Create an Account
username: password:
  MemeStreams Logo

I live on a pirate ship


Picture of Hijexx
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Hijexx's topics
  Electronic Music
  Finance & Accounting
  Telecom Industry
Health and Wellness
Home and Garden
Current Events
Local Information
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
  Computer Security
  High Tech Developments

support us

Get MemeStreams Stuff!


Linked Out
Topic: Miscellaneous 5:48 pm EDT, Mar 10, 2013

I'm having something similar to Decius' inexplicable Twitter lockout experience a while back. Signed up for LinkedIn a couple of days ago. I've been diligently building out my network like they encourage you to do. I signed in this morning and I got this:

Account Restricted | LinkedIn

Your LinkedIn account has been temporarily restricted

Contact our customer service team to get this resolved as soon as possible.

Clicking the link to the "customer service team" takes you to a generic form that asks for your name and email address. It auto-populates the subject line with "Account High Restricted" and the form says "Your Question"

When you submit you get:

Your question has been submitted to LinkedIn

The ticket reference number for your question is: #

You've successfully submitted your question, and we'll send you a confirmation email soon.

Go to your Support History page to check out your ticket.

What's really funny is when you click the link for "Support History" it loops you back to "Your LinkedIn account has been temporarily restricted.

I love mediated online social mechanisms with arbitrary kill switches!

Training the Next Generation: Predator Toy Drone at Amazon
Topic: Miscellaneous 1:19 pm EST, Jan  6, 2013

Some reviews:

My son is very interested in joining the Imperial forces when he grows up. He says he's not sure if he wants to help police the homeland or if he wants to invade foreign countries. So I thought a new Predator drone toy would be a nice gift for him. These drones are used both domestically and internationally, to spy on people and assassinate them at the Emperor's discretion. He just loves flying his drone around our house, dropping Hellfire missiles on Scruffy, our dog. He kept saying that Scruffy was a terror suspect and needed to be taken out. I asked him if Scruffy should get a trial first, and he quoted Lindsay Graham, Imperial Senator: "Shut up Scruffy, you don't get a trial!" I was so proud. I think I'll buy him some video games that promote martial law for Christmas.


I bought this for my son and he spent countless, blissful hours simulating massacres of weddings, funerals, and other family gatherings of brown skinned foreigners! He even realized that if he circled the drone back around on the first responders, his effective kill rate soared! Neat-o!


This is the best toy ever. Finally, I can pretend that I'm a winner of the Nobel Peace Prize!
It's like I'm sitting right there in the White House with my very own kill list!

Training the Next Generation: Predator Toy Drone at Amazon

Topic: Current Events 11:03 pm EST, Dec 30, 2012



Multi-node Bro Cluster Setup
Topic: Computer Security 1:28 am EST, Dec 27, 2012

Bookmarked for future reference. I had been thinking about a way to "load balance" traffic across multiple Snort instances and thought about applying something like Cisco's etherchannel load-balance srt-dst-ip hashing algorithm.

Lo and behold, I found this great BPF kludge!

In our example, there will be four nodes monitoring traffic, so the BPF looks like this for the first node:
(ip[14:2]+ip[18:2]) - (4*((ip[14:2]+ip[18:2])/4)) == 0
So, in /etc/bro/local.bro, we have this:
redef cmd_line_bpf_filter="(ip[14:2]+ip[18:2]) - (4*((ip[14:2]+ip[18:2])/4)) == 0";
On the second node, we would have this:
redef cmd_line_bpf_filter="(ip[14:2]+ip[18:2]) - (4*((ip[14:2]+ip[18:2])/4)) == 1";
redef cmd_line_bpf_filter="(ip[14:2]+ip[18:2]) - (4*((ip[14:2]+ip[18:2])/4)) == 2";
And fourth:
redef cmd_line_bpf_filter="(ip[14:2]+ip[18:2]) - (4*((ip[14:2]+ip[18:2])/4)) == 3";

Special note: If you are monitoring a link that is still vlan tagged (like from an RSPAN), then you will need to stick vlan && in front of each of the BPF's.

Multi-node Bro Cluster Setup

Race Against The Machine
Topic: Technology 12:12 am EST, Dec 16, 2012

"Are the droids taking our jobs?"

Race Against The Machine

The Great Decoupling of the US Economy
Topic: Miscellaneous 12:04 am EST, Dec 16, 2012

Our argument, in brief, is that digital technologies have been able to do routine work for a while now. This allows them to substitute for less-skilled and -educated workers, and puts a lot of downward pressure on the median wage. As computers and robots get more and more powerful while simultaneously getting cheaper and more widespread this phenomenon spreads, to the point where economically rational employers prefer buying more technology over hiring more workers. In other words, they prefer capital over labor. This preference affects both wages and job volumes. And the situation will only accelerate as robots and computers learn to do more and more, and to take over jobs that we currently think of not as ‘routine,’ but as requiring a lot of skill and/or education.


computers are now doing many things that used to be the domain of people only. The pace and scale of this encroachment into human skills is relatively recent and has profound economic implications. Perhaps the most important of these is that while digital progress grows the overall economic pie, it can do so while leaving some people, or even a lot of them, worse off.

The Great Decoupling of the US Economy

Cops to Congress: We need logs of Americans' text messages
Topic: Civil Liberties 7:41 am EST, Dec  4, 2012

AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to record and store information about Americans' private text messages for at least two years, according to a proposal that police have submitted to the U.S. Congress.

CNET has learned a constellation of law enforcement groups has asked the U.S. Senate to require that wireless companies retain that information, warning that the lack of a current federal requirement "can hinder law enforcement investigations."

They want an SMS retention requirement to be "considered" during congressional discussions over updating a 1986 privacy law for the cloud computing era -- a move that could complicate debate over the measure and erode support for it among civil libertarians.

As the popularity of text messages has exploded in recent years, so has their use in criminal investigations and civil lawsuits. They have been introduced as evidence in armed robbery, cocaine distribution, and wire fraud prosecutions. In one 2009 case in Michigan, wireless provider SkyTel turned over the contents of 626,638 SMS messages, a figure described by a federal judge as "staggering."

Chuck DeWitt, a spokesman for the Major Cities Chiefs Police Association, which represents the 63 largest U.S. police forces including New York City, Los Angeles, Miami, and Chicago, said "all such records should be retained for two years." Some providers, like Verizon, retain the contents of SMS messages for a brief period of time, while others like T-Mobile do not store them at all.

This is just laziness on LEA's part. You want text messages for someone? Get a warrant and start tapping. This is as stupid as "ISP's have to keep 100% of all logs for years in the event that we need 0.01% of the logs, well, maybe at some point... or not, and who cares what it costs them!"

Cops to Congress: We need logs of Americans' text messages

Infosec Reactions
Topic: Humor 12:47 am EDT, Sep 20, 2012

Script-kiddies when a new public exploit appears

“We use base64 encryption”

When someone tells us a vulnerability is unexploitable

Infosec Reactions

Hot weather in Richmond this weekend
Topic: Humor 10:33 am EDT, Jul  1, 2012

Sure is hot

Hot weather in Richmond this weekend

Netflow stuff
Topic: Miscellaneous 11:06 pm EDT, Jun 18, 2012

SevOne discussing different ways of deduplicating netflow:

Netflow Deduplication Demystified

Plixer blog about flow stitching and RFC 5103 (bidirectional netflow)

Bidirectional NetFlow or NetFlow Stitching: Implementing RFC 5103

When I was messing around with this stuff the trickiest part to get right was accounting for drift between exports from multiple hops in the path. The export times and bytes of each flow are always going to vary slightly at each hop. My experience is with V5. For TCP packets you get a hint about connection state from the ANDed flags field. UDP was more complicated because you don't get those connection state hints and have to make other assumptions like seeing the source port change on a "different" flow, but not every protocol obeys that. IKE come to mind with both source and dest port being 500. Good luck making any sense of TFTP or some of the RPC protocols with only V5 records.

Deduplication and stitching are fun engineering problems and I think Lancope gets it right for the most part.

Best aha moment for me was discovering how ICMP is reported in flows. The source port field is set to 0 and the high and low bytes of the destination port field are used to encode the type/code tuple: 256*[Type] + [Code]. Clever. A play out of the old FTP protocol book ;)

(Last) Newer << 1 - 2 - 3 - 4 - 5 - 6 ++ 16 >> Older (First)
Powered By Industrial Memetics