Justin.MadIrish.net

It is a professional hazard in security to become stuck in a reactive stance, always running to put out the latest fire. Many security personnel find themselves in this mode and cannot seem to escape it. It is important, from time to time, or especially in the case that it has never happened, to stop and take stock of an organization as a whole. No matter how pressing the issues of the moment seem, it is critical to examine your organization from the top down in order to develop, and maintain, an effective information security program. While this sort of planning can seem like a waste of time when the very real threats are battering down the proverbial door of your defenses, it is critical to take a measured approach to your security response in order to be effective, especially with limited resources. The first step to achieving this goal is to gather effective intelligence, specifically having accurate monitoring systems and incident reports.

Today I ran across a case of someone blatantly republishing my content without consent or approval. They're publishing the content on Google's blogger.com. I figured it would be a simple matter of notifying Google and getting the content removed. Unfortunately, in their infinite wisdom, Google makes reporting copyright violation a royal pain in the ass! You have to actually print out a letter, include very specific language, and mail or fax the letter to them. The whole process reminds me of the hassle you used to have to go through to register a domain name.

If you've ever done a Google search for your name you'll be shocked at how much information comes up. There are customer profiles on commerce websites, your profile on social networking sites, heck, perhaps even the deed transfer information from when you bought your house. Of course, we all want our friends to be able to find us online, but often times too much information about who we are gets leaked onto the internet. I'm fine with people finding my e-mail address, but finding out where I work, where I live, my phone number and my Amazon wish list is a little too much for me. There are even new sites like http://pipl.com that do deep searching and pull all these details our for any casual searcher.

For those wondering what to get me for the holidays, here goes:

1. A Lintop
2. An Asus EEE 4G
3. Nintendo DS with Zelda
4. My Amazon wish list
5. Gravis Backpack

This LC-3 program performs simple encryption and decryption of character strings. The encryption algorithm consists of a numeric key from 1 to 9. This key is used to encrypt or decrypt the input string by toggling the low order bit of each character and then adding the key to encrypt and subtracting the key to decrypt each character (depending on the specification of the input). This program was written as part of a class assignment and is assumed to work on character strings of 10 characters or fewer.

My main motivation for posting this code is the dearth of LC-3 code samples available online. LC-3 (or Little Computer 3) is an architecture used for instructional purposes only.

IEEE 754 Binary Floating Point is a 32-bit representation (for single precision, 64 bits are used for double precision) for floating point numerals. The 32-bit representation consists of three parts. The first bit is used to indicate if the number is positive or negative. The next 8 bits are used to indicate the exponent of the number, and the last 23 bits are used for the fraction.

Converting decimal digits to IEEE binary floating point is a little tricky. The purpose of this article is to outline a simple method for completing this conversion.

The first step in the conversion is the simplest. This is determining the first bit. If the decimal digit is positive then this bit is 0, if the decimal digit is negative then this bit is 1.

The next eight digits are used to express the exponent, which we'll figure out last.

So I started up logging on this site the other day, mostly out of curiosity. I was completely disheartened as soon as I did though. Come to find out some of the most common hits on the site are by people looking to exploit a basedir file inclusion vulnerability. What's worse, this is a vulnerability that exists in some of the software I've written and released open source. In any case, these assholes are basically trying to break into my server by exploiting this vulnerability.

What pisses me off most about this is that I'm the freakin' author of the software that was vulnerable - and I'm the one who wrote the patch. Who are these people? They're blindly trying the exploit against other software that doesn't even have the same code base. For instance:

While it's still early for St. Patrick's Day I thought I'd point out an interesting tidbit I noticed from my server logs recently. I currently hold the number one Google result for quite a few random queries, some that I never would have suspected. These top rankings tend to be articles on my website that are concerned with Linux troubleshooting, security, databases, odd programming challenges and so on. Because my website hosts so much eclectic technical data (mainly results of troubleshooting problems that I know I'll never remember - and thus I document), I'm not surprised by many of the results. Among the hit parade are:

math in bash shell
hack into a website
update urpmi database