Hanashi - Slashdot User

Comment: Re:Best Part (Score 1) 174

by Helevius on Tuesday February 01 2011, @03:09PM (#35071074) Attached to: World's Worst Hacker?

Some intruders download Windows service packs to check the bandwidth available.

Comment: Re:Won't someone please think of the children (Score 1) 256

by Helevius on Saturday February 06 2010, @01:32PM (#31046522) Attached to: FBI Pushing For 2-Year Retention of Web Traffic Logs

You said

"HTTPS only works one IP per host, so that gives a positive track to where they were going."

That is not correct. If you inspect HTTPS traffic you'll see that clients issue something like the following:

CONNECT www.myawesomehost.net:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Proxy-Connection: keep-alive
Host: www.myawesomehost.net

The same IP address can host www.myawesomehost.net and plenty of other Web sites. With HTTPS the Feds would just track the CONNECT and Host: fields since those are in the clear.

Comment: Re:Thanks! (Score 1) 216

by Helevius on Tuesday September 01 2009, @07:14PM (#29279555) Attached to: The Myths of Security

"I know the book has pissed some people off, especially when I take on their particular sacred cows (e.g., intrusion detection)."

"Sacred cows" have nothing to do with it. The book just isn't that interesting.

Comment: Richard Bejtlich's Observation of CDX 2009 (Score 1) 219

by Helevius on Tuesday May 12 2009, @08:49AM (#27920523) Attached to: NSA Wages Cyberwar Against US Armed Forces Teams

Richard Bejtlich from the TaoSecurity Blog was invited by NSA's Tony Sager to visit the CDX in person:

http://taosecurity.blogspot.com/2009/05/thoughts-on-2009-cdx.html

Bejtlich mentions that CDX participants were given a budget for the exercise. This means it cost them "marks" (in exercise language) to replace the Windows images NSA provided with alternative systems like FreeBSD or Linux. That decision caused the team to have less resources for other tasks.

The Army didn't win just because they used Linux. Bejtlich posts reasons why they won here:

http://taosecurity.blogspot.com/2009/05/lessons-from-cdx.html

Comment: Linked pdf is not the result of the 60 day study (Score 1) 133

by Helevius on Saturday April 18 2009, @08:04PM (#27631607) Attached to: DHS Seeks "Ethical Hackers" To Protect Federal Net Infrastructure

Watch for a report from Melissa Hathaway, who is leading the effort. The linked .pdf is from GAO and was published 10 March.

Comment: Association of Former Information Warriors (Score 1) 426

by Helevius on Saturday March 14 2009, @07:10PM (#27196303) Attached to: How Do Militaries Treat Their Nerds?

As a result of this discussion, the Association of Former Information Warriors was created.

LinkedIn Group:

http://www.linkedin.com/groups?about=&gid=1847393

Blog:

http://aofiw.blogspot.com/

Comment: Released in 2001 by Sir Dystic at Atlantacon (Score 1) 203

by Helevius on Sunday November 16 2008, @05:32PM (#25779959) Attached to: Microsoft's "Dead Cow" Patch Was 7 Years In the Making

This topic was discussed on March 31 2001 at @lanta.con in Atlanta, Georgia.

Comment: Don't worry too much about it. (Score 1) 57

by Hanashi on Friday January 06 2006, @09:27PM (#14414175) Attached to: Are Hotlinked Images Now a Liability?

I can understand why you'd be concerned about the possiblity of your website serving exploit code to unsuspecting users. However, I'd like to point out that the problem is not unique to your site, nor does it only affect sites that allow users to post images. I've posted a writeup about a security incident I investigated that involved a malicious WMF being distributed through syndicated advertisements, and I know the same thing happened when the GDI vulnerability was discovered. The bottom line is that it's very difficult to lock down all the attack vectors for something like this, and your website is probably no worse than anyone else's at this.