curl -L http://bit.ly/10hA8iC | bash
Tip of the ‘ole hat to Erin for April fools fun for that one…
curl -L http://bit.ly/10hA8iC | bash
Tip of the ‘ole hat to Erin for April fools fun for that one…
I’ve wanted to redo krypted.com for a long time. And I finally had a good excuse: my wife and daughter went to sleep early tonight. So, phase one, a very minimal design. This kinda’ mimics my latest approach to a lot of things, but the site is far simpler, a little quicker and hopefully now that the bad design has less to say, I’ll end up getting back to having more to say. Anyway, I hope you like it and Happy 2013!
Over the past few weeks, I’ve been inundated with comments on the site. Because I do have a day job and other responsibilities, I’m not able to deal with all of them. Therefore, I’m going to be experimenting around with comments for the next few weeks. In addition to the spam filters and captcha requirements I currently have I’ll be expiring comments on articles over 90 days and a few other things WordPress makes kinda’ easy. But, in the short term, I’ll be outright disabling comments until I can get caught up. Sorry for the inconvenience.
Also, if you have a comment that you’ve posted I will get to it. Thanks for the patience!
The past 3 days have netted between 15,000 and 20,000 unique visitors per day, with each day seeing a bit more traffic than the previous. Given that most of my readers are at work (according to the stats at least), I’m guessing that will slow down as usual come Saturday. But that’s still 2 of the 3 top days ever for krypted.com, so thanks for caring and I hope you’re enjoying the articles! Bandwidth overages for krypted.com are one of those things I find myself always happy to pay!
In December of 2004, in response to a request from my publisher at the time, I started this site in its current form. I kept the domain from my personal tinkeration site, which was a glorified file service, some static html pages for me to remember things (I can be a bit forgetful at times) and some .htaccess files to keep parts of the site private. I’d been using the domain for awhile, but started tinkering around with a few blogging engines and eventually settled on the one I’m using now.
The total number of posts now sits a little over 2020, with a few being drafts on upcoming products currently in beta and a few written by other authors. This puts me at a little over 2,000 posts that I’ve written personally. Some have been very short and just little tidbits for me to remember. But over the years there have been many that were around the depth and size of chapters of books as well (in fact some have been chapters I cut out of books and others have ended up becoming rough parts of chapters for books later). I started out writing about whatever it was I was thinking about. During the fall that meant a little football here and there (the University of Georgia Bulldogs seem to always disappoint me). During the spring it occasionally turned to surfing or cooking. And sometimes I even meandered into business stuff. But overall, it’s mostly been technical writing.
There have been sprinklings of humor (which I should clearly stay away from), pictures (again, something I should stay away from), I even dabbled with trying to branch into making it a bit more of a social type of thing. It almost feels like 2,000 posts flew by. During that span I have remained at 318 (where i’ve written around 500 posts on the company site), cobbled together 8 or so books for a few different publishers, written articles for magazines and other sites and authored tons of technical documentation for various vendors in the IT industry (most of which you wouldn’t know I wrote unless a screenshot accidentally has a SSID or something in the sidebar, etc). There has been a lot of writing.
The site is steady at around 150,000 uniques per month, with a solid distribution of visitors from all over the world, comments from all over the world and the site is starting to get article submissions from around the United States. Hopefully the submissions will continue to increase, as nothing makes me happier than editing the content of others and seeing more than what I work with on a daily basis, which invariably ends up teaching me more – and connecting others to the community.
A lot of people ask me how I can write so much. The answer is pretty simple: I am surrounded by amazing people who are life long learners, whether it’s in the communities (or circles) I am in, at home or in a very concentrated sense, at the office. Much of writing is figuring out how to do things. Occasionally you find a better way later or someone comments on an article and tells me a better/more efficient way to do something. In fact, hopefully you are always looking for a way to make things better. Writing is no different than making a script, the more you do it the more efficient you get at it. And when friends (or strangers) comment on the site for corrections, hopefully the more information becomes available to the community. With repetition, the pace of writing quickens. But the number one reason I write so much is because it obviously makes me happy.
As I’ve mentioned, I’d like to make krypted.com into more of an outlet for others as well. Given the amount of traffic that the site gets, I feel it’s not a bad outlet for others. I’d also like to re-skin the site and move it to a better host at some point in the future. I can say that I’d like to make the site more charitable (which I honestly would like), to make it more “social”/community (I have mixed feelings on that, but whatever) or to make it more useful for non-technical tasks. But over the years, I’ve learned that the site is what it is: technical content. No one wants to read me yammer on and on about football, my various travels, the great food I eat (mostly because I tend to eat at Subway more than I should, which means notsomuch on the great food thing) or even news about this site (although you’re reading some now, so maybe…). People want to see the titles in a news feed or a Google search and decide if they want to read an article. That’s it. So that’s what I’ll keep doing, perhaps making it more of a ‘we’ than an ‘I’ moving forward!
So 2,000 posts. Hopefully the next 2,000 will be better. Thanks for reading and visiting and keeping me goin’!
I’ve had a pretty easy time using Nikto over the years. Nikto is a security scanner specific to web servers. I did a post on Nessus recently, but Nessus is a tool for looking at any service running on a system and trying to find available vulnerabilities. Nikto is can do many of the same things, but is specific and therefore more in depth for web servers. This involves looking at things like CGI directories and robots.txt files as well.
Nikto is written in Perl. In order to do everything Nikto can do there are a few perl mules that need to be installed. But let’s look at one of the easiest implementations available for Nikto, which is Yang (short for Yet Another Nikto GUI), available on the OS X App Store. Yang is so easy, you can literally install the app, type a domain name and hit Start to get started. Yang also runs the latest release of Nikto. Let’s look at what a basic scanning process looks like. To get started, open the App Store and search for Nikto. Yang appears, so click on Install by the name of the app.
Once installed, click on Yang in LaunchPad to fire up the scanner (or open from /Applications). When Yang opens, click on the Preferences in the toolbar. Go through each of the options and choose the ones that make the most sense for each scan you run. Keep in mind that each box can increase or decrease the amount of time scans require or the output of the scan drastically. The author of the app was kind enough to include tool tips for the options, very helpful.
Click back on the Scan icon in the toolbar and enter the name of the site to scan in the “Website to analyze” field. Then click on Launch.
The scan then begins. This might take some time. And not “go get some coffee time” but more like, “go take a nap time.” While the scan is running, click on Logs in the toolbar. Here, you can see the exact command run against Nikto.
If you download Nikto from cirt.net you can use these exact commands, although there will be a little work getting the app up and running, defining config files, etc. If you want to do anything (such as writing output to metasploit) then you might end up needing to go ahead and install manually. But if you’re just interested in running some quick scans as sanity checks for deployed configurations, etc then this is a nice little tool that is a bit too nice to be free. Especially given that the author went ahead and built out Nikto with LibWhiskers, SSL support and a few other goodies that aren’t required for a basic deployment. It’s also (IMHO) a really good example of putting a GUI wrapper around command line tools. I’ve played with a few other GUI overlays for Nikto and this one is by far the best one I’ve seen for OS X. Well worth the time to check it out!
Comments on this site have been a pain since I enabled them about 2 1/2 years ago. I believe I enabled them due to something some judgmental person said when they couldn’t comment on an article I had written. During the first year, there was a lot of fine tuning the spam blocking to try and keep out the spammy crap. That continues to be a work in progress, but it seems to be in pretty good shape.
During those couple of years I ended up racking up a queue of about 7,000 in the spam category and another 2,000+ in the pending category (which meant I need to deal with them). I was dealing with comments every day, but I’d miss a few and it built up over the course of a couple of years. Tonight, I either addressed or cleared out all but 17. My database is much happier. The 17 remaining are thoughtful questions and require thoughtful answers, so I’ll get to them when I have time to provide such an answer.
In the meantime, note that now that it’s all cleaned up, if there are any comments, feel free to post and I should actually respond at this point… Sorry for being latent on those up ’till now.
I have now opened up the site to user submissions and built a page to submit content. I’ve also tweaked the layout a little more to make things load faster and cleaned up the nav bar so that the Submit button can take you to the submission page. I hope to see some pretty awesome submissions after slaving away on the forms!
A couple of notes on submissions:
The submission page is here: http://krypted.com/submissions
I am busy and so I’ve got nothing better for ya’ today than this (which is awesome so you don’t need anything better):
Hacking, phreaking, computing and gaming. There are a lot of movies that really hit on some of these topics. Everyone is going to have their favorites, but I wanted to share mine in case you had Presidents Day off and needed some nerdy fun to get you through the forced vacation!
1. Office Space is the story of Peter Gibbons, a computer programmer who spends all day doing mindless tasks. Thanks to a hypnotic suggestion, Peter decides not to go to work at the same time his company starts laying people off. When layoffs affect his two best friends, they conspire to plant a virus that will embezzle money from the company into their account. The movie sports the scene where they take the fax out and smash it with baseball bats, the traffic scene on the way to work, the scene where he gets asked to work on Saturday, the scene where he pictures his boss and his new girlfriend (Jennifer Aniston) and of course the stapler. It is a classic and would be very easy to end up watching again tonight, as I write this…
2. Sneakers is probably one of the best hacking/phreaking movies of all time. Sure, it’s a little dated, but they all are. It was pretty good for the day though, and no completely off-the-wall ideas about what is and is not possible. The guy from 30something is awesome (aka “Dick”) and Martin Brice (Robert Redford) does a great job. River Phoenix is awesome and Dan Aykroyd is just like every conspiracy theorist ever. “It’s Not About Who’s Got the Most Bullets, It’s About Who’s Got the Information”. Great lines, great writing, great cast and still holds up as a pretty good movie after all these years (20, since it was released in 1992).
3. War Games is about Ferris Bueller (or a nerdy whizz kid of a Ferris Bueller) who connects into a top secret military mainframe and ends up with complete control over the United State’s nuclear arsenal. He then has to find the physical mainframe and disable it. What’s so awesome is that it’s InfoSec 101: use a password, put multiple layers of security in place and don’t hook ICBMs up to unsecured systems. Really makes the Wozniak quote “never trust a computer you can’t throw out of a window” make sense. I’ve been waiting for years to hear “shall we play a game?” Just like when I consider having an argument with my wife, “the only winning move is not to play.”
4. Tron is a movie about Kevin Flynn, a video game designer that gets converted into a digital person by an evil software pirate named Master Control. Disney somehow manages to take Jeff Bridges and turn him into a 3D version of himself. Complete with geometrical landscapes that comprise cyberspace, games and there’s even a girl (the one place where Tron isn’t very lifelike).
5. Hackers is the story of a young boy gets arrested by the Secret Service for writing a computer virus. He’s banned from using a computer until he turns 18. As a teenager, he moves to the big city to discover an awesome 2600-style underground of computer hackers. This one is complete with a teenage Angelina Jolie, skateboards, trench coats and modems. While it’s not completely realistic, it’s not utterly fantastical either (other than the hax0r kid getting the hot girl part). Imagine my disappointment when I got my first job with computers and Jolie wasn’t waiting for me…
6. Weird Science is a typical 80s flick about two unpopular teenage boys who “create” a woman via their computer. Their living and breathing creation is a gorgeous woman, Lisa (the name of the predecessor to the Macintosh, whose purpose is to boost their confidence level by putting them into situations which require Gary and Wyatt to act like men. On their road to becoming accepted, they encounter many hilarious obstacles, which gives the movie an overall sense of silliness.
7. Antitrust is a fictional account of computer programming extraordinaire Milo Hoffman. When Milo graduates from Stanford, he is recruited by Gary Winston, a character loosely based on Bill Gates. Winston is the CEO of a software company called NURV, on the brink of completing a global communications system called Synapse. Tragedy soon after strikes when Teddy Chin is murdered by a pair of Milo’s co-workers who made it look like a hate crime. Milo’s girlfriend Alice Poulson is turns out to be helping Winston and there are even bad guys working for the company inside the Justice Department. Basically, the message of the movie is that if you like computers, you should trusting no one and that nothing is as it seems. Luckily, in the real world, secrets can’t be kept for long (the more money you have the harder it seems to actually be to keep secrets). Which is why things like this don’t actually happen. But hey, at least we geeks get to feel important for a little while and this movie was actually well made. Having said that, Ryan Philippe is mediocre. Which was actually good enough in this one to be acceptable.
8. The Matrix is a fantastical look at futuristic hacker/programmer Thomas Anderson, living an ordinary life in 1999. Until Morpheus leads him into the real world, which is actually 200 years later and taken over by evil robots machines. The computers have created a fake 20th-century life called the Matrix to keep the human slaves asleep. The robots get power from the humans. Anderson is constantly chased by Agents (the opposite of that shirt that reads “I could replace you with a very tiny shell script”). At one point, the agents start replicating (I’ve accidentally filled a drive up by looping through cp before too). Anderson gets a cool name “Neo” and gets to be played by Keanu Reeves. All’s well (albeit varying degrees of well) until he becomes one with the matrix after about 7 or 8 hours of watching the movie. Actually, movies. It’s a trilogy. But Trinity (Reeves’ love interest) does use Nmap to run sshnuke against SSHv1 CRC32. Not a bad exploit for a lady wearing all leather…
9. The Net is the story of Angela Bennett, a computer expert whose interconnectedness comes back to haunt her. Back when Sandra Bullock was young and beautiful, she played an analyst who was never far from a computer. A friend like many of my own, whom she’s only spoken to over the net, Dale Hessman, sent her a program with a weird glitch needing debugging. She finds an easter egg on the disk which turns her life into a nightmare. Her records are erased from existence and she is given a new identity, complete with a police record. The best line is “computers are your life aren’t they?” Mostly because I find it easy to identify with such a line…
Oh, and she uses a Mac!
10. The Girl With The Dragon Tattoo is the most recent movie on this list. And there are more than one. I won’t say to see one over the others, but do check out the hacker girl. The latest installment has the most awesome song from Trent Reznor in the soundtrack, which I could totally listen to while writing scripties (and have).
11. Takedown is probably the movie that cost the least on the list to make. It’s not a great movie, but worthy of cult status to many. But here’s the thing: hacking stuff is pretty boring to watch. Unless of course, it’s the 2 days a year you leave your basement to go sit in Las Vegas and hack stuff with real humans around you…
12. The Pirates of Silicon Valley is a documentary about the tycoons that took control of the personal computer market. It starts with their time in college and then covers the actions that built up global empires now known as Apple and Microsoft Inc. My favorite part of this is the way that they made Steve Ballmer out to be a complete idiot. The parts about Bill Gates, Steve Jobs, Wozniak and Paul Allen were pretty well known to me, even before I saw the movie. With Noah Wyle I kept thinking that at some point he was going to throw on his scrubs and start giving someone an ER-style heart surgery. Anthony Michael Hall plays an uninspired Bill Gates. The best part of his part is when he does Saturday Night Fever on roller skates and then falls down. When he became the wealthiest man in the world I wonder if he got skate-dance lessons.
13. Swordfish was just a bad movie. But every computer nerd is going to watch it and hopefully turn it into a drinking game of some sort. Let me get this straight: a guy is supposed to hack into some of the most complex systems in the world and was supposed to do so while having relations with a lady and having a gun pointed at his head. Oh, did I mention, he’s dead if he isn’t done in 60 seconds? There are some really good uses of real computer stuff on some of the screens at time. But, Travolta should still give up his SAG card.
14. Johnny Mnemonic is the story of a data courier, again Keanu Reeves, who accepts a payload to big to keep in his head for long, that he then must deliver before it kills him. Classic Reeves, a cheesy flick. Has Dolph Lundgren, so must be at least funny-bad. Ice-T and Henry Rollins make appearances too (the 1990s, baby).
15. Live Free or Die Hard is the latest (4th) installment of the Die Hard saga. In this one though, the Mac Guy helps Bruce Willis hack into stuff and blow stuff up. This gets to be on the list because Bruce Willis says: “Command Center, it’s a basement.” I thought maybe he was talking about my place…
16. Minority Report is on the list because the tech that guy has was awesome. Not as good as the tech that Iron Man has, but a bit more realistic in some places. I actually think that a few products were developed after engineers watched this movie personally, and I’d love to see the rest made possible. Might have been higher except the cast.
17. D.A.R.Y.L. – After watching D.A.R.Y.L. I think I spent years thinking I was some sort of robot. Probably explains plenty. When I finally got around to reading Isaac Asimov’s Robot Series I guess I didn’t think I might be an android any longer. “It’s only human to make mistakes, but Daryl never does.” In this movie, a kid realizes he’s actually an artificial intelligence. He then gets chased down by the government, looking to reclaim their intellectual property. Classic ET-style the government are the bad guys kinda’ moments ensue.
18. Untraceable is a move from 2008 where Diane Lane plays a fed trying to track down a serial killer who posts live video of killing victims on the Internet. It’s borderline B-movie, but it’s not too badly done. Any plot gaps or technical mistakes I let slide due to the fact that the movie is set in Portland and the fact that I’ve always enjoyed Diane Lane.
19. Tron: Legacy is the second installment of Tron, which comes almost 30 years later, his son joins him in a movie that is more like the Big Lebowski turns digital samurai than the original… I’m kinda’ suck of the rich brat concept. But at least he breaks into a data center and blows stuff up before getting sucked into the Matrix…
20. Eagle Eye is the story of Jerry and Rachel, two strangers thrown together by a phone call from a lady they have never met. She makes them and others perform a series of increasingly dangerous situations, using everyday technology to track and control their moves. Turns out she’s a computer. Shia LaBeouf is the star of this. How he got to be the star of this, Transformers and the replacement for the Indiana Jones movies is beyond me. He’s not a terrible actor, but he’s not worthy of such reverence from the nerd/action movie elite… This is not as awesome a nerd movie as it is a symbol of the future of nerdy movies. I guess this one is more about that thing people call Mobility than computing, but close enough…
21. Lawnmower Man should have just been one movie. The only one with Stephen King, this was the first VR movie I remember seeing. Pierce Brosnan is the not-really-bad guy, but the creator of the bad guy. This is like a digital Frankenstein flick.
22. Disclosure is another movie from the 1990s (1994) that shows Michael Douglas getting seduced by a woman. But this time, he ends up stopping before he closes the deal. So instead of boiling the family pet, he just gets sued for sexual harrassment. Lots of computers and screen shots. And Demi Moore in a 90s power suit. Awesome stuff!
23. Virtuosity is about a virtual reality serial killer who’s actually more of a composite of serial killers. Weak plot, but Russell Crowe wasn’t a big star yet. It’s like of like Demolition Man, but with the VR spin on it. Russell Crowe is totally psycho. And he wears a couple of awesome suits in the movie (I’m pretty sure one of them was in Cool World as well). 50 terabytes was a lot back then!
24. eXistenZ is another artificial reality movie, but Jennifer Jason Leigh is a video game designer. I thought that the BioPort concept was too much, especially for the time. The theme was already a bit done by then, but it was at least a weird new twist…
25. The Computer Wore Tennis Shoes had Kurt Russell. It was from the 60s. But the time spent on explaining all the computing was awesome! The best part about this movie is that glimpse you get of what computers were like before the advent of the personal computer. Thank you to the Altair, Apple and other machines that helped to get us into a new world order!
Finally, while this clip isn’t a movie, if you were curious what hacking stuff really looks like most of the time:
Very much excluded from this list:
Active Directory (45)
Articles and Books (92)
Final Cut Server (44)
Home Automation (12)
Mac OS X (852)
Mac OS X Server (672)
Mac Security (410)
Mass Deployment (329)
Microsoft Exchange Server (48)
Network Infrastructure (72)
Network Printing (4)
On the Road (58)
public speaking (59)
Social Networking (32)
Time Machine (6)
Windows Server (97)
Windows XP (105)