Diary of a Network Geek

“Check your flaps and seals.”

If you’re a spy history buff, like I am, you’ll recognize that as an admonition to a fellow practitioner to make sure that their communication is secure and that they don’t have any “leaks” in their organization. When I was in high school, back before essentially all communication that mattered was digital, “tradecraft”, as it related to the spy game, was all about surreptitiously opening someone else’s mail, reading it, and then sending it along, possibly altered. The first codes go back to at least the time of Caesar and have been in use for centuries. In modern secure communications, we are often concerned with verifying that the sender of information is, in fact, the party who claims to have sent it and that it hasn’t been tampered with. In digital communications, both tampering and providing algorithmic checks to discover tampering are surprisingly easy to implement and use. Of course, most people don’t bother because, well, most of us don’t have to worry much about secure communications.
But, somewhere between the two extremes of ancient cyphers and modern digital encryption and verifications, between the 10th and 17th centuries, innovative letter-writers developed other ways to let their recipient know that the letter is from whom it claims to be and hasn’t been tampered with called letterlocking. I’d never heard of this, until I read Before Envelopes, People Protected Messages With Letterlocking. Now, I figure most of my readers will be familiar with things like wax seals and signet stamps to “secure” letters, but, like me, had never heard of “letterlocking”. It’s fascinating, the idea of folding and stamping and marking letters, mostly without envelopes, to try to ensure message security. It reminds me of my primitive note-passing in grade school. If I’d had access to the letterlocking dictionary, things might have been more interesting.

So, as I warned you earlier this year, I’d still post things on Friday, but I completely expect that they’ll be increasingly idiosyncratic and may not be “fun” or interesting to anyone else but me. But, also, I encourage you to write a physical letter and use the letterlocking dictionary to teach yourself one of the letterlocking methods there, just for fun. I may just start leaving love notes for my wife this way. Then again, I may not. Maybe if she reads this and mentions it to me, I will. Think of it as yet another method of verifying communication. (Also, don’t worry. My blushing bride has a pretty damn good sense of humor. She needs to be married to me!)

Come back next week to see what I come up with next!

This post originally appeared on Use Your Words!

No, not the key to install Microsoft Office!

One of the many features of Microsoft Office is the ability to password protect your files. It’s not very strong encryption, but, then again, how many people in your office are programmers who specialize in cryptographic algorithms? Right.
On the other hand, it sure is a pain in the butt when you lose the password for some super important file. Well, the Wired HowTo Wiki has a page titled Recover Your Password-Protected MS Office Docs that can help you out. I especially liked the idea of the e-mail service that let you preview part of the document before paying to have it unlocked. As an IT person, it’s nice to know if I’m paying to unlock the right files for someone at the office before I shell out the cash!

Or, the lack thereof.

Okay, so, those of you who know me and my professional career know that security is near and dear to my heart.  Now, I’m no hacker or even a full time security professional, but I’m very, very aware of security and how important it is.  In my last post, I mentioned how much I love having so much wifi connectivity and how nice it was when I was in the hospital to have that easy access.  Well, that’s still true, but I also know how open and insecure that wireless connection is.
This year at DefCon, there was a very popular demo that showed just how easy it was to get information off a wireless connection and exploit it.  In fact, some poor attendee, who should have known better, got his Gmail account hacked, in public, because he didn’t secure his connection properly.  And, earlier this year, some German security experts went on at length about how insecure the WEP protocol is and why that shouldn’t be your only line of defense on wireless networks.

Now, as much as I enjoy my wifi, I’ve also been very vocal about how insecure wifi networks are, by their very nature, for years.  In fact, I got into a rather heated “discussion” with a co-worker and our mutual manager about that at a former job.  Somehow, neither of these gentlemen quite understood how throwing packets out all over, where anyone could snoop them, was an inherently insecure system, even if you used advanced encryption.  Encryption, as the hackers say, is meant to be broken, and sooner or later, it always is.  Again, this is all just logic and reason, but, in a world where anyone who manages a website and a handfull of PCs can call himself a Director of IT, the practical application of logic and reason is a rare thing indeed.
So, enjoy those free wifi connections at your favorite coffee house, but, keep in mind how easy it is for a hacker, or even a script kiddie, to pull vital information off that wide open connection.

(And, if you’re going to DefCon, check out their “Be Prepared” guide, or the DefCon survival guide at the Register.)

Advice from your Uncle Jim:
"You must forgive in order to live."
   --Stephen Orchard

Well, it’s clever, I’ll give them that!
Spammimic is a web-based application for doing some really low-level e-mail encryption. In fact, they even tell you right off that they use old, weak encryption. So, why am I mentioning them on my website? Simple. It’s a clever idea. In their explanation of what Spammimic does and how it works, they tell us that, basically, the idea behind hiding e-mail in spam is that spam has become so ubiquitous that it’s virtually invisible. So, in essence, they’re hiding in plain sight. The perfect social engineering hack on an enourmas scale. Very clever, I think, though I wouldn’t want to use it on anything concerning national security, if you catch my drift.
This site has been around for quite some time, actually, but I somehow neglected to write about
them. Well, I have now. Go have fun!

It always amazes me what people search for.

Especially when they end up with me, instead of what they were looking for in the first place! I used to check on this kind of thing a whole lot more than I do lately, but I looked yesterday and thought I’d put it up here.
Here are the Top 20 searchs that led to my site, with commentary:
1 “bootable usb linux” – Well, I have been working on this a lot lately
2 “crazy toys” – All my toys are crazy, yo
3 “geek pictures” – Er… Would anyone really want to look at me?
4 “linux resume” – Um, duh?
5 “strom thurman” – This one always gets me. Even after death, ol’ Strom is a draw
6 “virtual legos” – No idea at all here
7 “usb linux boot” – How is this different from #1?
8 “javascript encryption” – I am Geek. Hear me roar, er, type
9 “jim hoffman” – Well, DUH!
10 “zenworks imaging” – I am a Novell zealot, after all
11 “free cisco book” – Hey, a Fun Friday Link!
12 “geek art” – Must be me talking about the future ex-wife’s art
13 “hello kitty robot” – Hello Kitty is fun. Hello Kitty Mecha is more fun. Too funny.
14 “tales of hoffman” – Again, DUH!
15 “bootable windows cd” – Hmm, I think I talk about boot loaders too much
16 “case mod tools” – Never done it, but maybe in the future…
17 “linux resume software” – Gee, I guess I talk about Linux a lot, too…
18 “novell resume” – Yep, I’m a hardcore Novell geek allright!
19 “science fiction channel” – Or, maybe just a hardcore geek
20 “homebrew tivo” – Yeah, see the above comment.

Freaky! Well, at least no one is looking for goat-sex pictures and finding my website! You know, that reminds me of a story this Greek guy told me about somone from his village back home… Maybe another time.

Okay, now this is funny to me.

Last month, according to my webhost stats, my top four key phrase seaches were “Strom Thurman”, “linux resume”, “babydoll”, and “title generator”. This apparently goes back to when I mentioned that Strom Thurman had passed on, but, for some reason, this still shows up as a big “hit” for me. I wonder why “Freemason” isn’t bigger in that list? After both he and I are, or were in Strom’s case, Freemasons. The only other one that is a bit confusing is “babydoll”, but that’s just because you don’t know my wife.
So far this month, my top key phrases are “javascript encryption”, “slavemarket”, “babydoll blog“, and “free cisco book”. Okay, now, this is even more mystifying to me… I don’t remember the last time I mentioned javascript based encryption, but it was a long, long time ago. (In fact, according to this post it was back in January!) I don’t ever remember talking about a slavemarket. Hmm, maybe it was my wife…. And, of course, the others make perfect sense. Man, people search on the craziest things!

Anyway, I thought it was interesting. Yeah, I think I need to get more rest, too.

Well, why not?

Okay, this seemed a little “off” to me at first, but then I thought about it and, well, why not? I mean, it’s not much of a programing language, but it is, after all, a programing language of a sort. So, I bring to you JavaScrypt, JavaScript based encryption tools. They are capable of being run on your local machine without being online, as long as you can use JavaScript, which most modern browsers can. And it’s real encryption, too! They use the MD5 and AES algorythms.

Actually, it’s pretty neat. They make the source available to you in a download, so you can not only run it on your local machine, but you can also play with the code. Good stuff, Maynard!