Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.


Hacker Games

Filed under: Fun,Fun and Games,The Day Job — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:30 am for you boring, normal people.
The moon is Waxing Crescent

Sounds like a good title for a book!

Except it’s not.
In my day job, I’m a professional geek. And, what I mean by that is that I work with computers for money. It seems like the vast majority of the guys my age who got into computers professionally did so because they were inspired by the movie [amazon_textlink asin=’B0011EQBOS’ text=’War Games’ template=’ProductLink’ store=’jkhoffman-20′ marketplace=’US’ link_id=’38c6d846-0d15-11e8-a8f6-f12f91a6eb2a’]. Not me, though. I fell into it a little sideways and my interest in the computer security angle of my work came from [amazon_textlink asin=’B00WGUWDVG’ text=’Sneakers’ template=’ProductLink’ store=’jkhoffman-20′ marketplace=’US’ link_id=’53433e58-0d15-11e8-991f-01aca75f720d’]. I mean, who wouldn’t want to be Martin Bishop? A computer geek that looks like Robert Redford and could swing sleeping with Mary McDonnell? Seriously, sign me up!
The reality is, of course, a little less sexy. Trust me. No one who looked like Robert Redford was walking around DEFCON. Though, to be fair, I did learn to pick locks sitting next to a very nice and more than moderately attractive young woman. Who, incidentally, learned lock picking faster than any guy at the table.
In any case, times have changed since the early 90’s and all the harmless exploration I did when I first got into IT is mostly illegal now. Though, I’ll never forget helping an international guest at the Hyatt Regency Chicago get remote access to her VMS and find the program she needed to run. She had authorization, of course, but no idea how to find what she needed and I was blind in a VMS system for the first time. When I get her into her program, I think she clapped and then hugged me. It was cool! And FUN! But, opportunities like that are few and far between. And, there are plenty of places that won’t hire someone who has a criminal record. So, how do you recreate that experience without risking jail time?
Wargames by OverTheWire. These fine hackers have put together more than a dozen “games” meant to test your skill at electronic breaking and entering. And, honestly, a little bit more. Each game let’s you connect to it, most often with SSH via its own, dedicated SSH port, and then let’s you go after the rest. I haven’t had the chance to do much here yet, honestly, but the OverTheWire gang suggests you start with Bandit, which is aimed at absolute beginners and consists of 27 “levels”. Each “level” gives you information to “beat” the next “level”. It sounds like fun, but, then again, I am a pretty hardcore computer geek.

So, there you go! It’s a free introduction to computer security in game form. The perfect Friday diversion for the aspiring network geek or hacker!

This post originally appeared on Use Your Words, my ironically non-computer-geeky blog!



Filed under: Fun,Fun Work,Never trust a Network Admin with a screwdriver,Red Herrings — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:55 am for you boring, normal people.
The moon is Waxing Gibbous

No, that’s not spelled incorrectly.

So, back in July, I had the amazing opportunity to go to DEFCON 20 in Las Vegas.  It was quite a historic event; the twentieth anniversary of the biggest, baddest, most talked about computer security convention ever.  Though, of course, I’m using that term somewhat euphemistically.  I heard about DEFCON shortly after getting started in the IT industry and have wanted to go ever since.  Like I mentioned last week, I’m a pretty big fan of sub-cultures and security and, well, DEFCON is the event of the year for an intersection of those two things.  Yes, I’m talking about hackers.

Now, before you assume that I’m off breaking the law, hackers aren’t all bad.  Hackers are just people who think very far outside the box when it comes to things like computers and technology and security.  In fact, most hackers will tell you that they’re interested in improving security by trying to break it.  And, that’s definitely a philosophy I share.  Until you know your security can withstand an assault, frankly, you don’t know how good it really is.
And, as anyone worth their salt at security will tell you, physical access is the first step.  If you can lock people out of your system and keep them from gaining any kind of access, well, that’s a secure system.  If you think I’m exaggerating, well, you’ll just have to trust me when I tell you that the most important data isn’t available from just any networked computer.  To get to it means getting past a locked door.  So, what, then, is the first step in testing security?  Testing locks.

And, yes, while at DEFCON I learned the basics of lockpicking.  It’s not actually illegal, unless I’m trying to bypass a lock to which I do not have permission to test, and carrying the tools for it isn’t illegal, unless I’m trespassing with them, in which case they become burglar’s tools and a different class of felony altogether.  But, I’m only interested in the skill for informational and entertainment purposes.  Trust me.
If you’re interested in exploring the world of “locksport”, there are people who can help and you don’t even have to go to DEFCON to get it.  Just head over to The Open Organization Of Lockpickers‘ website and take a look.  (Yes, that’s TOOOL, for short.)  They have slideshows that explain the basics as well as links to books and sites where you can buy the tools you need to try your hand at lockpicking.  It’s loads of fun!  Honest!

So, go check them out and enjoy your weekend!
(But, don’t call me for bail money if you get in trouble!)


Security and QR Codes

Filed under: Criticism, Marginalia, and Notes,Geek Work,The Dark Side — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:53 am for you boring, normal people.
The moon is a Full Moon

Do you trust everything you see?

We’ve all seen QR codes, even if we may not have all recognized what they are.  These little, square dot patterns are everywhere these days, especially in advertising.  In fact, some people have gotten so used to scanning them with their smart phones to get more information about products and services that hackers are now exploiting them.  I recently read a very interesting article on TechRepublic by Michael Kassner titled Beware of QR Codes about an exploit found in the wild, and QR code exploits in general.  The problem is, we tend to trust them, mainly, I think, because they’re too new for us to have been burned bad by them yet, and they are popping up everywhere!  Pay attention as you go through your day and see how many of these little deals you bump into.  They’re in everything from magazine ads to product labels to posters to coupons!  Even Doonesbury has run a strip with a QR code in it!

So, as you swim out there, awash in the ocean of marketing and sales that we live in, pay attention to those who might subvert your complacency.  If it’s easy for you to use, it’s probably easy for someone to abuse, just like the QR code seems to be!


Hacker Typer

Filed under: Criticism, Marginalia, and Notes — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:49 am for you boring, normal people.
The moon is Waxing Crescent

You ever wonder how hackers in the movies type code so fast?

Okay, maybe it’s just me, but when I see programmers cranking out code on a TV series or a movie, I always wonder how they’re typing so much so fast.  And, I’ll be honest, I wonder how accurate their code really is.  So, I’m sure most people don’t really care about all that, but just assume all computer people bang away on the keyboard to churn out code.  Hey, they probably don’t even notice what keys we hit at all!
Well, I’ve finally found out how Hollywood simulates what they think coding is like!  It’s a site called Hacker Typer!

You go, open up the application, which looks like an old-school terminal, and just start banging on the keyboard.  It literally does not matter what keys you hit!  And, the app does all the work, producing line after line of what looks like decent, usable code.  I actually have no idea if that code will do anything or not, but it looks good, and, in Hollywood, that’s all that matters.
So, what the heck, it’s Friday.  Go hit that site and pretend to be a hacker!


Hacker Game

Filed under: Fun,Fun Work,Geek Work,The Dark Side — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:29 am for you boring, normal people.
The moon is Waning Crescent

No, not the old “Net Hack” game you remember.

No, this game is from Hack-A-Day’s site and a very custom job.  Seems like this hardware hacker guy got an old, toy electronic combination vault and made it a little more interesting.  He added a USB interface to it and a multi-level security “game”.  You have to attach a terminal to the USB interface and get root access to each level of the simulated computer environment to unlock the vault and get the goods.  Pretty cool, if you ask me!  Hollywood should go get this guy to make their interfaces more realistic!

Seriously, go check out “Playing hacker with a toy vault” on Hack-A-Day.  You’ll like it!


Review: Snow Crash

Filed under: Art,Fun,Review,Things to Read — Posted by the Network Geek during the Hour of the Rooster which is in the early evening or 6:04 pm for you boring, normal people.
The moon is Waxing Gibbous

I finished Snow Crash by Neal Stephenson last night.

Okay, so let me front-load this review with all the bad things up front. The main character’s name is Hiro Protagonist. I mean, can you get any more gimmicky than that? And, as often seems to happen with Stephenson’s books, things come to an end very quickly. And, by that I mean, they build to a state of extreme tension over more than three-hundred pages and then end in less than twenty, often without much in the way of explanations or tying up of loose ends. Snow Crash is no different.

But, those things aside, it’s a damn fine bit of science-fiction.
The story follows Hiro, who’s a hacker that’s currently working for Uncle Enzo’s Cosa Nostra Pizza as a delivery driver. Hiro, however, runs afoul of Uncle Enzo after crashing his delivery car trying to get a late pizza delivered on time. He’s aided by a skateboard courier by the name of Y.T. She’s a little under-age, but she’s a great courier and, now, a friend of Uncle Enzo. That’s a good thing, considering that the Mafia is a nearly ubiquitous franchise in the world of Snow Crash. In fact, most franchises seem to be nearly ubiquitous and have managed to become their own little countries, as are the California suburbs, or “Burbclaves”, where most of the book’s action takes place.
So, when Hiro gets fired from his job at Uncle Enzo’s, he goes to his part-time job as a stringer for the Central Intelligence Corporation and starts selling them intelligence. While in the on-line world known as the Metaverse, which Hiro helped program, searching for some juicy intel, he watches one of his hacker friends get infected with a new computer virus called “snow crash”. Nothing new there, right? Well, not quite… There’s a new twist to snow crash. It seems that this virus not only infects your computer, but it does something to your mind, too. And, now, someone’s trying to infect Hiro with it.

So, that’s the basic premise. I won’t spoil the book by telling you how it all turns out. But, I will drop a few hints. There’s a bunch of religion involved. And ancient Sumerian artifacts and the Metaverse and one of Hiro’s ex-girlfriends and raft-riding refugees and more. It’s complicated, convoluted and entirely entertaining. In many places it seems so light and comical that it’s almost a farce, but, really, that just off-sets the intensity of the other, more philosophical passages.
If you haven’t read it yet, read Snow Crash.  It’s Neal Stephenson at his best and it’s great.


Details on my Googlespam Experience

Filed under: Criticism, Marginalia, and Notes,Deep Thoughts,Fun Work,Geek Work,Personal,The Network Geek at Home — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:05 am for you boring, normal people.
The moon is Waning Gibbous

Notice that I filed this under “Personal”?

Because, yeah, I take it quite personally. Damn bottom-feeder. Anyway, I’ve written up a little article about the whole thing and why it made me so mad. I actually have several copies of the article, as examples of what kind of thing he did to me. You can find them all at:
The “Original” Article
The First Copy
An Example of how he hacked my page
And, another one.

(Those last two are the same filename he used on his site.)


Who’s responsible for this?

Filed under: Criticism, Marginalia, and Notes,Geek Work,News and Current Events — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:28 am for you boring, normal people.
The moon is Waxing Crescent

Me, or my provider?

When a hacker does something to someone on the Internet, who’s responsible? Just the hacker? What about the company that supplied him with bandwidth? Or the company that supplied the computer that he compromised to effect his hack? If you haven’t thought about this, you probably should. This article on Wired News talks about that some. It’s a couple of weeks old, but still quite relevant.
See, it’s like this. The Feds are cracking down on security. Or, at least, they allege they will be soon. In any case, there are a number of bills and suggestions and commissions and whatever else the government uses to get things done floating around out there talking about making executives who’s companies don’t secure their networks liable for the damages done. Neat, huh? Say, are your security patches up to date?


Hacker Haiku

Filed under: Fun — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:59 am for you boring, normal people.
The moon is Waxing Gibbous

Well, I guess I’m not the only geek who writes poetry!

Okay, I already knew that, but still, I thought my down-sizing haiku was an innovation. But, apparently not. I saw a site, by way of The Screen Savers, called Hacker Haiku. Some of them aren’t bad, and they do meet the technical requirements for haiku, but I think they still miss the essence of haiku. Check them out for yourself, though.

Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.