| March 2010 |
|---|
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
1 |
2 |
3 |
4 |
5 |
6 |
| 7 |
8 |
9 |
10 |
11 |
12 |
13 |
| 14 |
15 |
16 |
17 |
18 |
19 |
20 |
| 21 |
22 |
23 |
24 |
25 |
26 |
27 |
| 28 |
29 |
30 |
31 |
|
|
|
|
|
Wed, 31 Dec 2003
|
|
|
Added "Cron Basics" to the wiki. joat: 22:31:00 31 Dec 2003 |
|
|
|
|
SearchSecurity has a short article entitled "Compliance drives security investments" which talks about the current laws and how compliance may or may not equate to adequate security. joat: 22:29:00 31 Dec 2003 |
|
|
Tue, 30 Dec 2003
|
|
|
Added a few entries to the Security portion of the Wiki. joat: 22:58:00 30 Dec 2003 |
|
|
|
|
Does anyone feel sorry that Alan now has to spend money to build an actual opt-out server? Put me on the not list as I receive 20-30 legitimate messages per day which makes up less than 10% of the total volume. Thanks to various people for writing Procmail, SpamAssassin, SpamBayes, and various virus scanners. Scraped from Slashdot. joat: 22:34:00 30 Dec 2003 |
|
|
|
|
This is a cool development as OpenSSL is behind most *nix-based Apache servers (using HTTPS, that is), SSH, and a variety of VPN's. Nice to see that someone is seeing that open source code is getting tested and certified. Thanks to SilverStr for the pointer! joat: 06:34:00 30 Dec 2003 |
|
|
Mon, 29 Dec 2003
|
|
I don't think the term "'pooning" will ever catch on (too much 60's era sexual connotation?), but I do like Jim Moore's description of the piggy-backing on someone else's fame (or verbosity). It very similar to what the blog spammers are doing: getting higher search engine ratings by "pooning" onto other websites "in the stream". Oh, and BTW, I have a copy of the book on my shelf. joat: 18:17:00 29 Dec 2003 |
|
|
Sun, 28 Dec 2003
|
|
Odd how these things pop up around the time I get to talk about them at work. Bowulf has a pointer to a discussion about VLAN Insecurity. I said it before and I'll say it again here: <shout> VLAN's are a network traffic managment tool, NOT a security tool!!! </shout> joat: 13:51:00 28 Dec 2003 |
|
|
Sat, 27 Dec 2003
|
|
From Jeremy's linkblog: WarDriving.com. Includes a howto and a listing of required hardware/software.
joat: 18:03:00 27 Dec 2003 |
|
|
Fri, 26 Dec 2003
|
|
I've been offline for a few days, rebuilding my home system. One of my Christmas presents was a new hard drive, which I seriously needed. The previous 6 year-old drive would no longer boot into windows. Luckily it would still boot into *nix's so I didn't lose that much data. (I did suffer from a prolonged "Generals" withdrawal, though.) Anyways, I've backfilled the last few days and will settle down to work on a serious back-log of posts. Merry Christmas, y'all! joat: 11:27:00 26 Dec 2003 |
|
|
Thu, 25 Dec 2003
|
|
Bowulf recently blogged " Weak auditing and monitoring - the Achilles heel to most networks" which was about a VUNet article which discussed the common practice of ignoring your logs unless you're trying to backtrack an incident. I agree with Bowulf, at least in part. You also have to have logging enabled. If you're working in a NOC, that also means router logs (that's syslog servers, not the dinky space for logging in router memory!). For those networks which aren't allowed to enforce a decent firewall policy, you also need to log high-port to high-port traffic which is where most of your shady-stuff (unauthorized/covert channels, P2P, backdoors, etc.) happens. I disagree with Bowulf in that logging isn't the sole action you need to take. Closely related to logging is taking and maintaining metrics. A good metrics supports the cliche "a picture is worth a thousand words". If you're watching your network metrics, you learn to recognize "normal" network activity and "abnormal" network activity. One example of this is e-mail metrics. You cannot read every message that passes through your mail servers. However, if you graph your metrics properly, you should be able to recognize the spread of a new virus within 5-15 minutes of the initial spread (depending how often your graphs are update). While it won't block the new infection (usually nothing will), it does allow you to react quickly enough to minimize the damage and protect the rest of your network. Maybe a good rule-of-thumb is to maintain metrics on your normal traffic (web, email, etc.) and regularly filter your logs for the abnormal traffic? Thoughts/ideas/comments/flames? joat: 11:17:00 25 Dec 2003 |
|
|
Wed, 24 Dec 2003
|
|
A little while ago, I blogged about the IE bug. It's use has now been noted in a Visa scam. joat: 10:14:00 24 Dec 2003 |
|
|
Tue, 23 Dec 2003
|
|
Just noticed that that's two posts with trackback URL's to the Lost Olive that have failed to register. Look's like I'm gonna have the hood up on this thing over the long weekend. Apologies to Kevin for the missed links. joat: 20:27:00 23 Dec 2003 |
|
|
|
|
Kevin, over at The Lost Olive, has a pointer to a SysAdmin review of Jabber XCP.
Jabber's XML-based communications have been around for quite awhile. The protocol is open source and there are quite a few tools to work with it. At one point, I'd even adapted it to send Instant Messages to all NOC personnel if a router interface or a service went down. joat: 20:14:00 23 Dec 2003 |
|
|
Mon, 22 Dec 2003
|
|
Okay, I'm not shy about reciprocal blogging: Kevin added a list of InfoSec pubs to go with the recently blogged Firewall FAQ. joat: 21:15:00 22 Dec 2003 |
|
|
|
|
I've been spending the last few days playing around with Blosxom. I've been experimenting with various blogs and wikis and seem to like Blosxom the most. Notice that I didn't mention MT? The reason is that it's for a business and the licensing fee is a bit high for the moment. My personal preferences for the ones I've tried (at least 10 so far) is Blosxom, followed closely by Drupal. Got any favorites you want to suggest for a *nix-based server? joat: 20:53:00 22 Dec 2003 |
|
|
Sun, 21 Dec 2003
|
|
More online learning sites. joat: 11:04:00 21 Dec 2003 |
|
|
|
|
Robert Graham has been involved with network security for years. One of the nice things about his site is that he is very prolific about posting items on his website. For example: the Firewall Forensics FAQ. joat: 10:48:00 21 Dec 2003 |
|
|
Sat, 20 Dec 2003
|
|
Kevin posted about the Freenet Project. Like all other tools, it's a good tool for end-users, a nightmare for your if you're responsible for a business network. joat: 10:03:00 20 Dec 2003 |
|
|
Fri, 19 Dec 2003
|
|
Okay, I'll admit to scraping it from Slashdot.
Freep has an article about what your high-tech kids put up with in school. joat: 06:31:00 19 Dec 2003 |
|
|
|
|
These people went the extra mile in backtracking spam-based fraud and discovered a criminal enterprise.
joat: 06:30:00 19 Dec 2003 |
|
|
Thu, 18 Dec 2003
|
|
There's still about six weeks left to make comment to the proposed standards for "Minimum Security Controls for Federal Information Systems" (re: the Federal Information Systems Management Act [FISMA]). Get to it by clicking through " NIST posts security control guidelines for comment".
joat: 19:11:00 18 Dec 2003 |
|
|
Wed, 17 Dec 2003
Tue, 16 Dec 2003
|
|
Linux Security has an article entitled " How Not to Program in PHP" which discusses the need for filtering user input. Hint: ignoring this while programming allows cross-site scripting and SQL injection. Not a good thing.
joat: 19:40:00 16 Dec 2003 |
|
|
|
|
Evidently this requires a bit of work to be funny. Sent it to three of my coworkers and had to point the "jab" out. Seems that most people focus on the body of the message and ignore all else. joat: 19:37:00 16 Dec 2003 |
|
|
Mon, 15 Dec 2003
|
|
SilverStr almost always has pointers to good stuff. This one is no different: Microsoft has released a list of ports used by its various software. joat: 20:10:00 15 Dec 2003 |
|
|
|
|
HNS has a pointer to a paper which explains various attacks on the DNS protocol. joat: 20:08:00 15 Dec 2003 |
|
|
|
|
CarvDawg has a paper out on alternate data streams in NTF entitled " The Dark Side of NTFS" which gives the basic theory behind (and how to create/detect) ADS's. joat: 20:06:00 15 Dec 2003 |
|
|
Sun, 14 Dec 2003
|
|
Yep! Another rant. This one is about the Internet... errr... a portion of the Internet. Specifically that built their corner of the virtual world while ignoring RFC's. RFC's are the agreed upon standards by which the "community" is defined. Think of it as the charter for your local government. Protocols (languages) are agreed upon. Responsibilities are defined. One shortcomiing is that there is no requirement to comply. This allows organizations and individuals to do horrible, aggressive and/or stupid things via the Internet without reprisal. Examples: long distance Outlook-Exchange connections, MS's perversion of the Kerberos protocol, long distance NetBIOS, long distance Telnet/FTP/POP3/IMAP, just about any proprietary encryption scheme, and 90% of the e-mail domains. For the Internet-based violations, here's a site called "RFC Ignorant", which tracks the stubbornly ignorant. joat: 19:08:00 14 Dec 2003 |
|
|
Sat, 13 Dec 2003
Fri, 12 Dec 2003
|
|
HelpNet Security has an article about " Attacking the DNS Protocol". It has a few cosmetic errors but, all-in-all, gives a good description about the DNS service and attacks against it. joat: 21:15:00 12 Dec 2003 |
|
|
Thu, 11 Dec 2003
Wed, 10 Dec 2003
|
|
If you work with NBTScan (not NBTStat), this is a nice-to-have.
joat: 09:40:00 10 Dec 2003 |
|
|
Tue, 09 Dec 2003
|
|
|
For better or worse, I've declared the FWTK paper done. Barring small changes to correct errors, consider it in its final form.
For those new to the game, FWTK is the Firewall Toolkit, one of the first application proxies written 20 years ago. Amazingly, it's still usable. Combining it with other technologies (SOCKS, ipfw, iptables, Squid, other proxies/packet filters) allows you to build a workable firewall for just about any *nix flavor, including a Mac version.
If you care to read it, click on the Wiki link above and scroll down to the Security section. Let me know what you think? joat: 20:42:00 9 Dec 2003 |
|
|
Mon, 08 Dec 2003
|
|
It was bound to happen. We've got anonymous e-mail forwarding and anonymous Usenet posting. Now we have anonymous blogging, this instance using GPG and the MixMaster anonymous e-mailer network. Early Warning!!: If you manage a corporate network, you may want to consider blocking this, both for sending (if it's possible) and for reading. There's some pretty unsavory blogs over there (people abusing the service mostly). The hosts state in their FAQ that if they receive a court order, they will turn you in if you're doing something illegal.
joat: 18:03:00 8 Dec 2003 |
|
|
Sun, 07 Dec 2003
|
|
GROKLAW has a short piece that indicates that SCO has finally been ordered to point out the stolen code.
joat: 12:38:00 7 Dec 2003 |
|
|
|
|
|
joat: 12:09:00 7 Dec 2003 |
|
|
|
|
|
joat: 12:06:00 7 Dec 2003 |
|
|
|
|
|
On the road again this week. Will find out later today what "wireless broadband" in a hotel amounts to. joat: 08:16:00 7 Dec 2003 |
|
|
Sat, 06 Dec 2003
|
|
I've lost a " fanboy" from being too abusive?
It seems that beaumonday thinks I pick on Microsoft too much. Acutally, if you read REAL close, I pick on everyone who thinks that any one operating system is the way to go. (Do I need to repost my point-and-click administrator rant again?) I'm a firm believer in the-best-tool-for-the-job and know-the-technology-behind-the-gui.
I provide a lengthy response.
Just so I can alienate everyone and level the playing field, out of the box: - Microsoft Windows is insecure
- Linux is insecure
- Unix (SunOS, BSD, Irix, AIX, Xenix, etc) is insecure
- Cisco/Foundry/Bay/etc. is insecure
- Novell has problems (actually, they had the highest rating by the gov't prior to adding in IP capabilities)
- and the OS that you may be writing has *SERIOUS* problems.
However, when used in conjunction, they can provide a very secure network for your users. joat: 12:01:00 6 Dec 2003 |
|
|
Fri, 05 Dec 2003
|
|
There's tons of forensic evidence links at e-Evidence.com. joat: 23:32:00 5 Dec 2003 |
|
|
Thu, 04 Dec 2003
|
|
Expect intellectual property law suits from Microsoft soon.
So, did the stock purchase include training on how to sue for money? Probably not but this sort of thing can turn nasty and unproductive.
joat: 21:36:00 4 Dec 2003 |
|
|
Wed, 03 Dec 2003
|
|
Not sure where I found this originally but there's a lot of good stuff to dig out of it: " Free Computer & IT Training and Tutorials". On their main page, you can sign up for their newsletter so that you can be notified when new stuff is discovered. joat: 23:31:00 3 Dec 2003 |
|
|
Tue, 02 Dec 2003
|
|
Think this woman is capable of teaching you anything? How about semi-conductor physics? (Yet another attempt by those-with-too-much-time-on-their-hands to use sex to teach the less-willing-to-learn.) But it's funny anyways. The "Booble" search engine is interesting also. (Hint: click on the "Search Britney Space" radio button) |  |
joat: 23:16:00 2 Dec 2003 |
|
|
Mon, 01 Dec 2003
|
|
Teledyn has a post entitled The End of RSS which discusses the glass ceiling for RSS use.
joat: 21:42:00 1 Dec 2003 |
|
|
|
|
|
joat: 21:40:00 1 Dec 2003 |
|
|
|
Recent Comments
|
