Forgot your password?
typodupeerror

Submission Summary: 0 pending, 4 declined, 3 accepted (7 total, 42.86% accepted)

Google

+ - Trending Low-Volume Google Searches - Introducing ->

Submitted by
michaelrash
michaelrash writes "The Google Trends project provides some visibility into how popular search terms like "Myspace" or "2008 Election" change over time and points out relevant news articles that create jumps in search volume. This is a handy tool, but there are many search terms that Google Trends does not display any results for. Such terms (such as "Linux Firewalls" — with the quotes) have insufficient search volumes to display graphs according to the error message that Google Trends generates. Fair enough. Google sets an internal threshold on search volume, and this threshold could be set for reasons that range anywhere from Google Trends is still experimental to Google not wanting to provide data on how it builds its massive search index for emerging search terms. Either way, I would like a way to see search term trends that Google doesn't currently make available to me. So, I've released an open source project called "Gootrude" to do just this. For the past year Gootrude has collected a set of low-volume search terms and interfaced with Gnuplot to visualize them."
Link to Original Source
Security

+ - Port Forwarding via Single Packet Authorization->

Submitted by
michaelrash
michaelrash writes "Most port knocking or Single Packet Authorization implementations offer the ability to passively authenticate clients for access only to a locally running server (such as SSHD). That is, the daemon that monitors a firewall log or that sniffs the wire for port knock sequences or SPA packets can only reconfigure a local firewall to allow the client to access a local socket. For local servers, this works well enough, but suppose that you are on travel and that you ultimately want to access an SSH daemon that is running on an internal system with a non-routable IP? If the SPA software is deployed on a Linux gateway that is protecting a non-routable internal network and has a routable external IP address, it is inconvenient to first have to login to the gateway and then login to the internal system. The latest release of fwknop supports the automatic creation of iptables NAT rules to allow temporary access directly to internal systems by forwarding a connection on through the gateway system directly to an internal server. Such access is granted only after a valid SPA packet (i.e. non-replayed and encrypted either via a shared Rijndael key or via GnuPG) is passively sniffed off the wire. It is no longer necessary to login to the gateway system first and use it as a jump point for access to internal systems."
Link to Original Source
Media

+ - Colossal Squid Caught

Submitted by
michaelrash
michaelrash writes "From the article, "A fishing crew has caught a colossal squid that could weigh a half-ton and prove to be the biggest specimen ever landed, a fisheries official said Thursday. If calamari rings were made from the squid they would be the size of tractor tires, one expert said. The squid, weighing an estimated 990 pounds and about 39 feet long, took two hours to land in Antarctic waters, New Zealand Fisheries Minister Jim Anderton said.""
Security

+ - Visualizing Honeynet Project iptables data

Submitted by
michaelrash
michaelrash writes "The Honeynet Project so far has released several Scan of the Month challenges to the security community, and two of these challenges have included extensive iptables logfiles that contain malicious traffic directed at the Honeynet. Security visualization is becoming increasingly important to get meaningful information from mountains of data generated by intrusion detection systems and firewalls, and the new site Secviz.org is helping to bring visualization of security data to the masses. By combining psad with the graphing capabilities of the AfterGlow project, I have created a set of graphs that display some of the more interesting features of the Honeynet iptables log data. Outbound SSH and IRC connections are shown coming from a compromised host on the Honeynet, and graphs of the Slammer worm (UDP port 1434) and the Nachi worm (92-byte ICMP packets) are clearly shown. There are parsers on Secviz.org for other types of logfiles, so start graphing your data!"

"Pull the trigger and you're garbage." -- Lady Blue

Working...