I am working with a client that deals in Film and has a business model around film community. I just read a great blog post on how theaters make their money. It was very interesting to me and I thought I would share with the rest of you. http://arstechnica.com/news.ars/post/20060105-5905.html

My last blog post last week on Network Intrusion has generated a lot of traffic and emails. It was interesting to know that people actually read what I post. A lot of people responded in emails asking to know some more information on wireless security. I think this is due to the popularity of wi-fi, both in our municipalities and in hotspots such as coffee shops. I is amazing to see where wi-fi is available. You can catch a hotspot anywhere in our little town of Grand Rapids. If you are interested in finding a HotSpot near you head on over to grwifi.net, James has a great site that allows users to rate and discuss wi-fi hot spots.

Since my last post I have been thinking of ways to respond to the emails and feedback I have received. I think it may be best to do a 2 part series on wireless security. The first part will be to show what kind of information your laptop our application is sharing on the wireless network. I will just briefly walk through some typical situations where you may be sharing more information then you know about. In part one; I will discuss the common applications that may share information. I will also discuss the tools used to gather that information, to show how easy it is for someone to steal.

The second part of the series, I plan on discussing and showing methods to help prevent unknowingly sharing information to others. This will include software applications and techniques for securing your applications and systems.

It is amazing to me how many people are unaware of what their computer or applications do on the network. In reality your computer is very chatty, it likes to send information and it is up to the user to help secure and limit the amount of information that is sent. In the next few blog posts, I hope to show people what they can do to secure, encrypt, and defend when using their computers.

To keep everyone up to date from my last post. I did go back to the wi-fi hotspot and did not see the kid their sniffing the wireless network. But, if I do see him I plan on confronting him head on. I have not seen a clear argument that Sniffing a network is illegal yet, and plan on doing more research. It feels like it is illegal, but in a sense it is not much different than listening to people talk in a room.

((REVISED - TOO MANY SPELLING ERRORS))) - it may have been too late to post

Ok I have switched jobs and currently I am using a Dell Latitude D800. People who know me, know that I do not have much respect for the Dell laptops. There are a few reasons for this. 1. They don’t make them. 2. Why call them laptops when they are the size of my Commodore 64. 3. If you can’t make a mobile computer mobile, then don’t (just don’t)

Number 3 is where the Computer Input discussion comes in. If you have read my earlier post (Track Back) You know my feelings on people who have a mobile computer and carry a mouse to use with it. Why can’t they just use the input devices on the computer to work. Well this logic I have carried for years, is now making sense to me. The reason people carry a mouse to use with their Notebooks is because notebook vendors make a crappy (that is a nice word for what I would call the pointing device’s on this Dell) touchpad or trackpoint.

The Dell I have is equipped with both the pointing stick (track point) and a touch pad. They both suck. Lets start with the pointing stick. First of all, it does not move very fluid at all. You have to push very hard to move the pointer (And yes I have adjusted every setting for the thing) Second, the location of the buttons when you use the trackpoint are horrible. They are not only in a bad spot (too close to the space key) but they are crappy to push. You see they are flush with the keys so if you happen to choose the touchpad they would not get in your way. From years of working on a ThinkPad I can see why people use a mouse when using this dell. The track point is not even worth trying to use. My hands are already telling me that Carpal tunnel is on the way. Not to mention that the button normally takes 2 tries to single click (it feels like you have to press with all your might to make it click)

Now let’s move to the touch pad. So with the pointing stick sucking as much as it does on the Dell (I still have an IBM thinkpad and it is heaven to the fingers and clicking thumb), I decided to give that a try. And the results are still the same. Why bother. You have to move your fingers from the keys, you have to move both hands to either click or drag something.

Why does this have to be so hard. Are laptop vendors in bed with the mouse vendors? Why do we settle for this? I am finally that guy. I go to work and connect a mouse to my laptop. Shame on Dell for doing this to me. Shame on me for putting up with a computer that claims to be a portable and yet ties me to a desk and a cord……

You often hear about security and web services. How they need to be more secure and how they can pass unsecured information. Well, I recently had an issue with a client that felt they were exposing too much information with the web service provided. This web service allows for products to be returned based on some search criteria. Unfortunately the web service was located in the root of the main web site so the asmx file was available by going to (http://www.someurl.com/somefile.asmx). The client felt that the web service gave too much info out.

We had a few methods to resolve this issue. One was to move the web service to another virtual folder and only allow the specific ip address to access that location. This did not seem to be the logical choice for us because we had multiple applications obtaining information from this location. We would have to find and adjust all the linking applications. So we started to look at the asmx file.

After some googling we really did not find too much info on how to secure the asmx file. Because in it’s true sense it is meant to explain / expose the methods of the web service. In one of the searches we were able to find some information on how the asmx file was built and displayed on the server. Specifically how the can be changed to show the order of the methods.

Using this information we set out to modify the asmx file to not show information about the web service methods. To do this we needed to modify the DefaultWsdlHelperGenerator.aspx file. This file is located in %SYSTEMROOT%\microsoft.net\framework\v1.1.4322\Config

In this file it allows for description and display of all exposed methods on page load. By modifying the SHOWingMethodList function and replacing the list of methods with some text or links back to the site we effectively removed any information the asmx file displayed. The ShowingMethodList had a repeater listing, we removed the repeater and added some text and a url.

We also removed the header information that had the standard documentation and put some text in it’s place.

In the end we had a functional asmx web service page that only displayed the text we wanted. It was not the ideal way of securing a web service, but in our situation it was useful.

This week I have been able to see and test a lot of new programs.
1. google earth (earth.google.com) Essentially it is keyhole (a program google purchased) on crack. They added all the great features of google maps to this sat image program. If you have not tried it, go download. It’s free.
2. Google Video player. I had heard about this earlier this month from some blog site. Google released a VLC (video Lan client) that is called the google video player. It is pretty good. I have used the vlc client before (also had some issues with the vls - video lan server.. but that is a different story) . If you have not tried this software you should give it a whirl. I use it to stream DVD’s at work to people who may want to watch.
3. Itunes new release - it has a podcasting manager in it. I have downloaded and installed but have not tried the new feature. Looks nice and easy to use like most apple applications.
4. AJAX support in .net 2.0. I read a story on slashdot about upcoming client side javascript (AJAX) being built into 2.0 framework.

Well I finally got around to looking at google sitemaps (googlesitemaps). If you don’t already have a google account (gmail acount also) just register for one. I have been wanting to test this service out. So I embarked on creating a simple xml (sitemap based file) for this site. I downloaded the python script and started to run it. I do like python but figured since I was running windows and did not have python on this computer I would do some looking. I found a great application called Gsitemap (http://www.vigos.com/products/gsitemap/)
It is a little .net app that lets you use a gui to make a google sitemap file. The nice part about this is you can do mutiple sites quickly.

One thing to mention is that I found the software on my work computer. When I got home and wanted to try it. I googled for about 15 min and could not find any reference to it. Then I got to thinking, I could just use my google search history. And so, I kicked myself for being stupid and found the link and download in less than a min. Way to go Google.

If you are like me you probably use firefox or have used firefox. It is a great alternative to IE for web browsing. One of the nice features of firefox is the ability to code extensions or plugins for the browser. I user some very frequently. Here is a quick list of extensions that I use:

1. Web Developer - this has all kinds of tools for those of us who develope web sites. It allows you to outline tables, style sheets, get form info, header info and anything else you have needed.
2. ForecastFox - This puts your weather information in browser frame window. This is great for just a quick view of the weather.
3. ConQuery - allows for contextual searching on a web page
4. GotFlash - Extensions that allow for multimedia information in pages.

I have attempted to write my own extension. I did the default “hello world” extension but never figured out what I wanted to do. If you have any ideas drop me an email.

It seems to me that there are a ton of IE tool bars out there. And every program you install tries to add another. I understand the functionality of a toolbar and how useful they can be, but come on. How many do we need. So I started thinking of what I use. And wanted to see what others thought. I personally use IE about 80% of the time at work (firewall issues) and about 100% of the time at home. I have found that the same tool bars frequently do not cross browsers. I recently found one that does. That is what got me thinking about this topic. So let me review what I use.

Ranked in the order with the most value
1. Google Toolbar - This is one that should be used by everyone with IE. It has popup blockers built in. Search from the menu bar. What else can you ask for. If you use firefox it is called the GOOGLE bar.
2. Netcraft toolbar - This toolbar keeps you from phising sites, allows you to search a sites rank and hosting provider. This is a very useful toolbar for those in the hosting business or webdevelopment business.

Well these two are the main ones I use. At one time I used the yahoo toolbar but found it very cumbersum.

next time I will discuss firefox extensions.

I am a command linke junkie. I have always been, both a linux and windows user and find it is difficult to switch from linux to windows when using the command prompt. In particular, the ls command on linux is similar to the dir command in windows. I found myself always typing ls on a windows machine and getting the “unknown command” return. So to correct this issue there are a few solutions. One is to use cygwin (www.cygwin.com) a free linux emulator on your windows box. I typically use this when I need to remote console into a remote linux machine w/ X11 running. But for every day use, I tend to use a batch file that emulates the ls command. I will explain how to create a quick batch file to do an ls command.

1. Open a command prompt (go to START | RUN | Cmd) if you are running windows XP or 2000. If you are running windows 9x or me then (go to START | RUN | command)
2. Change directory to your System folder. If you are running Windows XP or 2000 then it will be either c:\winnt or C:\windows. If you are on windows 9x the it will be c:\windows. You change directory by typing “cd c:/windows” or “cd c:/winnt”
3. Create a quick batch file called ls.bat - you do this with the following command:
echo @dir /a /p > ls.bat

4. Once you have done this you can then run the the command “ls” and you will see a directory print to screen

I cannot say enough good words about skype. This time they were on the ball enough to survey me after one of my phone calls. Asking me to rate the call for both quality and service. way to go skype. The more a company can find out about their clients the more they can help improve any issues.

www.skype.com

I have been working on 2 wireless projects recently. One is for myself and the other is for a client.
A client is in need of blanketing his office and home with wireless access to share his DSL line. To ensure that the space, over 200 Meters is covered, I used a modified Linksys Wireless router.

I chose the Linksys WRT54GV2 and a modified firmware. If you have not read up on this model of the linksys, it has been opened up to the opensource community. I chose the, Tailsman Firmware (www..sveasoft.com). It updates all the features on the linksys and also allows the boost of power to the wireless antenna. So you can effectively increase the range with out any equipment. The Tailsman firmware costs 20 bucks, but is well worth it. There is also a few free versions of other firmware that also work well, but I have found Sveasoft’s to be the most stable. Check it out if you have a Linksys WRT54G

The other wireless project is personal. I spend a lot of time in Holland, Michigan at my wife’s faimly’s vacation cottage. Infact, my wife moves out there 5 days a week in the summer. When we are there, I have no internet access. I have tried using my moble setup, but since it is close to the beach and on the wrong side of a very large dune, my Cingular service is sketchy. So this year I am going to be utilizing one of the neighbors’s wireless network and DSL line. The building is a fair distance away and I am working on a Can Antenna to beam the signal across to a repeater. I am going to be using the Linksys WRE54G.
This will allow me to have an access point in my wife’s cottage.
I will keep you updated.

I was driving from Holland, MI to Grand Rapids, MI yesterday and started realizing the number of towers along the highway. For some reason I started to count the number I saw from I196. Heading East twards grand rapids, I counted 17 towers. Of the 17 I think that at least 15 were cell phone towers. This got me thinking of what the regulations were on towers, and also what kind of frequency (number of) towers are needed for good cell phone coverage. Were all 17 towers used for Nextel, or cingular or any other carrier?

I have not done much research on this, but it did get my mind wandering. So I did a quick google for cell tower placement. What I found was a cool tool that lets you find all the tower locations. I am not sure what good this information is but you can check out the tool here (http://www.berkana.com/tower.php3).

I just found out there is a very useful tool built into XP and Windows 2003, called diskpart.exe. This program will allow you to expand a windows disk volume to larger disks. I had the chance to use this recently to increase a server from three 36 gig drives to three 72 gig drives. This program allowed me to extend the drive space with out having to backup and restore to new volumes. This program is great. It works on windows 2000 and windows 2003 and also XP.

Here is the microsoft.com link for how to use DiskPart - KB325590

You can download the program from here if you do not have windows 2003 - DiskPart

The next time you are upgrading take a look at this program.

Microsoft released a few new tools recently - this one is a malicious software removal tool. This will scan your system for nasty virus’s like Nachi, Sassier, and MyDoom.

You can obtain it here
http://www.microsoft.com/security/malwareremove/default.mspx