D90 Tools & Techniques

"So I can remember how I did stuff in the future…"

• Home
• About

Topics

• Auditing
• General Security
• Linux
• Networking
• Sysadmin Tools
• Uncategorized
• Web Hosting Tools
  • Lighttpd
  • Squid
• Windows

Archives

• November 2010
• October 2010
• February 2010
• January 2010
• December 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• March 2009
• February 2009
• December 2008
• November 2008
• October 2008
• July 2008
• May 2008
• April 2008
• January 2008
• December 2007
• October 2007
• September 2007

Meta

• Log in
• WordPress

Handy References

• (Draft)
• SED One Liners
• Advanced Bash
• Advaned Bash (D90 Archive)
• ASCII Table
• Windows ALT Codes
• XHTML Codes
• CSS Codes
• SQL Reference
• Country / Language Codes
• CISCO IOS Reference

Search

Quick Reference Posts

• Favorite Commands
• Terms & Speeds
• Pre-press & Media
• Security Articles

Handy Services

• Whois
• IP Lookup
• MAC Address Lookup
• DIG
• Internet Traceroute
• MX Record Lookup
• File Transfer Speed
• Mac Address Lookup
• chmod calculator
• Internet Latency
• Akami Internet Visualization
• Unit Convertor
• Reverse Hash Database

Some Favorite Sites

• Schneier on Security
• Krebs on Security
• MalwareInt Blog
• CSO Online
• The Register
• Internet Storm Center
• Chronology of Data Breaches
• SANS Forensics Blog

More Favorite Posts

• Baloney Detector
• Default Passwords
• Data Center Naming
• Whole Building Design Guide

How do I do that again?

• Interpreting TOP
• Yahoo's Website Optimization Rules

Security Resources

• Professional Security Testers
• Open Source Security Test Methodology
• ISO 17799
• NIST Security Assessment Framework
• CERT OCTAVE Assessment Framework
• NSA System Hardening Guidelines
• Microsoft Baseline Security Analyzer, Other Tools, and Frameworks
• WebGoat Web Vulnerability Practice
• OWASP Web Application Vulnerabilities
• CyberCrime.gov Updated list of incidents
• Information Systems Audit Methodology
• Terry Ritter's Guideline for safe PC Banking
• Open Source Forensics

Forensic Resources

• Sleuth Kit

More Security Resources

• Typo Squatting

Embedding Fonts in Word

By Matt | November 26, 2010

http://word.tips.net/Pages/T001611_Embedding_Fonts_In_a_Document.html

http://www.howtogeek.com/howto/microsoft-office/embed-true-type-fonts-in-word-and-powerpoint-2007-documents/

Topics: Windows | No Comments »

Custom 404 for Apache (using PHP!)

By Matt | November 4, 2010

Images, css, js just get a simple 404 Not Found page.

Everything not in the list of items we’re checking get redirected to the homepage. So a simple typo will get the redirect, but a missing PNG file that’s called by one of our pages won’t send a copy of the homepage to the client telling it it is an image file!

/*
This is a custom 404 handler.

It does makes a decision -- if it's a small, auxiliary file like an image, code sheet, etc
that is being requested and not found then we'll send a standard Apache 404 page.

However, anything that looks like a website request (i.e. everything NOT in the list)
will be given a 301 redirect to our homepage.

Invoke by:
ErrorDocument 404 /404.php

4 November 2010
Matt Kivela
*/

/* Currently set to filter:
aspx
asp
cgi
css
gif
ico
jpg
ogg
png
*/

if (preg_match('/\.[Aa][Ss][Hh][Xx]|[Aa][Ss][Pp]|[Cc][Gg][Ii]|[Cc][Ss][Ss]|[Gg][Ii][Ff]|[Ii][Cc][Oo]|[Jj][Pp][Gg]|[Jj][Ss]|[Oo][Gg][Gg]|[Pp][Nn][Gg]$/', $_SERVER[REQUEST_URI], $foo))
{
echo Header("HTTP/1.1 404 Not Found");
echo Header("Status: 404 Not Found");
echo "404 Error:
File: http://$_SERVER[SERVER_NAME]$_SERVER[REQUEST_URI] not found.
";
echo "If this is causing a problem, you may contact admin@yourdomain.org or
";
echo "submit a ticket at http://bugzilla.yourdomain.org/";
}
else
{
$new_url = "http://$_SERVER[SERVER_NAME]/";
echo Header( "HTTP/1.1 301 Moved Permanently" );
echo Header( "Location: $new_url" );
}
?>

~


Topics: Linux, Sysadmin Tools, Web Hosting Tools | No Comments »

Security for Educational Institutions

By Matt | October 15, 2010

Couple good links for future reference:

http://www.cosn.org/Initiatives/CyberSecurity/CyberSecurityInformation/UnderstandingtheIssues/EightAssessmentQuestions/tabid/5258/Default.aspx

http://www.sans.org/reading_room/whitepapers/sysadmin/protecting-students-public-school-environment_1428

Topics: General Security | No Comments »

Links…

By Matt | February 22, 2010

Legal stuff on Electronic Communications Privacy and Wiretap Acts:

http://www.internetlibrary.com/topics/electronic_cpa.cfm

Topics: Uncategorized | No Comments »

Cell Phone Location

By Matt | February 13, 2010

Fascinating — I didn’t know the difference between CDMA & GMS in how they locate phones, or the more sophisticated time based triangulation by T-Mobile:

The Federal Communications Commission’s “Enhanced 911″ (E911) requirements allowed rough estimates to be transformed into precise coordinates. Wireless carriers using CDMA networks, such as Verizon Wireless and Sprint Nextel, tend to use embedded GPS technology to fulfill E911 requirements. AT&T and T-Mobile comply with E911 regulations using network-based technology that computes a phone’s location using signal analysis and triangulation between towers.

T-Mobile, for instance, uses a GSM technology called Uplink Time Difference of Arrival, or U-TDOA, which calculates a position based on precisely how long it takes signals to reach towers. A company called TruePosition, which provides U-TDOA services to T-Mobile, boasts of “accuracy to under 50 meters” that’s available “for start-of-call, midcall, or when idle.”

Topics: Uncategorized | No Comments »

Seven Principles for Security Systems

By Matt | February 11, 2010

This is a very good report:

Understanding scam victims:
seven principles for systems security
Frank Stajano, Paul Wilson
August 2009

Archived here.

While reading the example scams in the article, it becomes clear much like corporate fraud they depend on collusion. A team pulling off a social hack is far stronger then a single person trying to do so.

1) While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.

2) Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.

3) Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.

4) Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.

5) Things and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

6) Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

7) When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards a strategy involving less reasoning.

Topics: General Security | No Comments »

Atlantic article on Cyber Attacks

By Matt | February 11, 2010

It is well-funded and pursued by mature individuals and groups of professionals with deep financial and technical resources, often with local government (or other countries’) toleration if not support. It is already responsible for billions of dollars a year in losses, and it is growing and becoming more capable. We have largely ignored it, and building our military capabilities is not responding to that threat.

James Fallow, Atlantic Magazine, February 2010

Topics: General Security | No Comments »

Rootkit Hunters

By Matt | February 10, 2010

A few resources for finding rootkits:

Linux:
Rootkit Hunter
Chkrootkit

Windows:
RootkitRevealer

Topics: General Security, Linux, Sysadmin Tools, Windows | No Comments »

Some Sun Tzu quotes…

By Matt | February 5, 2010

Good for Information Security:

All warfare is based on deception.

He who occupies the field of battle first and awaits his enemy is at ease, he who rushes into the fight is weary.

A speedy victory is the main object in war. If this is long in coming, weapons are blunted and
morale depressed.

Generally, management of a large force is the same as management of a few men. It is a matter
of organization.

(The above taken from here.)

Measure, assess, calculate, compare:

The ground gives rise to measurements, measurements give rise to assessments, assessments give rise to calculations, calculations give rise to comparisons, comparisons give rise to victories.

Way:  your corporate culture

Weather: periodic changes in outside forces and moods

Terrain: cooperative, competitive, and antagonistic landscapes

Leadership: organizational leadership

Discipline: organization’s willingness to follow direction

(Above paraphrased from this source.)

Topics: Uncategorized | No Comments »

Nice explanation of Solid State Drives:

By Matt | February 3, 2010

Everything you ever wanted to know about how SSD works

Topics: Uncategorized | No Comments »

« Previous Entries

D90 Tools & Techniques is proudly powered by WordPress - Designed by RFDN
Entries (RSS) and Comments (RSS)