KellyKeeton dot Com v3.0 reverse engineering life

13Aug/130

nerd dad domain fun

What better way to be a nerd dad then to purchase domain names for your whole family?

http://www.kellykeeton.com

http://www.katiekeeton.com

http://www.katiekeeton.com

http://www.maxkeeton.com

http://www.mollykeeton.com

So that takes care of that!

10Mar/090

website

While searching for something today I accidently typed ‘website’ intogoogle. The results for the first page are interesting if you consider that everypage on the internet says “Welcome to … Website” on it here arethe google rankings for today some are easy to guess some are odd?

1)wikipedia definition

2)Microsoft

3)website.com

4)witehouse.gov

5)barackobama.com

6)adobe

7)starbucks

8)apple

9)Subway Restaurant official

10)IRS

ok so I understand all of them but Subway, how did they get up there? interestingnote is that 3 of the sites are all Seattle based. and the only software sites. 2.5government sites and 2 are other …interesting here is hoping blog.kellykeetongets up there for website

Filed under: Internet No Comments
19Nov/080

Security for Soccer Moms

I want to create a new presentation called Security for Soccer Moms. I was talkingto someone at work who went to a PTA event and there was a “CISSP” therewho knew a lot about security and children (uhh…) So I wanted to jot thisidea down, so someone can steal it or I can just have some free hits for keywordsof people looking for porn.

Mind you this blog is nerdy so this is the technical idea’s for a class thatI would like to teach with more of a “soccer mom approach” so if you thinkthis is interesting contact me or my company. If you dont get what I publish heregive it to a nerd to debug for you It will give them ideas on how to deal with yourcase.

There are a LOT of resources on this topic and I will choose to look at the free ones.Sure there are the net-nanny products that stop you from looking at porn on the internetbut they are all easy tostop when your kid gets smart, and lets face it who likes to pay for somethingthat takes up memory on likely your home vista computer to make it run even worse.

So I present My list, I will add to it over time. I make this list in dedication toall the crazy people who have kids from high school allready… yikes.

The # 1 rule I have, untill you trust your kid -never allow a computer in a privatearea. (that has internet) I wouldnt reccomend it anyway keep your kids in view untillthey are old and you trust them. or kick them out.

  • PREVENT SOCIAL ENGINERING
    • This is the most effective tool to keep your children safe from scarry assholes
      • Talk to your children about NOT using real facts of life, avoid puttingwhat your dad really works for,
        • dont take a picture of your house address or link to it on google maps.
        • Dont publish your birth year, use a fake year.
        • Dont publish your own work history or keep it vague or mess up addresses for locations(I work at boeing in spokane)
        • Dont publish your last name, or put a inital only (harder to stop kids dooin this)
        • If you have rules about phones, publish only cell numbers that cant be traced by normals andwatch your kids bills for strange 212 numbers.
        • Dont publish details on your school where possible
        • set up a email for your kids to use “on social networks” only (and monitorit)
        • Dont give dates when you will leave for vacation talk about it when you get home!(or I will just come steal your crap)
      • I think you get the idea – just mess things up a little change on your end causesa bad guy to keep moving to someone easy. In the end it all comes down to your parentskills, a parent that says “I dont want to look at my kids site to see whatthey are up to” haha then why are you reading this?? There is no privacy ofa 7 year old on the internet, I dont care about your hippy views. Talk to your childrenwhy you monitor the activity and when they get older put a level of trust in themand dont monitor. If they screw up then kick some ass.
      • Want to scare yourself? Google your Children’s Names see whatdata is out there on your home, family, child…
      • Also remember LOOK at your kids social pages look at history etc to see if they usemyspace etc (this also applies to you and linkedin)
  • Prevent MalWare
    • This is just a crappy fact of life now, its very hard to stop this with out tehncicalcontrols.
      • Use a “safe browser” in a virtual machine, it works great and there arepleanty of bootable browsers (just download ubuntu)and have the kid boot up ubuntu live and use the internet. then whatever they messup you just reboot to fix. But they still can use flash etc etc etc.
      • Use a host file redirector,most kids wouldnt figure this out untill they get real smart and if they are thatsmart they are beyond you trying to control them with just software. Blocks Ads-Mal-X or Porn
      • Use free services like openDNs whichare a bit more easy to deploy
        • set your firewall to use that DNS then dont allow 53 out of your network (53=DNS)and then people CANT use internet with out some more serious hacking. meaning. Block53 outbound from the workstations on your network. but allow your special DNS server(in most cases your firewall relay) as the only IP alolowed to do DNS lookup. thatway the kids (workstations) cant even use the internet with out going thru your proxydevice (dsl router with DNS protection on words or sites etc, pfsence is a good example)
      • most all opesource firewalls include some abilityto do the same things for blocking sites, some will even replicate what netgear etcwill do and put a “block list” of words into your layer7 traffic. So ifyou go to a site that contains the word “boobs” it will disallow the request.(see your hardware for how to do that, as this is about free things) Just learn toleverage what you likely allready have
      • these methods can all be used to block social network sites if wanted
    • Tip: remember to remove the hosts file from the recent open files list, and use notepadto edit it so that you dont leave tracks of what you did.
  • Time restrictions of internet use
    • Kids hate homework they like myspace
      • Most all opensource firewall will allow a time browsing option, the pfsence firewallwill allow you to require a login like at starbucks and only allow you for a ammountof time in a time block. or you could charge your kids
      • a lot of consumer routers (things you buy at bestbuy) also have this feature use whatyou got!
  • Proxy, Ideally Proxy is awesome for a lot of reasons but its out of scope for theaverage home. But if your a nerd or nerd home check out a SquidWeb Proxy and you can lock it down as the only outbound host. then you can browsefor porn but your kids cant etc.

So Remember– The security of your children is also your security.The tips here are also tips for you. The more you talk about it and let them use thetools and sites they want the less they will fight you and hide things. A opensourcerelationship is one where everyone learns.

And no I have no children, this is all assumptions.

This document is a work in progress right now, give feedback if you think of othermajor issues that you have with kids or know of with kids using the internet. I willmake a new section and blather on about it.

Filed under: Internet, Security No Comments
28Oct/080

Google, The Good, The Bad, The Ugly.

So every internet user in the world knows about google, hell I couldn't do my jobwithout google and even go as far as to put a line item on my resume saying “proficientwith google search to accomplish tasks”. Its the best home page as its simple,(unless your dave who uses yahoo). Its white like macintosh hardware so people thinkits cool. They have sharable calendars, documents, pictures, You Tube, etc etc etcetc etc.

But is google really all that the ibook users crack it up to be? I don't think so,I have long been afraid of google and the masses that flock to it like crows to abigmac in the street.

lets start off with The Good, google is an amazing search engine,its clean and they have the best user interface of any search bar none. (consideringthe top 4 not the little fish rip off’s of google UI) google has a search barthat is handy and youtube is social marketing for the future. see any fanboy for furthergood, as this post isn't really about the good.

RSS reader, this is one of the tools that I think google has that is actually veryhandy, as my RSS isn't private information and I dont care what marketing informationcan be gathered from it its the best reader I have used, and its free! a cool trickI just found was to look at your stats, see here is the day of week I read blogs aswell as the number of subscribers to feeds in google. Notice that Katie has 5 readersin google… cool.

Google_003Google_004

The Bad gmail, seriously. why do people think its the wave of thefuture, I think because one reason, it was invite only at the start. exclusive clubemail only, awesome way to make people want it. but in the end, you have all youremail up on a search engine. in subject view only. what if you want to sort or folderyour email, oh you cant, you can search or tag. but the idea of the subject view hasbeen around since outlook 97.

The ability to share information, we all know of google hacking, put this into yoursearch… filetype:txt"enable password" but the information isnt stopping at what youhave on your webserver any more, your employees synch your office applications withgoogle to make the iPhone blah blah, and release your corporate information.

Google_005

need I say More? (i just found this while looking for fun info)

I was looking at google documents, it appears that there is no easy way to searchhowever I will research more and post up, however this is not cool. yes store yourpersonal info on google, sounds like a great idea.

The Ugly googleis comming out with new applications every day to take personal information fromusers, I wont even get started on the google browser, or cell phone. I will focusmore on some fun things that caused me to write this blog post. might be FUD but allthe same it has merit.

I dont know if you have seen googles new enhancements to picasa, just like myspaceetc you can now tag people in pictures just to help out the search engines find youby text, but google didn't stop there. You can put the tag to the award winning googleearth to locate where they are at. Nice. (more on that award winning app later) wealso know from prior that you can search for only faces in image search by addingthe &imgtyp=face toyour URL

Sure thats a nice example but really, how good is it… here is a nicevideo on how you can play with it and whats so scarry about all this? wellif you dont care to mess around with the account to test the facial software, checkout the new line of SonyCameras with “smile shutter” Im not sure if sony released v2 of this,a lot of reviews online are bad, however I just got back from best buy, where I playedwith a camera for about 30 min in the store it works perfect. I was scared that itsso good in consumer 170$ camera.

So whats to worry? well lets just consider this math equation.

600px-US-FBI-Seal.svg  + Google_006 =the largest database of oh shit.

and one last ugly I will leave on, if you didn't think I had a point with the rest…

Google_001

thats great google, keep a large database with info that I would like to have in asearch engine company.

 

 

Filed under: Internet No Comments
12Jul/080

robots.txt file reporter

So if you didnt know, over the holiday weekend I fell off a 15ft clif and messed up my foot real good. Well as I was sitting on the couch all weekend I wanted to make a script to convert robots.txt files that are on webservers inito a nice little clickable HTML map for reporting and pen-testing. A little bash hacking and I Have a nice little working script. so I present - I think the worlds first robots.txt to HTML page converter.

update: changed the raw code to a file as Im tired of google hits with linux commands

robotReporter.sh(1.73 KB)

Filed under: Hack, Internet, Linux No Comments
4Jun/080

www.HackMe

found a fun set of tools for firefox (to addto my prior post about browser plugins)

http://www.securitycompass.com/exploitme.shtml

Filed under: Hack, Internet No Comments
25Feb/080

a social site for the rest of us

so myspace isnt your cup of tea? go to http://www.rottenneighbor.com and check out people that live near you. Or just talk about about people so they can go read how you dont like them… Awesome.

Filed under: Internet, Social No Comments
13Dec/070

google hack for robots.txt

here is a fun hack for website robot.txt files.

site:google.com"robots.txt" "disallow" filetype:txt

run that in a search string and you will get back the disallow strings for forcedbrowsing, you can drop the site: modifier to get more data or change it to yourtarget site.

Filed under: Hack, Internet No Comments
5Dec/070

become ninja 31337 h4x0r with practice

Here is a cooltool (OWASP WegGoat) that will test you on your hacker skills, from 31337to nub3 you can see where you rank, I got to the last 4 modules and I didn’thave the skillz to continue (mostly the time to keep going)

I strongly recommend that if your interested in security / web security that you checkout this project and run around the site to get learned. BTW a lot of my browser plug-inswill help you pass the quizzes.

Other things to hack, wargames, de-icedistro

30Nov/070

Browser Plug-In’s

I wanted to make a list of browser plug-ins that I use and find quite importantto security and daily ops work.

First, for IE (I accidently upgraded to 7.0 and didn't feel like un-installing thebehemoth)

  • Bayden Systems' TamperIE offersHTTPS form-tampering
    • sort of a mac-daddy tamper application to change your post data on the fly, must have.
  • Microsoft's IEDeveloper Toolbar
    • Change values on the fly also get header info and more right away
  • Microsoft's IEPowertoys for WebDevs
    • was cool but appears the highlight and show source dont work with IE7, however stillworks for DOM data so I keep it.

Now the giant list for FireFox (where all the 31337 users are)

  • AdBlockPlus
    • This is like going from dial up to DSL, the internet all the sudden becomes “sweet”
  • BlogJet
    • This is also in my IE, its my blogger application
  • DOM Inspector
    • handy for webdev and de-construction
  • DownloadThemAll
    • I dont like to click and this is a price-less tool for saving clicks.
  • GoogleBrowserSynch
    • I dont like how big google is and I dont like the idea of google watching what I browse,this was just an interesting tool since I am on lots of computers, I just dont havethe guts to sign-in yet.
  • GoogleToolBar
    • this is a must, duh.
  • HttpHeaders
    • handy for webdev and de-construction
  • ModifyHeaders
    • handy for webdev and de-construction, and user-agent mods
  • NoScript
    • The only “security” leo laporte knows with out steve giving him a script. Handy forhacking things.
  • RefControl
    • spoof the referrer to the server.
  • PDF Download
    • sometime I like to download pdf’s sometimes I like to view them live, this lets mechoose.
  • Tamper Data
    • same as TemperIE but for zilla
  • ULRParms
    • Different type of TamperData type plugin
  • User Agent Switcher
  • WebDev
    • This tools is mostly a must for anyone, you can quickly shut on and off and mod partsof sites.

Update June2008:
some good hack tools
http://www.securitycompass.com/exploitme.shtml