idlethreat

I've been working on some components of Utopiaprojekt this morning and run across the idea of sending the contents of the clipboard across the internet. So, after tooling around for a few minutes, I wrote up a working example using Python on OS X.

So, click on Read More for more information on how I did it.
Read the rest of this entry »

Introduction

This is an old-ish app that I've been sitting on over the past few months and thought I should release it before it joins my BPOUS (Big Pile Of Unpublished Stuff) on a random hard drive somewhere.

Echo.py is a one trick pony. It tails a (configurable) log file on the system and sends the logs off to a syslog server for further processing. It's configurable for either UDP or TCP syslogging and is highly configurable, depending on your environment and needs. It's been tested on OS X 10.5 and Ubuntu 7.10 with Python 2.5.*

Since this application is written in Python, it can run on Windows, Linux, etc. Pretty much any OS with a Python interpreter can run this script. This script can be compiled as a “frozen binary” and run on systems without a Python interpreter installed on it. I will leave that exercise up to you, Dear Reader, on how to accomplish this.

The only real caveat to using the script is that if the application which creates the log file dies and the log is overwritten whenever it comes back up, echo.py will not catch that change and hang up, not sending out logs until it's restarted. Since the standard UN*X 'tail -f' exhibits the same issue, this should be considered normal.

Click Read More for more information.
Read the rest of this entry »

Like all really interesting ideas I come up with and want to follow up on, this one happened last thing on a Sunday night when I'm at my sleepiest. Basic tenet is that transmitting credit card information across the internet for offsite processing is a huge security concern. The fix is, don't send it at all, but send a one way hash of information from point A to point B.

Click on “Read More” for the particulars.
Read the rest of this entry »

Earlier today, I was searching today for some article or advice on how best to provide security and courtesy at the same time. I was somewhat startled to find that virtually no one – no one – is writing about the topic. In a security-conscious world, we seem to have forgotten that ultimately, security serves human beings. It's a customer service industry.

A friend of mine once said that his typical experience with network security professionals was that if he had hired them to secure a grocery store, they would proceed to install barbed wire fences, attack dogs, searchlights, metal detectors, and perhaps a helicopter or two before finally saying, 'Yep, no one will be shoplifting from here now!' And not only would they have discouraged any sort of legitimate customer from buying from the store, they'd completely ignore the possibility of a teenager with a forged ID buying beer.

Manners, politeness, and respect for fellow human beings as a whole seems to be something that have fallen by the wayside in popular culture. Being rude has been developed into something approaching an art form – an entire genre of comedy is devoted to just this facet of our society.

Combine this with the fact that we, as human beings, are no longer instinctively equipped to judge risks, and you arrive at the modern airline terminal – please take off your shoes and throw away your water, because out of the two billion airline travelers a year, we know you could be one of the few hundred terrorists.

Security isn't a destination, but a process. It's an ideal that will never be attained, not a product packaged into a box. And while there are always tradeoffs, there's no reason we can't combine good security with good customer service.