Archive for October, 2005

Nmap madness at MSU continues…

October 31, 2005

Well, it seems that the two machines in the GA office were employed in some extensive port scanning. In fact, they managed to DoS the mailserver so the IT took them off the network. Brilliant! At least I know that I didn’t really show how to do a wide range scan to anyone – so I can’t feel guilty about this.

And I know that my scans did not DoS the mailserver because I did them two weeks ago, and no one complained. I finally got to sift through the nmap logs today, and I have found bunch of goodies. I won’t post anything here for security reasons, but believe me – there are some interesting things out there.

For example, the network printers are just ripe for abuse. Some of them are running their own web servers which host web-based management tools. I was able to access some of these control panels without any authorization. In fact, in most cases I could change any settings I wanted, including the IP of the printer and the default gateway. Scarry! There has to be a way to lock these things down somehow!

Also here is a fun exercise for you – freddie has echo service running on port 7. How do we utilize that to perform a DoS attack? This thing seriously freaks me out.

And could someone please do something about that goddamn open relay on pegasus? Are you people asking for fucking trouble? I’m just waiting for some idiot to get his hands on that smtp server. Open LDAP + open relay SMTP server is a very, very dangerous combination. We will one day drown in spam! Sigh…

Happy Haloween!

October 31, 2005

.flickr-photo { border: solid 1px #000000; }.flickr-frame { float: left; text-align: center; margin-right: 15px; margin-bottom: 15px; }.flickr-caption { font-size: 0.8em; margin-top: 0px; }

Monster Jackson
Monster Jackson,
originally uploaded by maciakl.

Well, it’s almost Halloween so I figured I post this here. I found this mask on display in a Halloween store on Bloomfield Ave in Montclair. I don’t know about you, but I find it funny that Michael Jackson sits right between the devil and the skull 🙂

I mean, don’t get me wrong – the dude is seriously scary. With the falling of nose, bleached skin and the child molesting – if I saw him on the street I would start running 😛 So I guess he does fit in the pantheon of Halloween monsters.

Btw, if you want to check out the mask, it is no longer in the window there. They either pulled it from the display, or someone bought it or something…

Logan, what were you thinking!

October 30, 2005

Early Wolverine Outfit (note the whiskers!) courtesy retroCRUSH

Holly poop on a stick! Is that Wolverine? OMG! What is he wearing! Did you see that mask? He has freakin whiskers on it! I know that first attempt at superhero costume is usually lame, but this is retarded 😛

This was apparently Logan’s very first appearance – way before the X-Men. This was from the Incredible Hulk comic book.

I found it at retroCRUSH among other examples of very bad superhero costume designs.

Pictures found on teh Internets

October 30, 2005

Allright, I was bored… Since I have nothing good to say here are some pictures found on the web that cracked me up:

Funniest exchange Evar!
Was this guy in one of my 109 classes? I do not recognize the face, but the way he handles his computer… Must be a 109 student!

LUS3R!
I’m usually not into crossplay, furries and this type of bullshit but these sailor moon chicks somehow seem kinda cute despite looking absolutely retarded in the anime outfits:

Crossplay Chicks
You see, when GWB was learning geonomography they drew him this map so that he wouldn’t get confused:

World According to Dubya
This one is priceless – it makes me chuckle just looking at it:

Yes, God – Please!
This is how you can get your mom to use Linux:

Linux in a Supermarket!
I found these in random places – most at nata2.info, but the site claimed they are all public domain shots.

This is Awesome!

October 28, 2005

Holly crap! This is awesome! Some guy does a perfect Mario tune on a Chapman Stick. I don’t know why but hearing this just makes me smile 🙂

Grace has a fansite :)

October 27, 2005

First Good Grace Park Fansite

Well, it seems that Grace Park got herself a decent and up-to date website 🙂 I was thinking that I will have to make one myself since no one was going to do it. But someone did took on the responsibility to scour the web searching for all things Grace. Anyways, check it out at http://www.graceparknews.com/.

Once you are at it, check out the video section. You are in for a treat – they actually have that scene from Romeo Must Die there 🙂 That and an awesome promo clip from her Maxim shot.

Here is the RSS feed. Of course the maintainer forgot to add autodetection tag, so Firefox won’t pick it up automatically 😛

Anti Blogging Practices in Forbes

October 27, 2005

Wow… I’m really surprised that Forbes published what can only be called the official guide to harassing innocent bloggers. I always thought that this type of stuff was done by unscrupulous, shady companies. I thought that forbes was a decent, legit magazine… I guess not.

Come on, what kind of business advice is this? If someone speaks bad about your product, you want to go humiliate him? You want to threaten his ISP with a lawsuit? You have your splog drones churn out inflammatory posts on him day and night? Holy friken shit! This is crazy! If I don’t like your crap, I will talk shit about it using any medium I want. If my ranting cuts into your bottom line, you should probably look into fixing whatever causes these complains. I don’t care how good your product is – if you are in the business of harassing bloggers, you will loose me as a customer.

If your competitor is using splogers to spread lies about you, the correct response is not to turn around and do the same. What the hell? Do you want a total friken spamwar to break out? How do you distinguish between a private blogger who simply was disappointed with your product/service and a private blogger who just happens to take money under the table from your competitor? Are you going to investigate every single blogger that mentions you? This is not a solution – this is asking for trouble!

Sigh… The numbers in that article look kinda like RIAA sales loss figures. Where did you get them? How were they collected? Sigh…

Unsigned Primitives

October 26, 2005

Why doesn’t Java have unsigned primitives? I can never wrap my head around this. How hard would it be to implement unsigned arithmetic? Every single other strongly typed language out there has them!

I love Java, but this always bothered me. Java does not exist in a vacuum. Sure, when you are working in pure java environment, with pure java standards, and data formats you are fine. But in the real word, sometimes data uses non-java friendly conventions. Especially in imaging. Most images use unsigned ints or bytes to store pixels. Sure, you can always use an int to store a byte but this is wasteful.

Furthermore, most of Java API’s work with signed data. If you are just crunching numbers, this is usually not a big problem – but if you try to do something more fancy you run into issues. For example – awt package has some nice image display capabilities. I do not feel like implementing a rendering algorithm for my data. I also do not want to use JAI, because it is not standard, not mature enough. I want to use the existing API – but I can’t really plug a wraparound primitive into it. While byte in an int works fine (if you tweak the color model to only use 8 low order bits) an unsigned int might be a problem. There are no API’s which work with long types, so int cannot be wrapped into a higher order primitive this way.

So, I might need to check for these things and normalize the data somehow. Now, the big question is – should a negative int be converted to the min or the max value? I guess it is relative…

Seriously though – is there a reason for leaving out unsigned primitives? Any reason at all? Or was this done on a whim?

I still like java, I’m just slightly irritated 😛

Disney DRM’s the Oscar Review Copies

October 25, 2005

It seems that Disney does not trust the movie reviewers. According to slashdot, they will now be sending all the pre-release reviewer DVD’s encrypted and watermarked, and only in a format playable in a Disney issued DVD player.

Apparently each of these DVD players requires on-the-phone registration, and special setup. Furthermore they are considered to be slow, unresponsive and do not have any advanced features users come to expect from a standard player. Hell, if I was a reviewer I would send this damn thing back and tell them to stuff it. Or I would write a jaded review explaining in detail how Dinsney anti-piracy measures ruined my viewing experience.

Besides, we all know DRM is a joke. It will continue to be a joke until you introduce TCPA and allow movie studios to play a big brother tracking how many times you play their movie, and who do you give it to. By my calculations we still have at least few years till the world is brainwashed enough to sell itself to Microsoft. And by that time we will probably have no more civil liberties left so it really won’t matter that much anymore.

All you need to do defeat these measures is to record the analog copy by tapping the wire between the DVD and TV and then run the output through some noise equalization algorithm. If you are extra paranoid, resample the movie at a lower framerate. You might loose quality, but any watermark that was there will probably be messed up throughly. These people do not realize that all of this could be done by a 14 year old kid. All they are doing here is wasting money. Sure, Joe Average Reviewer probably does not have enough know how to rip the crippled move – but I bet Junior from next door who has been cranking out 0-day releases since he was 10 (so for 2 years now) will have no problem with it.

Fortunately Sony and Universal have enough common sense not to waste money like this. Or do they? Here is what slashdot readers thing about this:

I hear that Sony and Universal are making the reviewers watch the movies from jail, and letting them out when the movie is officially released.

I would say this actually sounds very plausible.

Nmap Madness

October 24, 2005

Dr. Robila showed the class nmap recently, and asked us to do a port scan on some of the campus machines as part of our assignment. For me this was a good excuse to run an exhaustive port scan on the whole IP range. Now I have a complete list of hosts along with open ports, OS information and so on – in other words, bag of goodies 🙂

I figured that if Joe Yun barges into my office to dish out some vicious LART’ing I can always say “Robila made me do it”. Besides, I don’t think he could track me by IP – I bring my laptop and I get my IP from DHCP so I probably get a fresh one every time I power up my machine.

Apparently few other people had the same idea as me (either that or they were clueless). Anyways, the IT guys did go hunting and pulled few of the school machines from service. Apparently James was using the department machine to do his scans, because it was gone today. So they do notice these things 🙂 It’s good to know.