Monthly Archives: September 2008

bad security guide

Posted by ian on 29Sep08 Comments Off

Ok, this is a very bad take on security. Very, very bad:

Using a second router: A techie how-to

Ignore, if you will, the social aspects of if, why and how to police children online and just look at the totally stupid design proposal – he advocates a second router behind the main router, which is fair enough (ignoring all those protocols that die with a double NAT, or what happens if (gasp !) you actually produce content rather than just consume it and would like to forward an internal server to your public IP) for a quick-n-dirty fix, but the inexcusable part is that the ‘untrusted’ kids router is connected directly to the Internet, and the ‘trusted’ adult’s machines are connected behind the kids router…

That’s right: you (presumably) can’t trust the kids to not break your own machine, so you’re now giving them a free reign to spoof the router IP and fake up any web site you might be trying to visit… Bonus marks for the kids that spot the router firmware is buggy, and has no patch/is unpatched and then take over that device and hold your Internet connectivity hostage, screen scraping your banking password and giving themselves a nice present.

It’s ‘security’ like this that gives us mandatory password changes every month, but ignores the wealth of research showing that excessive password cycling results in post-it notes of passwords in plain view. Or airline security that… Nah – I can’t be bothered. Fill in your own similies here because he’s wasted far too much of my thought time as it is.

(Via http://www.xlr8yourmac.com/)

take a colour IQ test

Posted by ian on 27Sep08 2 comments

Wow – this is actually quite hard, especially during the first cup of coffee on a morning:

Take the test

For the record, I scored 10, where zero was the best for my age range (sob !) but the worst a rather startling 1464. I can’ t even blame my monitor colour depth, although it might be an excuse for a calibration device… Hmm…

(From The-Digital-Picture.com)

marblehilldancestudio.co.uk

Posted by ian on 26Sep08 Comments Off

Recently I’ve been having some fun with Rapidweaver and have used it to create a web site for Marble Hill Dance Studio which is run by Abigail Cova and is based in St. Margaret’s, London. The main theme was a stock item with customised colours and extended background motifs, but in the end the logo placement and fade turned out to be real issues and so the front page is hand-customised.

Recent enhancements in RW4 do mean that JavaScript email link obfuscation is now native (although common LHS addresses will still be open to dictionary attacks) and the use of standard Hn tags could be improved on the Styled Text pages, but I’m still very happy with the ease of design, style mods and overall usage. The most obvious room for improvement is the number of features the Flash slideshow has that simply aren’t options – the tool manual shows off the true power and so again a post-export tweak to the XML file allows the name of the image to stay on screen even if the mouse isn’t over the image itself.

strawberry and dark chocolate muffins

Posted by ian on 09Sep08 Comments Off

This is a very slight modification of the lemon and white chocolate recipe

The depth of the muffin mould is the main issue for cooking time – I have some very deep (8cm) silicone ones that mean that it’s normally timed by eye with liberal use of a hat pin. If you use shallower trays then do reduce the cooking time unless you enjoy eating small bricks…

300g Self-raising flour
100g Caster sugar
Pinch of salt
100g Butter
125g Dark chocolate
125g Strawberries
180ml Milk
2 Eggs

Chop the chocolate bar into decent sized chunks (this is to taste but I quarter the ones pre-pressed into the bar) and place to one side. Wash, top and quarter the strawberries (but do take into account the size of your fruit – too large and the muffin will crumble)

Mix the flour, sugar and salt together. Blend the milk and eggs together and then add the mixture and melted butter to the dry ingredients. Stir together, but leave the mixture lumpy to give the muffins more texture.

Fold in the chocolate chunks, and add the strawberries last. Try not to over mix (or you get mashed strawberries), and spoon into the moulds to about 85% of the depth to get a slightly overflowing top.

Cooking time for a fan-assisted electric oven is 180°C for 20 to 25 min.

lemon and white chocolate muffins

Posted by ian on 09Sep08 Comments Off

This is a modification of a recipe I found last christmas, and have played with slightly in order to make them more unhealthy and bigger than most shop bought ones

300g Self-raising flour
100g Caster sugar
Pinch of salt
100g Butter
200g Bar of white chocolate
180ml Milk
2 Lemons
2 Eggs

Chop the chocolate bar into decent sized chunks (this is to taste but I quarter the ones pre-pressed into the bar) and place to one side.

Add in the zest of both lemons and the juice of one and then fold in the chocolate chunks. Try not to over mix, and spoon into the moulds to about 85% of the depth to get a slightly overflowing top.

Cooking time for a fan-assisted electric oven is 180°C for 20 to 25 min.

vanilla syrup cake: version 2.0

Posted by ian on 05Sep08 Comments Off

Having tested the original variant on friends and family, this new one has been tested on work colleagues – most appear to have survived.

So far.

225g Self-raising flour
5ml Baking Powder
Pinch of salt
50g Caster sugar
25g Margarine
110g Golden syrup
1 egg
120ml Milk
10ml Vanilla extract
20ml Flakes of 100% Cocoa chocolate

Mix the flour, salt, sugar, baking powder and chocolate flakes thoroughly. Warm the margarine and syrup stir together (20 seconds in an 800W microwave). Beat the egg, milk and vanilla extract and add this and the syrup mix to the dry ingredients a little at a time.

Pour into a greased loaf tin, and bake at 170°C for 50 to 60 minutes (an electric fan assisted oven: vary as required for your setup).

The baking powder is not essential, but does make it a little less bread like so it’s largely a matter of preference. Likewise, the vanilla could be increased (to taste) and the 100% cocoa flakes, whilst not essential, help to keep the sweetness in check.

strange things are afoot at the circle k

Posted by ian on 02Sep08 Comments Off

Previously, most automated vulnerability probing I’ve seen on my systems has been brute force and fairly ignorant: one IP address tries many, many (and in some cases many, many and many) times to get in with varying credentials – the most blocked count recently was over 2500 attempts.

This morning it all changed and the rows and columns of the table of attacking IP’s and target users have basically been switched so that one IP will try one login, and then another IP will try the same login etc. This means that whilst the automatic banning is still in place, I now have a huge list of IP’s that have never attempted to get in a second time.

How do I know it’s a single attack ? The fact that the usernames continue to be tried in alphabetical order is one real giveaway that this is a coordinated attack rather than a series of random one-shot attempts. The only really odd aspect is that the same series of usernames is repeated many times from different groups of addresses – I’d guess that whatever ‘common logins’ are being used have been split into a series of one-shot attempts and distributed to small sub-groups of machines (around 10 to 20 or so) which come in a very fast sequence which then has a pause before it begins again. The pause could be simple latency and random chance, or, more likely, it’s the subgroup reporting back failure on one set of data to a central location (or, more P2P like, the next sub-group of IP’s) before the next set of logins is tried.

Interesting ? Maybe. It’s certainly a great way to tip your hand as to who is a member of a particular botnet as you’re exposing all your hosts in one run. On the other hand, it’s far harder to block and consumes far more bandwidth as you need to answer each attempt to discover who it is they’re trying to get in as – the previous method of just dumping the packets after the first offence did save a noticeable number of bytes when counted over a month. I think it’s actually a response to automatic IP blacklisting – only one valid login needs to get in to halt the attack sequence and the pattern shows that banning repeat offenders was a very successful tactic in halting the crack attempts.

Of course, it could all be a very cunning scheme to exhaust disc space due to excessive logging and so cause a very roundabout DoS…

Page 1 of 11

minimal.cx

things that only i could care about

Monthly Archives: September 2008

bad security guide

take a colour IQ test

marblehilldancestudio.co.uk

strawberry and dark chocolate muffins

lemon and white chocolate muffins

vanilla syrup cake: version 2.0

strange things are afoot at the circle k

biogtry:

shopping:

old posts:

categories:

links:

recent comments: