downgrade.orgThe rantings and insight of an ethical hacker, coder and IT samurai.

quotes from an internal memo sent to Microsoft Chairman Bill Gates on February 21, 1997 by C++ general manager Aaron Contorer, a software expert.
“There is a huge switching cost to using a different operating system,” he wrote Gates.
“It is this switching cost that has given customers the patience to stick with Windows through all our mistakes, our buggy drivers, our high TCO, our lack of a sexy version at times…
“It would be so much work to move over that they hope we just improve Windows rather than force them to move,” he said.

This is an excerpt of an IM conversation.
[15:46] irq13: THis months cryptogram is sooo good.
[15:47] irq13: they talk about e-voteing.
[15:47] irq13: Schneier has a belief that he talks about in practical crypto about what you are trying to break into being worth more $ then the act of breaking in.
[15:49] irq13: He quantified the spending of candidates on a per vote basis and it turns out that 1 vote (based on what pres candidates in 2002 spent) is worth $200 – $500
[15:49] irq13: It would take 0.5% of a swing vote to get the other candidate elected, effectively being worth upwards of $100m
[15:49] irq13: So they have to have security that would deter someone who has about $100m to spend breaking it.
[15:50] irq13: That ain’t gonna happen…. especially with a default windows install.

The weather has been great lately. I have been hanging out with the windows open. Its nice. I always get all giddy and happy when spring finally hits.
I was turned on to LaunchCast by a friend. Its an awesome service. It chooses what it thinks you will want to hear based on how you rate songs you have already listened to. I have found a lot of great new artists using it.
This week is the week I return to martial arts! I have said that before but I realy meen it this time.

Google has taken the last 10 years of systems software research out of university labs, and built their own proprietary, production quality system. What is this platform that Google is building? It 's a distributed computing platform that can manage web-scale datasets on 100,000 node server clusters. It includes a petabyte, distributed, fault tolerant filesystem, distributed RPC code, probably network shared memory and process migration. And a datacenter management system which lets a handful of ops engineers effectively run 100,000 servers. Any of these projects could be the sole focus of a startup.

http://blog.topix.net/archives/000016.html

“According to MSNBC, ever since mid-January, various electronic devices have been spontaneously combusting in the now evacuated town of Canneto di Caronia, Sicily; at this point, the fires are almost daily. The town has been disconnected from the larger electrical grid and was hooked to a generator, but that, too, caught fire. Even unplugged items have succumbed. Nothing seems to have burst into flame except where there is someone present to witness it, but the police no longer suspect a prankster -- after witnessing wires catch fire without cause. Scientists have yet to explain the phenomenon (although unproven theories abound), leading many people to look to supernatural causes.”

Wow, its been a long time since I last bloged.  I will be sure to post more regularly from now on.

I have War.c and Glamkookie crashing at my place for a wile.  They are both in here Canada.  Every day has been a blast and I am glad they are around.

GuardianLogic has been incorporated.  Now that all of the nit picky legal crap is out of the way I can officially change the name of my biz from Sigil Studios to GuardianLogic, Inc.  If you are a client you should receive an email shortly explaining it all.

I began studying for my CISSP exam.  I never realized how crazy it is.  Its a 6 hour test and is only offered once this year in MI.  I bought two books and have some practice tests.  I have never been much into the certification classes.  Why pay $2000+ for a class when you can pay $100 for a couple books and still pass?!

I have also been sick for the last couple of weeks.  I have lost my voice on a couple of occasions and constantly hack stuff up.  I wish I could be well again.  Can 't wait till I finally get my health insurance from work.  Its sad that I 'm looking forward to going to the Dr, but I have had a lot of health problems “stacking up” over the time that I was self employed and without insurance.  One of the first things I will have done is getting these damn wisdom teeth yanked.  All four (yes 4) are impacted.  One is cutting into nerves in my jaw and I get Hellaciose headaches from it.  It also causes sinus and inner ear infections.  And I tell ya, if you have ever had an inner ear infection you would be looking forward to having the bastards pulled too.

As I said earlier, I will be posting with more regularity again and updating the page a bunch.  Keep checking back.

A little background. I signed up for a free AOL dial-up trial membership, just under a year ago.

I canceled two weeks into the membership. The billing person on the phone asked why I was canceling (I hate when companies do that. I hate it even more when they try to talk you into staying with them.). I informed her that we just had our Cable Modem set up. She asked if I would like to try AOL for broadband. I said no.

Since that conversation AOL has been charging $50 per month onto our phone bill. We called and canceled 3 (three) times and assumed we were no longer being billed.

We canceled our phone and are using our cell phones for our primary lines now so AOL can.t keep taking there money (I assumed they finally canceled it) so they send a nasty letter from there billing department.

Upon receiving this letter I called the customer service number on the notice. 10888-723-8133. I spoke with Shawn who said I would need to talk to billing at 1-888-265-8008 and that he would transfer me to that number. I got Adam in billing. After explaining the situation this is what transpires.

Adam: So what your AOL Broadband screen name.
Irq13: I never set one up. I never logged on it. Please have a look at the usage stats to verify this.
Adam: Okay, let me talk to my supervisor.
5 minute hold
Adam: We can get your account canceled but we first need you to make that $50 payment or else we will send you to collections.
Irq13: I.m sorry?! Not only will I not make the $50 payment but I would like a refund for previous billings.
Adam: We won.t refund your money and you have to pay the $50 or we will send you to collections.
Irq13: So what your telling me is I have been charged for a service that I did not want, did not ask for or sign up for and have been billed for without ever using, and you wont offer me a refund, in fact you want to send me to collections?! Let me speak with your supervisor
Adam: He doesn.t get paid to do my job
Irq13: So I can.t speak with your supervisor?
Adam: No.

At this point I hung up. Oh so pissed.

After a couple of deep breaths I regained my composure and realized that he said I needed to pay the money before they would CANCEL my account. So they will continue to bill me. That conversation meant nothing.

So I call back the billing number that Shawn had given me in our first conversation.

Irq13: May I speak with Adam please?
Andrea: I have no idea who Adam is or if he even works in this country.
Irq13: It was a long shot. I figured being that both of you work in billing that there may be some chance.
Andrea: This isn.t billing. They are at 1-888-265-8003.
Irq13: Thank you, I will call that number.

I hang up and hear I am more pissed then after the call with Adam.

I.m going to lay off calling them back till I have cooled down enough.

What recourse do I have in this situation?

http://dragon.roe.ch/~roe/public/geek/hacker-bomb.jpg

Headline reads…

“Hackers can turn your home computer into a bomb… & blow your family to smithereens!”

Good times…

A long time friend and colege (and MCSE and long time MS Advocate) recently asked me via email what the best choice of Linux/Unix distros are for someone interested in learning.

With the proliferation of distributions available I would imagine this is a pretty intimidating decision for someone starting out so I took a little bit of time to craft my answer.  Here it is for all who are intersted…

Hi, it was good to see you guys too.  We should do that more often.

 

Congrats on the choice to investigate the *nix world. Its not really hard at all, just a completely different way of thinking about things.  Once people get over the initial shock of it being so different the learning curve gets tiny.

 

As to a specific distro, it all depends on what you are looking for.  FreeBSD Unix is pretty popular right now.  In a recent article on slashdot (http://slashdot.org/article.pl?sid=04/02/21/142239&mode=thread) it is said to be (statistically) one of the most secure OS ' around.  OpenBSD is also bunched in with this figure I believe.  OpenBSD is built for security.  It makes an awesome firewall/router and because of the way PF (its firewall implementation, packet filter) is set up it will act as a router for a large network on a P1 with very little RAM.  OpenBSD has AMAZING online documentation and help, but is a very different install than any other unix or linux flavors.  By default Bind, Apache and Logd are chrooted.  This can cause problems to someone who is new to unix as its very hard to work with in some cases.  Especially any sort of virtual hosting on a chrooted apache box.  Ick.

 

The linuxes are in a strange place right now. Before RedHat anouced the retirement of the free basic RedHat OS they where the best choice for any business related linux implementations.  They had the biggest hardware and software support.  Most of the large computer manufacturers (Dell, HP and so forth) where all making servers with RedHat on them by default.  Then they announced they where switching to the Enterprise (pay) model and have a developer ver (fedora) available.  Now everyone who was using it is scrambling to find a new distro. 

 

For the raw configurability of it I like Gentoo.  Gentoo-Hardended specifically.  It uses the NSA 's SELinux permissions system, Pro Police Stack Smashing protection (if an overflow existed in code this should stop it from being exploitable) and a ton more.  Its a good solid OS.

Debian has wide speedy support is becoming one of the most popular free distros.  Its Apt-Get package system is great and allows you to set up OS and software updates via a scheduled command (Cron Job).

 

Gryphn and I just installed Suse a day or two ago on one of her mighty dell servers.  So far I -REALLY- like it.  Its very similar to redhat and even uses the RedHat Package Management system.  Its very easy and is available both free and commercially.  Although we haven 't had much time to give it a thorough evaluation I rather like it.  You can get the remote install cd for free here http://www.linuxiso.org/download.php/499/boot.iso or you can get the “Live eval cd”.  This boots right from the cd and lets you play with it… http://www.linuxiso.org/download.php/491/SuSE-9.0-LiveEval-i386-Int-RC1.iso

 

LinuxIso.org is a unix geeks best friend.  Download all the distros you want and try em out.  The only cost is that of blank cds and the time it takes to run through the install.

 

I hope this helpful, I don 't know your current level with *nix so I may have either spoke down to you or up to you.  Sorry.

 

I think the best choices to learn on would be either Debian or Suse (suses install was cake) and if you like what you see try OpenBSD or FreeBSD.  They all have different things going for them so its not always cut and dry which one to get/use.  It all depends on how you want to implement it.

 

Let me know if you have any other questions.  I love talking unix.

Last night Gryphn and I spent a long time setting up an OS on her new server.  We attempted a bunch of different ones failing to get the Perc3 to work with a few of the distros.  I finaly downloaded the Suse FTP Boot Iso from linuxuso.org and installed it.  Its a very well developed, solid, easy and stable OS.  It reminded me alot of a less buggy redhat.  I sware I saw some SELinux bits as well as chroot stuff.  I guess (according to the suse site) that they have a pretty good firewalling system.  I have yet to play with it. 

I 'll let everyone know how it goes.