BBSes were once the primary playground of the hacker. They are one of the oldest methods of electronic worldwide communication, where you can chat, send messages, and share files with others. Long ago in a network far, far away, people dialed into these bulletin board systems with their 9600 baud modems and established what was to become the legendary hacker communities of the 80s. This is where The Jargon File was born, this is where the Anarchist's Cookbook was first published, and this is where all the old schoolers got to know one another. Sadly, they are almost all gone.

Gladly, there are enough nostalgic geeks in the world to keep the tradition going, only the new generation of these BBSes are TCP/IP based, so you don't have to dial in with your phone line. Given, many of the people on these boards only visit once, check it out either for nostalgia or curiosity but its worth a look, especially if you never experienced this culture when it was in its prime.

Check out the Synchronet BBS List for some online BBSes that you can connect to. All you need is a telnet client and a few minutes of patience.

This is a great whitepaper published by my good friend Steve Mallard that outlines the security concerns that face corporations in today's internet environment and ways they can mitigate threats. This is a very good read for anyone curious about security in the corporate environment.

Steve Mallard is an accomplished IT manager and has several published works. You should check out his blog for some more great reading.

Lots of times in the depths of programming and security studies, you sometimes come across binary and hexadecimal numbers. Most people look at it and have absolutely no idea how to read either. Its actually quite simple once you know what you're looking at. Let's just look at some examples to show you what's going on.

In each of these numbering systems, each digit represents a field that has a value. The digit itself is only there to manipulate the value of that field. In binary, the fields are read from left to right in descending values and each place is double the one to the right of it. Its easier to remember the values of the places starting from the right, and consequently, its easier to read the value right to left. If there is a one in that column, that means that value is turned on and should be added to the total, if there is a zero, that value should not be counted. Take the following example:

8 4 2 1
1 0 1 1 = 11

As you can see, the rightmost column represents one, the one to the left of that represents two, the next represents four, the one to the left of that represents eight. A binary value that has four places is referred to as a nibble, half a byte (a term with which you might be more familiar that has eight places, a bit is only once place). The fourth bit in this nibble (8) is turned on, so we'll add eight to our total, the third bit is off so we'll ignore that. The second bit is turned on so we'll add two to our total; and the first bit is turned on so we'll add one to come to a total of eleven. Easy math, right? Now let's try some hexadecimal.

Hexadecimal is a tad more complicated because there is an added dimension to the math and there are more than two numbers to worry about, now there are 10 numbers and 5 letters as well. Each place still represents a value and each place is the square of the last. In this nibble we have four different values for each place. A, B, C, and 2. The numbers 0-9 are easy, they represent themselves, A,B,C,D,and E however, represent the next five numbers respectively (A=10, B=11, C=12, D=13, E=14, F=15).

4096 256 16 1
A    B   C 2 = 43970

If you'll look closely, you'll see what's going on. The character in each field is multiplied by the value of that field and added together. So we've got A(10) * 4096 + B(11) * 256 + C(12) * 16 + 2 * 1 = 43970. Sure, its a bit confusing but you'll NEVER have to calculate this in the field off the top of your head. You're in IT, you should have a device with you at all times that either a) has a calculator or b) can connect to the internet. Now that you know how to calculate the values, you can use any calculator to do so.

Something I didn't touch on here is octal numbers. If you're a *nix guy like me, you're already familar with an octal set (does chmod 755 ring a bell?) The mode numbers for permissions in *nix operating systems is an octal set. Learning octal is up to you, grasshopper. I have taught you all I can teach you.

With all the dangers out there on the web, one must be conscious of malicious code on the websites they visit. Even if you're visiting a reputable website that would never plant malicious code, their users could in comments, forum posts, etc., without anyone's knowledge. Webmasters should both implement measures to prevent malicious users from doing this and check their comments and 3rd party posts regularly for malicious code. Sometimes it doesn't even look malicious at first glance but it could be. For some people though, that just isn't enough assurance that they're safe, and they're right.

Firekeeper is a proactive solution for end-users to prevent themselves from being duped by malicious code such as cross site scripting attacks. Its basically Snort for your web browser and its quite impressive. I've been using it for a few days now and its alerted me to several possible malicious scripts on various websites and allowed me to put them on a blacklist. It uses the a similar rule format that Snort does but its much simpler and anyone can write rules (if you know how). Give this plugin a try, it can't hurt.

A new plague of malicious emails are making their rounds offering nude or erotic pics or videos of Shakira, Scarlett Johanssen, Rihanna, and Britney Spears. Of course, you should NEVER trust an email offering nude pics, ever. The emails include a link to the pics but instead of giving you all the naked celeb goodness, it gives you the Agent.IMB trojan.

The trojan installs a service called CbEvtSvc.exe that runs in the background and starts every time you boot your computer. I'm not sure if a tailored removal tool is necessary to remove it or if a standard antivirus will work, but for God's sakes, don't trust your inbox! If you se this email, ignore it, or even better, delete it altogether.

The good folks over at TAO Security have launched OpenPacket.org 1.0 that allows security professionals to share packet captures of various types of network traffic so people can learn what they look like and be able to identify it if it happens on their network. The dumps are divided up into three categories, Normal, Suspicious, and Malicious so you can quickly find what you're looking for whether you're evaluating some traffic you've captured on your network or if you're just looking around out of curiosity. You can view the files in Ethereal/Wireshark, tcpdump, snort, etc.

This is the first time a website has served this purpose and it was sorely needed. Now more people can learn how to look at traffic dumps efficiently than ever before. The best thing about it is that anyone can submit new traffic dumps so the variety of available information will be expanding rapidly.

I found this great post over on Pantz and I have NO idea who the author is. Its a really handy init script for setting up iptables for a laptop. There are a couple lines there that you can uncomment if you want to open up ports 22 for SSH or 21 for FTP. Of course, you could just copy those lines and substitute the port number for anything else if you want to run something else.

What you need to do with this script is copy/paste it as root in /etc/init.d somewhere, I named mine firewall.sh and chmod 755'd it.

Get it here.

BTW, if you wrote this or know who did, let me know and I'll credit and thank you.

Lockpicking is one of the oldest hacker arts and one of the funnest/easiest things to do. There are great guides on the internet about how to actually pick locks, I'll link to some good ones at the end of the post. Of course, responsible lock picking is encouraged or you could end up in the slammer having your cellmate pick YOUR locks and you don't want that. Check local laws and make sure that its legal for you to possess lock picks without a license, as some states have outlawed even the possession of picks.

There are a couple ways to get some picks. You can order some off the internet, I got a pretty sweet set from Lockpicks.com for a very fair price so I recommend them. I haven't done business with any other sites, so I don't know how good they are.

How To Make Lock Picks - The funniest home videos are here

If you really wanna do the true hacker thing, you can make your own picks. I didn't realize how easy it was to do this before I ordered my picks, otherwise I would have used the method in the video. I'll probably still do that and make some more picks.

Lockpicking is fun and can be very easy (most locks) or very hard (high security locks). Its pretty interesting to know just how useless a lock is if someone with the right tools and knowledge is around... fairly scary too. Of course, don't get all paranoid. There are much easier ways of getting in your house than picking your doors.

• MIT Guide to Lockpicking (pdf)
• Greg Miller's Guide to Lockpicking
• Lockpicking Guide

The OpenLearn project provides free online courses of college level curriculum for many subjects including IT, Mathematics, Law, Education, Arts, Health and a bunch more stuff. Of interest to my readers is the IT section. There are lots of good classes on network protocols, security, electronic government, etc. Very interesting stuff here that I previously knew nothing about. Any opportunity to learn something new is an opportunity you should seize.

There is a great class over at Hacker High School that will teach you the basics of networking and security. If you're curious about how hackers do what they do and how computer security works, you should definitely check out this free course. It is provided in thirteen PDFs free for download.

Keep in mind that this really isn't meant for anyone who has security experience, but anyone that craves information like I do might be interested in reading the lessons.

This is primarily meant for high school students that want to learn more about computer security for purposes of a career in IT. Not only does it teach about hacking but it teaches about ethics as well. Its cooler to be an ethical hacker than a malicious one, kids. Then you're subverting the subverters.