joatBlog

(J)ack (O)f (A)ll (T)rades,
Master of none, though often
better than a Master of one.

Categories

Audio

Blogging

Boneheaded_Doings

Books

Coding

Configuration

Cons

Crime_And_Punishment

Cryptography

For_Future_Reference

Forensics

Free_Books

Hardware

Help_Wanted

LaTeX

Malicious_Code

Photo

Searching

Security_Tools

Silliness

Spammers

Theory

Uncategorized

Useless_Trivia

Valuable_URLs

Vents

Vi_Tricks

Video

VoIP

Wiki

Wireless

Archives

2008 (115)

November (1)

October (7)

September (6)

August (11)

July (14)

June (6)

May (10)

April (9)

March (13)

February (19)

January (19)

2007 (193)

December (15)

November (14)

October (17)

September (17)

August (20)

July (13)

June (12)

May (11)

April (18)

March (9)

February (24)

January (23)

2006 (374)

December (24)

November (31)

October (21)

September (33)

August (35)

July (34)

June (33)

May (32)

April (33)

March (33)

February (29)

January (36)

2005 (532)

December (36)

November (38)

October (42)

September (35)

August (42)

July (51)

June (33)

May (46)

April (44)

March (51)

February (51)

January (63)

2004 (1105)

December (48)

November (83)

October (78)

September (116)

August (145)

July (142)

June (113)

May (54)

April (75)

March (83)

February (86)

January (82)

2003 (553)

December (53)

November (50)

October (58)

September (48)

August (56)

July (48)

June (47)

May (52)

April (52)

March (58)

February (29)

January (2)

Del.icio.us

Sun, 02 Nov 2008

AOL Nov

You've gotta love AOL. Ten plus years after the first infected email with a spoofed source address and their virus scanner still sends complaints back to the spoofed address (in this case: me!!), with instructions to contact my email administrator (again: me!).
If 1 in 200 messages is infected, I'd guess that 1 in 400 is a return message (I receive a lot of these). Although the mail was sent with good intentions, it demonstrates a lack of understanding of infection vectors and is basically a waste of resources. For AOL, the message size was 4K. Because it was an error message, it was sent to my account and root on my mail server, so I get to delete this twice. This also ate up 8K of bandwidth. For me, it's not that bad. For AOL, it has to be monstrous (i.e., they're wasting their own money).
If your anti-virus utility scans inbound email for viruses, please TURN OFF your auto-response feature. It actually compounds a number of problems (bandwidth, storage) rather than prompting the owner of an infected machine to fix his junk.
joat: 08:44:50 2 Nov 2008

|
[/Vents] permanent link

Tue, 20 May 2008

Overkill May

Many of us like to pop a bowl of popcorn, toss a DVD into a player, and watch a movie (esp. in an election year), say, like "National Treasure 2". Here's a hint to the Effin' marketing department: the previews shouldn't last longer than the d**n bowl of popcorn.
(To borrow from the real SJ) Oh! And one more thing... Converting a crappy stop-motion animation to "high def" doesn't mean that I'll consider buying it, especially when it's placed somewhere around minute seven in the previews of other movies that I'd never watch/buy, with the fast forward feature disabled. It's enough to make you barf your popcorn back up!
Yeah, I'm in a mood. What of it?
joat: 19:28:19 20 May 2008

|
[/Vents] permanent link

Sun, 18 May 2008

Please! May

Arg! Why is it that online sites, that create audio files for use a podcasts, can't tag the MP3's properly, if at all? (*Ahem* TalkShoe) I've been tweaking my Savonet scripts, getting them to randomly play files if no one is using the jukebox function. Quite a few (not all) of the podcasts have no tags whatsoever and nothing shows up in the jukebox interface when they're played.
Anyone care to join me in pestering various sites about their tagging capabilities?
joat: 10:38:54 18 May 2008

|
[/Vents] permanent link

Wed, 02 Apr 2008

Going too far... Apr

It's days like today that I'm highly susceptable to offers for alternate means of connecting to the Internet (Verizon: this is a hint!). Here's the scenario: I got up early this morning, poured myself a cup of coffee, pulled up my email client and started wading through the backlog from the last two days. Upon finding an email from Rob, concerning a pending field trip, I decided to forward the field trip information to my work account so that I'd have the contact info to call and register for the trip. In response to hitting send, I received the following:

Okay, I was a bit miffed. However, I read the details of the error message and visited the site. It said that I could have the block removed by sending a copy of the message to thisisnotspam@cox.net. I did so and received the following:

Okay, I'm now livid. The short version of the 5-minute screaming fit that I have in my head boils down to: Why are you filtering my outbound mail? Am I flagged as being a spammer because I send 5-10 messages per week?
Grrr...
joat: 06:42:39 2 Apr 2008

|
[/Vents] permanent link

Sun, 23 Sep 2007

Security by fashion statement Sep

Squidly1 pointed out a Dark Reading article (about the under-estimation of the "insider threat" threat) in IRC and (surprise!) it irked me.
My initial thought was "somebody is selling something". Upon reading the article (follow it to the daily blog to see the link), I discovered that I wasn't wrong. The reason for the articles existence was to make you overly paranoid about your users and get you to buy something to counteract the threat. If that purchase just happened to be the product mentioned in the article, so much the better!
My second thought was that this was another in a long line of "security by fashion statement" (bowel) movements. Think about it. We have a number of firms where "analysts" (those that aren't practitioners but are somehow (mysteriously) more knowledgeable) declare that one security method is "auld schoole" and there are much better, more modern, methods of performing such and such a function.
It's quite annoying. In the past five years, we've been told:
IDS's are dead, IPSs are better (thank you Gartner)
Anomaly detection is better than IDS/IPS
the firewall is dead
the perimeter is dead
SSL are the best VPN's
stateful inspection is better than application proxies
deep packet inspection is better than application proxies
application proxies are better than stateful inspection, packet filters, and deep packet inspection (What? You missed the resurrection of proxies by Gartner?)
And now you need to be so paranoid that your users' every key stroke needs to be monitored and analyzed for intent (yeah, that works well), to the degree that you must come up with "termination plans"? Oh and, by the way, we just happen to have this nice product that'll automate this process and make your life much easier.
A much better approach would be to have a realistic security policy and to use the tools you already have, especially the one behind your eyeballs. Most "insider threat" incidents are considered corporate embarrassments not because the incident occurred but rather because they weren't detected until after the fact. The majority of insider abuse is readily apparent, either in the virtual world (in log files) or out in the real world (people tend to talk about what so-and-so is getting away with).
Attempting to totally automate the process, in either the virtual or real worlds, is just a way of abstracting yourself further away from the problem. Network monitoring and management of people have at least one thing in common, they "automate" poorly in that an automated process can only handle "known" issues. Unique issues can always crash automated processes. (It's why we have web-based time sheets but still have entire HR departments.)
You want to properly deal with the "insider threat"? It's easy. Show "trust" in your users. It's okay to "verify" but a certain degree of monitoring but it has to be at a level that your users are comfortable with.
Also, use the tools that you already have. Automated log file reduction is fine, but you still need human review of the remaining entries.
The firewall, the IDS, and security boundaries are still valuable. So's enforceable policies, deep packet inspection, stateful firewalls, and anomaly analysis. They each have their place in your toolset.
Companies such as Gartner like to bank on the fact that you've forgotten that none of these technologies are mutually exclusive. While "layered defenses" may be an offensive term to some, the existence of multiple protections which co-support an overall security policy is still a good idea. Just don't take the human factor out of it.
I've got news for you: If you run a totalitarian environment (AKA micro-manged, micro-monitored), every single one of your users will be evil and you'll end up wondering why your organization has such a high turn-over rate.
Save your cash. Also, keep in mind that the less flexible a system is (the degree of tolerance it has), the more brittle it is and the more spectacular the failure will be when it does go. This goes for machine systems as well as for people.
joat: 12:56:31 23 Sep 2007

|
[/Vents] permanent link

Tue, 28 Aug 2007

When USB ain't Aug

There was an (non)incident at SANS Virginia Beach yesterday that irks me more and more as I continue to think about it. It involves manufacturers "adapting" industry standards (and, no, it's not the old embrace and extend rant). Each student in the wireless class was issued a set of survey "gear" which included a USB-based GPS interface.
One student had a high-end laptop with a number of USB ports on the side and back surfaces. Upon plugging the USB GPS into the side port, he noticed that the LED was quite dim (where other students' LEDs were bright). Thinking that he might have a bad GPS (they're available online for about $35.00), he borrowed the next student's GPS. Upon plugging it in, it too showed a dim LED.
End result: two fried GPS's. Cause: Turns out the manufacturer modified the power spec for the side port, to allow for USB DVD drives.
I won't say who the MFR (feel free to use both definitions of that acronym) is, but you can bet that their entire line of products won't be on my list of prospective buys when it comes time to buy a new laptop. I shouldn't need to worry about my laser mouse burning a hole through the desk (and my leg). MFR's: stick to the dang specs! If you're going to modify a connector's spec, modify the connector too!
joat: 19:40:09 28 Aug 2007

|
[/Vents] permanent link

Thu, 09 Aug 2007

Let your techies be techies Aug

Amen, brother! Amen!.
joat: 18:57:03 9 Aug 2007

|
[/Vents] permanent link

Mon, 07 May 2007

Life's little lessons May

[*sigh*] No matter how old you are, there's always something to learn. Today's lesson: just how greedy a company can be. Specifically, American Express. I needed to buy a $19 piece of software. Since I'm nervous about putting any information on the Internet, I wandered up to the local Walgreens to buy a pre-paid charge card. The smallest they had was $25. I bought it and paid the $3+ activation fee. (Total cost: $28.95)
I then attempted to use the card online, at a site that uses PayPal to process customer purchases. My card was denied. In calling AmEx to find out why, I learned the following: the card is only good at sales entities which are direct customers of AmEx. They won't process "third party transactions" such as PayPal. When I asked for my money back, they offered me $15. ($28.95 minus the $3.95 processing fee, minus the $10 refund fee.)
I've decided to keep the card. I'll find somewhere that accepts it (mebbe Starbucks?). However, I'm going to put about $3.95 worth of effort (this post should amount to that) into letting other people know about my experience with AmEx's Gift Card service. I should probably note here that neither their site nor the TOS document that came with the gift card talks about refusing to work with third party services (specifically PayPal). The closest the TOS comes to that is disavowing responsibility if the Merchant declines the card. (In this case, AmEx declined the transaction, not the merchant.)
Bite me, AmEx.
joat: 17:46:14 7 May 2007

|
[/Vents] permanent link

Recent Comments

Live Searches
View technorati.com