Skip to main content

Posts

Chaos Computer Club is leaving funny notes in web server logs UPDATED

Taking care of some web development headaches this morning, I took a peek at my log data and came across an interesting message generated from a connection initiated by 151.217.0.0/16, part of the ASN 13020 that is owned by Berlin's Chaos Computer Club : 151.217.177.200 - - [30/Dec/2015:02:12:11 +0000] "DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0" 400 226 "-" "masspoem4u/1.0" The good people over at /dev/random appear to have already gotten off a brief post about this oddity , noting that SANS ISC is already noti...

Luke Skywalker was a Jihadi, the Empire had it right the whole time

I've been slacking on my promise to post weekly links here on my website. I'm sorry, y'all. In atonement, and also as tribute to the forth-coming Star Wars movie, I am offering up some very special links this Saturday morning. George Lucas did everything he could to manipulate the audience of Star Wars into believeing that the Empire were the bad guys. He dressed them in black. He had them line up in big elaborate Leni Refinstahl-style formations, like Nazis in space. He made the guys we were really supposed to not like ugly, on top of it. He gave Empire officers foreign accents.  British  accents. Anakin Skywalker started off with an American accent and only acquired a (fake) British accent when he became Darth Vader and joined the Empire. The films of George Lucas are many things, but they are not subtle. Note: Critics of this view would point out that Jedi "good guy" Obi-Wan Kinobi also had a British accent when played by both Sir Alec Guiness and Ewan M...

I chatted with The Daily Dot about my IT work for nonprofits

Like most people in IT, I wear a lot of different hats. While I haven't mentioned it before on this website, I have spent the last two years working with a non-profit devoted to researching animal cruelty called the Puppycide Database Project . After a lot of work, that organization's research is starting to get noticed by the press. In the last two weeks, we've been cited by RT and the Washington Post . Yesterday, I had an interesting conversation with Amrita Khalid from The Daily Dot about the difficulties involved in compiling information about pets killed by police officers. Because most of my responsibilities with the PDB Project have involved designing and implementing the databases that store the organization's research, in addition to coding the means we use to acquire the data, I've been able to put together a unique perspective on this topic. The database I manage for PDB is currently the largest set of records compiled detailing shootings of pets in t...

Stand with Paris

Its hard to believe that its been almost 15 years since I watched a video of a second plane fly into the World Trade Center. I remember panic thinking about my family in NYC - was anyone in the city that morning? A few short years later brought the British bus attacks and another moment as I realized that the family of a close friend was commuting through London that day. Tonight the target was the city of lights and Camus and Curie and Poincare. A city-wide series of shootings & bombings were launched in Paris that bear a troubling resemblance to the similar series of murders in Mumbai. Once again the targets are ordinary people who play no role in global politics. Concert goers. Soccer fans. I hope it is still possible to stop this type of violence. I hope it does not spark further violence or serve as an excuse to turn Paris into a DMZ. I hope that this tragedy brings out the absolute best of the French and those of us who share her values. No matter what happens, we can...

An explanation of webserver logs that contain requests such as "\x16\x03\x01"

Recently I have started coming across somewhat unusual entries in the access and error logs for a few of the Apache web servers that I am responsible for maintaining. The entries look like this: 95.156.251.10 - - [03/Nov/2015:13:56:23 -0500] "\x16\x03\x02\x01o\x01" 400 226 "-" "-" Here is another example: 184.105.139.68 - - [03/Nov/2015:23:48:54 -0500] "\x16\x03\x01" 400 226 "-" "-" These errors will be generated on a website configured to use SSL - and in fact, error messages similar to these can be generated by misconfiguring SSL for your website. This error message, for instance, can indicate an attempt to access Apache through SSL while the OpenSSL engine is either disabled or misconfigured: Invalid method in request \x80g\x01\x03 Connections that generate that error would not be successful. This post, however, assumes that your website is working normally when used normally. So what gives? The error indicates...

"Terrorism Research & Analysis Consortium" (TRAC) labels internet trolls "extreme right wing terrorists"

In my internet travels today, I came across a group called the " Terrorism Research & Analysis Consortium " (TRAC). TRAC claims to provide: " researchers in the fields of terrorism studies, political science, international relations, sociology, criminal justice, philosophy and history with content that provides comprehensive data and analysis for complex topics." I assume that one of those complex topics is terrorism, both because of the name, and because their website is a large list of various groups and individuals that TRAC describes in a few incendiary paragraphs before pigeon-holing them as terrorists. TRAC claims they have a lot of these profiles: "With tens of thousands (and expanding) web pages of information, over 4,650 (and expanding) group profiles, and 2,800 consortium members, TRAC provides many ways to efficiently access information." These profiles are apparently compiled into a database, which they sell subscriptions to. Indivi...

International Business Times is getting ad traffic from The Pirate Bay, Exoclick, directRev, WWWPromoter & Adbrau and others involved [UPDATED]

Recently I was reviewing several of The Pirate Bay's (TPB) new mirror sites that have popped up over the last year since the most recent rounds of raids against the famous website's administrators. These mirrors have been the source of no small controversy - there have been rumors of law enforcement entrapment, that a project once founded in the spirit of breaking down walls to the free transfer of information has been hijacked for nefarious ends. Among these rumors, complaints centered on the advertising schemes used by many of the new Pirate Bay mirrors stand out as being substantial. Even Pirate Bay founder Peter Sunde pointed to advertising as one of the critical signs that the site was taking a turn for the worst in a blog post late last year  : "TPB has become an institution that people just expected to be there. Noone willing to take the technology further. The site was ugly, full of bugs, old code and old design. It never changed except for one thing – the ads....