diagnosing blog depression

It’s interesting to get by blog back up and read some of my last posts and orphaned drafts. Honestly, 2014 was pretty rough for me for a few reasons, which contributed to my blog just staying down.

I was really busy at work with some large projects and lack of staff to help out. In 2013, both Google Reader and Twitter decided to make life more difficult. I still haven’t completely moved Feedly into my regular list of habits to replace Google Reader, and I still bounce a bit between Twitter apps once Twitter started turning away all the third-party ones. I have, however, made room for Reddit…

I also was finding it difficult to say anything new about security on my blog. I was sort of getting sick of the same old thing, as well as just posting links to the same things others were posting about it. It’s a lot like retweeting a tweet that has already been retweeted 24 times in your own feed. What’s the point? But I was also just not having much new to say.

And then in early 2014, my blog’s server’s motherboard died out.

On a brighter side, I had some nice promotions at work due to the efforts, cultivated a new hobby/habit with tabletop gaming with friends, and found good companionship. And now have the chance to pursue security as a full time job.

This storm basically just led to me doing other things with my own time. Until now. 🙂

old sites removed from the side bar

It was a bit sobering to go through the links I had for news and blogs. Almost 50% of what used to be around are no longer present. Some are gone entirely, some are just not updated anymore, a few have changed content. As usual, I just post my own last farewell as a list of retired links. Next up will be all the tools and other resources I had in my side bar. I’m not very happy with the style of the links. Each item should be closer together, but I’ll tackle that another day.

http://blog.1manit.net/
http://adminspotting.net/
http://andyitguy.blogspot.com/index.html
http://artofinfosec.com/
http://arved.priv.at/weblog/
http://www.attackvector.org/
http://menno.b10m.net/blog/blosxom.cgi
http://www.blackfistsecurity.com/
http://www.clearnetsec.com/roller/page/cns
http://www.computerdefense.org/
http://blog.cowtowncomputercongress.org/
http://staff.washington.edu/dittrich/
http://blogs.ittoolbox.com/security/dmorrill
http://jarrodloidl.blogspot.com/
http://www.computerworld.com/blogs/schweitzer
http://edsmiley.com/
http://geekybits.blogspot.com/
http://ha.ckers.org/
http://www.i-hacked.com/
http://hackreport.net/
http://www.hackosis.com/
http://www.headhacker.net/
http://www.honeyblog.org/
http://distributed.honeynets.org/
http://hype-free.blogspot.com/index.html
http://infonomicon.org
http://www.infosecleaders.com/
http://infosecpotpourri.blogspot.com/
http://infosecplace.com/blog/
http://www.infosecramblings.com/
http://infosuck.org/
http://www.innismir.net/
http://www.theinterw3bs.com/
https://beechplane.wordpress.com/
http://www.757.org/~joat/
https://kinqpinz.info/
http://layer8.itsecuritygeek.com/
http://blogs.ittoolbox.com/linux/locutus
http://www.curphey.com/
http://www.matasano.com/log/
http://www.matthewneely.com/
http://mcwresearch.com/
http://metasploit.blogspot.com/
http://blog.ncircle.com/
https://www.nettwerked.net/
http://blog.n0where.org/
http://ogenstad.net/
http://michaeldaw.org/
http://pcianswers.com/
http://www.penetrationtests.com/
http://philosecurity.org/
http://practicalexploitation.com/
http://rarmknecht.net/wp/
http://ravichar.blogharbor.com/blog
http://riskanalysis.riskmanagementinsight.com/
http://www.rootkit.com/
http://www.secmaniac.com/
http://www.securitybraindump.com/
http://security4all.blogspot.com/
http://www.security-hacks.com/
http://securityincite.com/blog
http://www.berylliumsphere.com/security_mentor/
http://securitymoey.com/
http://www.nmrc.org/~thegnome/blog/
http://spoofed.org/blog
http://blog.starmind.org/
http://www.stevegoodbarn.com/
http://myweb.facstaff.wwu.edu/~riedesg/sysadmin1138
http://blog.vulnerableminds.com/
http://www.wirelessve.org/
www.2blocksaway.com/

terminal23 activity is ramping back up

Terminal23.net is back up and running! I’ve been absent for a few years due to life and a hardware failure. For years, I ran my site off a system sitting in the corner of my office, but its motherboard decided to finally die out. Life went by pretty quickly, but recently I got the itch to bring this site back up. I picked up a new motherboard and exported all of my contents into a proper format to move back up to a new hosting provider and into WordPress.

This is my first foray into WordPress, so I’ll be playing with the themes/appearance for a while here, and also doing some reviews of my old content to see what needs fixing. But, I have to say the export from MovableType3 into WordPress went far smoother than I had expected. The appearance is a different story. The current layout and theme settings are pretty close to my old site, but not quite close enough to my liking. Still, I’ll take what I can get in the short term here! The colors and general layout work for now. Maybe I’ll just code my own templates like I did previously…

The past 2 years have easily been my largest gap in blogging and having a web presence of my own since 1996. (I don’t count FaceBook or other smaller services.) A lot has changed, and yet a lot remains the same. Perhaps I’ll go into more detail as I decide where I want terminal23 to go or if I want to slice off a more personal blog or FaceBook presence off to the side.

I made terminal23.net for 3 primary reasons. First, I wanted to organize my own thoughts on security in a place that I could reference in the future, either to recall a tool, a script snippet, or just dump out some thoughts going through my head. Second, I wanted a curated place I could consume my favorite links that I found useful, from other blogs to web resources in the security world. Third, I wanted all of this to be viewable by any curious persons, especially those looking to see if I know anything about security and want to employ my services.

Looking back, I have 1724 published posts on this site dating back to 8/9/2004. Probably 98% of those posts are dealing with IT security to some extent or other, from tools to new scripts to commentary in general. During much of that time I had a more personal blog with 268 posts since 10/05/2001. And even older than that, had a site presence of some sort since 1997/1996, though anything from those probably only exist on a floppy in some box somewhere.

At the time of my site going down, I had a listing of over 469 other security blogs, news sites, tools, and various resources.  I do plan to bring those back, but they will take more time to check and port back in.

a little bit of blog history

Just because I was curious, I did some checking on my site here. I have 1,454 posts here on Terminal23.net dating back to 8/9/2004. That’s 19 posts per month. Prior to that, I made all my posts on my personal blog at HoldInfinity.com (less geek, more personal blog), which has 268 posts since 10/05/2001. I’d say I’ve been blogging about security since 2004.

Even prior to that, I’ve had a web site since 1997 (maybe late 1996 if I really push the definition), but are no longer available except maybe on a floppy somewhere in a desk.

powershell: getting a list of active directory servers

Getting a list of servers can be a pretty valuable first task for working with large numbers of computers. Yesterday I had a reason to get a list of them all, and thankfully all of my servers are in the same OU tree in AD (/Machines/Servers). I also see SynJunkie did a similar thing this week, but I prefer not to use third-party cmdlets. 🙂

$blagh = [ADSI]”LDAP://ou=Servers,ou=Machines,dc=my,dc=domain,dc=com”
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $blagh
$objSearcher.Filter = “(objectCategory=computer)”

$PropList = “name”,”cn”,”lastlogon”
foreach ($i in $PropList){$objSearcher.PropertiesToLoad.Add($i)}

$Results = $objSearcher.FindAll()

Write-Host “found $($Results.Count) servers”
$Results

What this does is look for all computer objects under Machines/Servers in my domain my.domain.com. For all computers that it finds, it pulls out the name, cn, and lastlogon properties.

To find a list of all the properies that can be pulled out, after that above script do this:

$Results[0].Properties

Based on the properties I pulled, it should be obvious I was looking for signs of dead computer accounts. This can easily be changed to look for user accounts, properties in them, and other OUs.

weakness in md5 carries over as weakness in ca roots

The weakness I posted about yesterday is being presented right now at the CCC. I listened to the beginning of the preso just enough to get an idea of what they are doing (the stream is too broken up to properly listen to right now). It appears the team is able to leverage md5 collisions to fake a CA root certificate because the CA roots still validate by md5 hashes. So I suppose if you can MITM connections (or MITM the CA check?) you can pose as a Root CA and validate SSL certs that you control. I might have missed something there, since I’m not watching the rest of the preso right now.

Does this mean the Internet is buckling right now? Not really. I might change my mind if Joe Teenager down the street can hop on an open wifi network and MITM all SSL connections successfully without my knowing it.

you have your pro blackhats…and your noob admins

A couple articles skittered across my desk the other day. Los Angeles traffic engineers admit hacking into traffic light control systems and Rogue IT admin hands former employer’s network over to spammers.

There is lots of talk about the criminality of the black hat underworld and about profit-pursuing hacker groups (although maybe this is just the growing up of the teenage hacker vandals from 10 years ago now needing income), but there is another important set of threats: relatively normal people with access.

This includes former employees that can still use accounts for bad things, easy password guessing, or abuse of legitimate access just, well, because they can. It stems from both negligence and the simple aging of our reliance on technology. Ever wonder how many stale accounts you might have in your organization just because people with knowledge have left? And I’m not talking about obvious stores like LDAP/AD, email, VPN, network devices.

couple unpatched iphone flaws released

A couple iPhone flaws released by a frustrated Aviv Raff illustrate that Apple has a ways to go to become a respectable security citizen (to their defense, so do most people and companies).

One flaw released takes advantage of the iPhone not displaying the middle sections of long URL links. This could lead to a rise in Rickrolling. The second flaw leverages the iPhone’s behavior of automatically downloading images in mail. Both of these issues are old, obvious use-cases.

Hey, when business wants to move forward, security/insecurity just isn’t a stopping power.

my 2008 gaming system is done

Last week I finished putting everything together for my 2008 gaming machine. It’s been about 6 years since my last gaming machine, so I was due for an upgrade. The parts list is saved on my wiki. Special props to NewEgg, my hardware supplier for many, many years. And I added PetrasTechShop.com as my water cooling parts supplier. Excellent service at both, and absolutely no bad parts this go-around! My source of most information comes from the HardForum.

Total cost is probably somewhere around $1100-1300 (not including monitors), with probably the largest chunk being all the water cooling parts. Six years ago, I saved a lot by putting the system together myself, but these days gaming boutiques and other computer outlets have pretty damn good pricing, and I likely didn’t save all that much off a comparably performing pre-built system. But few of them do water cooling at all without a premium cost. So to get silence with water, I did save a bundle.

The system is running on WinXP 32-bit right now. I know, I lose some performance, but I didn’t want to spend any huge time (getting everything to work and run) or money (a real, honest license [damn Microsoft]), until I hear more details on when Windows 7 will be out and how long Windows XP will be extended. If they start to overlap, I’m just going to skip Vista like I skipped ME. (DirectX 10 support/availability may make a difference when Starcraft II comes out.)

Everything works great. Wow sits at 60 fps no matter what I do (including fraps recording), and isn’t taxing the system at all. Temperatures stay barely above room temp, even after hours of gaming, so I’m very happy with the water cooling.

I ended up water cooling my GPU as well. When powering up system components the first time, I was terribly disappointed with the noise from my HD-3870 fan. With that gone, the system hums away unnoticed.

What would I do differently with my setup if I knew what I know now:

  • Bigger case. It took a lot of experimenting to get everything in a good position in the midtower case I got. I lucked out with the top fan (didn’t have to drill more holes to mount the top radiator), but I got screwed with the hard drive cage and other crap in the lower right corner of the case. I moved what I could, but the pump still is at a non-optimal angle. Also, I wouldn’t mind making a bigger hole on the top and mounting the radiator on the inside of the top of the case rather than the outside. Alas, not a huge deal.
  • Bought all the water cooling parts at once. Since this was my first time parting water cooling out, I did it in very small orders. I think 6 total! I would have planned a bit better too: gotten a flow indicator somewhere in the line, better fill setup (currently the only thing still in progress) so I don’t even have to open the case to add liquid (not that I will need to very often), and maybe a drain port if I ever upgrade stuff and need to remove parts. As it is, I’ll need to turn the case upside down and around to fully drain it.
  • a personal divergence and offensive security materials

    It has been almost 2 years since I changed my job situation up. I was hoping, 2 years ago, to get into a networking or security job when I took up my current role as a Network Analyst. Instead, I found myself back in the hole of Windows web administration and developer support, among many other things some of which does include security. I’ve been slowly clawing my way out of that area, but now the more senior coworker that managed our company’s web environment with me has resigned, leaving me as the sole expert in this area on our team. I’ve definitely had happier days as I now try to catch up on what he managed while also my own stuff. I was hoping I would get out of here before he did so I could avoid this! 🙂

    So that means I’m even more stuck in web administration (and various other things) for at least another 6 months here. It really does start to cause one to question one’s career direction or personal happiness just a wee little bit

    On the bright side, I do have more things to look forward to here, such as a Foundstone vulnerability scanning box I have sitting in the corner and a web app firewall/load-balance solution on the way in the next few weeks. And I do have a project to upgrade our host-based firewall solution and assume full control over it. But oh how I wish I could leave the developer/web support behind!

    I also received access to my Offensive Security coursework this weekend. The material includes a couple PDFs and a nearly 700MB rar of tutorial videos. I’ve yet to extract the movies, but I’m really excited they’re just a download and I don’t have to bother picking them from the server one by one. I also have my access to the virtual labs on their VPN. I’m anxious to start in on learning more about BackTrack 3!

    site outage for about 12 hours

    Had an outage on my home cable network which may have been related to weekend reports of midwest AT&T issues (I use Qwest). The outage started Saturday evening and lasted until Sunday morning. The cable modem lost connection and reverted to its default internal IP (192.168.100.14).
    A note to myself not to mess with the Internet On/Off button on the device. Since it didn’t behave like a switch (when you push it, it doesn’t sink in and stay in and then pop out with a second push), I didn’t think it would save state over a power cycle. Alas, 2 hours after physical connectivity returned, I finally hit the button and everything came back up.
    On the bright side, my IP was not renewed. Pretty odd for that long of an outage.

    fully upgraded to ubuntu 7.04 feisty

    Last night I finally moved my last (and main laptop) system up to Ubuntu 7.04 (Feisty). The install was painless. Started up the Update Manager, clicked the button to upgrade to 7.04, waited about 40 minutes where I also had to click Ok/Accept/Forward a couple times, and that was it.

    I upgraded for a few reasons. First, some things I wanted to get working on my laptop were (supposedly) easily fixed in Feisty, but still overly complicated on Edgy, including using Silc/Tor with IRSSI and OpenVPN client management. Second, I believe in keeping software as updated as possible (within bleeding edge reasons, of course). You don’t want to ever be left behind with unsupported (or unloved!) software that has reduced functionality. It’s a lot like living in the past.

    updating my status in world of warcraft

    For any other WoW players out there, thought I’d throw down an update for no other reason than I want to. My focus has shifted to simply leveling up and a bit towards pvp; something that doesn’t require me to be a slave to other people 6 hours a night 6 days a week. This is fully just a distraction for me, now.

    My Draenei Shaman is now level 61 on Kul’Tiras. He’s been Enhancement spec while leveling with a friend who plays a Hunter. I’ll respec him to Resto in a few levels, I think, and likely look into going pvp with him. I don’t anticipate ownage in pvp over any pure classes, but he should do ok once I get him some gear bought through pvp. A fun class, nonetheless.

    My “main” is finally getting some love again and putting on some levels and pvp honor. My 64 affliction gnome warlock on Crushridge is having tons of fun in pvp, especially since his previous raiding gear is better than any but the top level 70 pvp gear so I can save up all my points. Likewise, at 64, I don’t shy away from level 70s. Being a warlock has always owned; it fits my playstyle, and I really can’t enjoy a class more. At level 61, I scored my first legit, 1on1 non-BG level 70 kill…another warlock no less! And about half the time, I am top 1 or 2 in overall damage in AB or WSG. Two more talent points and I’ll fully enjoy an instant cast aoe fear.

    Lastly, I am also playing my level 60 priest on Crushridge as well. I happily spent his refunded (from last christmas!) talent points and made him a shadow priest (he was a backup dorf healer in raiding back in the day) to see what it is like. So far it has been fun, especially since I solo him in the Outlands. I doubt I’ll ever devote too much time to him, but he’s at least an option and fun.

    venting on vagueness and vagary

    The past weeks’ worth of business days I took some vacation time, not just from work, but also from reading security blogs for the most part. I also was able to look at my own time spent here (in between rediscovering WoW pvp), and decided to shift things up a bit (or so the plan goes).

    I’m really…I want to say sick or tired, but those words are too strong. I guess I’m just really bored reading security industry or business commentary (with some exceptions for those people who do excel at writing) with almost zero technical content or anything beyond feel-good vagueness (or maybe vagary), otherwise known as best practices. A lot of this is common sense and while I understand other people have things to say (I do too!), I sometimes just find myself skimming fluffy posts that really leave me with absolutely nothing new.

    Sometimes it is cathartic to vent (or as most people call it, “post commentary”), and I’ll likely still do so now and then, but I really see little need for it most of the time, at least on my site. I can vent just fine in person, on IRC, on IM, or in comments. And maybe Skype someday if I get back on it.

    This is just me telling myself to stay technical and actionable, for now. 🙂 I used to post a lot more information about tools and things to do, and have gotten away from that in the past year. I can see a correlation between this shift and my personal and work lives, so I think I know the problems and the measures on how to fix them.

    Of course, this itself is a rant, but it is one I have the compulsion to post for my own benefit.