Saturday, January 16, 2010

Talk Like Warren Ellis (@talklikewarren)

I am a fan of author Warren Ellis. He writes comics like Doktor Sleepless (see left) which has some interesting information warfare themes along with mad science and you should all check it out. Doktor Sleepless incidentally, is where I stole the cool warning signs that grace my first couple of entries here. Warren Ellis is a strange, strange man. He has a very popular twitter account (over 300,000 followers) where he does the usual twitter things but in addition he makes exclamations like "Good morning lovemaggots" and "ATTENTION SCUM: You’re obviously all terrible people".

Scott Vandehey and Miles Johnson were so thrilled by these exclamations they decided to see if they could recreate Warren Ellis like sayings programmatically. Thus was born, it's a nice simple web site that will give you a Warren Ellisesque exclamation every time you visit, it'll even give you a link to a screen reading service that will pronounce it for you. The magic that powers this is a Warren Ellis grammar that was created using an inverse parser on a large set of Warren Ellis' exclamations. To the right is a graph for an Extended Backus-Naur Format grammar. The whole thing is really interesting and you should go to Miles' blog and read about it here.

I was so impressed that I decided that I wanted a mechanism that would occasionally show me one of the generated exclamations. I decided that twitter would be a good vehicle and wrote a little script that would scrape an exclamation and post it to @talklikewarren. Here's the code:

#!/usr/bin/env python
import twitter, urllib2, time, re, random

while (True):
        page = urllib2.urlopen('').read()
        post ="<h1>(.*)</h1>", page, re.M).group(1)
        print post
        api = twitter.Twitter("USERNAME", "PASSWORD")
        api.statuses.update(status = post)
        print "success"
    except Exception:
    sleepinterval = random.randrange(30,6*60)
    print "Sleeping for %d minutes" % sleepinterval
    time.sleep(60 * sleepinterval)
Obviously this snippet isn't ground breaking but I wanted to post another example of using Mike Verdon’s Python Twitter Tools.

Wednesday, January 13, 2010

Google and China

Google has had some trouble in China and is reconsidering their operations there.
Google: A new approach to China

Secretary of State Hillary Clinton has commented on the situation.
Statement on Google operations in China

Fascinating stuff. It's especially interesting that Google compares the attacks to the GhostNet incident and refers people to Northrop Grumman's report on the People Republic of China's Cyberwarfare capability.

Yes, this is 24 hours old which in blogosphere time is like a month but I thought to post it anyway.

Sunday, January 10, 2010

twitbot 0.1

Sometimes I end up in conversations with people that leave me with an undeniable urge to prove my point, generally only to myself. Last April I had a conversation along these lines that left me writing a piece of "malware" that communicated via Twitter and since by the time I'd finished the conversation was no longer relevant and so I just let it sit there. Later last year I wrote a paper about Web 2.0 and malware and so I dusted it off and decided to share it with you. Feel free to use the code for whatever, it's a nice basic example of programs passing information to each other via Twitter. Don't use it as is as the authentication/security model is plain bad and this would be perhaps the worst remote administration tool you could think of! searches twitter for interesting posts and if it finds one it will decrypt and execute it then sleep n seconds. takes a time offset (0 is fine) and a command line, it will encode these and post them to the configured twitter account.

Here's how it works:

Twitbot Main loop:
     Generate tag from tag key
     Search for Twitter posts containing tag
     For first matching post:
          Decrypt payload string with message key
          Execute payload string in shell

Twitcontrol Algorithm:
     Generate tag from tag key
     Encrypt message with message key
     Post message and tag to Twitter

Simple Tag Generation:
     MD5 hash the tag key
     Truncate hash to designated tag length – 1

Dynamic Tag Generation:
     Calculate seconds since 01/01/1970 0000 UTC
     Truncate value to 7 most significant digits
     MD5 hash value and tag key
     Truncate hash to designated tag length – 1

Message Encryption:
     MD5 hash message key to create cipher key
     Encrypt message with RC4 and cipher key

One of the nice things about twitbot is that you don't need to specify an account to post from. Instead a tag is generated (from a key) that is searched for using the twitter search API. This is helpful for the hypothetical bad guy because a single banned account won't ruin his day. The other use of tags is to time stamp the command posts to prevent duplicate execution. I use Mike Verdon’s Python Twitter Tools module which I found the best of the python modules I looked at.

A few months after I wrote twitbot Jose Nazario from Arbor Networks discovered a botnet that was using Twitter as its command and control channel, the botnet would post base64 encoded URLs of executables and the bots would download and execute them. I was surprised that people haven't been doing this for longer. 

Tuesday, January 5, 2010

The first of many lazy link entries

I'm going to throw some links out to the world and pretend that it's a real entry!

The 500 Mile Email Problem
This is an anecdote about debugging an email system. The problem: email will travel no more than 500 miles. It's a fun read.

Geekonomics: The Real Cost of Insecure Software by David Rice
A keynote about crappy software and the problems it causes for everyone. It's a very good presentation and if you can find the 50 minutes or so you should definitely watch it. The presentation is very accessible and is a good introduction to software security issues for non-geeks. I didn't agree with all the things that were said but I think the solution proposed is on the right track. Rice suggests that we need to help consumers discriminate between software products on security rather than features and to do so a software safety rating like those found on cars should be adopted. Also check the presentation out to hear Australia referred to as a socialist nation.

I love virtual economies, I did some work on market dynamics in MMOs as part of my undergraduate studies, I try and read all the EVE Online economic reports that they publish and I love the novel Halting State by Charlie Stross which is partly about a company that manages virtual economies. This presentation focuses more on Farmville style casual games rather than World of Warcraft style MMOs. William Grosso works for a company that seems to provide virtual economy management services. The key things with virtual economies are that virtual money doesn't circulate infinitely, there are money sources and money sinks and that the controllers of the game have perfect information about the economy.