Archive for July, 2004

Business blogging moving mainstream

Friday, July 30th, 2004

From CNN

IBM sees blogs as a way to revolutionize employee communication, one executive said on the sidelines at the July 23 conference, which attracted about 300 attendees.

“It’s about decreasing social space between employees, and increasing the amount of knowledge shared between people,” said James Spohrer, director of IBM’s Almaden Research Center.

An example of an employee blog, he said, might contain elements of a resume, some of an individual’s educational background and work experience, along with information on product development strategies colleagues and customers can view on a round-the-clock basis.

Company interaction

The sharing of such information between company employees and customers promises to speed feedback on efforts to produce new products and improve business processes, Spohrer said.

Appreciate your Sysadmin!

Thursday, July 29th, 2004

As noted by Mike McBride, tomorrow, July 30th is System Administrator Appreciation Day.

Bribe Treat your sys admins well, preferably with toys and baked goods. ;-)

Exposing P2P file sharing dangers

Wednesday, July 28th, 2004

Slashdot had a really intriguing posting this afternoon about a blog called See What You Share. The blog purportedly is exposing files made available to “share” with *anyone* on the popular file sharing networks via unchecked and unsecured P2P file sharing applications.

The problem here isn’t merely that one person’s private information might be shared (which is bad enough), but these P2P file sharing applications were found on computers belonging to the US Military and other critical organizations. If you take a quick look at the blog, you’ll see examples of US Military unit rosters, phone numbers for a Washington State rescue squad, and pictures of a dubious nature.

The author of the blog, under the pseudonym of Greg Wallace has stated that he tried contacting local authorities but nothing was done about it.

A few questions that immediately come to mind are…

1)If you are going to go with the arguement that it is not possible for the US Military, etc. to monitor each and every PC under it’s control, can’t we ask why isn’t the US Military blocking these P2P apps on the network level? The ports that these programs use are well known.

2)Do you think Greg Wallace will be charged for hacking for finding and publishing these files?

I dunno. This will be an interesting story to watch as it gets legs.

Bots configured badly

Wednesday, July 28th, 2004

While I was checking my Web site logs last night I noticed another strange “guest” username entry. So armed with my monthly Apache logs and the grep command, I found the offender and it is indeed a badly configured bot.

168.75.177.103
- guest
[25/Jul/2004:05:41:07 -0400]
“GET / HTTP/1.1″ 200 28287
“-”
“Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)”

Searching for the 168.75.177.103 IP address on Google shows that this bot or crawler or whatever it is, has gotten around.

Utlities like this make me giggle

Tuesday, July 27th, 2004

Some of you may think I’m just a tad bit weird, but I squealed with delight this morning upon finding this About You page at DNSStuff.com.

For my non-technical readers, visiting the About You page runs a simple script which reveals your IP address, your Web browser information, your Web proxy information, TCP/IP header info, and your DNS servers*. Pretty neat.

*I’m wondering if the DNS info would only appear if you are referred to that particular page via another Web page rather than just merely typing in the URL in the browser.

Now for something a little different

Sunday, July 25th, 2004

A slideshow featuring the grounds and of some of the flowers currently in bloom at Longwood Gardens. (Quicktime: longwood-july.mov).

worldKit WordPress blogs

Saturday, July 24th, 2004

OOOHHHH, just saw this in my referers…..a geolocation page for WordPress powered blogs. Similar to the earlier GeoURL.

Fireworks & Fountains

Saturday, July 24th, 2004

Last night my Mom, my Daughter and I braved the threat of rain and visited Longwood Gardens for their Fireworks & Fountains show. We arrived a few minutes before the show started, parked in the back of the parking lot (which really wasn’t that far) and made our way to the staging area. To our surprise, even with the threat of rain, there were easily a few thousand people waiting for the fireworks to begin, mostly couples on dates and families. Even though we arrived with a few minutes to spare, we easily found a spot to sit on the grass (thank goodness for my waterproof space blanket).

Suffice it to say, the fireworks & fountains were spectacular (Quicktime movie: longwood.mov) and did I mention it would be a great place for a date?

1st lwst agnst txt msg spmmrs

Wednesday, July 21st, 2004

According to this article on pc-radio.com, Verizon recently sued spammers it claims sent unsolicited cell phone based text messages to Verizon customers.

Most U.S. cellular carriers operate email gateways that forward Internet emails to subscribers’ phones using a technology known as short message service (SMS). Cell-phone spammers target those gateways with software that attempts to automatically generate valid email addresses. Because SMS limits messages to around 160 characters, cell phone spam is usually brief and invites recipients to visit a Web site or call a toll-free number for more information.

Verizon, which boasts 40 million wireless customers in the U.S., said it blocks around 50,000 text-message spams per day. The wireless firm installed a spam filtering system in late February at a cost of around $600,000, according to an affidavit filed in the lawsuit.

Under one of its pricing plans, Verizon Wireless charges users two cents per message for receiving text messages. Verizon said it would credit subscribers who have been charged for receiving spam text messages.

Microsoft IIS Security Checklist

Wednesday, July 21st, 2004

Interesting. As found on the Net security aggregator blog netsec a link to this nifty Microsoft IIS Security Checklist.

While I strongly prefer to work with Apache (better security and easier customization IMHO), this is a good reference for those of you who have to deal with IIS for your Web server needs.

spam for loans, spam for loans

Tuesday, July 20th, 2004

My email filters have been getting a workout these past few weeks with variations on the foreign based website acting as a local mortgage broker and asking for personal financial information scams. Here is an example of what one of these emails look like. The Web page for the mortgage broker is actually hosted on a Brazilian Webserver. The email posted below has been copied and pasted (with the exception of the removal of my mailserver information) as it appeared in my inbox.

Received: from [220.116.85.248] (helo=63.247.129.138)
by [my mailserver] with smtp (Exim 4.34)
id 1Blpd2-0000sc-VG
for [my email]; Sat, 17 Jul 2004 09:53:30 -0400
Received: from 236.136.244.224 by 220.116.85.248; Sat, 17 Jul 2004 17:50:01 +0300
Message-ID:
From: “Edwina Cobb”
Reply-To: “Edwina Cobb”

To: [my email]
Subject: We have approved your loan
Date: Sat, 17 Jul 2004 17:49:01 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”–1785671432408812″

—-1785671432408812
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

Hi again.
I sent you an email a week ago and I want to confirm everything now. Pleas=
e read info below
and let me know if you have any questions. We are accepting your mo rtgage=
application. We specialize
in less-than-perfect cr edit, and our advisors are here to help you.
Approva1 =C2 process will take 15 seconds.

http://www.jakao.biz/green/index.php?affiliateid=3Dmailer00001″=
Just visit this link and fill in short form.

Thank you.c

Best regards,
Edwina Cobb

octant kowloon aback oldy steen cameraman deanna amtrak create thatch well=
es basidiomycetes puddingstone delectate chert apprehend yeoman hetty=20LW=
PZXTSXBI

—-1785671432408812–

————=_40F92F5B.2CF645C4–

Odd site log entry

Wednesday, July 14th, 2004

Recently, I started finding “username” entries in my Web stats program. At first I feared someone possibly cracked my box, but the mysterious users only visited for a short bit and they only apparently reached my Web server. The only two Web serving programs I have are Apache and WordPress. My Apache install is maintained by my wonderful webhost, while the WordPress install is maintained by me, and I hadn’t approved any other members as of yet. So, after the initial findings, I waited to see if the mysterious log entries would appear again, so I could track them. Here is an entry which recorded a username today.

68.116.223.103 //IP addy
- www.carvir //unknown fields, “www.carvir” recorded as username
[14/Jul/2004:07:31:22 -0400] //date, time
“GET / HTTP/1.0″ //HTTP request
200 23667 //HTTP code, bytes sent
“-” //Referer string
“Mozilla/3.0 (compatible)” //User Agent (this looks like a bot)

I’m not an HTTP expert, but I think after seeing this log entry, that second part where the “- www.carvir” appears is possibly where a username/password is passed along to the server.

Just for kicks here is a normal looking entry for comparison….

[IP addy]
- -
[14/Jul/2004:11:23:17 -0400]
“GET /archives/office-depothewlett-packard-summer-offer-to-recycle-consumer-electonics/ HTTP/1.1″
200 5052
“http://www.mikemcbrideonline.com/blogger.html”
“Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2″