Create an Account
username: password:
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush


Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
   Sci-Fi/Fantasy Literature
   Sci-Fi/Fantasy Films
   Electronic Music
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Markets & Investing
Health and Wellness
Home and Garden
Current Events
  War on Terrorism
  Cars and Trucks
Local Information
  United States
   SF Bay Area
    SF Bay Area News
  Nano Tech
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
   Intellectual Property
  (Computer Security)
  High Tech Developments

support us

Get MemeStreams Stuff!

Current Topic: Computer Security

MD5 collision method published
Topic: Computer Security 11:05 pm EST, Mar 14, 2005

] At last, the secret of how to make MD5 collisions is out!

MD5 collision method published

Checklists / Implementation Guides
Topic: Computer Security 12:41 am EST, Mar 14, 2005

3rd interesting thing learned at Interz0ne. This is a nice collection of federal security hardenning checklists for various commercial systems, including Cisco & Juniper routers, UNIX, and windows varients. The Rainbow series is also linked from this site.

Checklists / Implementation Guides

HOWTO Anonymity with Tor and Privoxy - Gentoo Linux Wiki
Topic: Computer Security 7:49 pm EST, Mar 13, 2005

] This HOWTO explains how to browse the web anonymously by
] using Tor ( (TheOnionRouter) and
] Privoxy (

This howto explains how to use Tor and privoxy together to get fairly strong anonymity protection. Combined with switchproxy in firefox this could be quite useful. Thing is you'd think that a lot of the features of privoxy could be implemented as firefox plugins rather then running this dual proxy setup, but thats just the engineer in me bitching about efficiency. I think that this setup would likely work reasonably well, given the performance impact of onion routing.

HOWTO Anonymity with Tor and Privoxy - Gentoo Linux Wiki - anonymity and security
Topic: Computer Security 7:43 pm EST, Mar 13, 2005

What I found this evening in playing around with switchproxy is that there are a lot of really bad free proxies out there. I really don't understand why if someone was going to go to the time and trouble of running an open http proxy why they would use software that doesn't cull out user agent information, or worse, inserts the IP address of the originating host in the http headers!

(Upon further consideration I think what is going on here is that people are using proxies to bypass network layer net-nanny type services that filter by IP. As long as you update your proxy list faster then they update their block list, you can access any website.)

A lot of the services that provide proxy lists provide proxies of dubious value. Many that seem to rank proxies don't offer a nice text based output that can be fed into switchproxy. If anyone knows of a solid, filtered list of proxies please let me know.

This service will give you some decent information about how good your proxy really is. - anonymity and security

Demo: Differences between JPEG Images and their EXIF Thumbnails
Topic: Computer Security 6:41 pm EST, Mar 13, 2005

] We wrote some software to retrieve images from the Web
] and check if their thumbnails differ from the original
] images. In some cases we found interesting stuff,
] sometimes we even found hidden port but most of the stuff
] was boring.
] To give others the opportunity to see what images turn up
] without having to spider the web and help us to weed out
] the interesting images we wrote this simple
] Web-Application which resembles Hot or NOT. Just rate the
] image with the buttons at the top to see the next image.

1st interesting thing learned at interz0ne: EXIF thumbnails are often left unmodified by photoshop manipulations.

Demo: Differences between JPEG Images and their EXIF Thumbnails

Tracking PCs anywhere on the Net | CNET
Topic: Computer Security 11:08 am EST, Mar  9, 2005

] In practice, Kohno's paper says, his techniques "exploit
] the fact that most modern TCP stacks implement the TCP
] timestamps option from RFC 1323 whereby, for performance
] purposes, each party in a TCP flow includes information
] about its perception of time in each outgoing packet. A
] fingerprinter can use the information contained within
] the TCP headers to estimate a device's clock skew and
] thereby fingerprint a physical device."

Your TCP packets all contain a cookie.

Tracking PCs anywhere on the Net | CNET
Topic: Computer Security 2:27 pm EST, Feb 18, 2005

] The Texas Instruments DST tag is a cryptographically
] enabled RFID transponder used in several wide-scale
] systems including vehicle immobilizers and the ExxonMobil
] SpeedPass system. This page serves as an overview of our
] successful attacks on DST enabled systems. A preliminary
] version of the full academic paper describing our attacks
] in detail is also available below.

Shmoo DNS attack
Topic: Computer Security 1:57 pm EST, Feb  7, 2005

Essentially the issue is that you can register domain names using international character sets that look exactly like English, and obtain SSL certificates for them, and it is extremely difficult for the end user to be able to tell that he/she isn’t dealing with the English website. Working example of demonstrated.

Shmoo DNS attack

Handbook of Applied Cryptography
Topic: Computer Security 3:25 pm EST, Dec  9, 2004

] The Handbook was reprinted (5th printing) in August 2001.
] The publisher made all the various minor changes and
] updates we submitted.

While this reference is a bit more academic then Schneier's book, it is quite useful, and now its available for free online. Enjoy!

Handbook of Applied Cryptography

Computer Forensics - Internet Cop Con in Atlanta in March
Topic: Computer Security 3:00 am EST, Dec  5, 2004

] Southeast Cybercrime Summit 2005 March 1-4, 2005

Potentially of interest...

Computer Forensics - Internet Cop Con in Atlanta in March

(Last) Newer << 4 ++ 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 22 ++ 32 >> Older (First)
Powered By Industrial Memetics