?

Log in

entries friends calendar profile Jared's Rambling Thoughts Previous Previous
Jared's rambling thoughts
Visum , Haud Vox (email: jnemailbox-blog@yahoo.com)
Now that I've completed my migration to a new blogging service which I believe better suits my needs and taste, I will be no longer posting to livejournal.  You will need to update your bookmarks or RSS aggregator program.

My new blog is now at:
http://jarednevans.typepad.com/blog/

or you can subscribe to the RSS feed of my new blog at:
http://jarednevans.typepad.com/blog/index.rdf

Using Livejournal for one year was a good learning experience for a new blogger like myself but now I'm ready to move on to a more professional blogging service.  With the features on my new blog I really like being able to categorize my posts and I should be adding a search engine link soon.

I won't remove the Livejournal blog anytime soon and leave it up for future reference.

Be seeing you all over at typepad.com!
33 comments or Leave a comment
My paid livejournal account is due to expire in the next few days.  I am now looking around for a new blogging service.  I'll keep you appraised on which one I will move to.

I'm looking at www.typepad.com and am liking what I see so far.
1 comment or Leave a comment
After a short hiatus from UNIX systems when I focused on Microsoft Windows Server 2003 / IIS 6.0 / ASP.NET, I returned to the open-source scene where I installled two different Unix-like systems on my new laptop.

One of the most popular Linux distro out there is known as Debian 3.0 which purports to be an Linux system that is easy to install and upgrade as new and updated packages are checked into the system.

I got a very cool software called VMWare Workstation which is nothing short of a miracle.  VMWare allows you to virtualize operating systems on top of the operating system that you primarily use for your daily stuff.  It allows you to run entire operating system inside a window.  You are also able take a snapshot of the operating system and mess around with it and then revert back to where it was before you made the modifications!

I was able to get Debian installed and even the X Window System up and running with ease (if you follow the instructions carefully!) under VMWare!  After playing with it for several weeks and experimenting with updating packages among other tasks, I wasn't too enlightened by how it all was supposed to click together.  While it was easier to do stuff compared to my days with Slackware 0.9 back in 1993, there were some limitations and dependencies problems with package installation/upgrading.    Once, i went as far as completely destroying the system when the wrong version of kernel was installed. 

Debian agrees with those who are extremely conservative and are willing to stick with older packages.  There are several releases that happen at the same time with Debian called stable, testing, unstable.  There were versions of several packages I wanted in the testing release but they make sure you know that there is no guarantee that everything in the testing release has been fully tested yet.  This caused a bit of disillusion for me, since it was not a easy thing to do to mix in different applications from different releases.

However, in recent days, Doug Sampson at Dawn Sign Press, where I also work, brought up the idea of using FreeBSD.  I've heard of this operating system which has experienced many forks in the years past and the cabal of super-developers who have the final say about anything that enters or exits the BSD operating systems.

I decided to give it a whirl (under VMWare of course!) and all I can say is WOW!  I now believe that FreeBSD is what Linux aspires to be.  FreeBSD is different from Linux in that it is one entire coherent system, rather than having applications slapped on with the kernel and hope it all works together.  (...I can hear the hordes of rabid Debian users descending on me now)

It is a normal thing for a BSD administrator to compile the ENTIRE system or upgrade many applications by recursively compiling everything to resolve any dependencies problems.  At the first breath, this seems dangerous to the new-comer...  "what if there is one teensy-bitsy bug that causes the system compilation to fail?"  The only way you will learn is to jump feet first into the water and get wet.  It's only through the process of working through problems that you will gain the skills necessary to be able to handle these kind of systems when the inevitable comes sooner or later.

I was apprehensive at first when I faced the necessity of upgrading many applications at one go to fix various security holes that were discovered.  You can imagine my relief after 12 hours of compiling when it was successful with zero errors and I was running a system that had all known holes patched up.  It was a very good feeling afterwards.

The philosophy of FreeBSD being one entire system is in fact one of its strengths since you can be very confident that whatever the developers introduce into the system is guaranteed to work with the system and will not cause any conflicts.  This is why I highly, highly, HIGHLY recommend that you use what is known as the ports collection on FreeBSD.

You will be able to easily keep the ports up to date and ensure that you install applications that will be compatible with your system and at the same time be able to ensure that discovered security holes are rapidly closed.  This is a cool thing because after the developers implement a recent version of an application that you highly desire, they can check it into the system to be rigorously tested.  After the tests are passed, it is approved to be entered into the ports.  Once it's available, you can go ahead and install it on your system and be fairly confident it will not break anything.

If you are curious and want to know more about the different design philosophies between FreeBSD and Linux, read this excellent link!

I have set up a nice FreeBSD configuration with several must-have applications.  I look forward to using this system and getting more comfortable with it.  I'm going off now to install my favorite open source database called PostgreSQL!

 
1 comment or Leave a comment
If you have several folders in your SideKick mail application, you can send email directly to that folder!

For example, if you have a mail folder called "Important",

Send the emails to:

Important#yourusername@tmail.com and yes, be sure that it matches the capitalization of your folder Important, not important

and you should see the email show up in your "Important" folder!
1 comment or Leave a comment
This had to happen sooner or later....

Update:
cnn.com has an online article about this too:
http://www.cnn.com/2005/LAW/01/12/cellular.hacker.ap/index.html

------------

Hacker penetrates T-Mobile systems

By Kevin Poulsen, SecurityFocus Jan 11 2005 7:43PM

A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned.

Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board, according to court records.

Jacobsen could access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with Web access to their T-Mobile e-mail accounts. He did not have access to credit card numbers.

The case arose as part of the Secret Service's "Operation Firewall" crackdown on Internet fraud rings last October, in which 19 men were indicted for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. But Jacobsen was not charged with the others. Instead he faces two felony counts of computer intrusion and unauthorized impairment of a protected computer in a separate, unheralded federal case in Los Angeles, currently set for a February 14th status conference.
On July 28th the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they'd been striving to destroy.
The government is handling the case well away from the spotlight. The U.S. Secret Service, which played the dual role of investigator and victim in the drama, said Tuesday it couldn't comment on Jacobsen because the agency doesn't discuss ongoing cases-- a claim that's perhaps undermined by the 19 other Operation Firewall defendants discussed in a Secret Service press release last fall. Jacobsen's prosecutor, assistant U.S. attorney Wesley Hsu, also declined to comment. "I can't talk about it," Hsu said simply. Jacobsen's lawyer didn't return a phone call.

T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.

Company spokesman Peter Dobrow said Tuesday that nobody at T-Mobile was available to comment on the matter.

Cat and Mouse Game
According to court records the massive T-Mobile breach first came to the government's attention in March 2004, when a hacker using the online moniker "Ethics" posted a provocative offer on muzzfuzz.com, one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.

"[A]m offering reverse lookup of information for a t-mobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEA#, and more," Ethics wrote.

The Secret Service contacted T-Mobile, according to an affidavit filed by cyber crime agent Matthew Ferrante, and by late July the company had confirmed that the offer was genuine: a hacker had indeed breached their customer database,

At the same time, agents received disturbing news from a prized snitch embedded in the identity theft and credit card fraud underground. Unnamed in court documents, the informant was an administrator and moderator on the Shadowcrew site who'd been secretly cooperating with the government since August 2003 in exchange for leniency. By all accounts he was a key government asset in Operation Firewall.

On July 28th the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they'd been striving to destroy. He'd obtained a log of an IRC chat session in which a hacker named "Myth" copy-and-pasted excerpts of an internal Secret Service memorandum report, and a Mutual Legal Assistance Treaty from the Russian Federation. Both documents are described in the Secret Service affidavit as "highly sensitive information pertaining to ongoing USSS criminal cases."

At the agency's urging, the informant made contact with Myth, and learned that the documents represented just a few droplets in a full-blown Secret Service data spill. The hacker knew about Secret Service subpoenas relating to government computer crime investigations, and even knew the agency was monitoring his own ICQ chat account.

Myth refused to identify the source of his informational largesse, but agreed to arrange an introduction. The next day Myth, the snitch, and a third person using the nickname "Anonyman" met on an IRC channel. Over the following days, the snitch gained the hacker's trust, and the hacker confirmed that he and Ethics were one and the same. Ethics began sharing Secret Service documents and e-mails with the informant, who passed them back to the agency.

Honeypot Proxy
By August 5th the agents already had a good idea what was going on, when Ethics made a fateful mistake. The hacker asked the Secret Service informant for a proxy server -- a host that would pass through Web connections, making them harder to trace. The informant was happy to oblige. The proxy he provided, of course, was a Secret Service machine specially configured for monitoring, and agents watched as the hacker surfed to "My T-Mobile," and entered a username and password belonging to Peter Cavicchia, a Secret Service cyber crime agent in New York.

Cavicchia was the agent who last year spearheaded the investigation of Jason Smathers, a former AOL employee accused of stealing 92 million customer e-mail addresses from the company to sell to a spammer. The agent was also an adopter of mobile technology, and he did a lot of work through his T-Mobile Sidekick -- an all-in-one cellphone, camera, digital organizer and e-mail terminal. The Sidekick uses T-Mobile servers for e-mail and file storage, and the stolen documents had all been lifted from Cavicchia's T-Mobile account, according to the affidavit. (Cavicchia didn't respond to an e-mail query from SecurityFocus Tuesday.)

By that time the Secret Service already had a line on Ethic's true identity. Agents had the hacker's ICQ number, which he'd used to chat with the informant. A Web search on the number turned up a 2001 resume for the then-teenaged Jacobsen, who'd been looking for a job in computer security. The e-mail address was listed as ethics@netzero.net.

The trick with the proxy honeypot provided more proof of the hacker's identity: the server's logs showed that Ethics had connected from an IP address belonging to the Residence Inn Hotel in Buffalo, New York. When the Secret Service checked the Shadowcrew logs through a backdoor set up for their use -- presumably by the informant -- they found that Ethics had logged in from the same address. A phone call to the hotel confirmed that Nicolas Jacobsen was a guest.

Snapshots Compromised
Eight days later, on October 27th, law enforcement agencies dropped the hammer on Operation Firewall, and descended on fraud and computer crime suspects across eight states and six foreign countries, arresting 28 of them. Jacobsen, then living in an apartment in Santa Ana in Southern California, was taken into custody by the Secret Service. He was later released on bail with computer use restrictions.

Jacobsen lost his job at Pfastship Logistics, an Irvine, California company where he worked as a network administrator, and he now lives in Oregon.

The hacker's access to the T-Mobile gave him more than just Secret Service documents. A friend of Jacobsen's says that prior to his arrest, Jacobsen provided him with digital photos that he claimed celebrities had snapped with their cell phone cameras. "He basically just said there was flaw in the way the cell phone servers were set up," says William Genovese, a 27-year-old hacker facing unrelated charges for allegedly selling a copy of Microsoft's leaked source code for $20.00. Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton.

The swiped images are not mention in court records, but a source close to the defense confirmed Genovese's account, and says Jacobsen amused himself and others by obtaining the passwords of Sidekick-toting celebrities from the hacked database, then entering their T-Mobile accounts and downloading photos they'd taken with the wireless communicator's built-in camera.

The same source also offers an explanation for the secrecy surrounding the case: the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobsen, facing the prospect of prison time, is favorably considering the offer.
2 comments or Leave a comment
Banda Aceh on the northern tip of Indonesia was one of the hardest hit area of all.  The place was very close to the epicenter of the undersea earthquake. Complete and utter destruction when compared to the other areas that were hit.

Leave a comment
Since cats are always supposed to land on their feet when they are tossed, what happens when there is no gravity?

Watch a kitty tossed in zero gravity
Leave a comment


This would be a dream come true if I was able to get one at home!

This one is the 102" plasma TV display!  How much would it be?  Get this: the older 80" plasma TV display was only $45,000!  Make a wild guess on the 102" model!   Would the Asian women come with the TV at that price? :)
1 comment or Leave a comment


One of my favorite authors, Arthur Clarke (2001: A Space Odyssey) is safe in Sri Lanka (where he now lives).   After reading his remarks over at his foundation, I donated some money via paypal to Sarvodaya.  You can make a donation to them too.

You can view their photos at
http://www.flickr.com/photos/sarvodaya/sets/69733/
Leave a comment

Indonesian province of Aceh


Before the tsunami hit


Afterwards:
Leave a comment