Monthly Archives: May 2007


For awhile now, XML has been the “way”. Everything speaks XML. Tons of tools are available for doing pretty much anything you want with XML. It is such a cool acronym that it is even being used in other acronyms like AJAX (Asynchronous Javascript And XML).

Let’s talk about XML for a minute. It allows you to specify pretty much any data structure you can imagine and validate that data using off-the-shelf tools. If you can create a DTD (Document Type Definition)Â or an XSD (XML Schema) then you can use XML to dramatically improve data interchange processes in any system or application. There is no doubt about it. XML is great at what it does. But…it has a problem.

Continue reading


The Experiment – Part 4 – What Countries Are Doing the Most Hacking

I’m still wrestling with the best way to represent the data from my Honeypot experiment. The plan is to create a color-code map to represent the data in different ways. I’m looking at software like GMT (Generic Mapping Tools) and Quantum GIS which uses the formidable GRASS open-source GIS system. I’ve even started dumping data into Google Base (more on this in an upcoming article) just to explore that as an option since it heavily tied into Google Maps. Regardless, I have not settled on a presentation format for the data. Once I do, i’ll start updating it regularly. “The Experiment” is so interesting to me that I’ve decided to continue the honeypot and perhaps even launch more honeypots.

Until i’ve settled on a presentation format, i’m simply going to post some of the statistics here.

Country Percent
United States 37%
United Kingdom 10%
Brazil 6%
Germany 5%
Morocco 3%
Russian Federation 3%
Spain 3%
Mexico 2%
Australia 2%
Canada 2%
Sweden 2%
Other 26%

Hacking Attempts by Country of Origin

The Experiment – Part 3 – Hackers Exposed

I’ve now been running my honeypot for some period of time and while i’m not sure what conclusions you can draw from the results, I can certainly say they are interesting. Over the course of the next week, i’m going to be posting the results of the analysis of the log files and hacker tracking system that I installed for the purpose of this experiment. I’ll include summaries of the types of attacks (see chart below), countries of origin, persistence (how many attempts were made by a single hacker), and hacker CQ (cleverness quotient). The CQ is a measure of both the methods and types of attacks by a single hacker including analysis of probes, whether they attempted to cover their tracks using a proxy and whether they actually did cover their tracks by using an anonymous proxy.

Summary of the Attack Types by Category

More to come…