Steve and I have been using WordPress to publish TechFire. So far it has been quite nice and has a number of features over the currently available version of Radio like comment moderation, multiple authors, and a variety of plug-ins from an active developer community that are helping us track stats for the site and publish our Podcast. The editing interface reminds me a lot of Manila. The only downside is that we are getting hit with a ton of comment spam. I've set up filters to intercept unwanted comments before they hit the site, but some times I end up deleting a ton of comments that slipped through and modifying the filters to reflect the new wave. I'm happy with it for publishing TechFire, but I'm not about to migrate my NI3 blog to it until it cleanly works with MarEdit.

posted: 9:08:59 PM  permalink  trackback ()  comments ()    

I ran across a very interesting technique this week called Port Knocking and a related implementation called Tumbler. This technique allows you to access a computer on the Internet via seemingly closed ports using a specific "knocking" sequence. There is a debate raging whether or not this is a security-through-obscurity play or a legitimate technique. I don't know enough yet to make a judgment. However, the first thing that came to my mind reading the introductory documentation is a hacker embedding one of these implementations into a Trojan or worm. Embedding one of these implementations in a Trojan or worm would be extremely dangerous and make the worm almost impossible to detect after it has planted itself on your computer. It would also open a door for an attacker to plant more code on your computer at his leisure to do whatever he wants. Not that this isn't possible today, but a small DLL running tumblerd wouldn't open any ports or communicate with a remote host until a connection is initiated by the remote host. A small DLL could be written that runs tumblerd, manipulates firewall settings, and sends a remote host any changes in IP settings, providing a universal gateway attack. This is seriously dangerous stuff in the wrong hands.

posted: 8:59:57 PM  permalink  trackback ()  comments ()    

John Robb wrote about his user experience voting yesterday. It would be great if someone could compile links from a lot of voters from all over the country to survey voter user experience. Here's my experience.

I had a very different user experience from John. I voted at about 6pm PST yesterday. Our polling location was a garage on the next street over from us. My wife and I arrived with our daughter in tow at about 5pm PST. California, San Diego specifically, had an very large ballot this year. There were eight card board voting stations in the garage. Lighting was very poor as the sun went down, making it hard to read the ballot. Everyone was pretty much standing shoulder to shoulder. We beat the evening rush by minutes. My wife voted first while I watched our daughter. She stood inline for about ten minutes waiting for a voting station to open up. It took her twenty minutes to vote. I stood inline for about twenty minutes and it took me twenty minutes to vote. It took us a little over an hour for both of us to vote. The entire time we were outside. By the time we were done, it was dark and starting to get cold. I think we need to change the location next time.

posted: 8:41:36 PM  permalink  trackback ()  comments ()    

If anyone has a good Windows Server 2000 hardening script, I'd very much appreciate a copy of it. I know it's kind of a weird request, but there's a purpose for it. On 19Nov I'll let everyone know why I needed it. I think everyone will get a kick out of it. Drop me a comment with a link to a source. Thanks in advance!

posted: 8:31:58 PM  permalink  trackback ()  comments ()    

I'm taking a security class these next couple of days. It's been fun. Its basic stuff and kind of boring at times. During the boring parts a few other guys and I have taken to hacking each other's lab computers. For a security class, they sure don't take locking down their own computers very seriously. At one point I took control of one guy’s machine and locked him out completely by rebooting his machine remotely. I let him hang for a while and then passed him a note containing his new password. I didn't get hacked too bad and never locked out. I was able to shut down services and install a firewall before the games got too carried away. I think I'll grab a bunch of exploits tonight and put them on my USB drive now that I know what I can throw at these guys. Game on!

posted: 8:22:53 PM  permalink  trackback ()  comments ()