recurity Labs Cisco Incident Response (CIR) is truly ground breaking and I don’t even want to imagine the amount of IOS code he’s looked at in the past years.

Some other talks you should take a look at.

Fyodor’s NMAP - Scanning the Internet
Bruce Potter’s Netflow Analysis
Chawdhary & Uppal’s Cisco IOS Shellcodes

All in All BlackHat was a great experience. I met more people this year than the previous years combined. The knowledge and the people truly make the InfoSec community one of the best communities in the world, and BlackHat represents the best of this community.

PS: For futher reading I’ve created a Blackhat/Defcon linkdump of great articles and blog posts about the cons.

I just wanted to let my readers know that I’m still alive. We had a great week at BlackHat but do to the backlog of work I haven’t had time to blog this week. I plan on posting my BlackHat wrapups and reviews over the weekend and return to the regular schedule next week.

I have posted a few quick posts over on my Tumblr page.

Stay Tuned and Thanks for your patience.

By the time you read this I will be starting my week in Vegas to attend BlackHat USA 2008. BlackHat has some great classes and wonderful talks scheduled this year and I plan to update you on the events, meetups, and briefings as much as possible. There is only one problem. Using the internet at a Hacker Con is immeasurably risky. Logging in to any unsecured connection will surely land you on the Wall of Shame and having your username/password on a wall size screen is the best case scenario. Due to the hostile nature of BlackHat’s Wireless network I will not be posting to KnowtheNetwork.com or to my Tumblr page. I see no reason to risk it.

However, the good news is that you can stay up to day by visiting my new Posterous page at KnowtheNetwork.Posterous.com. I’ve setup several layers (and disposable accounts) that will allow me to dish relevant info without logging into any critical websites.

I’m really stoked about being able to post some info from the con because normally being at a hacker con means I’m off the grid for several days.  I hope you stop by my Posterous page and if you are in Vegas for BlackHat/Defcon give me a shout at tsutemp (at) gmail.com.

See you in a week.

I loath most Antivirus programs. The corporate AV market is dogged with bloated system hogging software and the consumer market is awash in All-in-1 security packages that bog a computer down worse than most viruses. Antivirus programs require too much of a computer’s hardware resources, they are over designed (read complicated) and in general perform like crap. I was so tired of AV that I stopped using for the past 6 months and I must say my laptop ran like new. Then I ran across a project I’d forgotten about. ClamWin.

ClamWin started as an open source antivirus product called ClamAV originally built for UNIX systems and optimized for gateway email scanning but now fully supports Windows computers.

I want to tell up front what ClamWin does NOT do:

• ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
• ClamWin does not update virus definitions in the background.  Once you open the program it notifies you of available updates.
• ClamWin does not bog down your system with useless features and constant scanning.

It just works. I admit that your Grandmother may not be comfortable with ClamWin but anyone that can select a file or folder and click scan should be able to adapt. Espcially if they get a nice overall performance boost.

Symantec, AVG, and Avast all have their places and compelling reasons to use them but if you just need a good virus scanner then you should really checkout ClamWin.

Have you ever used a file shredder utility? Ever considered that by merely using such a program that your actions could be construed as suspicious activity?

I’m always recommending people use a file shredder to shred sensitive digital documents. I personally use CyberShredder. (Quick, Easy, Free) Why should you use a shredder instead of the Recycle Bin? Well emptying the Recycle Bin doesn’t delete files, it just marks them as available for overwriting. If you have a large harddrive it might be years before the file is even partially destroyed. So if you need to really delete a file you need a File Shredder.

However, using such a program might be called suspicious activity by a prosecutor some day.

I have often recommended that people use file erasure tools regularly, especially when crossing international borders with their computers. Now we have one more reason to use them regularly: plausible deniability if you’re accused of erasing data to keep it from the police. - Bruce Schneier

Found via Scheier on Security. News article at LA Times.

If you ever priced laptop tracking software you will find that it is not cheap so I was very excited to discover Adeona. Adeona is a free, open source project that will allow you to gain information about your laptop if it is every stolen and connected to the internet.

The developers of Adeona must have had a mantra of simple and secure because Adeona embodies these two qualities very well.

Concerning Security

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

Ease of Use

The tracking client and recovery tool are both included in the same install package and setup couldn’t be easier. The documentation is thorough but I doubt you will even need it. During installation you will create a password, and then backup the “recovery file” and presto you are ready to go.

I am truly impressed with the software and I’ll be testing it further over the next couple of weeks. Try it out and let me know what you think.

Stylish is a great extension for modifying the interface of Mozilla Firefox. Sylish can improve your browsing experience by changing the behavior of menus, buttons, address bar etc… In the old days we did this by modifying the userChrome.css file but Stylish is so much easier to implement and manage and you can find excellent style enhancements on their website.

Start by download the Stylish FireFox Extension.

Then check out these very cool style enhancements.

Italicize unread tab names

Smartly show Stop and Reload buttons

Add a keyword when you bookmark a page

Hide the search box magnifying glass and location bar Go button

Remove the “throbber”

When will Microsoft figure out that addons and customization are what really what makes Firefox continue to be the best browser? Found via LifeHacker

We’ve waited with eager anticipation and finally it is here…. TMZ has released a toolbar. We can all rest better tonight.

Seriously, we need a TMZ toolbar?

In case you are wondering TMZ is not the latest web app startup it is the infamous Hollywood celeb gossip/news site, TMZ.com (Thity Mile Zone powered by AOL, otherwise known as “you should be using the real internet”).

I have two major issues with the TMZ toolbar. First the tech side. Toolbars I hate you, let me count the ways, most are laden with popups and other similar junk, they track too much of your browsing information, they kill browser performance and are a general nemesis of any respecting computer user.  How much do I dislike toolbars? I’m a Googlephile and I don’t even use the Google Toolbar (but I’m sure it’s great).

Secondly, it is terrible that our society is so infected with celebrity worship that there is acutally a market for this thing. Somewhere in our collective past we decided that if you have the ability to pretend on screen and look sexy that your opinion matters. More people in this country know about Amy Winehouse’s drug issues than know who holds the office of Secretary of State.

I can’t wait for the day that I now have to remove the WebSearch toolbar, Incredimail toolbar, and TMZ toolbar just to see the dang webpage on a client’s PC. Good times.

There has been alot of coverage of Dan Kaminsky’s DNS hack as he prepares to reveal the details next week at BlackHat USA, however, what if I told you that this wasn’t the only scary security news in our near future?

Kris Kapersky is set to reveal an Intel CPU hack at “Hack In The Box” Security Conference in Kuala Lumpur, Malaysia, this fall.

How scary is this hack?

Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel’s microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running…

“I’m going to show real working code…and make it publicly available,” Kaspersky said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities.

Yes you read that correctly. Regardless of OS and publicly available. In case you are wondering Intel holds about 75% of the processor market.

I’ll be right back I’ve got to go buy stock in AMD (NYSE:AMD).

Found Via the excellent gents at Sensepost.

Update: This is from the HITBSecConf2008 page on the presentation.

According to the Intel Specification Updates, Intel Core 2 has 128 confirmed bugs. Intel Itanium (designed for critical systems) looks more “promising”, carrying over 230 bugs. They have all been confirmed by Intel and described in errata section of their specification updates. Some bugs “just” crash the system (under quite rare conditions) while the others give the attackers full control over the machine. In other words, Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running.

The Ninth U.S. Circuit Court of Appeals has ruled that Customs agents can search laptops without any prior suspicion or probable causel. If you are crossing international borders your digital files are subject to inspection. It may be tempting to disregard this ruling because you don’t carry terrorist bomb plots or child pornography on your computer, however, the implications are much more severe.

Have you ever downloaded music illegally on the internet? Ever installed a program that you acquired illegally with Bittorrent?

In the future these actions may well land you in deep trouble. Digital copyrights might soon become the jurisdiction of the U.S. Customs if ACTA is instituted and when you combine that jurisdiction with warrantless laptop searches you are left with a precarious situation of enforcement. Even scarier? The ruling also makes cellphones, MP3 players, and digital cameras subject to search. Even your iPod isn’t safe.

Finally, this presents a real problem for computer security professionals. Suppose a vulnerability researcher you may have certain exploits as proof-of-concept. What if those exploits constituted digital terrorism?

Are these really the issues and questions we want our fine US Customs Agents worrying about?

To safeguard your data and privacy you should encrypt your data with a program like Truecrypt. If you are new to the program I recommend checking out my Irongeek’s “Intro to Truecrypt“. Happy Encrypting.

UPDATE: You can join the growing voices asking the US Customs service to implement procedures to protect our privacy at HandsoffmyLaptop.org

Need help telling your friends and family about email etiquette and respecting your email address? This is a pet peeve of mine and I recently found some new resources to ease the process so welcome to “The Email Soapbox 2.0″

Option 1: Let Someone Else Tell Them

Send along a link to ThanksNo.com or BCCPlease.com - Both sites kindly explain your complaint. Or you can send them an anonymous email from StopForwarding.us.

Option 2: Don’t be a chicken and tell them yourself.

The following text is the exact message that I have used for years.

1. First, check your all stories, legends, and “news articles, at Snopes.com or Purportal.com to ensure their accuracy before forwarding the email to a 238 people. Be part of the solution not the problem.

2. Secondly, if you want to share something funny or touching, feel free. However, take a moment to edit the email and remove the “if you are my friend” or “if you love Jesus” then you will reply/forward phrase. Although I may enjoy the email I may not feel the need to reply to prove my friendship or anything else. Please edit the email, it is a courtesy. (It doesn’t hurt to clean up the email to include only the pertinent information as well.)

3.THIRDLY, and most importantly, Use Discretion. Use the BCC: field (in lieu of the To: field) to send an email to several different individuals. This is the “Blind Carbon Copy” field. Entering your addresses into this field will still send them all the email but not list their email address. This exposure of personal info is disconcerting at the least and can be prevented so easily. Taking this simple step respects your friend’s privacy and is a common courtesy in this digital age.

Simple and to the point. And to leave them with a smile I always include a link the the following vid.

VanityFair.com has a wonderful article that details the History of the Internet as we know it. It is a lengthy piece (as it should be) and it is very deserving of your time. Enjoy

This year marks the 50th anniversary of an extraordinary moment. In 1958 the United States government set up a special unit, the Advanced Research Projects Agency (arpa), to help jump-start new efforts in science and technology. This was the agency that would nurture the Internet….

Vanity Fair set out to do something that has never been done: to compile an oral history, speaking with scores of people involved in every stage of the Internet’s development, from the 1950s onward. From more than 100 hours of interviews we have distilled and edited their words into a concise narrative of the past half-century—a history of the Internet in the words of the people who made it.