Mac Transitions - Fixing Files
In the transition from Linux to Mac, I also ran across a small problem with Mac formatted text files on remote Linux machines. Line endings. I had assumed (and we all know what that means) that the Mac running OS X, being as it's userland roots lie firmly in the BSD camp, wou
Perl Snippet
Recently, I have been moving Perl scripts from BSD and Linux machines onto OS X. Mostly, things are pretty smooth but today I had to change a script slightly so that I could read data from /private/var/tmp/ on OS X. The scripts I had on the other systems would read from /var/tmp/
Snort startup script for Ubuntu
#! /bin/sh ### BEGIN INIT INFO # Provides: Snort # Required-Start: $local_fs $remote_fs $syslog $network mysql # Required-Stop: $local_fs $remote_fs $syslog $network mysql # Default-Start: 2 3 4 5 # Default-Stop: S 0 1 6 # Short-Description: Init script
Checking Multiple Bits in a Flag Field
Sometimes, it is necessary to check a value in a flag field that is not a power of two (1, 2, 4, 8, etc.) and therefore requires multiple bits to be represented, yet other values in the byte are not part of that flag field. Such is the case for DNS where server status codes are r
Defcon, testing and exploiting
This year at Defcon Immunity trotted out the first iteration of their NOP cert test, and I had the pleasure of giving it a test run. I still think it's a great indicator of ability, despite the Immunity tools focus; I'm not a user of any of their tools generally, but I ma
DNS Vulnerability Paper
Now that Defcon is over and the Kaminsky DNS Vulnerability is completely out in the open, the Sourcefire VRT has a new whitepaper that discusses the issue and suggests detection methods using Snort rules. Download it here.
Flash Vulnerability Info
On 5-27-2008 Symantec issued a 0-day vulnerability alert pertaining to malicious flash (SWF) files circulating in the wild. The initial Symantec report stated that this issue was unknown and that it affected the latest version 9.0.124.0 of flash player and several other Adobe pro
How to annoy co-workers taking a break
We have a Foozball table here at SF World Domination HQ. It sees a lot of action from various people in the company during lunchtimes. Unfortunately, it is located close to the VRT lair. So close in fact, that we are able to run wire to a speaker strategically placed in the ceili
Power over Ethernet and Snort
Lurene correctly points out that vulnerability research is often a series of failures, but that what you learn as you work through the failures will often come in useful in the future. Recently we had a strong desire to put a snort sensor in-line with a wireless access point. Whi