In my last post, I outlined the potential dangers of using Twitter to give out excessive amounts of information.  Here, I'll talk about using Twitter against anyone you may have around more than you want.  If you have a stalker, the first thing you should do is contact the police.  They can help you stay safe and they'll do their best to apprehend the person causing you trouble. If an ex-boyfriend, girlfriend, husband, or wife is giving you problems, you should get a restraining order immediately.  This will give police a rock solid case against them and give you more power to keep them away.  If these don't work, it may be time to take a little offensive action.

If you think the stalker or ex-lover is also tracking you online, there's a good chance he's got your Twitter page.  They know that you post your activities and plans on there and they plan on using this against you.  You can inform the police of the continued problem and let them know your plan to use Twitter to bring the suspect in easily.  You may have to do some explaining, I'm not bashing police officers but I'm sure more than a few are too busy to know what Twitter is.  It would be a trivial thing to setup a sting operation where the police are waiting on the person while you go do something, expecting him to find you.  All you'd have to do is post to Twitter about a public place you were going to be where they might find you.  You'll have to find a suitable situation to bait them into, depending on the aggressiveness of your enemy and the police could help you with that.  Then all you have to do is bait and wait.

Make SURE you have the police as backup before you attempt any of this and make SURE you don't try to take matters into your own hands.  If you do, you could bring down the law on yourself instead of your target.  I encourage police to look to this method more, especially in large tech-oriented cities where more of the population might use Twitter or other social networking outlets.

On a totally unrelated note, here's my Twitter :)  Don't get any big ideas, all you'll learn from me there is what kind of beers I've been drinking.

If you're one with the web2.0 trend, you've surely heard of Twitter.  Its the first generation of what's being called 'microblogging' and its used by thousands upon thousands of people to let people know what they're doing at any given point in time.  It's great for groups of close friends who like to hang out, it provides a perfect place to keep up-to-the-minute details of what might be going on.  Used properly, Twitter is a great platform.  However, if you're one of the people that use Twitter to update your every move at every moment of the day and someone targets you personally, you could be in a world of danger.

Don't panic, I have yet to hear of anyone using Twitter as a platform for malicious behavior, but its bound to happen sooner or later.  The candid release of information such as whereabouts and activities one is participating in can give your enemies like stalkers, ex-lovers or ex-employees out for revenge, or even child molesters (parents, supervise your children on the internet) far too much information about you and could put you in serious danger.  Here are a few simple rules to follow to avoid these things.

• Don't be too specific about where you're going, you can say where but try not to give times.
• If you want to get together with friends, send them a message requesting a more personal method of communication such as a phone call to work out details.
• Don't make a habit of posting every 5 minutes about what you're doing.  This could give your enemies clues to your daily routine which they could use against you, your family, or your property.
• Don't give details about where you work if at all possible, again it could give people an idea about your schedule and it lets them know where you are on a regular basis.

Of course, there are situations where one might want to give this information, such as if you're in entertainment and promoting show times.  This isn't as dangerous because you know there will be a crowd around in those environments and those events are usually on a more random schedule than work.

Whether you're using Twitter or Myspace or Facebook, you should keep in mind that the information you make available about yourself could be used against you.  Be careful about what you tell a mass audience, especially if you think you may already be a target.

Ever opened up task manager (windows) or top (*nix) and saw a process running that you were curious (or suspicious) about?  Me too, There are ways of finding out what it is, and it never hurts to look it up.  It could be a trojan, virus, or any other form of malware. 

The first option is simple enough, Google.  Just google the name of the executable and you'll usually find out some decent information in the first record.  Try that first. 

Second, there is Exelib.  This is a search engine exclusively for executable files.  It gives a detailed description of what the file is, but doesn't necessarily elaborate on what may be bad about it.  For instance, the svchost.exe page tells you that svchost.exe is a normal Windows executable file that it probably doing something important, but it does have a threat level of 3 out of 10.  What it doesn't tell you is what that threat might conceivably be.  I'll tell you, if svchost.exe is running as a normal user account, you've got a trojan on your hands. 

ProcessLibrary is a site similar to Exelib but its a little older.  While it may be a little older, it's also more outdated.  It doesn't list any threat whatsoever from svchost.exe.  I know from personal experience that svchost.exe is a commonly trojaned executable for Windows operating systems.

While nothing's perfect, the first place I would look for information on strange processes is Google.  Then hit up Exelib.  ProcessLibrary should be used as a last resort, its not only outdated but its inundated with ads for crap you don't want.

Another aspect to this concept is unknown file extensions.  This is very common and I run into it very often.  This website is a comprehensive resource for finding out what that weird file extension is and therefore, what you can do with it.  Superbly valuable resource.

I found some more online classes, this time specifically for network security and cryptography.  These come from reputable sources but I have not tried them to see exactly what they offer... yet.

An Introduction to Information Security -The Open University

Network Security - The Open University

Network and Computer Security - MIT

Cryptography and Cryptanalysis - MIT

PC Tools, vendor of the popular ThreatFire antivirus software, has released some interesting information about what ThreatFire has found on Vista machines.  It turns out that about 3/4 of the Vista machines running ThreatFire were infected with adware or trojans.  No matter what Microsoft wants you to believe, Vista is susceptible to the same malicious software that XP is.  Even though you're running the latest, "greatest" product from Microsoft that has all those new security features, run antivirus and antimalware programs regularly.

I was down at a popular cell phone provider's store today and I had an idea.  What if I go around and load up my blog in the favorites on the web browsers of all these smartphones on display while under the guise of a curious customer.  I did just that and now that particular store has about 10 cell phones with this very page in their favorites.  I didn't really know how to set the home page and I didn't want to take the time to figure it out for each phone so I didn't get that far.  I also have no idea how often those display phones are serviced/reloaded/looked at by staff so all that work may be gone tomorrow.  I also realize that your average Joe isn't going to be looking in the Favorites of a display phone.

I propose that more people do this.  Lets see if we can get this viral.  If nothing else, just pull up your website on the phone and leave it sitting, which I did with several of the phones I hit.  Don't do anything harmful though.  This is purely in the spirit of fun and mischief.

Most programmers that have worked with C or C-like languages are familiar with the main() function.  Its the heart of the program and from where all other portions of the code execute.  Python doesn't have a built-in main() function so it can be a little foreign to people like me so I found a way to create a main() and have my code structured more like I'm used to.  Its actually quite simple to do.

def main():

     <your python here>

if __name__ == "__main__":
    sys.exit(main())

Thats it.  You'll declare a function called main and call it with the two lines at the bottom.  Now you can structure your code with other functions and classes and have everything originate from the main().

OK, last time I ranted about how most programming tutorials don't really tell you anything.  I've pinpointed exactly what they don't tell you.  Most tutorial writers tell you the proper syntax of loops, functions, methods, whatever, and for most languages that's fine because the programs are written the same way.  But some languages, like Python, don't necessarily rely on functions to define the structure of the code.  In C and many languages like it, there is the main() function and you know thats the beginning of the program.  In Python, there is no main() function. 

While I can figure out to put stuff wherever I can fit it, some people can get confused by this, especially beginner programmers.  I mean, really, authors please take into consideration that your readers may not have as much experience as you and they may need an extra sentence or two describing the structure of a program.  Or like I said earlier, while you're writing your tutorial, write a little program that demonstrates how to use all the primary features of the language while putting them in context.  It makes things alot easier and by doing this, you open the doors to better programmers in the future that may have gotten their start from reading your material.  Take a little pride in your work and put some extra effort into your instruction by adding clear context to your example code.

Oh, and btw, please stop using the command line interpreter to show us how to do one line at a time.  No one writes a program one line at a time.  Its completely useless to show us anything there.  Write it with some other code to let us know how at least TWO lines can interact with one another.

darkc0de has written this python script that will attempt to gain information from a URL known to be vulnerable to SQL injections by feeding it a list of common table and column names.  This script does require that you know the vulnerable URL along with the query strings.  Proper syntax is listed in the opening comments.  This should be a great tool to see if your code is properly sanitizing URLs.

A serious bug in the Debian implementation of OpenSSL was found last week that allows an attacker to guess the key.  The vulnerability lies in the random number generator used by this version of OpenSSL and effects any keys created by OpenSSL, including those for SSH.  Updates are available for this flaw and any keys generated between September 2006 and May 13, 2008 should be recreated.  You can recreate these keys with ssh-keygen.  Remember that any clients that have connected to that server will need to delete the key they already have for that server and fetch the new one.  You can read more about this vulnerability on ComputerWorld's website.