|
.: April 2007 Archives
From an article:
About 11 buildings have lost air conditioning because of the failure,
Stone said. The problem threatens to overheat computer servers, and
officials are warning that the state's main web page will be out of
service periodically throughout the day.
It is hard to realize how important cooling is in a data center or even a small switch room until the AC cooling said room goes out. It can heat up pretty fast if you're not decisive and that can really cripple business.
How do you plan for such an event?
- Make sure you have redundant cooling solutions; while you might not need multiple heavy industry coolers, at least have something available to either vet warm air or introduce cool air. While normal fans are absolutely no replacement to AC cooling, moving air is better than stagnating warm air.
- Keep AC repair service numbers or contracts readily available for quick remediation.
- In your inventory of servers and systems and services, make sure you know which ones are critical and which ones are expendable over short periods of time. Just like trying to milk juice out of your UPS in a power outage, you want to milk the temperature in your server room as long as possible. Shut down all unnecessary servers and devices to minimize heat generation. Be ready to determine when critical temps are reached that will almost certainly damage equipment and/or data and be prepared to invoke a business continuity plan or...be ready to have the company take the day off...
by LonerVamp 04.02.07 at 11:25 AM in /general -
PowerShell is pretty cool so far, even if the remote capability requires some heavy scripting/.NET experience for now. I just found out today that I can actually write functions, put them into my profile file (%My Documents%\WindowsPowerShell\Microsoft.PowerShell_Profile.ps1), and have them load on start-up. This means my little function to start and stop remote services can be a simple one-line job and always preloaded, kinda like my own little command shell. Type $profile to make sure you have the right location. Mine is weird since I start mine with network admin privs as opposed to my normal workstation account.
Windows PowerShell
Copyright (C) 2006 Microsoft Corporation. All rights reserved.
RemoteServices loaded
PS C:\Documents and Settings\mdickey> remoteservices
usage: RemoteServices [servername] [Stop|Start|Check|List|GetName] [service name]
by LonerVamp 04.02.07 at 4:42 PM in /general - comments(2)
OmniNerd posted a rather lengthy article comparing various default installations of most modern operating systems (released in 2006, I think) using nmap and nessus to determine the vulnerability of said distributions to remote attacks. While simplistic in assessment and lengthy in discourse, the biggest takeaway I got from this article in my brief skim aligns with what I believe anyway. Operating systems have weaknesses, strengths, and problems, but ultimately it is a knowledgeable and diligent admin that makes a system secure (or more secure, if you will), and normal users can turn an OS into swiss cheese very easily.
by LonerVamp 04.02.07 at 6:47 PM in /general - comments(1)
I have finally decided to post my resume up for, well, feedback or if a potential dream job employer happens along. No big deal, but it has been something I've wanted to do for a while now.
by LonerVamp 04.02.07 at 8:08 PM in /terminal23 - comments(1)
If you have time to check this out or you don't and still want to learn something (shame on you!) then pick up Applied Sec's Shmoocon challenge notes and the solutions. I don't think they'll be up for a terribly long time, especially the server, so don't delay. Upon first glance, these challenges look to be a little more varied and interesting than most of the web-based "hacker challenge" sites out there.
by LonerVamp 04.03.07 at 8:27 AM in /general -
I almost bought a Linux-based PDA earlier this year (Zaurus 5500 or 6000) and I still might, but after reading what is now available for Windows Mobile from both Justin Clark and Andre Gironda, I might have to add a newer Windows Mobile device for myself this year. I hadn't realized tools had come this far! There are more notes here and likely elsewhere if I were to look.
by LonerVamp 04.03.07 at 10:21 AM in /general -
If you're a sec geek, you're also likely a gaming geek on some level. And if you do any amount of PC gaming, you'll likely be building your own systems unless you have extra money to throw at pre-built systems from vendors. And while I'm not in the market to fully upgrade my gaming rig right now, it really helps to casually read up and stay at least somewhat current with what is going on in the PC building gaming market. This article by Corsair is not just a guide to buying bargain gaming parts that still scream performance, but they guys actually go through (with lots of awesome screenshots) overclocking, BIOS settings, benchmarking tools and examples, and even suggestions on different parts. (Personally, I'd swap that frickin' huge heatsink with a watercooling model.)
In true HardOCP fashion, you can also head to the comments of their news byte on the article and check out some reactions.
On third thought, it wouldn't hurt to maybe pick up a few parts now and file this guide away...
by LonerVamp 04.04.07 at 6:39 PM in /general -
WEP is already known to be broken and weak, but I see Aircrack-ptw is a new tool out that purports to break WEP (most implementations anyway) much quicker. I have not yet tried it, because BackTrack 2 decided to be a bugger about my Hermes Orinoco card and I have yet to replace it or find a solution (Whoppix and BT1 are fine with it, go figure), but once I get that squared away I plan to check this tool out. There is a paper linked on the site, and while some of it gets into some deeper mathematical (mathematical sure sounds more haughty than "math," eh?) theory, some sections are still concise and informative (1, 5, 8, and 9).
Update: I see ISC has also been made aware of this, although they link just to the paper.
by LonerVamp 04.05.07 at 1:30 PM in /general - comments(1)
For any practicing sysadmin, sometimes you just have to tweak servers to milk a little bit more performance. Sometimes the good ol' basics are still the best things to do. I liked these steps (mostly) from SearchWinComputing. I'll just give my own notes on the steps.
1. Use a dedicated drive for the pagefile. This makes sense.
2. Keep your hard disks defragmented. I don't do this much, but when trying to milk a bit more performance out of a server, defragging is still a low-hanging fruit to try out.
3. Use the NTFS file system. I wouldn't think to do otherwise, not from a performance standpoint necessarily, but definitely for security.
4. Avoid running 16-bit applications. Ok.
5. Look for memory leaks. Basically need to continuously monitor memory usage to catch this. Sometime apps (like ASP) will automatically recycle themselves and clean up, thus lowering the indications of a memory leak. Once a process is identified that has a leak, research it on Google or with your own teams if it is homegrown.
6. Remove seldom-used utilities. I would also suggest making sure server software is inventoried and reviewed regularly. That way when some piece is no longer needed, it can be identified and removed. But yes, it sucks to see unused things running on a server.
7. Disable unused services. A tried-and-true best practice for...just about everything.
8. Log off. Makes sense to me!
9. Compress the hard disk. The author makes a decent case for this, but I would definitely only do this in conjunction with baselining performance and testing after each change otherwise this could be detrimental.
10. Adjust the server response. i.e. Adjust background applications for a higher priority.
by LonerVamp 04.05.07 at 8:35 PM in /general -
I am scripting some file syncing and having a frustrating time. The biggest issue is trying to work around a few files that are flagged as "read-only." In the examples, assume sourcefile.txt is "read-only."
PS> copy-item sourcefile.txt c:\sourcefile.txt -force
If this is the first time copying, this will work just fine because the destination file is new.
PS> copy-item sourcefile.txt c:\sourcefile.txt -force
This will now give an error because c:\sourcefile.txt is read only.
PS> move-item sourcefile.txt c:\sourcefile.txt -force
This will always work.
While this isn't so bad, I don't want to move folders over without first going through them to make sure the new folder isn't leaving out something from the old folders, if that makes sense.
So far, my solution is way more complex than I think it should be. I read through all folders and determine if the folder is new or already exists at the destination. If it is new, I move-item it over. I then copy all non-containers that are left. Then I remove all the leftover source containers. Please excuse the variable names and lack of tabs showing up.
$shortpathdest = "\\SERVER\FILES\Installed"
$shortpathsource = "\\SERVER\FILES\ToInstall"
$items = get-childitem $shortpathsource -recurse | where {$_.psIscontainer -eq $true}
If ($items)
{
foreach ($i in $items)
{
$fullsourcepath = $i.FullName
$fullsourcepath = $fullsourcepath.Replace($shortpathsource,"")
$fullpathdest = $shortpathdest + $fullsourcepath
If (test-path $fullpathdest){ }
Else { move-item $($i.FullName) $longpathdest -force}
}
}
$items2 = get-childitem $shortpathsource -recurse | where {$_.psIscontainer -eq $false}
If ($items2)
{
foreach ($i in $items2)
{
$fullsourcepath = $i.FullName
$fullsourcepath = $fullsourcepath.Replace($shortpathsource,"")
$fullpathdest = $shortpathdest + $fullsourcepath
move-item $($i.FullName) $fullpathdest -force
}
}
Remove-item $shortpathsource\* -recurse -force
by LonerVamp 04.06.07 at 10:49 AM in /general - comments(1)
Everyone has stories to tell. In fact, one of the best secrets to dating is to realize that simple fact and give your date a chance to tell their stories, and for you to show genuine interest in listening. This is one reason the web has blossomed so much: we all have something to say and really hope at least one other person out there wants to hear it.
Likewise, us IT professionals have our stories on how we got started in this field. Recently a thread along this vein was started at the SecurityCatalyst community and Rebecca Herold tagged me to put my story up. So here it is!
Part 1: the geekdom
I've long been a geek. I have always been a video gamer (since Atari), I love arcades, and I enjoy science and puzzles. I got my first computer, a Pentium-60 just to play Doom and a handful of other games at the time (Wing Commander, Descent, Hexen...). From there, I really took to computers but I never evolved beyond gaming and online chats.
Part 2: college
I started college in the fall of 1996 at Iowa State U. My roommate and good friend, Ryan, got me interested in having my own web page, so in the winter of 1996 I started learning what View Source did and how to write my own HTML markup. I've had a web page ever since. This, along with my addiction to Quake (the first one, you noobs) was my main involvement with computers.
I started out college by going about 2.5 years into Environmental Science. Yes, I wanted to save the whales (and otters!). But I faced some harsh realities during those early, largely unmotivated years. I knew that that field was not quite what I was looking for, was highly competitivem, and really would never be lucrative in pay. And as much as I have a passion for that area, I realized I could do just as much on my own as a hobby or lifelong interest as I could do pursuing it for a career. I spent a semester or two doing some deep soul-searching for what I wanted to do. Eventually I realized that I loved computers and had a bit of a knack for them; I was a go-to guy in my dorms for computer questions. (Years of computer gaming can really enhance your troubleshooting skills...) So I switched majors to Management Information Systems, lost 45 credits that didn't apply in the transition from sciences, and graduated in 2001 by taking the max number of credits for my remaining semesters. Needless to say, I was very happy even though I walked out into the IT world the year after the .com boom busted.
Part 3: security
Upon graduation I really wanted to get into web design and coding, but with the dot com busting, the IT class of 2001 was really not a lucrative class like the previous years. I spent a lot of my time during job searching to hone my skills and learn new things.
On a whim, I picked up the book Hack Attacks Revealed by John Chirillo. I was immediately hooked and knew that I could happily trade web coding for systems management and eventually security. Since then, I've been working in this area and pursuing the field ever since. Picked up my first real job in early 2002. Within a month of working on the technical support team, I was offered a place on the web dev team, but turned it down to hold out for another role I knew would soon become needed: systems administration. I got that a year later, in 2003, and have since been a sysadmin with a big interest in security.
by LonerVamp 04.07.07 at 11:09 AM in /terminal23 -
Some of the Shmoocon 2007 presentations have been posted. There's a few, and maybe not all of them will be interesting, so I thought I would provide my feedback here (and ongoing) on the talks I checked out, plus a quick impression of what I thought about it.
I really wish I had attended Shmoocon, but I'm not really at a place right now where I could. I really wish I had heard about it back in its first year, 2005, as I was in DC at the time on business. Sadly, I didn't learn about Shmoocon until after I had gotten back (and I was housed in a hotel very close to it as well!). At any rate, I'll still whore up the presentations online and still get something out of it. Overall, I really dig the vibe from Shmoocon. It is serious about security but in a fun, friendly, personal kind of way that I think best resembles early Defcon or perhaps CCC. Smart, awesome, but not hoighty and "commercialized" or too anonymous.
Opening Remarks.mp4 - If you want to learn a little bit more about Shmoocon and what it's all about, this is a useful talk from Bruce Potter of the Shmoo Group and runs a half hour.
Hacking the Airwaves with FPGAs - h1kari.mp4 - 20 minute presentation about cracking WEP and WPA (and FileVault and Bluetooth PINs) using different hardware pieces (FPGA) to speed things up. While that is interesting, the hardware itself is pretty spendy. If you've not seen his talk before or know anything about FPGA, watching a longer presentation may be more helpful, but his demos are quick and do work in this one. Tools: jc-wepcrack for WEP, coWPAtty for WPA, vfcrack for FileVault, btcrack for Bluetooth PINs.
No-Tech Hacking - Johnny Long - Johnny is a very cool presence and typically includes a lot of really awesome audience participation where he presents pictures and asks for feedback. This is no different and he presents a lot of pictures and asks, "What does a hacker see?" This is about observation skills, information gathering, opening your mind. I can just also say, "the driver has candy."
by LonerVamp 04.08.07 at 10:15 AM in /general -
More Shmoocon 2007 presentations.
Hacker Potpourri - Simple Nomad.mp4 - Simple Nomad (old skewl) talks about some greylisting of spam mail, OS fingerprinting using PPTP, finding firewalling devices (using FIN flags, UDP port 0 packets, hop counting) and DVR hacking, but the real meat of this talk is about profiling IDS/IPS systems which starts at 32:45. You can use reverse-lookups to profile some IDS/IPS systems, the timing of reports, and whether admins are doing manual checks. Can fiddle with the DNS replies to profile the investigator some more. Abuse the signature sets to further narrow what IDS is in use or how they block things (vulnerability vs exploit). You can really do a lot of information gathering by knowing signatures for various IDS products and doing tests to see if your attacks are either blocked, allowed, or logged and then either manually or automatically investigated. Very cool.
Extend Your Code Into the Real World - Ryan Clarke.mp4 - I really dig Clarke's enthusiasm and energy. I'd love to hang out with this guy and tinker with electronics and hardware on the weekends. His talk is a beginner blitz into hardware hacking. I consider this talk mandatory for any security or tech guys as Clarke really shows off where some things are going. Very exciting!
When it comes to computers and "hacking" and electronics, I can't do everything despite my desires and best efforts, but for the things I'm not diving into at the time, I love talks like this because they can give me a nice taste of what I'm missing and keep me at a level that I could dive in if my life ever finds me in a place where I can do it (or have friends who do it that I can learn from).
by LonerVamp 04.08.07 at 12:40 PM in /general -
The latest 2600 is out. If you don't typically buy it or have the money, just sit down at the bookstore and flip through it and read what you want.
I also see one of the books I've really wanted in the last year has been released. Hacking Exposed: Wireless is currently available and in an odd green color. Anyone aware why this one is green? I didn't pick it up long enough to find out why, but I'll be buying the book regardless.
On the wireless front, I got my latest Orinoco wireless PCMCIA card on Friday and am very pleased with its performance. It is the Atheros chipset (8470-WD) which means it plays very nicely with BackTrack 2 and monitor mode. In fact, it plugs in and works just fine unless I've been juggling cards on that laptop and the last config still has a different card (my BackTrack is fully installed locally, so my settings are saved).
by LonerVamp 04.09.07 at 1:55 PM in /general -
So, a while back I got a Wi-Spy, which works great on Windows XP. I saw that there are some wispy tools for Linux, so I thought I would try them out on my Ubuntu laptop. I downloaded the files and extracted to /home/michael/wispy.
michael@orion:/$ cd /home/michael/wispy
michael@orion:~/wispy$ sudo apt-get install libusb-dev libncurses5-dev libgtk2.0-dev
michael@orion:~/wispy$ ./configure
michael@orion:~/wispy$ make
michael@orion:~/wispy$ sudo ./wispy_gtk
This worked out just fine (and yes, libgtk2.0-dev installed a ton of stuff), but the colors look horrid. The whole spectromap takes on this lemony-green color even when nothing much is happening. Very ugly, but then again, this is just a quick set of tools whipped together and really is no replacement for using Chanalyzer on Windows. Still, this is nice in case I ever do want to see what's going on and only have my Ubuntu with me.
by LonerVamp 04.09.07 at 10:10 PM in /general -
I saw this quote today in some news that hit my rhetorical question button:
The Ministry of National Defense located in Taipei has warned their personnel against cyber attack. Awareness at the user level is more important than ever after a recent discovery of an intelligence leak at the National Defense University.
What would you do differently in your job if you received a warning from your boss or from upper management or the security team to be wary of cyberattacks? What will your own employees do differently? Will they even know what that means or what to even begin to do?
I can imagine my mom getting that notice where she works and basically have zero change in behavior because it really means nothing to her (works in a hospital). Should she stop more strangers in the hallways and challenge for ID? Should she refrain from email communication? If the computer crashes unexpectedly, should she more quickly call up IT to report it and investigate?
Does your security training equip employees to be able to process and respond to such a warning? Maybe the company shouldn't even give these warnings and instead only raise the warning level of technical/security staff? Did you send out a warning to employees the other week to be on the lookout for any ANI/cursor files sent via email or posted on websites? Does that really change anyone's behavior or do they just talk to their immediate peers about how stupid that email was for 5 minutes?
by LonerVamp 04.11.07 at 10:37 AM in /general - comments(2)
Auditing permissions on a Windows server is basically hellish unless you have a very strict policy on subfolder explicit permissions and group usage. You can use tools like CACLS.exe and XCACLS.exe, but for messy folder shares, the output can be utterly unmanageable. Enter a powershell script I wrote. This script take a path as an argument and will dump out all explicit (non-inherited) permissions from the path and all subfolders inside it. Never make the mistake of re-pushing inheritance down on subfolders and wiping out all those restrictions again!
$error.clear()
$erroractionpreference = "SilentlyContinue"
function GetExplicits ($folders)
{
foreach ($i in $folders)
{
$acllist = get-acl $i.fullname
foreach ($x in $acllist.Access)
{
If ($x.IsInherited -eq $false)
{
Write-Host "$($x.IdentityReference.Value) has $($x.FileSystemRights) on $($i.fullname)"
$spacing = $true
}
}
If ($spacing){ Write-Host "";$spacing=$null }
}
}
If ($args[0]) { } Else {"usage: ./auditperms.ps1 `"`"";break}
$strpath = $args[0]
If (test-path $strpath){ } Else { "bad path, try again, cowboy!";break }
Write-Host "----------------------------------`nROOT FOLDER EXPLICITS"
$folderslist = Get-Item -path $strpath
GetExplicits $folderslist
Write-Host "----------------------------------`nSUBFOLDER EXPLICITS"
$folderslist = Get-ChildItem -path $strpath -recurse | where {$_.psIscontainer -eq $true}
GetExplicits $folderslist
The output looks like this:
----------------------------------
ROOT FOLDER EXPLICITS
Everyone has Modify, Synchronize on \\fileserver\users\scanner
CREATOR OWNER has Modify, Synchronize on \\fileserver\users\scanner
BUILTIN\Administrators has Modify, Synchronize on \\fileserver\users\scanner
MYDOMAIN\Domain Users has Modify, Synchronize on \\fileserver\users\scanner
----------------------------------
SUBFOLDER EXPLICITS
Everyone has ReadAndExecute, Synchronize on \\fileserver\users\scanner\FarmBanc
Everyone has ReadAndExecute, Synchronize on \\fileserver\users\scanner\SalesApp
Everyone has ReadAndExecute, Synchronize on \\fileserver\users\scanner\SalesApp\April Visit
by LonerVamp 04.11.07 at 11:21 AM in /general -
I see there is a vulnerability in aircrack-ng 0.7. While interesting in itself, this strikes an interesting chord.
First, this means that widespread, fairly static distributions such as BackTrack 2 have a lot of users of their Linux livecd that will continue to run vulnerable versions of aircrack-ng. That's a bit of concern, or should be, for anyone who uses that distro. Granted, the chances of someone attacking their box with this vuln is downright slim, but unless you roll your own BackTrack, do a full local install to update aircrack-ng, or patch aircrack-ng on the fly, you're kinda stuck with this issue.
Second, I really believe someday I will have enough time on my hands to have a more bristly defense posture on my networks. In this case, I could have not only an IDS on my wireless network, but I could actually regularly send out packets crafted for just this vulnerability. Anyone leveraging aircrack-ng 0.7 (or BackTrack2) against my wireless network might be in for a brief surprise and could give me additional information or warning about maldoers. Rather than just a fence around the grounds, it can be highly electrocuted as well.
With a lot of vulns like this, it might not make sense to send out traffic for it because you never know if people will still be using it, and the chance gets slimmer as time goes on. But BackTrack 2 is pretty static for a lot of users who never change anything and may be using this distro until a major update comes out.
by LonerVamp 04.12.07 at 1:46 PM in /general -
This editorial on Dungeons & Dragons & Networks talks about how the boundaries present in both network troubleshooting and the D&D play format promote creativity, while tasks with less boundaries are more difficult.
If people performed preventative maintenance and worked to improve their network, they'd have fewer problems to address in the first place. But because individual problems provide intellectual boundaries and present obstacles to overcome, it is simply a much, much easier task than trying to look at the vast possibilities inherent in the network and try to come up with a vision rather than a solution.
I think there is a lot of truth in that, especially since us IT types tend to be problem-solvers a little more than we are visionaries. I think management (and IT staff ourselves!) can benefit from recognizing initiatives that might be more successful when more properly bounded. I am guessing that many managers and project managers likely know this principle already, but it can definitely help us techs when we're not being led very much in between fires. (Article found through WhiteDust)
by LonerVamp 04.13.07 at 1:34 PM in /general -
Played briefly with OpenWRT this weekend. I have an extra Linksys WRT54G (v2.2) WAP and I loaded up the appropriate OpenWRT firmware. OpenWRT unexpectedly imported all my previous settings from the Linksys default firmware, so I didn't really have to do much besides plug in cables.
It should be noted that while Linksys products are administered by the web interface, OpenWRT's web interface is really only useful to see some status information, set very general settings, and view the list of installed and available packages. Everything else should be done via an SSH connection. Set the login password in the web interface while there. This not only sets the web interface password, but also turns off telnet and enables ssh. Remember that you are essentially SSHing into a Linux box, so you SSH as root (ssh root@192.168.20.1). Hopefully through the week I'll look into playing with this box a bit more.
by LonerVamp 04.15.07 at 12:16 PM in /general - comments(1)
Security and IT are tough these days. While we keep getting an influx of people with their MCSE and A+ certs that can do fun things with desktop support, it is all those other more specific areas of IT that still are not getting the love they should be getting. Maybe it is because they're a layer or two out of the eyes of most normal users (and managers). Too often, us techs can do a lot of good things, but sometimes don't get a chance to try things out when we're already swamped with an overload of work, not enough money, and too many fires to put out.
Mark Curphey has been posting his experiences with his new start-up lately. While a lot of the content is not terribly pertinent to me at this point, I do enjoy reading him. Tech-to-tech, this paragraph really caught my eye:
Did I really transfer the domain to my account or was this someone snarfing my domain and my religious spam rules means I missed a very important mail? Alex was sat at his desk dreaming in code but saw I was panicking. We look at it and pulled up the whois records. Holy bull-shitake batman, some bastardo has snarfed my domain and the records show dummy, dummy, dummy as the new owner. We googled and others had been conned by the same trick. How could this happen? How could Gandi let someone transfer a domain without positive acknowledgement. Oh cricky, I really screwed up by being strict on spam.
Considering the theme of this post, I think it might be obvious what caught my attention. You can make an entire job out of being a spam admin or even a DNS/SSL/domain admin, even at smaller companies. But chances are, those tasks are only a very small part (a disturbingly tiny) part of our jobs. How can you get to be a spam surgeon? Do you have time to pick through what gets caught in the filters? Do you have time to even tune up the filters at all while maintaining high functionality for possibly critical emails? Just how are you tracking all your DNS and SSL purchases and expirations?
That's tough, and I think unless you can acquire these skills somewhere or have a job that lets you have a lot of bandwidth to research and tinker with such things, outsourcing to a company that can focus on just that one thing is still a big IT need. That or understanding what techs need to ultimately be successful. Can you really maintain a spam filter effectively, or would it be more efficient to outsource to a company that specializes in spam filtering?
That is one area I think still needs work in the "business and IT must work better together" agenda. We don't know everything in IT and we really do have to make mistakes. I've learned that you learn the most about technology during the troubleshooting stage as opposed to when everything is going right. Business is not terribly forgiving about such things, even if they are small but visible incidents in the whole scheme of things. Business wants to make a request, have it implemented perfectly, and then run unattended for 25 years without any further investment. IT knows better and that any new technology not only must be learned, monitored, and administered, but at some point does need to be evaluated for security, efficiency, and proper improvement.
by LonerVamp 04.15.07 at 3:14 PM in /general -
This is pretty low-skill, but useful. If you want to disable firefox from sending referer [sic] messages when you click links to other locations, type about:config and change the network.http.sendrefererHeader option to value 0.
by LonerVamp 04.15.07 at 7:20 PM in /general - comments(1)
I just read Naming Workstations on a Windows Network and had to smile a bit. Something as simple as your workstation naming scheme can be a very complex process that is different for every single network from 10 users to 10,000. It just goes to show how varied our field is and how many different ways and opinions there can be.
My current job names workstations by OS and username. I dislike this scheme. At my old job early on I inherited and used a similar method where I named the workstations after the usernames. We had a smaller company of only about 60 users, and by the time we grew up to 150, we had had a security audit which pointed out that machines named in such a way leaked too much information (Low priority, I believe). Wanted to target the CFO? Find his name, enumerate the network, and you likely also have a username that has rights on that machine.
I switched us over to naming machines "wkst###" and maintained both an Excel spreadsheet mapping workstation name to the user assigned that computer (we checked out equipment to all employees) and also inventory management software which let me regularly map MAC, IP, usernames, and workstation names together. This way if "WKST125" was doing something naughty, I could very quickly isolate it, take control, and/or check on the user. Having administrative access on switches and remote control capabilities takes away a lot of the need for user-named or even departmental-named workstations when you have an inventory of MACs and domain admin rights! I never did reuse names either, and I had a strict personal policy that no machine was re-issued without first wiping and re-imaging it (sadly, some colleagues did not adhere to such policy later on), thus a perfect opportunity to rename it. I might leave orphaned entries and artifacts this way, but I would rather have orphaned data than data that might actively be lying to me if it wasn't kept up to date.
by LonerVamp 04.16.07 at 3:30 PM in /general - comments(2)
Keystroke mechanics keep being talked about as a form of biometric identification. I'm still skeptical because of how variable this can be...
I live in Iowa which means we have some pretty cold winters. I certainly do type differently if I have cold fingers.
I also type vastly differently depending on my level of inebriation (of course, this can cause regular typos in passwords anyway...)
I type differently depending on my position and mood and keyboard and life. I type far differently now than I did 5 years ago, for instance. Sometimes I am in thought and might type differently, especially on some sort of password screen.
Do I think people type in differents ways enough to be able to tell who it is with an acceptable level of accuracy? Personally, I doubt it...
by LonerVamp 04.17.07 at 3:53 PM in /general -
Richard's post about monitoring and "management by fact" got me thinking about security for the real world admin. What is the best sort of server to monitor? That's easy, the server that requires the least changes. If you stand up a server and don't need to do anything beyond patches and application-level updates (for a DNS server, adding DNS records...), monitoring that box becomes amazingly easy and informative.
You can quickly tell when something is wrong. Besides, typically in troubleshooting (and it is part of Cisco's troubleshooting methodology) is to ask pretty early on, "What changed?" This is something really near and dear to my heart, since I used to be pretty heavy into sciences back in college: observable changes causing observable results. If something weird happens, figure out what the one-off is that caused it.
There are really two problems in business that fight a never-ending battle against the unchanging server.
First, the technical ability of the admin is crucial. Take a new DNS admin tasked with standing up a DNS server. It might not take long to get the DNS server up and running, but to get it tuned for performance and security may take weeks, months, even years of small changes, mistakes, and troubleshooting. For an expert, experienced DNS admin, this "time to stable" is far shorter and much more ensured. This is partly why we need more experts (training) in the back rooms of IT, the luxury of making mistakes to become experts, and time to do proper research so we can be empowered to do more initiatives outside of our comfort zones (otherwise we just say, "no").
Second, business sometimes likes to cut corners, especially with money and especially with IT infrastructure. If a server isn't choking, it must have room to put more on it, right? This defeats trying to efficiently "manage by fact" in the IT back rooms. If you have an SBS box that does basically everything that can be crammed into it, the constant flux of use and changes can make creating a baseline and monitoring for oddities frustrating.
I love the idea of managing by fact, and I think for the most part of security, that should be the goal to someday reach.
by LonerVamp 04.18.07 at 2:19 PM in /general -
Yeah, I know, back to basics with Ubuntu. This took me longer than it ever should have, so I'm just posting my travails here. I wanted to make my Ubuntu server essentially headless where I don't have a keyboard, mouse, or monitor hooked up to it. Obviously this means remote desktop capabilities.
Sadly, the obvious and most often-used tools to accomplish this either require me to remote logon with my Ubuntu laptop (yuck!) or require a session to already be logged on the server locally (yuck!). Well, I want to be able to remote in, even at the logon window after a reboot! Here are my steps.
sudo apt-get x11vnc vnc-common
sudo x11vnc -storepassword password /etc/x11vnc.pass
sudo gedit /etc/X11/gdm/Init/Default
add this at the bottom just above exit 0:
/usr/bin/x11vnc -rfbauth /etc/x11vnc.pass -o /tmp/x11vnc.log -forever -bg -rfbport 5900
sudo gedit /etc/X11/gdm/gdm.conf
change #KillInitClients=true to KillInitClients=false
reboot
I'll probably end up changing this all up once I decide to wrap this inside SSH, but since this will always be local (unless I VPN in remotely), I'm not as concerned about this setup. I might just tunnel it through SSH just to make sure I can do so with this setup.
by LonerVamp 04.18.07 at 10:24 PM in /general - comments(3)
Man, it is amazing the backlog of things to play with and check out that an IT geek can accumulate. Having not had too much time lately, I've gotten a 6 month backlog of about 200 little notes to myself to check this site out or that blog out, check this tool our of that tutorial. Crazy! If I happen to start posting a bunch of stuff here, don't yell at me. I used to use my blog as my notes place on new tools and things, and sometimes I'd post about something for my own benefit but never really ever get around to playing with it. I hate it, but that's the way of keeping up with technology!
Scope! I need scope! Perhaps a job change that reduces my scope of responsibility might be helpful? I could just get a job where I create Exchange email accounts all day. :) Yikes!
by LonerVamp 04.19.07 at 10:00 AM in /terminal23 -
I dig somafm, particularly the Groove Salad station. Sometimes I get into a nice chilled state of mind at night and would love to fall asleep to some cool grooves, but don't want XMMS (my mp3 player) to run all night long. Well, I can do this easily in a terminal shell by first finding the pid of XMMS and then using the sleep command. Elegance in simplicity.
michael@orion:~$ ps ax | grep xmms
29540 ? SLl 0:20 /usr/bin/xmms /tmp/groovesalad.pls
30511 pts/0 R+ 0:00 grep xmms
michael@orion:~$ sleep 1200; kill 29540
by LonerVamp 04.19.07 at 11:30 PM in /general - comments(1)
Recently I saw an HTTP Request Smuggling alert fly past my IPS. It turned out to be a false positive, but led me down the path of figuring out what that attack actually was. This was one of the bigger things I learned that week. Coincidentally, almost that same day, I browsed backlog quiz questions from Palisade and came across one about HTTP Request Smuggling. Whoa!
HTTP Request Smuggling is scary for a few reasons.
First, and likely the biggest reason many people don't hear about it, is it is pretty complicated and technical. Do you know the differences in how your application level packet intepreters (cache proxies, firewall proxies...) and your web servers parse HTTP? Me either. But some people do, and I bet they can pilfer some scary stuff without many people knowing..
Second, you can poison proxy caches, pilfer credentials, and leverage other vulnerabilities like XSS using HTTP Request Smuggling without ever really needing to touch the client or have them do anything. The client really has zero ability to stop this attack (returned javascript notwithstanding).
Third, it sounds difficult to detect in logs and on the wire since the packet parsing needs to be done with awareness of what web server and proxy server is in the communication line are, and how they parse HTTP.
Palisade has a nice write-up on the issue available on both their quiz question and also their article. WatchFire has an amazing white paper on the issue that you can sign up to get (use Pookmail as your throwaway email address).
by LonerVamp 04.20.07 at 2:16 PM in /web - comments(2)
If stories like this keep appearing, IT is going to continue to become much more complicated...
Denison first attempted a remote attack against the ISO data centre on Sunday, but this was unsuccessful. He then reverted to simpler means, and entered the facility physically using his security card key late on Sunday night. Once inside, he smashed the glass plate covering an emergency power cut-off, shutting down much of the data centre through the early hours of Monday morning. This denied ISO access to the energy trading market, but didn't affect the transmission grid directly. Nor did his emailed bomb threat, delivered later on Monday, though it did lead to the ISO offices being evacuated and control passed to a different facility.
by LonerVamp 04.20.07 at 3:12 PM in /general -
I have finally begun the road of post-college continuing education (way behind schedule!). Today I passed what I consider my warm-up certification: Security+. Go me!
I was surprised by some of the questions on the exam, for instance what protocol does the ESP portion of IPSec run over? I had no idea (heck, I don't think I really knew what they meant by that!). Interestingly, Wikipedia knows! I think if I have any advice on this test, look up the objectives not just in books but also Wikipedia.
Some other questions I see as rather tough for someone who has been in IT a while. "What is the first thing to do in XYZ?" You can easily overthink some of the questions and/or argue the subjectivity of some of the answers. There was another rather technical question that I wish I had the answer to (or even how to look it up!). If an unauthorized user got hold of a Linux /etc/passwd file, what would likely be the cause? SSH 0.9.4 (I might have that # wrong) installed and configured; Sendmail set up with access to administrator's web mail; SSL something using the Apache account without virtual hosts defined; FTP server with anonymous access configured. I was like, "huh?" I could maybe pop SSH if that version is vulnerable to something, maybe that sendmail answer is referring to being able to remote in as root, maybe that Apache account has root level permissions, or maybe that FTP server somehow allows access to the otherwise normally protected /etc/passwd location? I think I answered the SSH one...no clue if that was correct.
I'm pretty sure the exam is taken from a pool of questions so I don't see them all, but I was surprised by the number of MAC (Mandatory Access Control) questions I had (at least 5!), some of which were almost word-for-word like others. Anyway, I don't want to go over too many questions from the exam, but suffice to say it is a nice mix of technical and conceptual questions dealing with security.
Coming up:
GSEC
CISSP
CCNA
by LonerVamp 04.23.07 at 12:25 PM in /terminal23 - comments(7)
Looks like you can recreate images on LCD screens remotely. I'm not sure how it works with moving images, but this is pretty high-end if you ask me. It is interesting to hear that NATO spent a lot of money to protect against a similar attack against CRTs. And also RFIDs are still being talked about for their flaws and the paranoia behind them.
One of my big things is how our security, laws, and entire culture have changed due to how efficient the digital world has become. Music has always been pirated, only now it can be done on massive scales. In the past, things like RFID and LCD eavesdropping were really only issues for extremely high-end governments and corporations. No one else cared, had threats that had these capabilities, had the assets valuable enough to protect to justify the cost, nor had the money to afford it anyway. We're talking huge companies, governments, and military, and even just subsets of those.
But these days, things like this can become a reality for more people. RFID might be something we have in all our pets soon, cars, electronics, maybe even ourselves. LCD eavesdropping is still a bit exotic, but if it really is as easy as it seems, this could become a backroom concern for corporate espionage or even internal investigations. Can you imagine being assigned the task of sitting in a conference room and recording images on the screen of a VP two offices away as part of an internal investigation in addition to network and disk forensics? Could you maybe drop a magnetized object on the back of the monitor which automatically logs all the images much like a keylogger? What about the potential range of such eavesdropping? Can it be thwarted fully by focusing on the physical security angle or will LCDs be obsolete in 7 years just like CRTs are now, thus the vulnerability will slowly ebb away?
Some interesting thoughts...
by LonerVamp 04.24.07 at 11:04 AM in /general -
Adnan posted about a Rootprompt post pointing to this Ubuntu server installation tutorial on Feisty Fawn. The tutorial is aimed at installing services that an ISP would need: SSH, BIND, MySQL, SMTP-AUTH/TLS, Courier-IMAP/POP3, Apache/PHP5, ProFTPD, ISPConfig. Not necessarily stuff I all need, but some I do like to read up on how other people do these.
I like this tutorial and I don't like this tutorial. For starters, the tutorial is one of those things that says, "To install XYZ, run this command and move on." It really offers little ability to deeply understand what you're doing and what nuances your particular needs or security posture might dictate. When you install the SSH server, did you disallow remote root login? When you're done with this tutorial, do you set su/sudo behavior back to the default? Does MySQL or Apache run on its own account and can those accounts be logged into via SSH? The tutorial is great as an example of how easy it can be to install these services, but does nothing to warn users about the level of care and attention might be needed to make sure it is running securely and efficiently. Did you follow this tut and leave your balls out on the Internet to be tickled and kicked or did you slip a cup on when no one was looking?
However, I do like tuts like this where sometimes the service you want to install seems daunting for no real reason other than fear of the unknown. I've worked with BIND in the past and can edit my own zone files, but for some reason I have never actually stood up a BIND DNS server myself. Tuts like this can blitz you through the unknown and get you going. You can't learn to whitewater raft by watching from the bluffs. Get the hell in the water, capsize yourself, and get wet!
by LonerVamp 04.24.07 at 1:13 PM in /general -
I had a post a few days ago about managing by fact, to which Alex responded rather appropriately by saying "fact" is a bit of a strong and strict word. We can manage by belief, but our beliefs need to be backed by observable evidence, reason, and facts (yes, I'm rewording). He's right and I have a belief that we both agree on this topic quite nicely. :)
by LonerVamp 04.24.07 at 1:57 PM in /general -
So you want to interact with the less "white hat" types of security professionals but you don't want to hang your balls out there and allow people to track back to you? Looking to not put your name which might be attached to your company into the limelight if you just happen to get noticed and on the wrong side of some punk kid who decides to have some fun at the possible expense of your career? Or you are just a rightfully paranoid security guy looking to rub shoulders and learn new things without the possible collateral damage of having to defend your own network at home? Well, here are some tips on staying anonymous online.
For this series of posts, I will try not to get fancy and technically challenging. I know you can leverage even better means of anonymity online by routing through SSH connections and shells, scrubbing packets and information, "borrowing" other computers in disparate parts of the world and using them to bounce your connections, or fancy P2P nets and encryption. Some of that is just not as practical for quick approaches. Of note, not all of the stuff mentioned here is technically legal, although the illegality may still be pretty grey. Open mail relays, web proxies, and nearby wireless networks may not necessarily be freely open, so just be aware of that.
Keep in mind that this guide is not meant to protect you if you want to do illegal and bad things. This guide is meant for non-criminals to add an extra layer or two of protection between yourself and other nosy persons. If you already live in the darker corners of the Internet, this guide will not give you any additional information. I also am not entirely encouraging people to push the lines of legality with some of these ideas and steps. Common sense is your friend.
This series is not meant to protect your identity from credit card thieves or allow you to live out your life in places the IRS cannot find you. This is not about hiding your search queries in Google because you think they and the DHS are tracking you. This is simply about being anonymous on the Internet in regards to how other people find or interact with you and you with them.
I'll start off with some ground rules.
First, don't be stupid and immature and pick fights. What some newbies do in communities is pick fights and/or act stupid in an effort to quickly get noticed. This is not the way to go. If you have something useful and novel to offer the community, go for it. But most people new to these communities are better served by sitting back and offering tidbits and discussion as they have an opportunity to do so. Be positive, supportive, friendly, and outgoing when it appears to be welcomed. Learn the tone, the names, and what goes on. That's really the biggest bit of advice for interacting in a community outside the white hats and office cubicles: don't be a dumbass. And if someone pounces on you trying to be a pest, just let it slide. This isn't prison where you need to offer a beatdown to the first person who challenges you or forever be branded easy pickings.
Second, pick a nickname (screename, handle, nick...). If you want to maintain a distance between yourself and the community (which is sometimes prudent considering the curious nature of many crackers), you definitely need to not be known by your real name. Pick a nickname and stick to it. Better yet, pick a fully fake name. I go by Michael Dickey pretty much everywhere in life. But what if I picked Wally Harrison as my name online? I could hide in the noise of Google searches for other people. If you pick something really unique, you'll be a bit more easily searchable and one slip-up could ruin all of this work. Of course, don't pick a name that someone else is already using. Using StankDawg might not be kosher with StankDawg.
Third, be aware that staying anonymous is a heck of a lot of work. It is not easy. The more you want to be involved and known, the more you will leak information and screw up. True, full anonymity is not easy at all; in fact, I couldn't do it, myself. And if you want to make a go of it, be prepared for hard work, lots of time spent troubleshooting your own tactics, and prepare for your failures and slip-ups. True anonymity might not mean making absolutely zero mistakes, but it should be your goal to never show up in any logs with data that might be tied to you. Be aware of your information.
As a general rule, don't communicate or browse from home as much as is convenient to you. If you have nearby hotspots and open wireless, use them. If a neighbor has wireless, "borrow" their connection if you are feeling too paranoid (I didn't encourage that...right?).
Lastly, as part of this series of posts (a first for me), I encourage feedback, both in the form of suggestions, corrections, or even challenges saying my advice is crap. And even if you aren't looking to be anonymous, at least be aware of the ways some of your own users might be trying to stay anonymous.
by LonerVamp 04.24.07 at 11:22 PM in /general - comments(1)
If you come to my site every now and then you may have noticed my head images changed slightly, randomly. Well, I added some more images (stolen shamelessly from other places on the net, you'll recognize some I'm sure) to the rotation. Where before I had 3, I now have 43. I've not had time to QA anything and I already see a couple I want to remove or need to resize, but all in all, get out of your RSS shell and click through to check it out if you want. The change of scenery is really just helpful to someone like me who has to view the page daily, hehe.
by LonerVamp 04.24.07 at 11:53 PM in /terminal23 - comments(3)
I guess I forgot which pages I had imported into MT as templates. In redeploying my entire site last night, MT replaced my random image code! Oops, anyway, they are up again although I won't be able to edit any sizes or remove any until after work. :)
by LonerVamp 04.25.07 at 8:48 AM in /terminal23 -
Andy ITGuy is a proponent of training, which is awesome and wholly commendable. I totally understand that, but I'm feeling picky today. Maybe today is Picky Wednesday, I dunno. But I noticed Andy posted this (he's going to love that I'm pulling out an anecdote and unfairly focusing on it, hehe) and I want to make a point too.
My favorite quote from the post is this,
"My dear friend, education is the key..not more locks and bolts."
The same holds true for Information Security. If our users don't know how to spot and handle phishers then we might as well just put up an open WI-FI to our network and post it in the paper.
I'm not sure I would say that user education is key and that without it we may as well put up open wifi. I think user education is very important, but it won't solve IT security any more than education has solved drug use, teen pregnancy, or STDs. I won't be able to dispense with logging utilities or AV or LUA or spam scrubbing just because I have a good training regimen.
So yes, that's my point for the day. Security by technology and security by education need to be balanced just as much as security is balanced against usability. In the end, however, I'll take slightly more technology than education only because that is the one that can be auditable and has hard-drawn lines that I can trust (that and I likely have more budget right now than Andy might have...and that does matter).
by LonerVamp 04.25.07 at 3:20 PM in /general - comments(1)
Texas A&M has won the 2007 Collegiate Cyber Defense Competition. I really feel that live defense and attacking competitions help everyone involved, including spectators. Even if it is just amongst friends or at a con or even something as organized as collegiate level activity, this kind of live-fire stuff needs to grow and will continue to grow in popularity and exposure. If you get a chance to go to one of these events either as a participant or to hang out, I encourage you to go. Don't do like I did last year and skip out on a local CyberDefense competition for no real good reasons.
by LonerVamp 04.25.07 at 4:12 PM in /general -
I like tutorials on sites. Even if I don't get around to trying out new things, it is nice to have the knowledge fly by my sight and to tuck the link away into my pocket (or a site post) for a rainy day when I decide I want to try it out. This link talks about using Snare and Splunk as a central multi-system log-gathering solution (a cheap alternative to LogLogic). I do need logging someday and definitely have plenty of options, including this combo.
by LonerVamp 04.26.07 at 9:13 AM in /general - comments(1)
Snort is another item I want to start working with regularly as well. I know I won't become a Snort guru quickly, and just like any type of packet-watching role, it just comes with time and experience. This Ubuntu + Snort + Postgre tutorial may be helpful, even though I already have my Ubuntu "server" box upgraded to Feisty Fawn and might swap out Postgre for MySQL instead. Sadly, just last night I noticed my Ubuntu box (which has a decently new 200GB HD that has already developed a loud whine when it spins) may not be faring so well anymore after power outages. I had one this weekend and the console might be stuck on a BIOS or GRUB warning since it is silent on my network. I have to check it out tonight. Hmm...it might be old enough that it still requires something plugged into the keyboard port in order to boot properly... Got this link from Andrew Hay.
by LonerVamp 04.26.07 at 12:53 PM in /general -
Network Computing has a nice comparison between Vista and Ubuntu. I've yet to even see Vista, really, but I can say I was disappointed that they didn't include DVD playback with the multimedia testing. Due to the proprietary encryption with any DVD playback, free and legit Linux distros tend to not be able to do this out of the box. I was happy to see mention of Ubuntu's occassional (and very frustrating) hardware issues (namely wireless or sound issues from what I've heard) which can send people back to Windows quickly.
I think Ubuntu is a nice alternative for light users who don't install their own things and only need major things like email, web browsing, maybe some IM, music, picture viewing, and office productivity. Basically you don't need much more beyond what is installed by default. If you need more, you might be in for some learning curve issues.
by LonerVamp 04.27.07 at 1:39 PM in /general -
As computer and security hobbyists and professionals, I'm sure we all go to movies and take special note when something in our field comes up, from door locks to computer terminals displaying code to fuzzy images being blown up to reveal faces. Some of these make us cringe in wild distaste which pulls us out of the suspension of disbelief in the film experience while others make us smile and slightly nod in agreement, making a mental note to share with our other geek buddies.
I have made a new category for this site called, simply, movies. In this category I want to make mention of movies that utilize a particular bit of computer use or security use and point out what is inaccurate about it. In fact, I'm going to call it Computer and Security Use in Movies (CSUM).
Just to get a few ground rules out of the way, I will largely exclude sci-fi movies that assume advancements in technology make certain things possible or different from how we know computer security today. I also only want items that seem important to some degree to the plot of the film, and not just some extraneous bells-n-whistles item from the background. For instance, nothing from Star Trek will count.
I will score each incident based on some criteria, modeled after a security assessment:
Inaccuracy: 1-5 (5 being ridiculously inaccurate and 1 being only minorly inaccurate)
Inaccuracy is used to scale exactly how ridiculous a particular use of computers and security is portrayed. Something that is not ridiculous at all, and, in fact, might be entirely accurate may be able to score a rare 0 in this category, thus ensuring a total score of 1. A 1 is the ultimate score.
Criticality to plot: 1-5 (5 being critical to the plot or film experience and 1 being trivial)
If an inaccuracy is highly critical to a plot, it becomes less forgiving by the audience. Likewise, inaccuracies in smaller, less important parts of the film can be overlooked. This is a scale on how important the situation is for the movie as a whole.
Ease of correction: 1-5 (5 being extremely difficult or impossible to correct without the plot or film experience falling apart, 1 being extremely easy to fix without impacting the film)
If an inaccuracy is easy to correct, it really shouldn't have been a mistake in the first place, and might just be the fault of the technical advisor or writer, or maybe even an artistic decision because the real deal is boring to portray. Something that is extremely difficult to correct means that inaccuracy is so deep, there really is no way to save or spin it without running into major problems. This is essentially the scale of how badly wrong a movie gets this situation.
The total is the product of all three numbers multiplied together to give a score from 1 to 125. Hopefully no movie scores 125 as that would be a ridiculously innaccurate, critical situation in the film that has zero hope of being fixed without the film falling apart. Feedback and suggestions on better scoring are welcome!
by LonerVamp 04.29.07 at 1:02 PM in /general -
CSUM rates: Independence Day (1996)
Situation: Towards the end of the film, Will Smith's character makes a last ditch attack against an invading alien army by injecting a computer virus into the alien mothership's systems. The virus is successful and the invasion is defeated.
Inaccuracy: 5
Ok, while I will say that one could argue the universality of the binary system, I don't think it is even possible that a wholly distinct civilization will have advanced independent of the human race and end up with compatible machine code. Hell, Windows and Macs don't even have viruses that are compatible on either system (a few exceptions exist with third-party apps) let alone entirely different civilizations. I think the biggest joke at the time of this movie was the question, "Are the aliens running Windows or something?!"
Criticality: 5
Maybe the budget disintegrated by the end of the film and they needed a one-shot deal to blow up the aliens; all of them. I don't know, but this is a pretty darned critical contrivance because it is the vehicle for Will Smith to save the world; the climax of the film. It's a shame it had to be so ignorant.
Ease of correction: 4
The year is 1995/1996, and I think it was obvious the producers wanted to capitalize on the emergence of computers and the Internet, and with it viruses. Unfortunately, there is no salvage to getting an earth computer virus to disrupt alien technology, so there is really no saving this idea. The writers needed another entirely different solution to save this; even Will Smith flying into the center of the ship and destroying the Mother Brain would have been more believable.
CSUM ICE Score: 100 (F) I will never forgive Independence Day for this amazingly ridiculous use of a virus in a film.
by LonerVamp 04.29.07 at 1:52 PM in /general - comments(1)
An article out of IT Management on Earthweb (hell, I can barely found out what this site is called...it management? earthweb? datamation? I think that's an ad in the traditional site header slot, but am not sure...ugh!) outlines 10 top open source security tools. While I can usually nitpick something in most lists from unknown sites, I was pleasantly surprised by the well-rounded list presented. Then again, some of these can be fairly easy when you have lists like Insecure.org's top tools list.
I also am saddened but have to say (almost as a reminder to myself) that I need to someday actually read the Open Source Security Tools: A Practical Guide to Security Applications. Books don't get younger on their own!
by LonerVamp 04.30.07 at 1:08 PM in /general -
This is a list of 20 web developer interview questions picked up from SEOmoz via Dan Morrill. I really like interview questions because they can give you good practice. When I am looking for a job (which I currently am) I actually do rehearse to myself (and typically write down) answers to typical questions such as my weakness, my strength, team vs work alone, why the current job is not right, what I want in a job, a manager, life, and so on. In fact, I plan to carve out a spot in my wiki to someday house these questions and my answers for future reference. And one thing I do stress in any interview is to be honest and positive. Admit a weakness, don't cop out or cover it up. Use it as an opportunity to show the employer you know yourself and that you have a plan to address that weakness. Anyway, this looks like a long post, but here's some answers for these questions (some are pertinent only to web developers, though!).
1. What industry sites and blogs do you read regularly?
I tend to cop out here and say that I read a lot of things, mainly blogs and online news sites, which are all in my RSS reader and listed on my website on the right. But I do try to stay concrete and mention some of my A-list links such as TaoSecurity, Jeremiah Grossman, Ha.ckers.org, Security Monkey, Internet Storm Center, Errata, F-Secure, Full Disclosure, and so on largely depending on what type of job I am working on. I do like to make sure I know a nice mix of my favorite sites to read so that I can pull them out quickly without floundering. I remember years ago someone asking me what my favorite hacking site was and kinda floundering and sputtering out PacketStorm just because the guy was a suit who thought he knew hacking. When given a chance, though, I always want to say that I read up on sites every other day if not daily for the important ones.
2. Do you prefer to work alone or on a team?
I love this question and hate it. I love it because my honest answer is both fairly equally. I hate it because that is the prototypical bullshit answer. So I feel obligated to expound! I love working alone because sometimes you can just put your head down and really concentrate on working either through a problem or something that is otherwise tedious. It is true that sometimes in IT too many hands in the kitchen make too big a mess, or will try to do things in different ways such that nothing ends up getting done with any semblance of quality. I also love working on a team because there are times when I don't know everything and need help, times when I physically cannot get all the work done by a deadline without extra hands, and times when just talking a problem through to someone else will jog my thoughts and give me fresh ideas. I truly do enjoy both and am quite comfortable working in either environment as long as the company and manager and colleagues are supportive and get shit done. I have experience working both ways.
3. How comfortable are you with writing HTML entirely by hand?
Very. I've never used a WYSIWYG editor and don't even need color-coded parsing to help out. Give me notepad and I'm fine.
7. Describe/demonstrate your level of competence in a *nix shell environment
I would put my level of competence in a *nix shell environment as beginner to intermediate, although people less than me might put me higher. I tend to place myself lower than I should be, only because there is so much power in *nix shells and so much to learn. I feel just slightly more comfortable inside a CLI as opposed to a GUI.
8. What skills and technologies are you the most interested in improving upon or learning?
For a learning junkie like me, this includes everything! I am most interested in learning whatever is needed or is tickling my muse at the moment, within reasonable bounds so that I don't try to do too much and end up with minimal knowledge in lots of things. I do strive for expert level knowledge in the things I can tackle on a day to day basis and intermediate to high knowledge in things I do on my own or less often outside the day to day job. Specifically, I want to continue to improve my Linux exposure, wireless foo, and security assessments. I want to get hands-on into Snort and log correlation over a network.
11. Show me your code!
View source my code yourself! But keep in mind I'm not a pro web developer, nor do I update my code all that often. My old site is rife with old junk that makes me cringe. This site is slightly cleaner since it is years newer.
12. What are a few sites you admire and why? (from a webdev perspective)
Digg and Google are excellent and clean. I like sites that are clean, offer up their functions, and are not hard on the eyes and soul (ads all over, weird links, blah blah). Give me aesthetically pleasing any day, not MySpace-like. A clear, simple layout.
14. I just pulled up the website you built and the browser is displaying a blank page. Walk me through the steps you'd take to troubleshoot the problem.
Blame the network guys! Hehe, kidding. I would first replicate the problem on my end so that I can see what is going on. Then try to do a view source to make sure I'm hitting the right location and what the browser is being presented. If the problem is network-related, drop into a CLI and start investigating DNS and IP connectivity. If the probem appears to be code-related, check the code from the View Source and make adjustments. Possibly get on the server and try to pull the page up local to the server, check the logs, fashion test pages to troubleshoot IIS/Apache functionality...
16. Do you find any particular languages or technologies intimidating?
I really like this question and have sadly never heard this in an interview! I am currently most intimidated in general in just doing something new for the first time that I'm unproven with. For instance, being challenged to do something that might not be possible can be really intriguing yet frustrating. I'm aware of this intimidation and work to keep it cornered as much as possible. In specific, I am most intimidated lately by ordering the proper equipment that is compatible and not over-budget for the needs. I think that's largely inexperience coupled with spending someone else's money.
by LonerVamp 04.30.07 at 1:30 PM in /general -
I'm feeling talkative today...makes me wish I had IM or IRC at work! Alas, I get to only post here or comments elsewhere!
I really cannot explain just how valuable a little IT experience is. Six years ago out of college I had to beg to get interviews for IT positions, and even then, a very small percentage would ever get back to me. This made sense and I knew it, for a college grad with no practical experience. In the last few months alone I've had calls come in with zero solicitation, which is astounding to me. It is a lot different from the "I'll take any job, anything!" mentality of 6 years ago to the "I can be picky now and say no if I foresee minor problems" of today. Those first few years are definitely the hardest. Hrm...I'm maybe a little too positive today...better bring it back down!
by LonerVamp 04.30.07 at 2:19 PM in /terminal23 -
I've been an on-again, off-again PC gamer. My background is heavy into first-person shooters (FPS) from Doom 1 until FEAR. I think I spent half my college years playing Quake and UT. It's amazing I actually got the grades I did and even graduated...I know too many people who dropped out due to their playing habits.
Here are some games I would highly recommend you play if you do any PC gaming at all. Some of these are classics that no one should be able to say they've not experienced.
Doom 1 and 2 - There is still no FPS PC game the has been able to recapture the hectic, hellish feel of the originals. Doom 2 is still so challenging to this day to me, that I continually play it every few months to advance a few more levels in my spare time (I strive for 100% secrets and kills when actually possible). I still have the original floppies...
Quake - Quake grabbed the baton from Doom and ran with it, propelling PC sales, bandwidth demands, and PC gaming as we know it today. Nothing ever will capture the feel of anonymously running around levels throwing out rockets and fragging fellow geeks into the late hours of the night. This was Internet gaming in its innocent infancy, and it still makes my cheeks tingle with memories. Must be experienced not just single-player, but LAN-borne with friends. Sound effects and most of the background music mixed by NIN make for an excellent backdrop as well.
Serious Sam I - The first Serious Sam had a lot of gimmicks, but one of the best things about this game is how it harkened back to the hectic pace from the original Doom games. No game has come closer to the single-player experience of Doom as this game as it throws hordes and hordes of enemies at the player and usually not enough ammo to feel comfortable. One of the only games I've ever actually heard the sound effects for when trying to sleep (those damned hooves...noo...always behind me...!)
Unreal Tournament - I really don't think any game before or after has looked or sounded quite as good as this one while also being as purely fun in multi-player mode. The excellent electronica music alone is worth the ride. Sadly, if you do get on FFA games these days on the net, chances are you'll be playing with people who have played for nearly ten years now. It won't be pretty, but it can still be very fun! Perfect LAN party fodder as it won't tax systems these days!
Warcraft II - Basically the father (albeit not the grandfather) of all RTS games today, Warcraft II had a perfect chemisty of fun and challenge. I still play this game through single-player mode every few years. The expansion pack is also a must.
Starcraft - The follow-up to Warcraft II is maybe even more perfect with upgraded graphics, deeper complexity in units and builds, and one of the most compelling story lines I've played through in a PC game. I also play this and the expansion pack regularly every few years.
Wing Commander II and III - I loved these games. I'm not a flight sim guy, so these games met my needs just right with complex, but not too complex of controls. I loved the changing experience depending on how you complete missions and the special names enemies with their own challenges and quirks. WC III particularly perfected the sense of isolation for a space fighter pilot.
by LonerVamp 04.30.07 at 2:49 PM in /general -
I see ISC has posted about a vulnerability just disclosed in Trillian. The vulnerability is a little exotic but does have a scary side to it. First, it involves the use of the Trillian IRC client. Thankfully, I don't know many non-geeks who use IRC and none that use Trillian as their IRC client (I would hope!). The scary part is it is trivial to determine if someone's IRC client is Trillian and the vulnerability is triggered by merely hovering over a link posted in chat. Yikes! I expect milworm or even Metasploit to have an exploit available soon enough.
One big question for this is: Do you know what apps your users are running? Are some of them running Trillian? And if so, who is then responsible for upgrading to more secure versions of their apps? (Then again, maybe they don't need IRC at work anyway, so just block the ports at the firewall and hope they're not on laptops at home being rooted?) More fuel if you don't have a handle on corporate policy for unauthorized software.
by LonerVamp 04.30.07 at 8:48 PM in /general -
|
