The hot new tool of the day is Echo Mirage! Have you had the need to get in between a fat client and the server it communicates with? You have no way to tell the client what the target server and port are, yet you need to intercept the traffic in real time for modification and protocol attacks? Well, this week at a client site I needed to do just that. I spent the better portion of a day cobbling together a VM running Linux with two instances of netsed and also reversing the Java web start files to point it to it's new location. THEN I find this tool.
Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
Check it out the next time you find yourself hammering a protocol that you just can't intercept.
I just finished reading "The Children of Hurin" by J.R.R Tolkien. If you are a big fan of the rest of Tolkien's works you will love this book. It is the back story of the kin of Hurin and the curse laid upon them by Morgoth.
The story begins with a brief introduction to Hurin, his kin, and his deeds that lead to his imprisonment and subsequent cursing. Following this, the book details, primarily, the life of Turin and his sister Nienor, the son and daughter of Hurin. From birth to their final glorious moment, both kin travel the lands bringing havock to any who house them. Finally, the book completes in a dramatic fashion worthy of traditional Shakespeareian conclusions.
The book is not impossible to read, and if you can get past the typical Tolkien 100+ names of locations and characters the narrative is fairly straightforward. It reminded me of a cross between Shakespeare and traditional Mythology. The writing is somewhat in old English, typical of Tolkien, and includes a large genealogy, appendix, and fold out map in the back of the book. Additionally there is a character list that gives a synopsis of each name used throughout the novel.
Overall, I enjoyed the read. It went fairly quickly and held my interest throughout. Learning some of the history that surrounds Middle-Earth adds to the enjoyment that the reader/viewer would get out of the more common novels and movies by Tolkien. I give "The Children of Hurin" 4 out of 5 donkeys.
NOTE: I find it VERY interesting that the spell checker that I use in vi to write these entries actually finds Tolkien as a real word and doesn't highlight it as a misspelling. I guess a fellow nerd created that particular dictionary.
Someone on the Full-Disclosure mailing list has claimed to have hacked into the publishing company behind the successful Harry Potter series of books. If you don't know who Harry Potter is, get your face out of your computer terminal and look at the rest of the real world.
In the post, the "hacker" gives a high level plot summary, including revealing the end of the book. What I find interesting is that the publisher will neither confirm or deny the spoiler. We'll see if the "hacker" is right in about a month.
Here is a link to the full disclosure post. Beware that is contains potential spoilers!
So silly that this would probably work! Combat THIS new threat TSA!
Looks can be deceiving. If you watch THIS video you will be SURE that our glorious president's watch was clearly stolen by someone in the crowd. (Watch closely for first 1.5 minutes). However looks can be deceiving! Watch THIS video for the truth.
The point of this post is to always remember to second guess what you see or hear, especially when it's on the Internet. The truth always lies somewhere between what you perceive to be the facts and the real raw data.
I came across this blurb today. I found it very interesting. It discusses the difference between a "mystery" and a "puzzle". Poker is most DEFINITELY a mystery!
"Risks and Riddles"
The Soviet Union was a puzzle. Al Qaeda is a mystery. Why we need to know the difference By Gregory F. Treverton
There's a reason millions of people try to solve crossword puzzles each day. Amid the well-ordered combat between a puzzler's mind and the blank boxes waiting to be filled, there is satisfaction along with frustration. Even when you can't find the right answer, you know it exists. Puzzles can be solved; they have answers.
But a mystery offers no such comfort. It poses a question that has no definitive answer because the answer is contingent; it depends on a future interaction of many factors, known and unknown. A mystery cannot be answered; it can only be framed, by identifying the critical factors and applying some sense of how they have interacted in the past and might interact in the future. A mystery is an attempt to define ambiguities."
Another really interesting blub from the same article is regarding the use of Bayesian mystery framing in modern medicine. This same type of logic is exactly what one does at the poker table!
While few doctors would put it this way, they act upon something that might be called Bayesian mystery framing. Bayes' theorem is a statistical technique for adjusting subjective probabilities in light of new, but inconclusive, evidence. Doctors base an initial assessment of a patient's health on propensity, as revealed by his or her medical history, and on diagnosis, determined through an examination. If the doctor's initial assessment is of a high probability of disease, he or she orders more tests, which in turn refine that probability. For chronic concerns, such as high blood pressure leading to heart disease, the initial assessment leads to a decision about whether and how to treat, followed by subsequent tests to see if the original probability of problems can be revised downward.
http://www.smithsonianmagazine.com/issues/2007/june/presence-puzzle.htm
While I snatched this blub off of an infosec mailing list, I couldn't resist matching it's comments to my other passion. Thanks Gunnar for sending this to the mailing list
Sorry I haven't posted much in the last week and a half. I took a week long Holiday to visit my family in New York. After a horrid return trip (F.U. USAirways) I finally made it home this past Thursday evening. On the trip I started and finished the book "Final Sins", by Michael Prescott. This book appears to be one of many books Prescott has authored using the same primary characters. I haven't read the previous book, Mortal Sins, or any of the other books my Prescott, yet, so keep that in mind.
"Final Sins" is a typical suspense, thriller, type fiction book. The story centers around a half a dozen characters ranging from the vigilante justice keeper, good FBI agents, corrupt FBI agents, a serial killer, and a stalker. As the plot develops we learn more background about the different characters in a well written story that managed to keep my interest. The character development is deep enough to really feel for the losses that the plot throws in, however it isn't deep enough to make me jump for joy.
The plot was also mediocre at best. There wasn't a single plot turn that I hadn't thought of well in advance of the author presenting the twist. The plot was transparent and largely predictable. With the exception of one particular piece of data (Faust's get away location at the end of the story), I saw it all coming a mile away.
If you are looking for a gripping story with twists that will keep you guessing, this book isn't for you. If you want a story that has deep and rich character development, again, look elsewhere. If you want an easy read that will simply pass the time for you on a long flight, this one will barely make the cut. I give "Final Sins", by Michael Prescott, 3/5 donkeys. Better luck next time Michael!
