I had an issue where I had to clean an html page / pages that were built using Microsoft Word. Since I had to use these pages in many locations and apply a new style to them. I needed a good way to clean the HTML and did not want to do it by hand. I did a few searches and found that Microsoft actually makes a tool to do this. They make an office add-on that will clean the Word / Excel / Frontpage junk html. You think they would have done this in the actual application.

Well that tool would not for work me, because I have office 2003 and the tool was for office 2000. So I did some more looking and found a nifty tool called tidy. Here is a gui version of tidy (TIDY). The command line version is here and you can implement into your application.

Using this saved me a few hours of work. I love open source.

Well I was on Digg and ran across this post. The top 10 things to do for mom’s PC

http://www.downloadsquad.com/2005/11/23/top-10-things-to-do-for-moms-pc-over-thanksgiving/

Everything on the list is so true. The things missed were, how to also help your siterin-law and brother-in-law, and how to remove all the spyware already on the box.

As a follow up to my original post of watching some kid at a coffee shop sniff the wireless network for passwords, I am doing a wi-fi security series.

In this post I will show wi-fi users how easy it is to gather information from other computers and users by just sniffing the network. I first must explain what “sniffing the network” means. In the simplest form it is just listening and capturing the information that is sent across the network this information is in network packets. This can be done on a wireless or wired network. Network sniffers come in all different flavors and types. I prefer Eathereal, this is because it works on linux and Windows. These tools are used to troubleshoot and also diagnose issues on networks and applications. They can also be used to ease drop or snoop on others, which is what I plan on explaining in this post.

So you may ask, what can a person “sniffing the network” find? Well for starters, it is really easy to gather usernames and passwords. Especially from POP email accounts. Most people who use email have an email client, such as (outlook, outlook express, thunderbird, or some other branded client like AOL or earthlink) Most of these clients user POP3 to communicate with the server to read your email. This all happens when you hit the Send/Receive email button. These clients that use POP3 may send your username, password, and messages in clear text. By default these programs as set to be easy to use and do not have the security features that are available turned on. So what does this mean? Well let’s look at a typical transaction from a user who is checking his or her mail. The open up Thunderbird (my email client of choice) at a coffee shop and hit send/receive while using the free wi-fi.

When they do they are sending information unsecured over that network, which happens to be a wi-fi network. Other users, which use the wi-fi also, have the abilty to overhear or sniff your information. The image below shows an Ethereal capture of my fake user called jvandenbon.

As you can see from the image, the username jvandenbon is sending his password of Alice623001 to his mail server. This happens each time he hits send and receive. Not only is the username and password readable, but so is the email. Below is a screen capture of an email I sent to that user. You can see from the capture that I read the email then deleted it.

Here is the actual information from that email inside ethereal:

Received: from ?192.168.1.107? ( [22.131.13.51])
by mx.gmail.com with ESMTP id j4sm126467nzd.2005.11.22.19.09.50;
Tue, 22 Nov 2005 19:09:50 -0800 (PST)
Message-ID: <4383DD50.9050706@jimiz.net>
Date: Tue, 22 Nov 2005 22:09:04 -0500
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0

So as you can see a default email client and POP3 account is not very secure. You are basically sending your userinformation and password for all to see if they know how. What is scary, is when you actually do sniff a network the amount of email usernames and passwords are actually sent. The day that I caught that kid at the coffee shop I saw about 10 username flying over the network.

At this point some people may be saying why do I care, it is just an email account? Well ask yourself, a few questions. Do you use that password for anything else, like your online bank site, or bill pay, or paypal, or even your gas or electric site? Do you use that email for any other accounts like paypal, ebay, or your bank site. Could someone use your email and password to ask your bank to reset your online bank password? These are all just food for thought.

Others are probably reading this and saying that the users should know how to secure their email account properly and use SSL / TLS over POP. I plan on helping people do that in my next post.

To keep this part 1 section going, let’s discuss what other information your machine may be telling people about you. So far we have seen that email; usernames, passwords, and messages can be viewed. Now I will show how online web email accounts can also be viewed. Though not as easy, online or web mail can also be seen over the network. This is only true when it is not used under SSL (https). Below is a picture of what a typical web mail login looks like. You can see the username jvandenbon and his password being sent over the network.

All the information I have talked about so far is from a user’s computer being sent out. This means you are initiating traffic, checking email, browsing web sites. But, what about your computer, does it answer questions about you when asked? It amazed me when I did a quick scan of the coffee shop wi-fi the other week. I saw 3 laptops that had network shares available on them. That means I was able to copy files off that machine.
The user turned on network sharing without any security. In my next post I will discuss methods of protection against intruding eyes.

As always, leave me feedback. Both good and bad.

My last blog post last week on Network Intrusion has generated a lot of traffic and emails. It was interesting to know that people actually read what I post. A lot of people responded in emails asking to know some more information on wireless security. I think this is due to the popularity of wi-fi, both in our municipalities and in hotspots such as coffee shops. I is amazing to see where wi-fi is available. You can catch a hotspot anywhere in our little town of Grand Rapids. If you are interested in finding a HotSpot near you head on over to grwifi.net, James has a great site that allows users to rate and discuss wi-fi hot spots.

Since my last post I have been thinking of ways to respond to the emails and feedback I have received. I think it may be best to do a 2 part series on wireless security. The first part will be to show what kind of information your laptop our application is sharing on the wireless network. I will just briefly walk through some typical situations where you may be sharing more information then you know about. In part one; I will discuss the common applications that may share information. I will also discuss the tools used to gather that information, to show how easy it is for someone to steal.

The second part of the series, I plan on discussing and showing methods to help prevent unknowingly sharing information to others. This will include software applications and techniques for securing your applications and systems.

It is amazing to me how many people are unaware of what their computer or applications do on the network. In reality your computer is very chatty, it likes to send information and it is up to the user to help secure and limit the amount of information that is sent. In the next few blog posts, I hope to show people what they can do to secure, encrypt, and defend when using their computers.

To keep everyone up to date from my last post. I did go back to the wi-fi hotspot and did not see the kid their sniffing the wireless network. But, if I do see him I plan on confronting him head on. I have not seen a clear argument that Sniffing a network is illegal yet, and plan on doing more research. It feels like it is illegal, but in a sense it is not much different than listening to people talk in a room.

Network Intrusion / Invasion

I typically stop at a local coffee shop to get some caffeine and use their wi-fi network to check email and surf the web. I am gathering this is not unlike most people out there in the business world. I tend to visit places that offer wi-fi because of their ease of use. But the other day I saw some thing that upset me. The story I am about to tell is not anything new, but rather just an eye opener for me.

As I was standing in line for coffee I noticed a fellow wi-fi user in the corner and happened to glance at his laptop. Being a tech geek I noticed he was running linux (you may ask how?), well I noticed etherape running and ethereal. These are both tools I use often. Especially when trouble shooting applications or networks.

At first I did not think anything about it. Then as I was firing up my laptop, I started to think why someone would be using ethereal and etherape here? Then it hit me. This guy was grabbing network traffic on the wireless network and sniffing, probably for passwords and usernames. At this point I came up with a plan. I looked around at the other 10 or so people on their computers and realized that they were unknowingly giving their information away. Usernames and passwords were floating in plain text all over that coffee shop. The girl next to me was on yahoo mail, the guy on my right had outlook express open. I figured that the kid had at least 10 or so usernames and passwords by now, and I was angry.

To see if my mind was just crazy or corrupt I decided to test my theory that he was sniffing usernames and passwords. I first ssh’ed into my box and created a new email account. I created a username called jvandenbon. I figured since I am in a Dutch area that a dutch username made sense. I created a password of Alice6232001, hopefully a real enough password. Then I hoped into my inbox using mutt and forwarded some of my spam emails into the jvandenbon user account. So now I had a real account that had some mail in it.

I then fired up ethereal and then thunderbird. First I took a quick capture of what was on the network, and as I suspected there were lots of POP accounts being used which show Username and PASS in clear text. I opened Thunderbird and checked my mail, I use SSL / TLS when I connect to my mail server so I was not worried about this kid grabbing my info. But I had to make sure that I was safe so I watched my traffic and sure enough it was encrypted with TLS. I closed ethereal, and created a new account in thunderbird using the above jvanderbon account name and told it to use POP as the means of communication. Again, I opened ethereal and then did a send receive to watch my fake username and password be sent across the wire. I then wrote an email and deleted some others to create traffic. I closed Thunderbird and waited. I set a string filter for Alice623001 in ethereal and watched. Sure enough in a few min later(about 10) I saw my fake username and password being sent over the wireless lan. I captured the kids source address.

This kid was trying to access my fake account. By this point I was angry. I got to thinking about what kind of stuff I could do to him. I easily could have kicked his ass; however I am not sure that it would have helped. All these people had been cheated of their info and privacy. That is when I started to think about legal options. I don’t even know if it is illegal to sniff a public network. I have never even thought about it. I did a quick google search and did not find much. I guess you can kind of relate this to yelling across the room to a friend with your username and password. Whoever happens to be in the room has access to that information. The analogy does not sit well with me. I would like to think that people can be safe or feel safe even when their trusted programs (outlook, outlookexpress, thunderbird, and hotmail) send their information in plain text over the network.

Right now I am just angry. If I do see this kid again, I plan on approaching him and asking what he plans on doing with all the usernames and passwords he stole. I can only guess he is going to just mess around. But, what happens when he comes across a guy who happens to have admin rights on a system and sends his username and password over the line. I realize this is a gray area of the law, but what about people privacy. I am not a malicious person by any means. I have sniffed networks in the past to gather information to help me learn how to protect them. But when I watched this kid and the speed of which he attempted to open my POP account, I am a bit worried. He must have had a program that would just take a username, password, and mail server and check validation.

I guess I am now asking the community what they think of this event. Do you know if you are secure? Do you go to a coffee shop and check mail via POP and send your info? Do you use ftp at the coffee shop to update your web site or worse; your corporate web site? I would love some feed back on what people think. Just think, if someone got your email password? Does it match your bank account password or your paypal password? These are the questions on my mind. And how can I do something against this punk kid. Should I just walk over and kick his ass or should I call the police? And if I call the police, what do I say?

Ever wonder what google index’s or does on your site? Well, here is some instructions on how to use this information.

http://www.sitepoint.com/blogs/2005/11/16/google-sitemaps/

It is some very good info and interesting stats. Somewhat like google analytics.

I often have mixed feelings on open source programs. I both love them and hate them at the same time. You see some of the tools I use the most are open source. These tools are easy to use, very functional, and worth their weight in gold. That is the “love” side of open source, Firefox, Thunderbird, nmap, ncat, putty, and many more. The hate side is when these great tools turn to a more Closed source. You may ask why is this bad? Well often they loose their appeal and drive, and ultimately their features.

Now I must make myself clear, I do not have this feeling toward open source code or scripts or such. I am really speaking to software made and released under the GNU or GPL (general public license). What really upsets me is when an open source app turns into a closed app, or even worse goes to a commercial license that one has to purchase.

Now I understand the business side of this. In fact, I can’t understand how some people would even release an application under the GNU / GPL when they could just sell the thing. But, my complaint is when a fantastic software app is taken out of the community and then attempted to be sold. This entire rant is based around the Oct 2005 announcement from Nessus (www.nessus.org) that they were no longer going to release under the GNU. This was a very upsetting statement to me. I use Nessus very frequently for some of the work I do. It is a great product / project and I have added / modified things to fit my needs an have even given back to the community.

In the case of Nessus there is an upcoming release of 3.0 that will no longer be open source. For those unfamiliar with Nessus, it is a security vulnerability scanner that can test your network and servers. Nessus was recently acquired by Tenable. This purchase left a split in the plug-in / vulnerability test feeds. Some were available via purchase and some were available for free. This split was the beginning of the change. You can read more here (www.newsforge.net)

The great thing about open source is that there is aways a way to make a better mouse trap. And already the community has started up a new fork for nessus called OpenVas (www.openvas.org) and a few more branches of opensource nessus. The problem with this is now there are multiple versions, multiple feeds, multiple environments. So this great product is now split into a few small open source projects of which one may or may not stand out.

The Microsoft Patterns and practices is a useful control set for global logging, error handling and database connections. This tool set is great for development, but when you go to deploy it is not so fun.

I have added some references of how we were able to get Patterns and Practices on a production box.

One of the constraints of Patterns and Practices is that it requires / needs Visual Studio installed. This is great if you are developing on a box, but in the real world (i.e. Production boxes) you do not really want to install a development tool.

To make this happen you need to update a few things:
1. Move your compiled DLL files from your development box to the production box. This is everything under your C:\program files\Microsoft Enterprise Library\bin directory.

You need to move these files because it is not possible to build these dll files with out visual studio.

2. Modify the install script to accommodate for not having Visual Studio. I have made a few changes that just remove the 1) check for visual studio 2) change the path to the .NET framework folder.

The install service.bat (located at C:\program files\Microsoft Enterprise Library\src) needs some files out of the visual studio directory to register path settings. I have simply just removed a few statements and updated the path to use the .NET framework directory.

You can get a copy of the bat file here (installservice.bat.txt)

I hope this helps people trying to use Patterns and Practices.

Well I have finally decided to make the actual move from AT&T to Cingular. It is not that I am uhappy with AT&T wireless. It is just that they are no longer around. They are cingular.

One issue I am having is that I have a family plan. I did not have one with AT&T but with cingular they label my plan as a family plan. So I am unable to upgrade online. Which happens to be the only way to upgrade to get the phone I desire.

So about 50 min of calls today and a few people who could not have confused me more.. I am now in waiting for a phone that I don’t know which number it belongs to. But, I am calm. You see if I am able to get the phone I want for the price they advertise it for, then I will be happy.

I am currently reading Stealing the Network: How to Own a Continent link here (www.amazon.com) It is part of the stealing the network series. It is a great read. Mostly a mixture of real exploits and technologies is a sci-fi thriller. Not too many new technologies used in the book, but some great concepts on how to get around systems that may or may not be vulnerable.

I am a huge fan of nmap and have always used this tool in all of my jobs and projects. So I came about this book from reading an interview with fyodor over at insecure.org. Here is his comments about the book Many great names in the security industry were asked to author parts of this book. It makes for a great read.

If you are interested in security or possibly just curious about hacking this may be a fun book to read.

There has been so much talk in the news about AJAX these days. It is strange, I have heard that AJAX is the Microsoft Killer, the new technology, or the wave of the future. I personally think that it is a great method of using technology to speed up a web application and also extend the usability.

It is hard for me to view AJAX as the next big thing. I think because the concept and idea has been around for a long time. Until someone coined AJAX, I don’t think people knew how to describe it or even where or why to use it.

Anyways, one of the guys I work with and NuSoft is writing a book on AJAX. You can read more about it here. (www.danwoolston.com)

I have been so busy at home and work I have not been blogging much. So I will try to pick up a bit.

With .NET version 2.0 out I have been busy with updating IISREPORTER and the next version. I have to admit, 2.0 is awesome to develop with. So far, I keep hearing people say that it is too buggy and has a few flaws. From my perspective I have not seen too many issues.

I did have an issue with updating the VB.NET version of IISreporter. But, that was VB, the C# version had no issues.