Create an Account
username: password:
  MemeStreams Logo



My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

jlang's topics
Health and Wellness
Home and Garden
Current Events
Local Information

support us

Get MemeStreams Stuff!

Current Topic: Miscellaneous

Moving large blocks using primitive materials
Topic: Miscellaneous 10:00 pm EDT, Apr 14, 2008

Wally Wallington has demonstrated that he can lift a Stonehenge-sized pillar weighing 22,000 lbs and moved a barn over 300 ft. What makes this so special is that he does it using only himself, gravity, and his incredible ingenuity.

Moving large blocks using primitive materials

OpenDNS Autofix: Very Bad Idea (tm)
Topic: Miscellaneous 3:49 pm EDT, Jul 13, 2006

In return, sites like the notoriously sluggish load significantly faster, thanks to the way OpenDNS caches IP addresses. Users who type "wordpres.sorg" or "craigslist.or" into their browser's address field are automatically routed to the correct address, instead of getting a 404 error page.

This is such a very bad idea. Any time you have a computer try to figure out what you meant at the end of a connection, you are creating a serious security vulnerability.

Prime example: Apache's mod_speling (SIC). If I send a request for indexh.tml, mod_speling detects the mistake and will serve back index.html. The problem is any security products like an IDS/IPS won't have this intelligence to try and "fix" the request before they analyze it. The IDS/IPS simply sees and logs a request for indexh.tml Modspelling, like this feature in OpenDNS, allows an attacker to side step the attack signatures on a IDS/IPS to exploit a site because the web server will "fix" the attack once it reaches its target.

OpenDNS Autofix: Very Bad Idea (tm)

MySpace case opens security can of worms [printer-friendly] | The Register
Topic: Miscellaneous 3:38 pm EDT, Jul 13, 2006

...paradoxically, the closer we get to systems that achieve a reasonable score in keeping evildoers out, the more vulnerable we are to attack from those evildoers who bypass our filters.

So when the Attorney General of a US State speaks of requiring MySpace to achieve giant strides, it's worth suggesting that he's not only being unreasonable; he may even be making things worse.

The simple argument is that if parents think MySpace is a safe place to leave their children alone, they are likely to leave them far more vulnerable to the predators who do break in, than if they recognise the reality of the situation.

That reality is that predators will break in. The way to deal with it is to supervise and monitor, so that people know they are being watched - exactly the same way you stop fights in the school playground. It's not rocket science.

Hear hear.

MySpace case opens security can of worms [printer-friendly] | The Register

invisiblethings: Introducing Blue Pill
Topic: Miscellaneous 3:25 pm EDT, Jul 13, 2006


I know some of y'all MSers will be at Blackhat. I expect a report :)


invisiblethings: Introducing Blue Pill

Unwise Microwave Oven Experiments
Topic: Miscellaneous 4:37 pm EDT, Jun 26, 2006

] Are you a kid? Does your microwave oven belong to your
] parents? If so, then don't even THINK about trying any of
] these experiments. I'm serious. If I wreck my microwave
] oven, I can buy another. Also, I'm a professional
] electrical engineer. I know enough physics and RF effects
] to take correct safety precautions when I'm
] experimenting. But you don't know the precautions, so you
] should be smart: read and enjoy my writing, but don't
] duplicate my tests unless you grow up to become an
] electronics tech, engineer, etc., and buy your OWN
] microwave oven.


Unwise Microwave Oven Experiments

Special forces to use strap-on 'Batwings' | the Daily Mail
Topic: Miscellaneous 11:39 am EDT, Jun 14, 2006

Elite special forces troops being dropped behind enemy lines on covert missions are to ditch their traditional parachutes in favour of strap-on stealth wings.

The lightweight carbon fibre mono-wings will allow them to jump from high altitudes and then glide 120 miles or more before landing - making them almost impossible to spot, as their aircraft can avoid flying anywhere near the target.

Special forces to use strap-on 'Batwings' | the Daily Mail

RE: Fried Fish: Mozilla Ping Feature
Topic: Miscellaneous 5:37 pm EST, Jan 18, 2006

Decius wrote:

It is now possible to define a ping attribute on anchor and area tags. When a user follows a link via one of these tags, the browser will send notification pings to the specified URLs after following the link.

If IE picks this up, MemeStreams could use it...

Viva la Smurf Attack!

I have to wonder if the Mozilla developers have fully considered the implications of this feature. With browser redirect tracking, the company providing the content bears the burden of processing; with the track back mechanism implemented in the client, no such limitation exists. This by itself would not necessarily be a problem, except for the fact that the developers appear to be supporting MULTIPLE track back locations.

This is Bad.

Consider for a moment what kind of havoc that could be reaped by compromising a banner ad server to include a list of track back urls that all resolve to a single, unsuspecting, network. Someone just got a free army of DDoS clients, all courtesy of your friendly web browser. If one considers the implications of this feature being implemented in an html rendering engine, then the consequences of a spammer taking advantage of this "feature" become truly frightening.

Fortunately, all is not lost for this technology. If the track back ping implementation is limited to a single URI, then its potential for abuse becomes equivalent to that of the IMG SRC tag.

RE: Fried Fish: Mozilla Ping Feature

Man peed way out of avalanche
Topic: Miscellaneous 3:16 pm EST, Jan 28, 2005

A Slovak man trapped in his car under an avalanche freed himself by drinking 60 bottles of beer...


He said: "I was scooping the snow from above me and packing it down below the window, and then I peed on it to melt it. It was hard and now my kidneys and liver hurt. But I'm glad the beer I took on holiday turned out to be useful and I managed to get out of there."

Update: false, but definitely something that could have been in Strange Brew

Man peed way out of avalanche

RE: Onion Routing 2.0: tor
Topic: Miscellaneous 3:44 pm EST, Jan  7, 2005

Acidus wrote:
] ] The complex version: Onion Routing is a connection-oriented
] ] anonymizing communication service. Users choose a
] ] source-routed path through a set of nodes, and negotiate a
] ] "virtual circuit" through the network, in which each node
] ] knows its predecessor and successor, but no others. Traffic
] ] flowing down the circuit is unwrapped by a symmetric key at
] ] each node, which reveals the downstream node.
] What about traffic analysis? While I don't know much about
] this, I had a talk about this very same thing with Decius not
] too long ago. Don't you need some type of anonymous cloud
] takes and "holds" your request for some random length of time?
] That way if enough people are inject requests into the cloud,
] there is no way to match an incoming transmition cloud with
] one leaving the cloud.

It's a performance tradeoff, and it is thought that even the typical padding and reordering is not sufficient. The design document has this to say:

No mixing, padding, or traffic shaping (yet): Onion Routing originally called for batching and reordering cells as they arrived, assumed padding between ORs, and in later designs added padding between onion proxies (users) and ORs [27,41]. Tradeoffs between padding protection and cost were discussed, and traffic shaping algorithms were theorized [49] to provide good security without expensive padding, but no concrete padding scheme was suggested. Recent research [1] and deployment experience [4] suggest that this level of resource use is not practical or economical; and even full link padding is still vulnerable [33]. Thus, until we have a proven and convenient design for traffic shaping or low-latency mixing that improves anonymity against a realistic adversary, we leave these strategies out.

They suggest (but dont say outright) that reordering & batching may occur at some point. It would certainly give me more warm fuzzies if it did.

makes for an interesting read...

RE: Onion Routing 2.0: tor

RE: naet ltilte ticrk!
Topic: Miscellaneous 1:43 pm EDT, Sep 18, 2003

Gremlin wrote:
] The phaomnneil pweor of the hmuan mnid.
] Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it
] deosn't mttaer in waht oredr the ltteers in a wrod
] are, the olny iprmoetnt tihng is taht the frist and
] lsat ltteer be at the rghit pclae. The rset can be a
] total mses and you can sitll raed it wouthit porbelm.
] Tihs is bcuseae the huamn mnid deos not raed ervey
] lteter by istlef, but the wrod as a wlohe.
] Fcuknig amzanig, huh?

Ian Grigg pointed out on the cryptography list that this inner transposition technique could be used as a simple steganographic channel:

The suggestion was shortly followed by the following post from Peter Wayner:

Changing around the order of a list of items is a pretty cool way to hide information. You can hide about log_2(n!) bits of information in a list of n items. In the case of words, you can move around the inner letters as long as there are no duplicates.

If you want to experiment with the basic technique, check out this web page with an applet I wrote.

RE: naet ltilte ticrk!

Powered By Industrial Memetics