Tophography

All things Topher, and other stuff too.

If you know me personally, then you should probably go find something better to do. If you found this through Google, I hope you find it useful. Symbolic Execution has never made much sense to me, even after reviewing a number of papers for my co-worker that relied on this idea. I understood what it did and why it’s important, but I still didn’t feel completely comfortable with it. It finally clicked for me while I was reading a paper titled, “Generalized Symbolic Execution for Model Checking and Testing“. If you’ve had trouble getting your head wrapped around this topic, give this paper a try. Read sections 3 and 2 first, and then have a go at the whole thing.

Almost everybody I know has a Facebook account. It’s pretty much like having a cell phone. With so many people using it, it has become a favorite target for wicked, little computer monkeys (phishers, crackers, and other of that ilk). In fact, just today I received an email from somebody trying to steal my Facebook password, and there was an article on the BBC’s website about new attacks on Facebook and its users. Why, you may ask, would these evil monkeys want to mess with my Facebook account? Well here’s a few ideas:

  • Getting Your Password – Is your Facebook password the same password that you use for other websites? Your email account? Your bank or credit card? If somebody stole your Facebook password, what else would they be able to access?
  • Installing Viruses – Some attackers don’t want anything to do with your Facebook account. They just want to make you think you’re logging in to Facebook in order to gain your trust. This way they can more easily persuade you to install viruses on your computer. They could fool you into installing a program that records everything you type (including passwords as you log in to your bank), or other programs to control your computer.
  • Annoying Advertisements – Have you ever seen one of your Facebook friends posting a link to some strange website (Find Your Crush! etc.) and think that it was a little out of character for them? Their account was probably broken in to. Advertisements can also be used to trap other unsuspecting users and steal their passwords.

Of course, now you’re wondering how to protect yourself. The best line of defense on the Web has always been to understand what a URL is and what it does. URL stands for Uniform Resource Locator. It’s the thing in your address bar that determines which website you go to. Things like “http://www.google.com” or “http://en.wikipedia.org/wiki/URL” are two different examples of URLs. The most important part of the URL is the domain name. The domain name is the last part of the URL before the slashes (‘/’) start, but after the http://. For an example evilmonkey.com is the domain in this URL: http://www.facebook.com.friends.profiles.evilmonkey.com/other/distracting/stuff/. At first glance, you might think this would lead you to a facebook page, but if you look for the domain name, you’ll see that it’s really going to take you to some website controlled by evilmonkey.com. This is the most popular trick used to steal people’s information on the Internet. If more people would look at the real domain name before clicking on a link then the evil computer monkeys would have a lot less success with their nefarious, little attacks.

To complicate things even more, evil monkeys can even make a link look like one thing, but have it take you somewhere completely different. For example, this URL: http://www.facebook.com will also take you to evilmonkey.com. To see the real URL for that link, just hold your mouse cursor over the top of it, and the real URL that it will take you to will appear on your status bar (should be on the bottom-left corner of your window). As a rule, you should always check the domain name in your address bar before you give any sensitive information to a website.

I’m sorry to say that there are more complicated attacks that can make the URL appear one way, but redirect you to an evil monkey’s server anyway. Although possible, you are very unlikely to be the victim of such an attack. I just had to mention it so my tech-savvy friends won’t bug me after reading this article. Just remember to check your URLs!

First of all, I really need to start keeping a journal of the dreams that I’ve been having lately. Not because I believe that they have any special meaning; I just think that they’ve been rather entertaining. Last night’s dream had some very strange parts, but my favorite was when I was sitting on the floor of a bakery, chatting with Paula Dean about her thoughts on Python and Web Programming, while I was sucking chocolate frosting out of these weird little piping devices. The cupcakes that I had at the birthday party last night must have made quite an impression on me.

(The onion with LSD-like side effects was a pretty weird part of the dream too, but I don’t remember much of that part)

I had to start learning Perl this week for a little project that I was assigned. I spent most of Tuesday reading out of Programming Perl, and then spent all of Wednesday porting a Bourne Shell script over to Perl. Even though reading from the Camel book for 8 hours in one day was not particularly enjoyable, I now feel like I’ve finally gotten over the hump. Okay, now that I’ve shared that gem of a pun with you, let me also share the real reason for this post. I’ve found Perl to be somewhat artistically inspiring, and in honor of the language, I’ve created this fine piece of art that I now present to the world.Perl Cat

And remember,
Real Men use strict;

Whenever I’ve listened to somebody give an explanation of RAID, they always emphasize the point that “RAID is not a backup.” It’s a good point to make because people often assume otherwise. I just read an interesting article (also) about a Swedish hacker that set up a bunch of TOR exit-nodes, and sniffed the traffic. That’s right, TOR is not encryption. We all know what happens when we assume, and assumptions are especially unacceptable when making important decisions about security.

I’m sure that I had a lot more to say about this when I stuck this in my draft section almost 3 months ago, but it’s been so long that I think I’ll just be done with it.

Last night, I found myself wandering the unfortunately named Provo Towne Centre Mall. Firefox knows my locale, which, as far as I know, is also the same locale of the mall in south Provo. Because of this, Firefox is sufficiently intelligent to inform me that I spelled both “Towne” and “Centre” incorrectly, given my locale. Every time I see a sign owned by a person who apparently believes that British-izing their spelling makes things quaint or chic, I feel the need to offer the public the same courtesy that Firefox gives me, and spray-paint a large, red, squiggly line underneath the offensive words.

Perhaps I shouldn’t be so judgmental. For all I know, the mall might exist is some “Little Britain” district of south Provo. It’s possible that in March of 1962, there was a great cod scarcity in the Atlantic, brought about the conceivable over-fishing of cod during the previous decade. This conceivable over-fishing could have been due to certain advances in frying techniques that might have been made in 1953, making the old, British standard of fish and chips even more popular. It’s logical to assume that if this potential string of events did, in fact, occur, that it could have lead to a great rise in a unemployment in those who worked in the fishing industry, leading to a possible exodus of British fishermen ending up in south Provo, and working for Geneva Steel, and thereby justifying the spelling on the Provo Towne Centre Mall’s sign. I have very little reason to believe that such events actually took place, but I really don’t have reason to believe that they didn’t.

I imagine that if you are still reading this, it’s only to discover what on earth all of this has to do with colonial jurisprudence. I’ll explain. Finding myself in strange and disagreeable surroundings, I sought out something more akin to my natural habitat. That, of course, would be WaldenBooks. I had about 30 minutes until my group’s table would be ready and I would have to return to the restaurant, so I spent about 35 minutes in the bookstore. This led to a small amount of philosophical introspection, which I promise will eventually explain the title of this posting.

Lately, I’ve been spending quite a bit of my time reading and browsing through bookstores. Some of the books that I’ve acquired over the last month include a collection of Ayn Rand’s early works, Origin of Species, 3 Theodore Roosevelt biographies, and a collection of food articles by Mark Levy. Not only am I spending more time reading, but I’m also reading more widely. I thoroughly enjoy it, and I also appreciate everything that I’ve learned and the different set of ideas that I have to contemplate, but I also am worried that maybe this isn’t the best use of my time. To reference two talks by Elder Oaks, sometimes I wonder if I could be labeled as one who is “ever learning, but never coming to a knowledge of the truth,” or even one who is sacrificing great things in order to busy myself with things that are just good.

This all leads up to the latest manifestation of my possibly unhealthy interest in reading. That would be me, curled up in my bed on a Saturday afternoon, reading about colonial jurisprudence from a copy of “A History of American Law,” which I bought last night at WaldenBooks in the Provo Towne Centre Mall.

Ever since I first started to to explore the Internet, I’ve come across quite a few writings discussing what it means to be a nerd. The wording is different, and sometimes I’ve even seen pieces completely focused on distinguishing the terms geek, nerd, and dork. The first write-up that I remember reading was a rather adolescent essay called, “The Conscience of a Hacker by somebody with the rather pretentious moniker of, “The Mentor.” Every so often, another piece would show up on Slashdot, many of them from people within the FOSS (Free/Open Source Software) movement, like Eric S. Raymond.

Most of the things I’ve read have been entertaining, for a nerd/geek like myself, but still rather broad and obvious. I came across a new one today (when I should have been finishing my programming project) that I found to be rather insightful. I identified with a number of points that the writer made. I especially enjoyed his comments about “The Cave” that nerds will use as a retreat/workspace. After reading it, I realized that, during the past month, I’ve caught myself spending quite a bit of time trying to turn my bedroom into a suitable Cave.

So, have a look-sie, and get to know your nerd (or yourself) a little better. Not every nerd will fit neatly into this mold, but I think that most of what he has to say is generally applicable.

In case you missed the link, this was the whole reason behind this post.
http://www.randsinrepose.com/archives/2007/11/11/the_nerd_handbook.html

I found myself in Harmon’s last week. Harmon’s is the best (as far as I know) grocery store in Utah county. It’s one of my favorite places around Provo, along with Borders, the used-book store on Center Street, and (occasionally) Bed Bath & Beyond. During this trip to Harmon’s, I focused all of my attention on just two areas, the meats, and the cheeses. For the past month, I’ve been eating an unusual (for me, anyway) amount of cheese and sausage. Mostly Italian sausages and bratwurst, not those 3-foot long beef logs that you get for Christmas.

I suppose the cheese thing started at our Freakishly Fantastic Fun-Filled Fischer Family Fiesta in July. My sister and my brother-in-law, Duben (a self-described cheese-lover), organized a cheese night for us. One of the cheeses that they served was called Dublin, from an Irish cheese-maker called Kerrygold. It was delicious. In fact, it IS delicious. I’m snacking on a bit of it right now (don’t worry, it’s a new block). Well, the cheese night was fun, and that was that until the first weekend in October. On the Friday before General Conference, I found myself craving delicious food. If I had a girlfriend, we would have immediately left for Carrabba’s. As I don’t, and I’m not one to dine out alone, I went out to forage in Provo’s grocery stores. Three grocery stores and 25 dollars later, I came home with a wedge of Parmigiano Regiano, two different kinds of Irish cheese, and some spicy, Italian sausages. I deemed the evening a success.

So, back to Harmon’s. After the Kerrygolds and Parmesan, I wanted something even more interesting. And what’s more interesting than a cheese that you’ve never even heard of? I found a couple strange cheeses, like the local varieties (who knew Utah had a cheesemaker?), and a couple others. I finally settled on a small wedge of something called Morbier. It was the perfect choice, I had never heard of it before, it was a semi-soft (I’m not very familiar with anything but hard cheeses), and it had a line of blueish-green stuff that ran through the middle of it. After a quick perusal of the meat selection, I also discovered that Harmon’s makes its own sausages. I felt patriotically obliged to buy a package labeled, “Greek Chicken Sausage.”

During my time as a missionary in Puerto Rico, there was a certain smell that I grew accustomed to while traveling on country roads. This specific smell was that of the occasional bloated, dead dog that one can always find along the roads of the Puerto Rican campo. This smell is also very similar to that of an unwrapped piece of Morbier cheese. It was amidst memories of biking along dusty, country roads that I steeled my nerves in preparation to place the smallest piece of this cheese into my mouth, all while my olfactory system was telling my gastrointestinal system that my muscular system was about to do something very stupid. Well, no surprises here. It tasted like it smelled, and that sums up my entire relationship with Morbier cheese.

Feeling rather dejected after being defeated by a 7 ounce wedge of French cheese, I opened my package of Greek Chicken sausages, and grilled them on the balcony. After my first bite, I felt that the evening might yet be saved. My tongue’s attention was completely distracted by the taste of Feta, chicken, and various herbs. I smiled, and went back for more. It wasn’t until my third or fourth bite that my tongue fully regained its senses enough to inform me that the sausage was extremely dry. I have a small suspicion that I tend to overcook my sausages, but I don’t think I can take all the blame for the poor condition of this one. By the time I moved on to my second piece of sausage, the only thing that kept me going was my deeply rooted sense of obligation to certain nameless, starving children in China. I think it is horribly tragic that, with our advances in agricultural techniques, anybody is allowed to go starving, and that anybody could create such an unfortunate piece of sausage.

A rather long time ago, I started doing some research into a network attack technique called “arpspoofing.” My proof-of-concept attack consisted of my laptop attacking my lab workstation. As my workstation requested the BYU home page, my laptop would drop the request before it ever left the lab, and send an altered version of the webpage back to my workstation. Instead of sending my username and password to BYU, they would just be sent to my laptop.

This took me a very long time. Instead of looking for some high-level way to do this, I got down and dirty with pcap. It was very interesting to implement, and I learned quite a bit about Ethernet, ARP, IP, and TCP. Unfortunately, it was mostly one big dirty hack that was locked into attacking my workstation, and only serving up a bad BYU home page.

Months later, as I was working on a poster to inform people about how to avoid such attacks, I came up with a way to do the same thing with Squid. It only took me a few hours, and I had similar attacks set up for BYU, Washington Mutual, and Hotmail. Later, I was even able to produce an attack on BYU’s old “Secure Sign-In” page by subverting one of the javascript files that it referenced (this is why we don’t mix secure and insecure content on our webpages, children).

So, I later finished my poster (after a copy was sent to BYU’s IT dept.), and it stayed up for about a week. If you look at it, you’ll notice that it lists a few vulnerable websites at the bottom of the poster. A curious student happened to read the poster, and then call up his bank (most likely WaMu) and tell them that their website is insecure (it still is). Of course, the tech at WaMu told the student that there was nothing to be concerned about. Somewhere in the conversation, the student said that he had seen a poster at BYU that said this and that about their website. Eventually somebody at WaMu called somebody at BYU, and that somebody called the CS department, and then my poster was no more.

But, some good did come out of it. This morning, one of my lab-mates emailed me this link. BYU as locked down their “Secure Sign-In” link, and now they’re going to get rid of the completely insecure login form that’s been on their home page for years. Yea-ah.

So there you go. That was a rather long rant. Also, if you’re curious about WaMu’s website, yes, it’s insecure. It’s not a HUGE problem, but here’s what can happen: When I’m plugged into a network, I can point my attacking program against any other machine on the local network, and if that person logs into WaMu’s homepage, I’ll get their password, and they’ll have no way of knowing. The victim logs in just fine without any hiccups. I’ve also be told that this attack can work over wireless too. If you want to be sure that you’re not being attacked, just submit an empty form, and it will take you to a secure page.

Telnet is a wonderful tool for sysadmins and network application programmers. If you ever find yourself wearing either of these hats, you’ve got to know how to use telnet. Though, sometimes telnet requires a little too much from the user in order to get anything done. Netcat to the rescue! This is a tool that I’ve seen used before, but only recently really looked in to. Netcat (‘nc’) can be used as a server or a client, Netcat can be used to transmit files, Netcat can even be used as a port-scanner. Once I found myself trying to debug a web server with telnet. It was a pain to type in all the HTTP request headers by hand. If I would have known about Netcat, I could have just done this each time:
nc host 80 < request.txt
and just edited the request.txt file each time I wanted to try something different. Go read the man page (man nc), it’s actually well-written.

Now for the next cool tool! Ever wanted to do some testing on a server that uses TLS/SSL? Telnet obviously isn’t the answer. OpenSSL to the rescue!  s_client lets you have the simple power of telnet, but it takes care of all the overhead of TLS/SSL.  You can use s_client to test a server to find out if it will allow SSL2 sessions, or find out what happens if the client only requests certain ciphers.  s_server gives you similar control from the server side.