WireShark Skills

I read a blogger bragging that he snuck into a building. He avoided the security cameras. He got off the elevator but could not enter the floor. Instead he pulled out his laptop, ran his WireShark app, and sniffed some wireless network traffic.

This dude was proud that he captured all kinds of info on the computer sending the network traffic over the air. A lot of people thought this guy was a n00b, because what he did was nothing special. I disagree. I give him props for using WireShark to extract meaningful data from network traffic he was not familiar with.

I know another guy that tried to show that he could capture the HTML code for a web site, even if the web site programmer tried to prevent it. This other dude installed a copy of WireShark, installed the prerequisite Win P-Cap software, and booted up WireShark. He knew exactly what he was looking for. He only captured the traffic on his own box. However he was still unable to capture the HTML source code for a web page.

This second guy considers himself the ultimate hacker. Guess not. The moral is that WireShark, while powerful, requires some skills to operate. I should know. I used it before to do some password risk analysis. That is a story for another day. However I do respect the guy who could run WireShark on random wireless network traffic and figure out what was going on.

Hacker Book List

I just went through this massive list of hacker news books. Wow. Where are I going to get the cash to purchase a bunch of these goodies? I mean they don't carry most of those at the library. Anybody know a good way to get sought after books for cheap?

Well here are some of the books off the list that I have read. Check out Code Complete by Steve McConnell. It will tell you how to write code the right way. Then there is the Mythical Man Month. This is useful if you are writers code with a bunch of other people (on a team). One book a buddy of mine just got is How To Win Friends and Influence People. Dale Carnegie wrote this one way back when. It is timeless.

Next is Debugging by David Agans. I wrote a blog post about this one. Then I put some random book cover image in the post. The author emailed me complaining. Sheesh. Good book anyway. Another book on the list is The One Minute Manager. Can't say I remember much from the read. You might as well skip it.

A good one is The UNIX Programming Environment. I just consulted this book last month when working on a UNIX project. Good stuff. I read Dive Into Python because I got a free copy. Don't remember much about it either. Finally I checked out Getting Real by 37Signals Corporation. That one was free too. You might want to check it out if you are starting up a company on your own.

Happy reading.

D.C. Voting Hackage

The District of Columbia subjected their online voting system to penetration testing. Some college kids hacked the thing in about a day. Doh! Part of the voting process was to upload a file which got encrypted.

Guess how the hack worked? The students could name the file their were uploading whatever they wanted. Turns out they embedded UNIX commands within in the filename. This allowed them to run whatever commands they wanted. The result was that they totally owned the web server.

LOL. They are trying hard to spin this pwnage. Luckily this was not a system for everybody in the nation's capital to vote online. It was just an absentee ballot voting system. People like the troops overseas have to vote through absentee ballot. I hear they are still going to use this system to distribute ballot electronically. However you will have to print out the form and mail it back. Can't have any more server hackage going on in Washington DC.