The problem with randomness

How to generate random numbers from spam

dilbert comic strip 2001-10-25

Random number generators: The devil is in the details

I found SecurityDump’s WPRandom the other day:

Generating random numbers is pretty complicated if you need them for cryptographic algorithms. This software generates them based on spam comments…

It caught my eye as a sort of “spinning spam into RNG gold”, or more likely, PRNG (pseudo-random number generated) gold. Many WordPress blogs, whether self-hosted using or not, effectively use Akismet as a comment spam sieve. (more…)

Published in: on October 5, 2012 at 3:51 am  Comments (8)  
Tags: , ,

SHODAN related infosec assortment

wiki defcon 2

The other Defcon

I never attended DEFCON, though it remains a dream I hope to realize one day, soon. It may soon become too logistically awkward due to increasing numbers of attendees.

Shodan is a remarkable search engine. Traditional search engines use “spiders” to crawl websites. Shodan culls data from ports. It was created by John Matherly in 2007. He continues to develop it.

Shodan is helpful for locating web server vulnerabilities. It is available as a free service, for up to 50 searches. Query syntax includes searches by country, host name, operating system and port. Shodan can search for software AND hardware. It has been acknowledged by mainstream media. The most prominent coverage was in early June, via The Washington Post, when Stuxnet received so much press attention.

Me and Shodan

Next is my Scribd infosec collection. It isn’t exclusively Shodan-related. This is why. (more…)

Published in: on June 13, 2012 at 9:24 pm  Comments (2)  
Tags: , ,

Zanran is a new data search engine

Something new and different in search has appeared.

Zanran is an internet start-up company that hails from somewhere other than Mountain View or Sunnyvale, California. Nor is it in “Silicon Valley East”, the new incubator of technology ventures otherwise known as the Borough of Manhattan. Zanran is farther than farthest Fishkill, across a span greater than even the Tappan-Zee can bridge. Zanran is a U.K. domiciled company in Islington, London.

Not a Google Universal Search 2.0 competitor

Zanran seems to be more of a database searching tool. It would probably be best classified as a specialized search engine.

screen shot of zanran search website

Zanran Search beta version: screen shot

Zanran’s search method is described as patented but based on open-source programs. The actual patent, which I only glanced at, A Method and System of Indexing Historical Data, should help in clarifying. Zanran distinguishes itself because it is particularly well-suited to web search for information that has embedded numerical or graphical data:

Zanran helps you to find ‘semi-structured’ data on the web… numerical data e.g. a graph in a PDF report, or a table in an Excel spreadsheet, or a bar chart shown as an image in an HTML page. This huge amount of information can be difficult to find using conventional search engines, which are focused primarily on finding text… Put more simply: Zanran is Google for data.

Zanran is not a search engine with obvious uses in text or sentiment analysis. The beta website has a long page of examples demonstrating the speed (fast), breadth (across a very diverse assortment of scientific and analytic use cases) and quality of results.

Arthur Weiss, a competitive analyst and former long-time employee of Dun & Bradstreet UK, did a very thorough review of Zanran Search (April 2011):

I’ve been playing with a new data search engine called Zanran… The site is in an early beta. Nevertheless my initial tests brought up material that would only have been found using an advanced search on Google – if you were lucky. As such, Zanran promises to be a great addition for advanced data searching.

Zanran enters the marketplace

Zanran appears to have retained Mallard Digital Marketing. Mallard Digital’s hallmarks are “Authenticity, Transparency and Engagement”. Mallard features an attractive duck in the company logo, and in this rather engaging 15-second video. I base my conjecture about Mallard and Zanran upon three pieces of evidence:

  1. Mallard’s recent announcement, about the acquisition of a search engine as a new client on 29 March 2011
  2. The Zanran company dog enjoyed playing with Mallard’s Labrador retriever in March 2011 (also via Facebook)

Analogy and Digression: SHODAN

As a very general analogy, Zanran functionality reminds me of SHODAN computer search. SHODAN is a search engine that can be used to:

find specific computers (routers, servers, etc.) … [it is] a search engine of banners. Google and Bing are great for finding websites. But what if you’re interested in finding computers running a certain piece of software (such as Apache)?  Maybe a new vulnerability came out and you want to see how many hosts it could infect?

Here’s a screen shot of the main query page:

SHODAN computer search screenshot

SHODAN search engine: screen shot

I am impressed to no end with SHODAN. It is quite clever, and remains very low profile, much like my blog.


I drafted this on 12 May 2011 but failed to actually post due to my insatiable need to excessively fuss and play with WordPress functionality. In the interim, others (most notably Search Engine Journal) have also found the subject of the following post, the Zanran data search engine. I mention this not as self-promotion, but rather, to emphasize that Zanran may be of greater significance than my casual tone indicates.

Published in: on June 21, 2011 at 11:20 am  Comments (5)  
Tags: , , ,


Joining OpenID foundation and voting for the b...

via Flickr

I like OpenID. There are a few others who feel similarly.

OpenID: The Web’s Most Successful Failure.


Published in: on February 1, 2011 at 12:37 pm  Leave a Comment  
Tags: , ,

Antipiracy lawyers pirate from other antipiracy lawyers

Yet more of those pirates

So Versatile: Anti-Piracy Attorney AND Pirate!

Do you dream about getting into the P2P?
via Antipiracy lawyers pirate from other antipiracy lawyers.

Published in: on October 30, 2010 at 7:54 am  Leave a Comment  
Tags: , ,

Stuxnet Definitive

Stuxnet Questions and Answers from my favorite security site from Finland, F-Secure. Details of mysterious reference to Myrtus and The Book of Esther. With gracious thanks to Hacker News.

All silliness aside, I have been very concerned about Stuxnet since Brian Krebs and his comment crew started discussing it at Krebs-on-Security. I have posted all over the internet, including Digg and ComputerWorld and CNET that this is a real and present danger. It’s probably at the top of my instability fear list, in a dead heat with global financial system collapse. Yet this issue has received far less notice and visibility than it deserves.

via Stuxnet Questions and Answers – F-Secure Weblog : News from the Lab.

Published in: on October 8, 2010 at 4:44 am  Leave a Comment  

Don’t Bring Your Guns to Town

From The New York Times, October 5, 2010:

Handgun permit holders who have recently seen their rights greatly expanded by a new law — one of the nation’s first — that allows them to carry loaded firearms into bars and restaurants that serve alcohol… Tennessee is one of four states, along with Arizona, Georgia and Virginia, that recently enacted laws explicitly allowing loaded guns in bars. Previously, states like Tennessee did not allow its residents to carry concealed weapons unless they had a special permit from the local authorities.

©2010 The New York Times All rights reserved. Used by permission and protected by the Copyright Laws of the United States. The printing, copying, redistribution, or retransmission of the Material without express written permission is prohibited.

I was troubled when Arizona recently passed legislation to remove the requirement to obtain a concealed weapons permit to, well, carry a concealed weapon on one’s person.  Carrying a loaded weapon in a bar is much worse. It is a profoundly bad idea. That is a blatant statement of opinion. However, I am a rifle marksmanship enthusiast and dearly miss my wood-stock, .22 Remington bolt-action long rifle that I sold when I went off to attend the Wharton School. I am not biased against the Second Amendment. Yet I do think this law shows a serious breach of common sense.

Published in: on October 7, 2010 at 4:31 am  Leave a Comment  
Tags: , ,

Internet Pornographers Now Suing Pirates

via Internet Pornographers Now Suing Pirates from Mashable. I’ll add to this post, as this most recent incident is merely one chapter of the ongoing exchange.

Published in: on September 26, 2010 at 7:51 pm  Leave a Comment  
Tags: , ,

Minor mysteries of spam

Information overload has been one of my recent concerns. Spam certainly exacerbates the situation! I am spared the worst of spam, due to the minimal traffic on my websites, although I was treated to a glut of spam from around the world immediately after I posted that skateboard video a few months ago.

Spam incidence grew over time, exceeded real content

Spam versus content over time

Spam is diverse. It manifests as spam email, spam comments, spam blogs (known as splogs) and all-unoriginal websites of reposted content.

Spam deterrence

Akismet, an Automattic site, provides excellent, free of charge anti-spam services to blog sites such as mine. Akismet maintains a daily Stats Page including a graph of ham versus spam, for the past five years. Ham is Akismet’s term for a non-spam message. I was pleased to see this post Do you appreciate Akismet?

If so, please take a moment to leave a short comment on this post letting us know! We’re working on a new site design and would love to include some new testimonials.

Ironically, I was unable to complement Akismet, as commenting was disabled.

In addition to Akismet, WordPress suggests using a word list filter of one’s own. As a utility, WordPress will match your list against incoming comments. If any matches are found, that comment is flagged and immediately redirected into the spam bin, for the blog admin to review or just auto-delete. I’ve honed my word list for several months. I enjoy reading through the file every time I make any additions. It is such an odd and illicit list of words and phrases!

Use cases

I regret that I deleted all the skateboard video spam comments that slipped past both Akismet and my keyword filtering system, as they were the most spectacular of all. These are selected excerpts and replies from another blog’s spam comments:

“I see you own a good blog.”
Fool! I’ve seen my content!
“Thanks! This post helps me with a school assignment.”
Fool! You’re gonna fail that one!

A recent spammer tactic is to meaningfully respond to the content of a blog post but also link to a solely commercial and often tacky webpage:

One was an XML editor and the other was a video on “how to be a hacker” (of the LulzSec variety as opposed to kernel patcher type).

Published in: on August 5, 2010 at 3:07 pm  Leave a Comment  


Organically-suggestive CAPTCHA content

Peculiar CAPTCHA Content

Are CAPTCHA selections audience-maturity rated? Regardless of rating, this was especially odd: “them urethras”


Published in: on August 5, 2010 at 4:47 am  Comments (1)  
Tags: ,