ENIGMA CURRY

ECSniff 0.6 released

I've just made an update to the Enigma Curry Network Sniffer.

Version 0.6 includes the following changes:

• MSN instant message logging
• FTP authentication logging
• HTTP web page access logging
• Subnet Filtering

Google Talk now (fully) supports Jabber!

I've been highly critical of Google ever since Google Talk came out. Google Talk is based upon the open-source, patent free, instant messaging protocol called XMPP otherwise known as Jabber. Unfortunately, Google Talk has never been able to talk to other Jabber servers. That is, until today.

Today, Google flipped the switch that allows all Google Talk users to talk to all Jabber users.

Why is this such a huge deal? Think back to the days before the internet got big, when email was just starting to become popular. There were several providers to choose from. However, if I was on Compuserve and you were on Prodigy, we couldn't (easily) email each other. Worse yet, if I wanted to start my own little internet service provider, there was absolutely no way my customers could email you. Then along came the idea that email could use DNS. Letting DNS tell email servers how to route emails was revolutionary. Anyone could email anyone, anywhere, no matter what service provider they used. The Instant Messaging industry is in the exact same situation as email was before it used DNS. If I'm on MSN, I can't instant message you on Yahoo. Jabber, on the other hand, is an open protocol that uses DNS to route messages just like DNS routes email. I can have my own jabber server running on enigmacurry.com and I can instant message you on your server running on yourcoolserver.com.

However, Jabber has not gotten very big because no big company (like MSN, Yahoo and the like) have any incentive to dethrown themselves off the IM food chain.. and because all the IM services are free anyway and there is such a huge user base already, the users have little incentive to change either.

Today, Google fully embraces Jabber. This means that Jabber now has a huge company with large amounts of dollars publicly declaring that you can use whatever network you want (that uses Jabber) and connect to us and talk with our users. The incentive that Google has though, is that they will be first. If Google plays it right, pushing the "openness" of it all.. people will flock to it.

Good move Google.

Now, I'm off to make some "additions" to ECsniff.. You can pry gaim-encryption from my cold dead DSL line.

ECSniff - Introducing the Enigma Curry Network Sniffer

I was talking to my friend Gandhi today. He's taking a really lame computer networking class this semester in order to fulfill graduation requirements. He's confident that he won't be learning a thing in the class.

This worries me a bit. I was told by one of my professors a few years ago that I would not need to take this class. Now Gandhi is being forced into it. Despite my having several years of experience in the field already, soon, I too may be forced into answering questions like "What is an IP address?" or even worse "How does the Internet make our lives easier?"……. shudder and shudder.

Maybe I can prove to them that I really don't need to take the class. I thought of showing them a picture of the server room at work. We have a little under 70 computers in there. All networked and maintained by me. Then again, maybe they think the class will teach me "the deep internals of networking" or something equally untrue of the class. So, I thought if push comes to shove, I'd show them that I can find anyone's email password on the network (assuming I have physical access of course)

So without further ado, here is the Enigma Curry Network Sniffer.

This software is by no means original. There are umpteen different other programs out there that will do similar things. I wrote this one, however, by only reading the RFC documents available on the various protocols used. I wanted to make sure that I knew much more than will ever be taught in this dumb IS course. Plus, it was pretty fun to write.

Right now this software only does two things. It will scan the local network for connections to POP3 email servers and HTTP servers using Basic Authentication. Anytime someone on the network uses one of these very insecure protocols, it will display their username and password on the screen of the person running this program. You can also leave the program running and log the results to a file. For future versions, I think it would be fun to explore some instant messaging protocols like MSN… it would be fun to prove the necessity to some of my friends and coworkers of using Gaim-Encryption.

Go download the software if you'd like to try it out, but please don't get yourself into trouble! I take no responsibility for your actions.

Yep, I'm a nerd

I was just reading today's Foxtrot.

bin = ['01011001','01001111','01010101',
       '01001110','01000101','01010010','01000100']
for b in bin:
   print chr(int(b,2)),

I Love comics that are made just for me.