Categories
blog Evil Internet Microsoft Security TCPIP Windows Zune Zune software

I found out why Zune 4.0 was killing the Internet for me

Today I woke up early & couldn’t go back to sleep. I just remembered something is that I’ve installed some updates on my computer & realized that it might be Microsoft restricting the tcpip.sys file to 10 half open TCP connections. That was killing my Internet on my computer.

So I went to download a program to patch it to a more reasonable number, which happens to be greater than the default Microsoft sticks you with. I did that because I realized that the Internet on other computers was not wasted by the Zune software constant downloading of PDF files. I think they should force the Zune team & the Windows team to have a podcast that is at least 50% PDF files with this version of the software running so they can learn why it is a bad idea to only allow 10 connections at a time & also learn why they shouldn’t keep downloading the same file that they can’t read anyway because the software doesn’t support PDF files.

When I made the last post I had forgotten to check on a different computer if I was killing the network or just the one computer. I was still blaming the right company it was just two different departments that were working together to screw me over. To bad they still think that Windows XP should be choked to death so that it can’t do much. I forget how long ago Microsoft Imposed that limit on Windows XP but I do remember it was long before Windows Vista came out. Well a quick Google search yields Windows XP SP2 was the beginning of the abuse Microsoft Imposed on Windows XP. I did some more searching & I found that it was released back on August 6, 2004 or 2004-08-06 so they have had it broken for a very long time ([fergcorp_cdt_single date=”Fri, 06 Aug 2004 00:00:00 -600″]) I’m just glad other people have come up with ways to fix the file so that it behaves more reasonably then the way Microsoft seems to think it should.

Categories
blog Security Xbox Xbox Live

Time for another post

Well it has been a long time since my last post so I guess I should write something.

Well I just recently listened to Major Nelson & I believe many of the things mentioned at the Xbox Account Security page are useful for everyone even if you are not on Xbox or Xbox live. I say this because many of the schemes that people use on Xbox live members are some of the same tactics used elsewhere. I know it doesn’t cover everything about web security but it does help with some of the possible issues.

Categories
blog FrontPage Security

Securing your site

Since I’ve seen so many customers getting their accounts hacked I figured I’d post the tools I have to try to deal with these types of issues.

One of them can be found here, (I removed the link because the guy removed the wiki from his site.) it was written by one of my co-workers. (His scripts should only work on Linux/Unix based OS’s, sorry no Windows support.) Basically he wrote a script that checks for some easy to discover vulnerabilities such as having register_globals enabled or world writable files among other things. He also wrote a script to fix those issues, one to tell you if any changes have occurred since the last time the script was run, & he converted my FrontPage clean up script for SSH.

I also made it so that the security scanner he wrote can work in PHP. (Once again this is only for Linux/Unix servers.) You can get it here.

Categories
blog hash Security

MD5, Should we really be using just it?

Well why are we still using MD5 hashes? I really want to know as I’ve heard of & seen at least one example where this is happened. This made me think that the solution might be to use multiple methods of saying it is what it says it is. I say this because all of the encryption methods I know of were developed by humans & thus have a good chance of having some sort of flaw in them. I strongly believe in the following, nothing is fool proof against a sufficiently talented fool.

My idea is to use three different hashes to significantly reduce the chances of the file being intercepted & replaced with something else. The three that I’m thinking about are MD5, SHA-1, & cyclic redundancy check. Yes I know that cyclic redundancy check is considered to be highly insecure, but I think that it would help a bit unless someone else has a better idea of what a third hash function that is better. Since they all have different mathematical functions this should reduce the chances of people faking files.

In the example I showed the files they provided only matched on the MD5 hash value with entirely different SHA-1 & CRC values. I only proposed those three because they are the only functions I know of that can determine if the files are the same. Also size is important, but in the example I showed earlier all the PDF files they had are exactly the same size. I guess this proves that one hash & the file size is not enough.