Experimental music, photography, and adventures

Archive for the 'Geek' Category

Tying up a few loose ends

Wednesday, March 12th, 2008

I’m back today from a brief vacation — I took Monday and Tuesday off. Sarah and I were supposed to go back down to North Carolina this week (it’s her spring break) but after getting engaged and being overwhelmed with things to do and expenses relating to that, we decided to call off our trip. Besides, this way maybe we can find a way to take a honeymoon of some kind. I’m mostly not going to write about our vacation because we didn’t do very much, overall. I didn’t even get to ride very much, just one brief ride around a neighborhood on Saturday and a 24-mile ride on Monday. We did hike yesterday at Yellowwood State Forest, doing the Jackson Creek Trail and part of the Lake Trail. Later, we got a flat tire; fortunately, it held air when I reinflated it.

I was having some networking problems last week and thought it was due to my Comcast cable modem connection. Comcast bought my ISP and things haven’t been working right since then. However, I replaced my router and things started working again. So I guess it was just a coincidence, but it seems a little weird that my router started having problems right when my connection changed to a Comcast one. Coincidence or conspiracy? We’ll never know. Another weird thing happened and the router that I bought kept resetting itself randomly. I had to take it back and get a different one. I seem to be having a string of bad luck.

Then yesterday we received a notice from Comcast saying our rates are going up. It looks like they’ll only increase by a few dollars per month, but I’m not thrilled. Our first week as Comcast customers has not been good.

A riled-up geek

Friday, March 7th, 2008

This is a bit off my usual topic, but I can’t help it. Connectivity is important, and I’m pissed off.
Recently, Comcast bought our ISP, which was called Insight. Earlier this week my cable modem flipped out (that’s a technical term) for a while, and once the dust settled I had a new IP address on a new network– apparently, Comcast’s network. And suddenly a whole slew of things stopped working. I managed to get basic connectivity working again by resetting my cable modem and router and rebooting my computers.

I guess many people who read my blog don’t know this, but I’m a serious geek. A few years ago I had to trim my stable down to two computers. Before that, I had an array of mostly older equipment that I tinkered with all the time, and used mostly to explore various operating systems. It was difficult to part with so many computers, including a NeXT box, but I managed. So now our network contains Sarah’s computer and my two systems. I have things set up so I can connect to my computers remotely (using Remote Desktop on the Windows machine, and ssh or other tools on the FreeBSD box).

To make a short story long, since Comcast took over, I’ve been unable to connect to my computers remotely. I e-mailed them to ask if they’re blocking any ports, and they informed me that what I’m doing is “advanced” and that they don’t support it. The thing is, I’m not asking them to help me set this up. It was working fine until they subjugated my connection. I’m just asking if they are blocking any ports. So far, I don’t have an answer to that question.

Here’s the thing. It’s not the end of the world that I can’t connect to my own computers, remotely. There’s no real reason I *have* to be able to do that right now. But I want to, and I am riled up on principle. You can’t come into my home and put locks on my doors and windows and not give me a key. This is the virtual equivalent. If Comcast won’t let me use my connection as I see fit, I’ll find another ISP who will.

Web security workshop

Thursday, December 20th, 2007

I’ve been busy the past two days attending the SANS 519 Web Application Security workshop. The lecturer was at Purdue University, but the class was broadcast digitally to several other locations, including one at Indiana University here in Bloomington. Here’s a breakdown of the topics.

Day One:

  • Introduction
  • Nikto and Apache mod_security
  • Understandint unicode exploits
  • Cryptography
  • Authentication
  • Access Control
  • Session Management
  • Logs and analysis

Day Two:

  • Input Validation
  • SQL Injection
  • Blind SQL Injection
  • Cross-site scripting
  • Phishing
  • HTTP Response Splitting
  • Secure credit card handling and PCI standards
  • Cross-site request forgery

I already had some familiarity with almost all of these topics, but this workshop went into a lot more depth in many areas. The demonstrations of exploits were particularly helpful, and scary. At one point, the lecturer uploaded netcat to a server and started executing commands — using SQL injection on a search form. And while I knew cookies and headers and so forth could be forged, I didn’t realize how easy it could be, or how many different ways this could compromise a server or application.

While some of the things we covered are easily dealt with (if you use PHP or .NET’s built-in session management, you automatically get hard-to-predict session ids, for instance), I’m glad they gave us that background information. I’ll be taking a test for a certificate in a few weeks.

I have to admit, I was a bit skeptical that a two-day security workshop would be worthwhile — most training I’ve attended hasn’t been that great — but this was really an eye-opening experience and will certainly help me to write more secure applications.

Ear to the Breeze is proudly powered by WordPress
Entries (RSS) and Comments (RSS).