Too Much Information

Right now like many people around the world, I am connected to a wireless network that uses Wired Equivalent Privacy (WEP) to “secure” the network. (And no, it’s not Wireless Encryption Protocol, like so many others seem to think!) WEP is easily cracked (like under 8 minutes easy), but you need to be near enough to the wireless access point (WAP) so that you can actually receive a signal. (Yeah, I know, you can use an antenna to be able to hack it from farther away, but you still have to be relatively close; relative to the face of the earth, which is where you could be for any other remote attack.). Since you have to be close this limits your exposure to those attackers that are physically within range of you. Now, anyone can park across the street and point a directional antenna at this network and gain access to the network within minutes. At this point, they can start directly attacking the computers on the network (running Windows shares with no security) or even the router itself (c’mon people - change your freakin’ default router passwords).

But is it worth the attackers time? What are they going to get? Why aren’t people getting jacked on a regular basis?

You always hear that identity theft is on the rise, but I don’t know a single person that has ever had to worry about getting anything stolen from their home network. (Except maybe this guy.) Why not? I guess, it’s because there are easier targets out there. Or at least a better reward for the effort. I mean what guarantee does the attacker have that there is anything of value on your home network anyway? When was the last time you stored your social security number on your computer? And your credit card number? (Oh yeah, I save those in a little file called hackme.txt on my desktop.) If this information is going to be stored anywhere, it’s going to be in the browser or on some web server. My guess is that if you’re going to be hacked through this method, it’s gonna be some 16 year-old going through the local cul-de-sac in suburbia with nothing better to do and a yearning to test out this WEP cracking stuff.

So, why am I on a WEP network? Good question. Maybe, I’ll end up like these guys.

Lessons Learned:

1. Change the default password on your router.
2. Don’t use WEP encryption - use WPA. (Although, that has it’s own issues.)

So, I was just reading Jeremiah Grossman’s blog today and noticed that he showed up on Slashdot. He points out that the Slashdot trolls didn’t even read the article in CSO before they started trashing it. Granted the Slashdot summary is a bit misleading, but the first sentence in the article states that his techniques are for preventing Cross Site Request Forgery (CSRF). C’mon people, RTFA! (Read the f*cking article.) However, I realized that there might be a way to gather more useful comments - delay comments by a significant portion of time, but make it unpredictable as to exactly when comments can be posted. IMHO the trolls want to be the first comment up there, so by delaying it, you’re giving people a chance to read the article before they start commenting on it. However, if it was a specific delay of say exactly 6 hours, then I know I can post the first comment or darn close if I just note the time of the post and come back 6 hours later. It would be less than a week before someone hacked together a script to post delayed comments.

This is why you would also need a random delay. By making it random, it’s not possible to predict when the first comment can be posted. It’s necessary to make it sufficiently random so that I can’t just sit there refreshing the page for 10 minutes and stumble on the time when commenting becomes active. (AKA Brute force commenting. LOL!) I think any online news source and / or blog that allows comments could definitely use this feature.  Of course, another option is to limit comments only to those you trust, which isn’t a bad idea either, but probably not possible for an organization covering a large breadth of knowledge. Maybe I should write to Slashdot and Wordpress just to see what they say. Nah, too lazy for that.

Welcome to the new and improved xs411.net blog. I recently upgraded the software used to run this waste of an internet domain and while I was fearing a fairly long and drawn out process, I was shocked to find that the only thing difficult was remembering the proper syntax for ‘cp’.

With the upgrade complete, hopefully, my site isn’t open to too many security holes. In the future, I hope to automate this  process even more so that it will be as simple as:

1. Receive an email notifying me that a new version of my blog software has come out.
2. Run upgrade script.

Viola! Easy as 1-2! (Hmm, doesn’t have quite the same ring as “1-2-3″, oh well.)  So, hopefully, this blog gets another update in the not too distant future.

Blogging from your phone, while somewhat difficult, is just too geek chic to resist. So, here is my first mobile blog!

Found a pretty sweet site for keeping up with new browser vulnerabilities, web software vulnerabilities and other hacking stuff. Check it out kids: http://www.0×000000.com

Yesterday was quite a fun day. I spent my morning trying to figure out the Barcelona train station, missed the first train and barely made it on the second one. The staff at the station do not speak english, so it was quite a task. Finally, I arrived in Figueres and the place was a ghost town. (I later realized that this was because I arrived in the middle of ciesta, as the town was bustling when I left the museum.) So, I followed the signs to my destination, the Dali Museum. It’s a great museum filled with works from Dali and other artist that were inspired by Dali. The building itself was even designed by Dali (I think). There is a numbered path that you follow from room to room winding your way though out the museum. Definitely worth the trip, but for future travelers I suggest checking out Girona as well since the trip is about 2 hours by train each way. Unfortunately, my digital camera crashed and my camera phone pictures did not turn out so well. I’ve posted what little I have on my flickr site. The Dali Jewels were some of the best pieces in my opinion. After that it was back to Barcelona for a sampling of the nightlife! I went to an Irish Pub called Temple Bar to start things off and then went to Sidecar and Jamboree. I danced I drank I was merry. And next thing you know the sun was up and I was back at Zena’s house. I don’t think I was meant to be a writer, I just don’t have the patience for it. So, I hope someone is reading this and getting something from it. Ciao!

Ok, so I’ve neglected to do all the photo uploading and journal entries that I said I would be doing. There’s just way too much stuff to do and when I sign online I’m more concerned with talking to my girlfriend, looking up train prices, hotel / hostel accomodations, etc. I’m not even totally sure what day of the trip this is.

However, I’ve come back from my travels in Italy and decided to take a day of rest back in Barcelona. Tomorrow, it is off to see the Salvador Dali museum in Figueres, but for now, I can write.

So, in the first two days at Barcelona, Heather (my travel buddy) and I took a tourist bus around town and saw the big tourist stops: Sagrada Familia, La Rambla, Park Guell, the monument to Christopher Columbus. We also saw the beach and sampled the local cuisine, although our sampling of the local nightlife has been limited.

Then it was off to Italy. I can’t say enough great thing about Italy, though I must say it is incredibly dirty there. It’s sad that a city with such amazing sites can be so covered in grafitti, trash and well… dog shit. We saw just about everything here and we saw it all in one day! The Trevi Fountain, the Pantheon, the Spanish Steps, the Plazza of the Republic, St. Peter’s Square (which is a circle, so that makes absolutely no sense), the Vatican / Cistine Chapel, Imperial Rome, the Senate house and the Colloseum. Phew! Finished that off with some fabulous Italian food at Chianti. Even with all that, there is still more to see in Rome, it’s amazing how much history is there. They don’t call it the Eternal City for nothing. On a sidenote, I need to thank Tony, from Chicago. Heather and I stumbled across Gregory’s, one of only two Jazz bars in Rome. There we met Tony, who has family in South Italy and speas a little Italian, which is a lot more than I speak. Tony showed us to all of these places and I can’t say enough great things about him. It was like having our own personal tour guide through all of Rome. And by the end of the day, Tony had more energy than both Heather and myself.

Now I have returned to Barcelona to rest for a day, but tomorrow I am taking a day trip to Figueres to check out the Salvadro Dali Museum. I am still looking foward to seeing the Barri Gothic and the Museo de Picasso in the remaining days I spend in Barcelona.

This trip has made me realize that traveling wasn’t so picture perfect as a I always thought it was, but I think it’s been a character building experience so far. It’s definitely shown me that I have many flaws to work on and has further confirmed the fact that I there is no perfect state. I am a constantly evolving individual and if I ever think everything’s perfect, I’m just not seeing the next step - or denying it.

Pictures of my trip can be found at flickr: http://www.flickr.com/photos/xs411/

And so it begins… I have begun my Euro Trip. My travel buddy Heather and I departed from SFO on Tuesday morning. A short 4 hour plane flight to Atlanta and we found ourselves sitting in an airport bar asking for chips and salsa. The bar tender quickly notified us that we were, in fact, no longer in California and thus there would be no chips and salsa. Drat! So, instead we got some rosemaryfrench fries and we were again surprised to find out that these fries were actually just little cubes. But, they were yummy none the less. A few rum and cokes and a beer or two later we were on our next flight enjoying some wine and the finer delicacies ofairplace food. Delta has got those little TVs just like JetBlue. But, even better, they have video on demand services! I watched Pan’s Labyrinth, Norbit, a couple episodes of the Office andI even played some video games. Pan’s Labyrinth was awesome - grotesque yet capivating - like a car accident on the freeway. Finally, we arrive in Bercelona and it is Wednesday.

OK, so I finally got this site back up and running after my jsreed.net domain goes into REDEMPTION! (More on that in a future blog.) And the whole point of me getting my site up really was to post the half-baked game I made, Zen, and download it to my new Blackberry Pearl! I was happy in my day-dreaming reverie - seeing myself playing my home-made game on my shiny pretty Pearl. However, that bubble has burst.

To my dismay, I discovered that the Pearl does not allow normal J2ME application downloads. Oh no… it’s got to go with it’s own PROPRIETARY format. Now, I haven’t looked into why this is, but so far I’m pretty pissed off about it.

So, anyway, if you go hit up the projects page with your mobile browser and you DON’T have a Blackberry Pearl, it should download and install just fine. WARNING: I do not represent in anyway that it won’t completely melt down your phone. It shouldn’t, but the game is still a work-in-progress and I have not tested it on anything except my old Blackberry 7130e. (Which for some reason didn’t need the proprietary .cod format. Why? I don’t know.) Regardless, the game is only half finished, so would you really expect it not to have a few bugs?
In other news, I’m heading to Tahoe this weekend! Woo HOO! After this week of hail and freezing rain in San Francisco, Tahoe has got be freakin fantabulous! It’s sunny right now. I expect nothing more than pure bliss this weekend. So, I’ll try to take some pictures with my crappy camera and share them on this site. That way you can all be jealous!

Finally, I really hate telemarketers. Sometimes, I simply tell them that “Jerry Reed” is dead. That’s a fun one - but this guy, took it so much further. God bless progress! (Kudos to Amanda for the link.)
Until next time…

…same bat time!

…same bat channel!

I’m not even gonna pretend that I know how to write. Just check back here every once in a while and I’ll post pictures… or games… or something.