Memorial Day

Monday, May 30th, 2005

Every year when this day comes around I get alittle misty eyed. I confess I get alittle irritated by the focus on picnics, barbques, and parties. That’s not at all what this day is about. It’s about our fallen military folks.

I marked this year’s Memorial Day much like the original celebrants marked the day. By decorating and memorializing a fallen Civil War soldier. To make this day even sweeter, this particular soldier was surrounded by his living descendants who proudly served in his burial detail.

Corporal James B. Dooley served honorably in the 4th Kentucky Volunteer Infantry, US. He joined Company G of said regiment in Mt. Vernon Kentucky following a local community leader, Richard Myers, who was elected Captain of the company. Corporal Dooley ultimately found himself at Andersonville Prison where, after his release, he began the long walk home back to Kentucky.

I was honored to participate in this memorial in ways that I can’t quite describe. This is the third such memorial I’ve taken part in and everytime I leave with more respect for these soldiers. While we were waiting for the ceremony to begin, one of the lads in the burial detail came to me and asked if he could sit out. I guess I should say I was “commander” of the burial detail. He said he wasn’t feeling well. I’m almost certain that this kid wasn’t at all ill but perhaps alittle bored. I looked back at the grave site and pondered how many times THAT young man had been bored and wanted to go home. Perhaps at Lebanon Kentucky in 1862 where the 4th had just settled into their garrison. Perhaps in the rain at Mill Springs wondering if the Confederates were ever gonna come over that hill. Definately at Andersonville Prison where he ultimately caught TB which after two years claimed his life. I thought, “You fellas were made of much sterner stuff than we.”.

Today, as I recovered from a freak allergy attack, I watched the history channel as they played show after show about the soldiers we remember today. The Marines at Guadal Canal. The men on the Oklahoma, Arizona, West Virginia, and other ships attacked and sunk at Pearl Harbor. The Seals and Rangers at Robert’s Ridge in Afghanistan. My friends in Camp Fallujah in Iraq. It’s silly and I laughed at myself often as tears of pride rolled down.

Thank A Vet. Praise a Soldier, Sailor, Airmen, or Marine. Pay for their lunch. Mow the lawn of a wife who’s husband is serving YOU. Appreciate them.

Can’t we get passed this!

Saturday, May 21st, 2005

Another item from The Command Post has me recounting…again…why we returned to war against Iraq. Spent alittle time reading the resolutions today so I knew I had my facts straight and came up with this.

Quoting from UN Resolution 144:

  • Recalling that in its resolution 687 (1991) the Council declared that a ceasefire would be based on acceptance by Iraq of the provisions of that resolution, including the obligations on Iraq contained therein,
  • Decides that Iraq has been and remains in material breach of its
    obligations under relevant resolutions, including resolution 687
    (1991), in particular through Iraq’s failure to cooperate with United
    Nations inspectors and the IAEA, and to complete the actions required
    under paragraphs 8 to 13 of resolution 687 (1991);
  • Decides that false statements or omissions in the declarations
    submitted by Iraq pursuant to this resolution and failure by Iraq at
    any time to comply with, and cooperate fully in the implementation of,
    this resolution shall constitute a further material breach of Iraq’s
    obligations and will be reported to the Council for assessment in
    accordance with paragraphs 11 and 12 below;
  • Recalls, in that context, that the Council has repeatedly warned
    Iraq that it will face serious consequences as a result of its
    continued violations of its obligations

and while I’m making myself later in leaving the office, let’s look at UN Res 687, which set the terms of the ceasefire:

  • 8. Decides that Iraq shall unconditionally accept the destruction,
    removal, or rendering harmless, under international supervision, of:

    (a) All chemical and biological weapons and all stocks of agents
    and all related subsystems and components and all research,
    development, support and manufacturing facilities;

    (b) All ballistic missiles with a range greater than 150 kilometres
    and related major parts, and repair and production facilities;

  • 12. Decides that Iraq shall unconditionally agree not to acquire
    or develop nuclear weapons or nuclear-weapons-usable material or any
    subsystems or components or any research, development, support or
    manufacturing facilities related to the above; to submit to the
    Secretary-General and the Director-General of the International Atomic
    Energy Agency within fifteen days of the adoption of the present
    resolution a declaration of the locations, amounts, and types of all
    items specified above; to place all of its nuclear-weapons-usable
    materials under the exclusive control, for custody and removal, of the
    International Atomic Energy Agency, with the assistance and cooperation
    of the Special Commission as provided for in the plan of the
    Secretary-General discussed in paragraph 9 (b) above; to accept, in
    accordance with the arrangements provided for in paragraph 13 below,
    urgent on-site inspection and the destruction, removal or rendering
    harmless as appropriate of all items specified above; and to accept the
    plan discussed in paragraph 13 below for the future ongoing monitoring
    and verification of its compliance with these undertakings;
  • 32. Requires Iraq to inform the Security Council that it will not
    commit or support any act of international terrorism or allow any
    organization directed towards commission of such acts to operate within
    its territory and to condemn unequivocally and renounce all acts,
    methods and practices of terrorism;
  • 33. Declares that, upon official notification by Iraq to the
    Secretary-General and to the Security Council of its acceptance of the
    provisions above, a formal cease-fire is effective between Iraq and
    Kuwait and the Member States cooperating with Kuwait in accordance with
    resolution 678 (1990);

So…UN Res 687 says a ceasefire is in effect if Iraq plays by the
rules set out in 687. Not a Cessation of Hostilities but just a

Hussein continued his work in PUBLIC support of the Palestinian
bombers, continued to SHOOT AT allied aircraft over the no fly zones,
continued his nuclear ambitions.

That isn’t playing by the rules…so the ceasefire ended.

Case Closed.

Email Harvesting

Friday, May 20th, 2005

Ya know, I’ve seen some pretty interesting methods of protecting one’s email address from being harvested by spammers.

For the “Coppertops” in the crowd, email harvesting is the act of gathering email addresses from websites for the purposes of spamming them later. Usually folks will write a neat little program that scans websites for a pattern such as xxx@xxx.yyy where xxx is anything and yyy is a known root level domain such as com, net, org, edu, etc.

Common attempts, by example, are:


This hides the @ symbol and the period but many spam scripts know to look for that.

This protects the email address pretty well especially if you change around the “deletethis” to “removethis”, “takethisout”, etc. When the spammer sends this it will bounce. BUT, if you are expecting a coppertop to send you mail, that mail will also bounce because they won’t know to correct the obvious problem.

george at hotmail dot com

Same as the first really but scripts have a harder time with this.

And now for some award winners…

Mike Poor is a regular Handler d’jour at The Internet Storm Center. He has used the following as his email on webpages:

echo "mikepoorhandlerondutyisageek" | sed -e s/poor/\@/g -e s/isageek/\.com/g -e s/handleronduty/intelguardians/g

Now THAT takes some serious effort by a spam script! If you have the sed programyou can simply dump the line at a prompt and you get his email address. Regex is your friend.

Sed is included with every *nix distro but for windoze users you can get it here. Sed is a part of this SWEET little group of utilities.

Mike’s anti-spammer technique used to be my all-time award winner…until now.

Johannes Ullrich, another Handler at ISC and CTO for SANS now gets the all time Hormel Award for this BRILLIANT technique:

jullrich@';drop table email;''

You see…he is including alittle SQL injection in his email address. There’s alittle luck in there but still. Again…for the coppertops…let’s look at this in detail…


This is all right and proper but then we see…


The apostrophe followed by the semi-colon tells the sql database server(whether it’s MySql or M$ Sql Server is irrelavent) that we are finished assigning a value and the rest of the STATEMENT is to follow. Then we see the next statement:

drop table email;

Here’s the little bit of luck that’s involved. This statement tells the sql database server to delete the table called “email”. If the spammer is stupid enough to give his tables proper names then he just lost ALL his hard work. Brilliant…simply brilliant. Kudo’s to you Dr. Ullrich! Have a Hormel Product of your choice on us!

Now, if you know that the ';drop table email;' bit isn’t supposed to be in there you would simply remove it and be left with his email address…which is as it should be. You would think someone as talented as Joel would also be Ãœber Clever in his email address…hmmm….


Tuesday, May 17th, 2005

A story about a desecrated Quran gets 17 deaths, hundreds wounded, and world outrage.

A Crucifix in Urine is declared Art and is paid for by the American Tax payer while a few voices are raised in objection but no guns were fired, no bombs set off, and no riots killing anyone.

Now…I ask you…who are the extremists? Christians the world over have been insulted, enslaved, and murdered. Their symbols have been exposed to the worst forms of treatment, mocked, and ridiculed. Here in America we Christians are called extremists simply because we voted for laws banning Gay Marriage in 11 states and we rhetorically fight for the protection of innocent life. Sure, there are a few nut jobs that react violently and the mainstream Christian community condemns their behavior and encourages punishment under the law of the land.

With the past week in mind, how can any reasonable person claim Christians are extremists now?

24 – almost the end…*sniff*

Tuesday, May 17th, 2005

All through this season I’ve felt alittle uncomfortable when the plot turns to something relationship-ish. The tension between Jack and Tony early in the season was reasonable and understandable because it was part of the previous seasons story but the boy-girl stuff that’s been going on has, at times, seemed just tossed in for flavor…bad flavor but flavor. I guess last night was the night to wrap up all those loose ends. Tony and Michelle finally reached a middle ground with the best approach Tony has had in a long LONG time. Jack and Audrey still have this chasm between them but at least they are trying to find that middle ground as well. I’m just waiting for someone to bust into one of the interrogation rooms to find Chloe and Edgar getting it on…you know it’s gotta happen…Chloe on top of course.

*spoiler alert* (more…)

Rita Cosby – Out at FNC

Friday, May 13th, 2005

Golly. Wish I could I say I didn’t see this coming. Ms. Cosby had been positioned at FoxNews to be a hard hitting investigative journalist but she just couldn’t seem to get there in my opinion. While she struggled to get some sense of seriousness about her many of the other investigative guys and gals just blew past her leaving her with the “Big Story” weekend version of John Gibson’s weekday show.

I’ve grown rather tired of FNC of late. Probably has something to do with all the various murder and molestation of kids by “stars” trials. It just seems that the MSM in general has gotten for more interested in would be scandals than REAL news.

So…bye bye Ms. Cosby. Wish I could say I was torn up about it.

Can’t. Wake. Up.

Friday, May 13th, 2005

So I go to the doc Wednesday afternoon to have a sore toe looked at. Thought I may have an ingrown toe nail. Sure enough, it was. Doc gives me a run of anti-biotics and a promise to cut me next week or so.

I come home, get the meds, and start the run. Ever since I have been at BEST lethargic and at worst sound asleep. Good thing the doc gave me one of those “Get out of Work Free” cards. Sorta embarrassing though….”Sorry, Doc says my toe is bad so I can’t sit behind my desk and monitor the network.” *sigh*. Of course, it’s not that easy because at any minute a user could forget where his space bar is or she might be struggling to find the “Any” key and I have to go visit them with the Cluebat. So, I suppose it only stands to reason that I be horizontal on my couch with all three Matrix movies(Thanks Parth), Sneakers(the movie silly), and my notebook writing this note.

We mock that which we don’t understand…

Tuesday, May 10th, 2005

NY Times reporting on the investigation of the Cisco attacks of 2004.

They saw the activity in April 2004. Now they have SOME suspects. As usual they are pointing all of their fingers at a young geek, a 16 year old…this particular 16 year old is in Sweden. They also have a handle used by someone boasting of the attacks…”Stakkato”.

Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…

Damn kids. They’re all alike.

But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

Hacker Manifesto,
The Mentor, 1986

Please know that I’m not justifying these acts. I am condemning, however, the Times attitude towards this “quaint hacker” as Wren Montgomery(Grad student in Geophysics…imagine that) calls him. It’s an odd mixture of disgust for the act, empathy for the attacker, and outrage at the environment that spawned everything related to this mess. The kid screwed up, no doubt about it, and deserves what the legal system has coming at him. I do not believe he deserves this petty denigration.

Kingdom of Heaven

Saturday, May 7th, 2005

Not a bad flick. As with most Ridley Scott flicks the historical research was top notch. I’m not an expert on the material culture of the times(12th Century Europe) but I know alittle about the military history of the era and I have to say that it was pretty close to accurate.

The thing that really hit me, however, was what I perceived to be a great message in the movie. This isn’t a spoiler because it was in all the trailers. At one point the Hero’s “cleric” of sorts says, “The Kingdom of Heaven is here” pointing to his head ” and here.” pointing to his heart. This is a central theme throughout the movie and oh how true it is.

The reason for the Crusades, or so said those leading the Crusades, was to return the Holy Land to the Christians. To create the “Kingdom of Heaven” by setting a Christian King on the throne in Jerusalem. Bah. Rubbish. Christ didn’t demand that we conquer the world. Christ demanded the we share his testimony which is to say spread the Good News of his life, death, and Resurrection. Christ told us to love Him with all our heart, mind, and soul. Those three words define the Kingdom of Heaven here on earth. It is in the hearts, minds, and the souls of the believers. There is no wall that can protect it. There is no mortal King fit to rule it. There is certainly no enemy that can defeat it. This is a point the Hero of the movie makes plain I think.

Another thing that set me to wondering was the depiction of Saladin(phonetic). The Syrian King who turned into a legend among the Muslim people for his wars against the Crusaders. I hear the barbarians talk about Saladin and how they sometimes claim to mirror their “struggle” with his. Now, I don’t know much about Mr. Saladin but I intend to read up on him a bit. If Mr. Scott’s historical research is up to par in this movie then it may turn out that what I read about him is mirrored with the character portrayed in the movie. If that is the case Damascus trembles everytime the barbarians set off a car bomb as Saladin spins in his grave.

So…Kingdom of Heaven is a good flick and thought provoking for those of us who turn to history to discern future events. Award winning movie? Probably not, but the cinematography is fabulous in the battle scenes and the scenes are well presented. I didn’t see any GLARING military faux pas and the story was itself was well done.

Go see it.

Forensic look at Floppy Disk pt2

Sunday, May 1st, 2005

I added a single word file to the floppy disk I formatted in the entry here. Got the image with:

dd if=\\\\.\a: of=floppy.dd3 bs=512 conv=noerror

The image can be found here. MD5 of the zip is d0845f6ece41f8927c889be0323130b5.
MD5 for the image itself is 7ca9ccd2d465bdae4eadae8e46727946.

Loaded the image into my hex editor and found the following offsets of interest:

Same as before, giving more credence to this area being a header of some sort.

This is new. Since we’ve only added one file we have to assume this is the FAT area and the record for the word file we added.

03 40 00 05 60 00 07 80 00 09 a0
00 0b c0 00 0d e0 00 0f 00 01 11
20 01 13 40 01 15 60 01 17 80 01
19 a0 01 1b c0 01 1d e0 01 1f f0

All nulls. This area has shrunk up since we added the word file. Perhaps it’s safe to say the FAT area of a floppy disk ranges from offset 00000203 to 000013ff?

In the first analysis we only had f0 ff ff beginning at 00001400. After adding the Word we still have the f0 ff ff but following that we seem to have a repeat of the content beginning at 00000203-0000022f.

f0 ff ff 03 40 00 05 60 00 07 80 00 09 a0
00 0b c0 00 0d e0 00 0f 00 01 11 20 01 13
40 01 15 60 01 17 80 01 19 a0 01 1b c0 01
1d e0 01 1f f0 ff

The remaining space (0000142f-000025ff) is, again, all nulls.

Here we have the same thing we had before:

46 4f 52 2d 45 58 50 31 20 20 20 08 00
00 00 00 00 00 00 00 00 00 09 6d 9e 32

but now we have some more beginning at 0000261a:

00 00 00 00 00 00 e5 48 4b 31 30 20 20 20 54
4d 50 20 10 8b 08 24 a1 32 a1 32 00 00 09 24
a1 32 00 00 00 00 00 00 41 47 00 65 00 61 00
72 00 20 00 0f 00 bd 4c 00 69 00 73 00 74 00
2e 00 64 00 00 00 6f 00 63 00 47 45 41 52 4c
49 7e 31 44 4f 43 20 00 b5 a5 65 a1 32 a1 32
00 00 2f 51 2d 31 02 00 d4 3b

This contians the filename of the file we added. I suspect there may be an offset in this mess that points to the location on the disk of the content itself. We’ll see.

0000267e-000041ff are nulls.

00004200-00007dd3 is the contents of the file we added.(you can be nosey if ya like but you’ll only find the uniform and gear standards for the 7th Kentucky, US Infantry Living History group.)

00007dd4-00007dff are nulls.

00007e00-00167dff are f6 repeated.

00167e00-00167fff are nulls.

More thoughts on this once I get some sleep and the benadryl takes effect…