|
.: terminal23 archive
Nothing much to say from the NOC today. My regular desk out on the floor is being taken away and I'm moving all my stuff into the NOC, which is just fine by me. Otherwise much of the day was spent organizing current things and working on documentation. Documentation amongst us admins is pitifully spotty and incomplete. This is a new area that we are working on fixing up. The first item of business: making a document on documentation.
by LonerVamp 08.09.04 at 6:35 PM in /terminal23 -
For the past few months there has been a very minor and seemingly random issue where antivirus was not able to be pushed out from a server to an XP workstation. Other small issues continued to develop as more and more XP workstations were rolled out to new employees. Some of DameWare's tools were not responding properly, and other network tools like psservice would simply return a "network path not found" even though I could ping the heck out of the device.
Today, I was attempting to "patch" systems with a registry key that would block XP SP2 from being rolled out. However, some, but not all, of the recent XP machines that I have rolled out were giving me the dreaded "network path not found" message. Finally, I took the time to tackle this odd little issue.
I checked the Event Log on a whim, and noticed a number of entries for a failure to start a DCOM server with the message "Access is denied" and an eventid of 10000. I narrowed this down to an issue with the WMI controls not having access to start up. At about the same time I realized that the normally Automatic service, RemoteRegistry, was not starting on the offending machines, but was started just fine on machines that had no issues. Putting three and three together, the DCOM event log errors were logged every time this service attempted to start, and an access denied pointed back to a security setting I implement on new machines: limiting the NTFS permissions for the C: drive.
After some googling now that I knew what to look for, I found that I needed to restore the "MACHINE\Local Service" account to Modify/Read/List Contents/Write access to the C:\%SYSTEM% folder. This change did not have to be implemented through the subdirs, but rather just on that particular directory.
Once this permission was restored, things worked great. I used DameWare to browse and set NTFS permissons on offending systems. Psservice then let me remotely start up the RemoteRegistry service, and another command line let me run the BlockXPSP2.cmd file to "patch" the system up.
Definitely pissed me off for a while that I had to be troubleshooting this issue, but so very rewarding to finally clear it up, and in the process clear up some other smallers issues from the past. Needless to say, the "install" docs for setting up new computers have been updated...
by LonerVamp 08.13.04 at 9:03 PM in /terminal23 - comments(1)
Today a user reported that her local Antivirus software popped up a message about a Bagel.X worm being present. She swiftly reported it to someone nearby who got me involved, and also took a screenshot of the warning: "File Deleted." I liked the Deleted part, but having an actual worm is not a good sign.
AC reported drvdll.OPENEXE as the offending file, and promptly deleted it, which removed any chance I had of determining the date of creation of the file.
After talking to the employee, she turns her computer off every night and had not clicked on or opened any attachments with just one exception: she had just gone to www.aol.com and downloaded a new user download of AIM software (and along with it, the Weatherbug and WildTangent installs that piggyback along), Right after installation, the AV warning came up.
I did more checking on the system, and found one more piece of evidence of an infection: In the registry under HKCU\Software\Microsoft\Windows\CurrentVersion\Run was a key to start up the offending executable file upon next reboot.
Being a Bagle worm, I attempted normal programs like netstat to see if the worm was running and terminating such processes (like it does and should) and to see if the telltale backdoor had been dropped on a high port. Nothing came back positive. I also examined the running processes using ProcExplore from SysInternals for the telltale Skynet mutex...again, no sign of it.
I determined that this worm infection was brand new, and did not execute itself. However, it was poised to execute on the next computer reboot if AV and an alert employee had not intervened.
The insertion vector? I can only guess that it piggybacked on with an AIM installation (waiting and scanning the news for this incident if it did happen) or the new exploit in AIM dealing with Away msg URL buffer overflows was somehow encountered (although I consider this latter case to be highly unlikely).
Bottomline in all of this: I am getting faster and more thorough with diagnosing desktop incidents like this...and I am becoming more confident and versed in my chosen toolkit to assist in such issues.
by LonerVamp 08.13.04 at 9:12 PM in /terminal23 -
Next week we have a security audit for 5 days on our local network; basically inside the company from the perspective of an insider or someone who has gained some sort of access to the inside (either on the network or physical access).
Will we pass? I truly think so, since we're not morons about what is secure or not. I think companies that fail things like this are the ones who have a nonexistent or weak IT department. We, however, have enough of an IT department to more than provide the necessary baseline of defense and diligence.
Will it be pretty? I don't think so. I know there are many issues that I could come up with with our local systems, but sometimes there is just no justification in devoting the time and the limiting of user "freedom" in order to make things much more secure. I think too many people have no idea about such technical things and what security means in terms of limiting usability in the process.
Some issues I could point out immediately:
- sniffing passwords would be trivial over our wire; FTP, HTTP, and POP3 are all over the place. Email is also obviously readable. Considering we are a web app technology provider, a few months of password harvesting in such a manner would gather a huge foothold into many things.
- employees have local administrator rights on their computers, which means they can install anything they want, including worms, keyloggers, and malicious tools. They also have unfettered access to local SAM files.
- wireless is in heavy, but non-critical use, which means less money is devoted to it than critical things like actual network access on the wired network, making the potential for wireless DDOS fairly high (recently released vulnerabilities inherent in 802.11b (and g I think) illustrate that once an AP drops under 20mbps, someone up to 2 km away can send traffic to the AP that basically closes it to all traffic indefinitely). I don't like such unnecessary and widespread wireless activity.
- widespread laptop use means our effective network spreads to user home networks, which tend to be far less protected. Vulnerabilities in home networks suddenly pose a threat to our protected network when someone is infected with a worm at home and brings it into the work network.
I could go on, but I think the bottom line to any issue we have stems from two causes:
- lack of manpower to implement improvements and reearch. Our team spends most of its time dealing with actual open issues, and many things rarely get looked at until it rises to emergency level (or someone higher up gets whiff of the issue and applies pressure that basically makes it critical). This also means we all do only what we know, and any learning is done "while under fire" or on our own time.
- lack of knowledge and awareness (training) in the areas of personal computing and security.
Back to the security audit, I'm quite happily excited to be going through it. Not only do I get to see what people in such jobs do, but I finally get some third-party validation and insight into my network and my systems. Perhaps their feedback reports will help fuel reasons to pursue avenues of improvement in various areas. Who knows, maybe they will be more impressed than I expect, and we'll all get a round of congrats...but honestly, I like constructive criticism on things that are wrong more than I do validation that everything is fine. I want something to be wrong, so to "keep it real" and improving.
by LonerVamp 08.13.04 at 9:53 PM in /terminal23 -
Been looking for links to put on this site, links of active and useful sites that I can peruse and browse when I have the time; sites that will benefit me personally or professional in my chosen areas of interest.
However, it is far too often that I come across blog-like sites that have one post in the past 4 months, or a recent post about how the author has to suspend the site for this reason or that.
Now, I know people love to self-publish and feel important, but I think some people have latched onto this whole "blog" culture far too heavily and for the wrong reasons. I think people think they have some weird insights into life or an industry...insights that other people don't have and thus want to read about from them.
Anyway, here's an example post that I'm going to use to dissipate this diatribe before I get carried away:
I feel exactly like decafbad wondering why he would be recycling all the news the rest of the world is talking about. Well, at least he has 889 subscribers using Bloglines (and I guess a lot more in reality) as of today, which is much.. really much more than I have :) This means there's probably more than a thousand people who care about what he says. That could be some stimulant maybe? Well, as for me, I'm actually very surprised that you're even reading this, as chances are very very little that you would. Anyways, the point of this post: there is just so much happening outside which I just want to know about. And then, having read all stuff, I'm just tired, having no idea what's interesting anough to blog about. Is there really anything that you user want me to talk about. Then please please let me know, because me is out of ideas and on the brink of quitting
Anyway, I'm happy to say that I "blog" (God knows I hate that word and term and "culture..." I keep journals damnit!) for myself, and for myself alone. Some other people might read this (although I'm trying to keep it private), but really..this is for me. I have this site to compose my thoughts, continue writing to keep in practice, assimilate the many sites and bits of information that zing past my eyes and ears on any given day that I might find useful at some point in the future. I work in a field that encompasses such knowledge and bredth of technology that it is already overwhelming (and that's not getting into how rapidly and fully it changes every day). Anything I can do to filter it for my own use will be something I will be grateful for in the future.
Hehe, this is why I "journal" and this is my manifesto.
by LonerVamp 08.15.04 at 7:01 PM in /terminal23 -
Our onsite office security audit/pen-test has begun in earnest late this afternoon by doing some quick full scans and hitting our servers and network infrastructure.
The two testers loaded up some initial tools. The Mac user loaded Rendezvous Browser and immediately spotted some interesting things. First, he was able to locate our printers with little effort. Second, he was able to spot our two Mac computers. Third, he spotted 4 iTunes users (2 Macs, and 2 iPods). Fourth, he spotted two iTunes installs that had open guest listening. Fifth, one of the Macs had Appleshare turned on. And lastly, shared on that Appleshare was a licensed piece of software which I am unsure is licensed or not. Whew...all in minutes with one unobtrusive free tool.
Pen-testing kicked off later. The Mac user ran down an nmap scan while the PC user loaded up and struck up the ISS Internet Scanner program. They also talked about using John the Ripper, Cerberus, and kismet (wireless) for further testing.
A number of things were spotted, and I'll just go through a laundry list for my own benefit...please remember, this is just day 1/2.
- we allow open email access, i.e. people can download hotmail mail. Also, SSL mail is not enforced.
- Two of our switches have old firmware which is easily overrun.
- Our switches have HTTP turned on, which is not cool.
- Domain password policies do not seem to be working globally. Some passwords are beyond easy.
- People running as local admin appeared to be of some concern, since that allows circumvention of acceptable use policies.
At any rate, I'm not terribly surprised by the results, and this sort of thing excites the heck out of me, especially to see tools and users like this running away and basically verifying what I've always known about how to use these tools effectively, but have just never had the confirmation that I'm down with the knowledge. I am, however, concerned with what they find, since every bit they find will mean additional talking about why it is bad, and additional time spent to mop it up or attempt to wrest.
by LonerVamp 08.16.04 at 8:51 PM in /terminal23 -
I have spent far more time than I should have on getting a series of 3 logos randomly displayed up above. I used a blosxom plugin, but the plugin conveniently makes three lame mistakes: 1) Includes a typo in the part that needs included in this page, 2) Has poor documentation on what things do, for instance how to set path names, 3) has more features than I want, which just added to the headache of trying to get it to work. I've never truly written anything in Perl, but I know enough programming to be able to gut a program without breaking it, so I took all the lame features out, simplified the code to suit my exact need, and am now done. Blah! But at least I now have colors and pictures and stuff up top!
by LonerVamp 08.21.04 at 8:47 PM in /terminal23 -
For the second time in twice as many weeks, a developer has reported the same error. When opening a table to view in Enterprise Manager, the error "the provider was not found for this property" displayed. Reinstalls of SQL 2000 client tools and MSDE did not work, but it turns out just a newer MDAC was needed. The sad part is that I solved the issue the first time two weeks ago, but was unable to do the same this time. Burnt out...
by LonerVamp 08.24.04 at 8:46 PM in /terminal23 -
I've not heard much about VLANs until the last few days when our security pen testers mentioned possibly implementing some VLAN segmentation to control our traffic and manage groups of users. Since then I've been attempting to research them with mixed luck. My best lead is a technical article from Intel.
I have decided that VLANs don't really truly segregate people into separate groups, but rather separate (layer 3, I think it is) broadcast traffic that simply does not need to be read by every workstation. It is much like 5 years ago with the big push away from "chatty" hubs into actual switches that were much more private with their information. Broadcast traffic adds a decent amount of traffic to most networks of decent sizes, especially when you factor in some variables like wireless traffic or VOIP traffic.
Anyway, I'm still researching this, and I think the best way to truly segregate users (I have developers in mind, who tend to want the most freedom with their computers coupled with the least security) would be to create VLANs, create their own subnets, and then plop a firewall between their VLAN and the rest of the network space. But...that's just my initial understanding. I'll post more links to information as I find them.
by LonerVamp 08.24.04 at 9:48 PM in /terminal23 -
This page has a presentation-level type of introduction to subnetting. This might be very useful to review.
by LonerVamp 09.24.04 at 12:51 PM in /terminal23 -
After a lengthy break from blogging (3 months), which included a 2 week work trip to DC, a move from one apartment to another one, plus a number of smaller things like Christmas and New Year's, I am back and everything is up and running like it should be.
Over the past 3 months I have stopped being what I would call frenetic about my research and delving into security. I had been doing lots of reading and scouring of information, and less actual doing. Now that I have amassed a nice book collection on security related things, I am finally actually getting around to reading them for benefit. This includes much more actual "doing" as opposed to bouncing back and forth like a super bouncy ball between new tools and sites and books and articles...
I am also eliminating some of the prohibitive things on this site, such as the "sanitization" for links on the right menu. I've removed them all except for the blogs/personal sites. I still don't want this site frequently visited, mostly because of the comments section, but I really am discouraged from clicking links due to the sanitization. I figure most larger sites don't much look at referral logs, but I expect bloggers and personal sites do so much more often...hence the decision for the change.
Anyway, hopefully I can actually get down to enhancing myself and using this site much more actively and efficiently again.
by LonerVamp 02.28.05 at 3:52 PM in /terminal23 -
Every now and then I go on a stream-of-linkage romp through blogs and security sites. Check out a site, head to the links, start spidering out and repeat. Well, today I brushed through the Nomad Mobile Research Center where I found a lot of 404 links to various people who were big in the security industry years ago. I then came across Rain Forest Puppy's site and memorandum. I've just finished reading The Cuckoo's Egg by Cliff Stoll. The book details some of the early hacking attempts in a very new network of computers and systems and open sharing of information back in the mid-to-late 1980s, a time when I was just discovering Atari and Nintendo and Arcade gaming. In looking at the landscape of the time, of computing, networking, and security itself, things have much changed...I mean, DRASTICALLY changed since then. And I can see how people take values from back then and futiley fight the good fight for years and years, even when the time of those networks and openness are gone. The openness and phreaking got replaced with coding and open source and free tools and grassroots hacking...and today, we have commercialization of security. I read RFP's memo on his site and realized that this is one of the things I look for in my web romps through security links and blogs and personal sites (sites made back before "blog" was even a thought); the people who have been here already and where they are now, sometimes the dusty relics of long-forgotten websites or stories of how people have moved on, grown up, lost faith, or become part of the commercialization. The Internet and computing are still changing so much, and security even more. In 5 years from now, I could be like them or perhaps just part of the commercialization. Either way, I feel that this sort of web-trotting into the lives of other security persons from the present and past gets back to where the real security happens (or happened), where the real culture of hacking and security lies...not in the Symantecs and Microsofts of the world, but rather in the continued traditions of Black Hat and Defcon and the smaller underground groups of hackers (although slightly less underground than 5-10 years ago). To anyone that feels like RFP, I just have to say that that kinda just happens, especially when you have a youth-fueled culture in the midst of a brand new, rapidly changing frontier like the Internet and networking. Things change so rapidly, people grow up and out of their hacking 24/7 mindsets, get married, move on in life, and into more conservative affairs. This happens, but it does not take away from the grassroots, "pure" hacking and security that has come before and still happens now.
I will say it is interesting running over sites of people whose names I know as part of the hacker scene, but their sites are outdated. Sometimes you see a resume or a post about where they've gone or what they were doing when their site got dusty. Then I realize just how weird the net is. Some sites disappear in moments, others, stick around on servers for years, decades. Just sitting there, waiting, listening, maybe logins have long been since forgotten and the servers just whirr away diligently maintaining their uptime. I've seen this in the early gaming scenes in Quake where clan pages are still sitting in cyberspace, waiting for really nothing. Links, images break over time, and they look like those old rusting cars you can find in overgrown pastures...
Some site designs I liked (for future reference): jexe and guninski. I would love a throwback design even if that throws back to a time before I was into computers, but there is something nearly romantic and appealing to the idea of a nighttime black world with the only light the soft greenish glow of a computer terminal illuminating the outline of a determined hacker...
by LonerVamp 07.30.06 at 11:02 PM in /terminal23 -
So, I've been asking myself some questions and kind of dealing with how to present myself on the net while at the same time categorizing my own information overload by spilling things out into this log. I've decided that I don't know why I maintain my cute redirection code in place to thwart trackbacks and referral readers. On a bigger note, I'm not really sure why I keep this site secret, other than just because I don't have a desire to really share this with people.
However, I think I have decided to remove the clunky code that at least veils the referreals. I may not entirely open this site up to the world, but I guess I won't bother trying to actively obfuscate it.
by LonerVamp 08.23.06 at 8:33 PM in /terminal23 -
Now that I should have some more time on my hands, I am looking at possibly upgrading my site a bit. I seem to alternate between back-end updates and front-end design updates, and I'm overdue for both. However, I still like the site design, so I think it is time to jump into a back-end upgrade.
I am looking at blog systems that I can install. Currently I run on Apache with PHP4 (it might be 3!) with Movable Type 1.4 using flat files instead of a database backend on a very stable Windows 2000 Pro box. Movable Type fit my bill exactly, back in the day, but then quickly went commercial and I'm not really willing to pay for something like this. I also have Perl installed, and am willing to update all of these components (I would prefer to keep Windows 2000 though, simply because it is stable, I can get it free, and I'm intimately familiar with it).
My requirements/wishlist, for my own edification:
- easy posting from anywhere (u/p login)
- optional comments...bonus: toggle comments per entry as opposed to per site
- MSDE/SQL 2000 (preferably MSDE) backend with little administration needed
- php-based, but something that requires very little tinkering and coding other than templates/layouts
- the ability to make everything very minimized/minimalistic, from archives, comments, to posts, and the whole blog itself
One thing that is a bit flexible for this version of Movable Type was not just having multiple blogs, but to be able to use them creatively. For instance, my movie list on the right is actually another blog embedded into this page.
I also have a private page where I host all my geekier things. This is almost like a knowledgebase for myself. I am currently running Blosxom which I really love for its simplicity, but I think I am ready to move to a wiki or knowledgebase system.
- easy posting and updating of posts/topics
- good support for wiki-style knowledgebase stuff
- comments system or possible collaboration
- MSDE / SQL 2000 (preferably MSDE) back-end
This upgrade may not happen for a long time simply due to other things going on, and I plan on evaluating some solutions over time, so that I can get the most out of a wiki or blog system. I also now have spare systems to test things on, which will be ideal.
by LonerVamp 08.25.06 at 9:41 AM in /terminal23 -
Well, my main site is going to be updated in the coming months with a real blog. In recent updates here, I've noticed that a blog format, even as open as blosxom is, is just not the ideal format for me to use here. My updating style and the way I use this little site is much more akin to a wiki. In fact, it is a wiki, only not yet. So I think this can give me some experience (again) with installing a wiki and a blog. I've never fully put up a wiki myself, so this will be a good task to do.
Of course, I am not about to pay for something I could likely make on my own with enough time and energy. For blogs, Movable Type is now free for personal use again. My current site new is kept in MT, so I have no real reason to change. For the wiki front, nothing has a more rounded listing and look at CMS products as OpenSourceCMS. Wow!
by LonerVamp 09.12.06 at 7:02 PM in /terminal23 -
I am hoping that I finally am hitting critical mass with all my links at left. With some luck and free time, I can start pruning the list of all the useless links/blogs that don't offer me much of anything, and instead focus on what I truly want to read. I've been getting behind on more than a few of these sites, and it doesn't help that the web filter at work is more stringent than I am very comfortable with. Lame. Nonetheless, I need to start blocking off some time, maybe Sunday mornings at the bookstore or some other place I find that is conducive to reading sites, and make a habit of it.
Some ramblings for myself... Do I need 56 news sites and 234238 blog sites? Most likely not. I bet most anything of interest in the news will be covered in at least a couple of the blogs I visit. Do I need 9 antivirus sites? Actually, I do prefer a range of them. Whenever I do some research or incident response on a particular bit of malware, I prefer to look at reports from multiple sources to get the most information possible. You can't have too much info when dealing with malware infections. Do I need all the podcast/vidcast sites? Nope. Despite my best intentions to watch and listen to them all, I just simply do not. I like visual stuff, but so far have yet to even begin to catch up on the audio-only stuff. I just have no habit for it, or automatic way to download them all and get them someplace for me to listen to. Perhaps when I get a car adapter for my ipod, I'll develop this habit... Yeah, I definitely need all of this in wiki format. :)
And yup, now that my little veil has been lifted, or kimono shifted open a bit, I've seen some trackbacks from a few other sites that I visit from here, now. I guess I can't complain, and don't mind the company at all. :) It certainly makes coding just a smidgeon easier, and visiting links as well, since it doesn't take three clicks per, now. Simplify, simplify!
by LonerVamp 09.12.06 at 8:23 PM in /terminal23 -
Just removing some links. First, Ubertechnica appears to no longer exist. I have long read Xatrix, but ever since they had some legal woes they've slowly eased up on updates. Looks like no one is maintaining the site anymore.
Since I have moved on from using SuSE extensively, I no longer need the SuSE Security page. The antiforensics section of Metasploit is looking a bit old, so there is no need to keep it on its own link. I can get there through other means if need be.
I've always hoped Erin would finish work on her site, amoebazone, especially the log part, but I guess development has stalled for other pursuits. I do still like the layout and design though, which is one of the real reasons I am making notes when removing sites. This site was here as a reminder of the design as much as wanting to see the completed work. Another largely personal site that predates real blog/journal apps is Thor's site, Hammer of God. Dunno really why I kept it or even included it, but it no longer will be.
Insidethebeltway seems to have disappeared. I really just don't read any of the blogs from the RStack white hats. The Lost Olive offered me nothing either, other than an awesome 404 page
by LonerVamp 09.24.06 at 4:20 PM in /terminal23 -
I have been working at my current job now into my 5th month. A lot of my time has been spent getting used to the environment and culture of working here, along with a majority of the time spent supporting and working with our .NET/ASP application development team. This basically means I've been more involved in Windows systems administration than I'd like to be doing, especially for someone who is not pursuing .NET programming. Windows sysadmin is not that difficult in the long run (you can make it as difficult as you want, by adding scripting, etc), but it is not all that fun or glamorous. I'd pretty much rather be doing anything but, however, I will admit there is plenty of demand in the role in business.
Anyway, starting this week I get to begin working on and taking control of our McAfee Intrushield IPS device. This device sits inline with our external firewall and our internal DMZ firewall and logs intrusions attempts. Right now it is passive and set to IDS-mode only, as no one has had time to really sit down and configure it properly while minimizing the risk of preventing legitimate traffic. That will end up being my role here, forthcoming.
I'm not the biggest of fans of IPS devices. I believe that a company like ours which is small and has a good amount of money to spend on IT is better served by installing only an IDS system and staffing to monitor it properly, as opposed to an IPS that will automatically block traffic based on various turned-on rules.
However, this is still majorly exciting and almost as good as managing the firewall. This device straddles the two areas I would like to grow in: networking and security/insecurity. So, that was some good news in the past few weeks in regards to my job, and I'm really looking forward to talk to our Accuvant guest this week and getting my fingers deeper into this device.
I will be very disappointed in the device if I am not able to see the actual packets and payload for various detections and alerts. Installing and playing with an IDS (Snort) at home has been on my extended list of things to do, but I have some bigger fish to try lately. So to be able to do this at work is actually the first ray of sunshine that I have had at this new job.
UPDATE: I did some research on case studies for Intrushield and found one (pdf warning) that doesn't name the company, but it does name the CSO. Turns out it's the CSO from McAfee itself. While I can say, "d'oh" to see a company use itself as a case study, I have to say I like the idea that a product is in use internally. In my short career, I've already felt the irony of a company that doesn't use its own products or follow its own paradigms that it tries to sell.
by LonerVamp 09.25.06 at 2:56 PM in /terminal23 -
I just read an article on HD Moore, one of the most influential and brightest "non-corporate" white hat security researchers, in which he answered a quick question on his favorite hangout, "A dark room full of electronics."
Not only is that cool, but it got me thinking about what my own favorite room or hangout would be. I've been doing some casual thinking lately on owning property sooner than later, and how I would plan to do some stuff with it. Right now, I'm in "money-saving" mode, so my spare apartment bedroom is acting mostly as a place to put things I don't have a place for, instead of being developed into something much cooper.
So, what would I deem as a perfect room to hang out in? Honestly, I have three major ideas on that question.
1) The dark room full of electronics. Some people feel at ease and most happy when surrounded by other people or doing social things. For people like myself, I feel similarly when surrounded by electronics and maybe a person or two of like mind. A dark room illuminated by the soft glow and unjudging winking of LED lights and monitor displays. Maybe an indirect light source or two with a narrow cone of light to important places that need lit. It would need to be cooler than warmer. I would also prefer a house as opposed to an apartment, so that I could set up a decent (but not high-end) speaker system so I can play such music from quiet classical/ambient to pound out some industrial or metal depending on my moods. A clutch of test machines, a couple separated networks (one a main network and the other a sniffed, testing one), a workbench for system surgery and parts. The monitors would preferably be displaying specific things as opposed to operating screensavers. One should play movies that I can half watch in the background, another display an active packet watch on my main system (just to watch now and then and learn more) or even my test network if I am running something, another with network monitoring, and another with a security dashboard up or even cycling through a few. That would be an awesome hangout.
2) Now, even the most hardcore of us needs to unplug every now and then. For a more unplugged experience in my abode, I would love to have an entertainment room that has a nice tv and sound system, is ideal for watching movies or sports events (about all I watch, I don't take to television anymore), and is filled with plants and a pleasing atmosphere. Something calm and idyllic, a place to relax and lounge and sprawl out in, to read a book, magazine, listen to some music, or watch a movie, or even pull a laptop into to just chill out, but not dominated by obvious electronics all over.
3) Lastly, completing the unplugging, my third preference would be the great outdoors, away from most everyone else and anything technological. Give me a breezy, amazing woodlands or mountaintop or tropical island beach, and I could find some real peace there. Give me a cabin up in the woods that I can escape to and some space to roam. Internet connection...debatable. :)
by LonerVamp 10.05.06 at 10:01 AM in /terminal23 -
Just a note and a small rant to myself. I've been using the McAfee IntruShield IPS here at work for a few days now (been poking at it for a few weeks, really), and I must say I really dislike being so disconnected from the actual packets and wire. I really like the information on exploits and alerts that McAfee includes, and also the reporting and dashboard (they recently updated it!).
However, any time I see something new or noteworthy run across the wire, my first instinct is to look at the packets and the flow before and after the actual alert triggering event. Sadly, these capabilities are far lacking. And what really is disappointing is any false positives even when the device itself is tuned up tighter. I don't really care if the IPS sees a UDP Port Scan all day when it is just a printer trying to reach out for some SNMP love because it lost contact with something.
Such is the price we pay these days for products trying to be the "silver bullet" of security or trying to be "all-in-one" and end up just disconnecting us from the real data and activity. Give me Snort and Wireshark and a portable tap (or the ability to put windump/tcpdump anywhere I want) anyway...
What I feel like is one of those Plato's cave analogies, where I'm no longer really looking at the actual subjects, and instead I am seeing only the dim shadows of the events...
by LonerVamp 10.10.06 at 2:18 PM in /terminal23 -
I've tried a number of stand-alone and web-driven RSS readers in the past few months, but none really gave me what I wanted or presented it in a way that was compelling and simple and, well, just right.
Much to my surprise, I tried out Google Reader and was immediately hit by, "this is exactly what I wanted." I added a few of the feeds I most regularly check, and I've been amazingly happy with this layout and simple feature set. I hope SufrControl doesn't add this to the list of things denied outright (yes, web filters are evil, more on that in another future post).
by LonerVamp 10.11.06 at 1:02 PM in /terminal23 -
I just wanted to say I can't believe how exciting my chosen field of work is. I love it beyond words and every time I read something new (even a negative article deriding Metasploit which prompted this exclamatory post), I get just a little bit giddy. I love security/insecurity!
by LonerVamp 11.03.06 at 10:58 AM in /terminal23 -
One thing I try to be cognizant of as my career starts to move forward is what skills are going to be in demand in the future. I don't want to be awesome in Windows XP, only to find myself someday outdated like so many Windows 98 admins. Not that I support Windows XP on a desktop level right now, but that is just an illustration.
A manager just emailed out an Excel document that has maps of our building and numbers pointing to all our conference rooms (about a dozen) because people tend to ask, "Where is such-and-such room?"
It occurred to me how appropriate this issue could be solved by a web developer who knows his stuff. Carve out a small section of an intranet, tackle the issue, code up a solution, present it, and voila, a one-stop web-enabled location so that people don't have to save a tomorrow-oudated spreadsheet "hack" of a solution that might be located at some mysterious location on a file server that I may or may not have access to.
Web application coding skills are amazingly useful and awesome these days. And the work is rather exciting when you can focus down on it and really pursue it as a team that can teach each other. Gone are the days when any stay-at-home kid could pick up a few clients and create cheesy web pages using straight HTML. Now, real web design skills are in demand and needed, coupled with code that more and more resembles actual programming languages in operation, suitable to those who can think in that way (not just make pretty pictures in Paint and arrange them in tables with possibly some database backend code in php...). .Net, Java, Ruby, Python, Ajax.
In fact, before I was in IT I wanted to become a web developer. That was my idea when I switched my majors into MIS 2.5 years into college and graduated with thoughts of making web pages for a living. Thankfully, I've had opportunities elsewhere to expand myself, but I still appreciate web development.
Someday, a ways down the road, I can still see myself satisfying my coding bug and doing some more web coding and application coding. I would love to be able to just throw out a quick solution to problems using an internal web site. Given experience and practice, that kind of stuff is amazingly easy and simple to do (ongoing support is always the hard thing). And with web and application security the hot topic for the year in security, this makes sense from that viewpoint as well.
However, for now, I want to remain grounded and focused where I want. Right now I am directing my career towards networking and security, moving towards certifications and learning networking since it is still something I'm working on, plus learning Linux and more deep security topics and pursuits. I've also decided I want to make sure I know wireless security as a specialty, as I believe the future is in wireless and mobility. Web coding as a major focus has simply been pushed aside a bit for now...but someday I'd love to dive back in and learn the new stuff.
I must say, if an opportunity opened up right now in an exciting and competitively-paying (for junior level) company to start learning and participating in Ruby or Ajax development, I would seriously think about it.
by LonerVamp 11.09.06 at 1:54 PM in /terminal23 -
Wow, it looks like I've gone an entire month without making a post here. That was certainly a quick month, and I do have a backlog of things and links and tools to look at and post about.
My reasons for the lack of posts is two-fold, really. First, I have been holding back on a lot of stuff since I really want to convert this space into more of a wiki-format. A wiki is much more appropriate for what I am using this site as. I had some issues last month in getting Apache 2 and PHP5 to get along, so I have to check and see if that was resolved.
Second, I've moved a lot of my more discussion-style technical posts to my main blog instead of here. I am not sure if that is how I will do it in the future, as all my own non-technical stuff is being diluted by the technical jargon that many of my family and friends know nothing about. Maybe I'll load it all back here once I get the wiki up, and still have a sort of techie blog/news listing on the front page.
In the meantime, I hope to post some more things here anyway, regardless of the wiki progress.
by LonerVamp 11.15.06 at 9:52 AM in /terminal23 -
I think I have my new "geek" blog ready to roll finally! The last step was to decide on a name for the site, and I settled on Terminal23 for my own reasons (nothing interesting, really). Now I can start porting over my Blosxom blog entries as needed, and get caught up on posting news and such. I really liked Blosxom for its simplicity and elegance. I would have stuck with it further, but I think I just wanted something new and I needed to update my blog application anyway on my personal site.
I do still need to get the wiki up and running, but that will take a bit more time and love. For now, this project has already exceeded my goals of being done by the end of this year.
by LonerVamp 12.11.06 at 8:50 AM in /terminal23 -
Hopefully I can finish my one or two weekend projects I need to work on this weekend. Tonight will be spent playing Warcraft and Saturday night drinking, playing video games, and talking about hacking. That leaves Saturday afternoon and Sunday to work on getting a new mail server set up on my server along with a Spam Assassin install. I also need to point my new domain to this site and fix the inevitable pointer issues in my code.
I'm not really looking forward to Spam Assassin. While I've never done it before and really want to learn it, all indicators point to it needing a bit of work and babysitting to be worthwhile. Oh well, may as well start this weekend and slowly work on it, kinda like securing Apache and mod_security.
I'll try my best to provide a report on here about my experiences with hMailServer and SpamAssassin on my Windows box.
by LonerVamp 12.15.06 at 1:52 PM in /terminal23 -
As Adnan recently realized, I too am finding that I have too many links and news and blogs to read, which steals away my time. I am almost feeling like an analyst, talking and reading, but never actually doing anything. So I'm pruning some more links and RSS feeds. As usual, I'm posting the "death" list here, just so I can reference it again at some other later time.
I was going through this list and removing people and looking at sites, and it makes me kinda sad to remove some links and blogs, especially those to people who might still be around, but don't post every day (or even week) or might make posts that I'm just not interested in. I got into using computers and stuff by being social online in AOL chat rooms, then later in IRC and forums. This culling of links saddens me because I know all of the authors and I share common interests and I love seeing how they present themselves online; in this sort of second world avatar image. Oh well, life goes on, and I hope it finds them all happy. Of course, with this huge list of outgoing links, someday soon I have a list of incoming links as well.
WBGLinks.net was originally a huge list of white, black, and grey hat links to many other topics and sites. It since has disappeared. Wintermute has also had little to say lately. Dam Kaminsky has excellent tools, presentations, and very creative ideas, but his blog is not the place to read them. He is easily Googled anyway. The guys at Checkmate only update once a month, and if they offer up something useful enough to read, I'm sure I'll get linked to it from elsewhere. I always hoped TheSecure.net guys would come back and keep posting, but not only did they go on hiatus for a year, but their site is now gone.
Adminspotting had a fairly short, but informative life and is no longer updated. I've long hoped the author would post his new idea mentioned in the blog, but he has not. Maybe someday. Adminfoo's provider seems to have had some data recovery/corruption issues which has left this site down a while now. Backups. Reading the linked host's status page is pretty much a story all IT admins dread: corrupted data and customers getting upset. Oddly, HERT (hacker emergency response team) seems to be down or gone.
Nitesh isn't around. The Microsoft Security Response Center blog is really not that useful, and when it is, other people link to it for me. Besides, with something as important as that blog could be, they will always be regulated from inside. OpenPacket.org is an awesome idea, but I suspect everyone who thinks so is just too busy doing other things as well. I'll link it up if it ever truly opens. Arved has been removed. The Geekpit has been removed. I'm not even sure what Infosec Daily is anymore, but I think it aggregates other sources I already track and doesn't look very pretty anyway. Insecure.org is not a news site and belongs under tools/resources. Of course, it's already there! SecurityWonk has disappeared. Also removing SecuritySauce. Nepenthes is a tool, and didn't belong here anyway. Kaosx has been removed. Jon Ellch's site was never really meant as a news/blog site anyway.
by LonerVamp 12.16.06 at 2:09 PM in /terminal23 - comments(1)
I didn't get to play with SpamAssassin yet, but I did get a lot of other little things accomplished this weekend in regards to my site. I installed hMailServer and ClamWin so that I could move my mail server over to the new box. In fact, I went a step beyond my plans and am using OpenSSL and stunnel to allow SMTP and POP over SSL so that I can check things remote from a wireless hotspot. I also moved my Ventrilo server over and did some housekeeping on my websites; busywork that I've been putting off for many months but that only needed to be done once to be done for good.
With all of that aside, I'm looking forward to SpamAssassin sometime this week or next weekend, and to work on my wiki site as well.
Every time I work on my sites, I get that familiar bug to learn up a new web language and get really good at it. I love reading people like Jeremiah Grossman and RSnake, guys whose web skillz I really respect and appreciate. But I do know that takes significant dedication and time, and I know that I can't specialize in everything right now. Maybe someday I'll have an opportunity to go down that road, either for my job or in my free time once I get other things under my belt. Anyone can learn web coding, but to do it well and know the little "expert" level tricks is definitely where I would want to be, and that takes significant time. Besides, right now, web technology is simply not securable anymore. Unless you want a fairly static site with little integration and scalability, security is just not possible these days.
by LonerVamp 12.17.06 at 8:29 PM in /terminal23 -
A lack of updates should be followed by a slew of posts after the first of the year. Right now I am porting over all my old Blosxom posts over to this site, flagging them to put in my "being built" wiki, or just removing them as I figure out how to best leverage my sites. I will say that I really enjoyed the simplicity of Blosxom, especially to use as a blogging/site tool without wanting a true database backend. It was very slick, simple, lightweight, and kinda fun to work with. Unfortunately, it is not quite as robust as a true CMS/blogger. Honestly, I think the worst part about it is just being locked into something a little different and non-mainstream. Over time, who knows if there will be new features or support, and I'd hate to find myself 4 years and 2,000 posts into the future with a huge migration project to something more mainstream.
Overall, though, Blosxom is awesome, and I hope someday I can possibly find a use for it.
by LonerVamp 12.20.06 at 9:18 AM in /terminal23 -
I typically make resolutions on my birthday as that is more meaningful than a new calendar year. But one late resolution I want to make came to me as I was migrating more of my posts over to this site, including a long list of tools that I've just never gotten around to looking at. For the past year or more I've been sponging up information like there's no tomorrow, but I've been putting things into practice far, far less often than I should. And now that I have some spare systems sitting around, I need to put them to good use. So, I need to start doing and playing and tinkering with things and less just reading about it all. I've got the academic side of things down pat, and I realize that. Now I just need to do, make mistakes, screw up, fix it, move on, and overall learn stuff hands-on.
Of course, this has already begun now that I have upgraded my server and I have the infrastructure in place to keep my own notes on the things I try and experience. So I'm well on my way on this front, as long as life sees me still having enough free time to do things! :)
by LonerVamp 12.24.06 at 12:45 AM in /terminal23 - comments(1)
Yes, blogs are social networks, as are IM, IRC, and mailing lists. Michael over at MCWResearch tagged me. This means I'm supposed to reveal 5 things about me that few people know, and tag 5 other people to do the same thing. Well, I'm a party-pooper and typically delete chain mails so I won't tag other people, but, I am a good sport so I'll play along with the 5 revelations. Besides, it's still technically "The Holidays" and I have a nice three-day weekend again. I will, however, post 5 links at the bottom that trace back the path this tagging has taken to get to me.
1. I regularly play World of Warcraft. I have a 60 warlock and 60 priest on Crushridge Alliance and a growing 30-something rogue on Terenas Horde. The warlock is my main and amassed 7/8 tier 2 and 1/9 tier 3 before I retired from high-end raiding about 5 months ago.
2. I used to get paid not only to play computer games, but to run online leagues and tournaments. I ran or helped run events for Quake 1, QuakeWorld, Unreal Tournament, some SegaNet stuff before they died, and even a live CPL event. I've also made money competing in events in Unreal Tournament ($2500 about 5 years ago in college). Sadly, little of this history is linkable anymore.
3. While you can see a picture of my car online, what you can't see is my license plate (1NF0S3C or 1NFOS3C) or the black "hack the planet" sticker next to it.
4. I lost my virginity at ag...err, wait. I mean to say that I started authoring my own web site back in 1996 hosted at my alma mater Iowa State U. My college roommate and good friend taught me the ropes (i.e. he showed me how to View Source in IE and upload files to the server).
5. I don't yet have the budget for a cat, but I do currently have some fish: 6 tetras and 3 corydoras. I plan to double the number of both after I clean up the tank a bit more and get rid of my snail problem. And I love to have bettas on my desk at work.
So, with that out of the way, I won't pass the chain-letter on, but I will stick to the spirit by providing 5 links that led to me. MCWResearch got tagged by Michael Farnum. He got it from Ian Lamont who was sniped by Richi Jennings. And Richi was tagged by Ann Elisabeth Nordbo to start off this little 5-hit combo.
by LonerVamp 12.29.06 at 2:02 PM in /terminal23 - comments(3)
I have to continue poking away at and cleaning up links on this sight and in my rss reader that are not really worth my time.
I really hate to do this, but I have to stick with my gut. I like Bruce Schneier and his work. I think the world right now needs him; absolutely needs him. He is a necessary pundit. Ptacek put it well in predicting for 2007, "Schneier will not publish a single technical result this year, but I will read his blog anyways."
I like his comments and his writing, and, as I said, the world needs him. But he basically keeps linking and saying the same things over and over. Yes, I know security is warped when it comes to the public and TSA. Yes, I know your commentors also have good responses and ideas. But I don't need to read that every day or even every week. I really do get too much Schneier. I'm sure when he publishes very interesting things, I'll hear about them from other places. (I also prefer his writing as opposed to short little posts that are just links elsewhere.)
I'm also currently evaluating the need for x number of IT/security analyst blogs. Quite honestly, analysts are quite a unique subsection of security bloggers:
- They tend to talk a lot and likely do very little. It is easy to make lists of best practices and give sage advice, but actually getting their practical advice into the reality of a business is a wholly different story.
- They tend to be right. All the time. If they speak it, you should believe it.
- They don't typically reply on other people's blogs. Instead, they reply on their own blogs to drive traffic back and forth between them.
- They are definitely a clique, where they all know each other, they all act like they're friends, and they typically don't listen to many people outside of that clique.
- Far too often they speak the obvious, make predictions that mean nothing right now, or repeat what others say (often within the clique).
- Have I mentioned that they rarely actually *do* things?
Yeah, I'm being pretty harsh and maybe a little bitter, but for me it all gets back to how I want to spend my time with blogs and research. Do I want to see the "Analyst Clique" repeat itself and argue with itself and pat itself constantly on the back in 5 places each day? Not really. I'm sure if I eliminated x-2 of the "Analyst Clique" blogs from my list, I'd still get all the important info linked back from those 2 I leave up, plus their commentary. Hopefully I can go through and remove some links this weekend. The hard part will be choosing one or two, because, despite my bitterness above, they all seem to write well, think well, and have some thought-provoking words here and there.
by LonerVamp 01.05.07 at 9:00 AM in /terminal23 -
The condition of a military force is that its esential factor is speed, taking advantage of others' failure to catch up, going by routes they do not expect, attacking where they are not on guard. -The Art of War, Chapter 11: The Nine Kinds of Terrain
Sorry Dan, but I already played that game once. :) However, I will just add two more things. First, I used to have eyesight bad enough that it was measured in feet. My parents gave me lasik surgery as a Christmas gift a few years ago, and now I don't need glasses. Second, I spent my first 2.5 years in college in the Environmental Science program taking chemistry, biology, calculus, genetics, physics classes.
This week will by my first week "on call" at my latest job. I've avoided the task for about 8 months now, but this week the pressure is on! One of the unfotunate aspects of this job is the apparent attitude of the rest of the team that I should have been born with all the knowledge needed to do this job. I find little as frustrating as being thrust into an important role where you either attempt to do things yourself at the risk of possibly affecting critical systems or wait for some decent training. While I don't mind self-starting, I do mind when there are innumerable ways to build a server (anywhere from just setting it up and patching it to full NIST guidelines), but somehow I need to know the way they do it in-house from a cryptic checklist that makes sense only to people who have been through it multiple times. This has been my biggest frustration at this job, and one of four distinct reasons I won't be staying entirely much longer. This morning I am figuring out how to put myself on call and get the necessary alerts on my phone.
I added a bunch of links to this page. While I still want to lower the number of total links, at least now my Google Reader list matches up with the links on this page. Not every site has support for an RSS reader, but at least now when I find something not updated in Google Reader or not really worth my time, I can remove it cleanly in both places and help manage my information uptake.
by LonerVamp 01.08.07 at 9:05 AM in /terminal23 -
I am looking to get my Security+ certification this month. Is this cert below me? Yes, no doubt. Is it nonetheless good for my resume? Yes, again no doubt. And at a one-time cost of about $200, CompTia certs are a real no-brainer and if I ever get beyond them on the resume, I can just leave them out.
For the past couple weeks over lunch I've been slowly paging through the latest edition of Exam Cram's Security+ Practice Questions. I'd buy the book, but I don't think I need to. I just do a few dozen questions every day. I'm glad I did it this way too, because some of the questions are poorly worded and even more poorly laid-out. As an example, in the section Retention Policy, the answer to the single question in the section is, yup, Retention Policy. Great, I learned a lot there! There are frequent blatant mistakes as well, despite this being at least the 2nd edition of the book. The one I was using was a 2006 release.
In the end, though, I did learn enough. I learned that I need to definitely review the Cryptography domain of the material. I probably could have said I was weak in that section before paging through this book, but at least now I know I know the other sections pretty well. Hopefully by the end of this month, I will have at least taken the Security+ exam once (yeah, I know, I'll likely pass but I don't typically get my hopes up on tests, despite a very good track record with them from school/college).
The hidden benefit to this cert is it is, in my mind, a direct precursor to the CISSP which I also qualify for and should be getting sooner than later. Likewise, my weakest area in the 10 domains would be Cryptography.
by LonerVamp 01.08.07 at 2:07 PM in /terminal23 - comments(2)
I recently used a Christmas gift card to get a device that I've wanted even when they were twice the price I got it for: the Harman Kardon Drive+Play at $99 in Best Buy. This little guy allows me to plug in my ipod in the car and listen to it on my stereo system. Since my Infinity factory system does not support playing of mp3s off a data disc nor does it have any audio input options (either on the faceplate or even in the back), I can't use the Drive+Play's audio input, but I can quite happily use the FM tuner to get usually decent quality music. It is quite a lot better than no ipod or having to burn limited-length music cds. So now I have two dashboard gadgets, my RoadyXT XMRadio unit being the other.
What does this have to do with my blog? Well, while scrolling through my playlists on my ill-organized ipod (thanks to Linux and my collection growing well beyond the 20GB limits of my ipod) I saw a Podcast playlist but no Podcasts. While my work commute during the day is only about 10 minutes max, I still see the benefit to rekindling my habit of listening to more podcasts since I do like driving. So I'm going to see if I can get back on the wagon on a few choice podcasts and listen up more often.
As always, I'm also cleaning up some more external links from the menu and putting them here into a post so that I can reference them later if I ever need to. Someday I need to evaluate whether I want all those "resources" to remain here or be moved to the wiki.
Don Parker writes for WindowSecurity.com. While this sounds promising, the articles and writing seem more geared to a nearly complete newbie, with almost no indept analysis or contribution beyond the surface. OntheFirewall doesn't really get updated much. I'm not sure who Sid Stamm is, so I likewise don't know why I should keep him. And also removing Mr. Belva at bloginfosec, even though I look forward to seeing how virtual trust moves forward. It's just beyond me right now since I am neither an analyst nor any sort of manager.
by LonerVamp 01.10.07 at 1:33 PM in /terminal23 -
One of the failings of blogging, especially its use for education, is how unsupportive it is to dialogue. Yes, there are comments, but once I leave a comment somewhere, it is a crap shoot whether I ever get back there to see any further dialogue or rebuts or agreement. Fire and forget, most of the time. Sometimes I'll post a question and check back later, but mostly I don't and mostly I just plain forget. I also don't look at posts later on to see if what the author said was BS and spoken-to in the comments. I have to take posts largely at face value. How often have I posted on a Bruce Schneier topic that tends to have plenty of feedback, only to never look back at that particular comment thread again?
Forums promote repeated dialogue until a topic has run its course and slowly melts back down the priority list, replaced with newer topics. A regular reader/contributer can, in this way, watch discussions she may be interested in until they naturally conclude. Mailing lists are similar. IRC is somewhat the same way, as interaction and discussion occur right away. While those that idle don't typically re-read old logs, at least discussions at the moment have some give and take.
Running one's own blog is a bit of an exception, as here I tend to be able to see each and every comment posted, and thus have my full run of any dialogue. But how can one really capture this for readers? Email notifications on comment replies help, but only when one has already commented on a post. Anything not commented on gets no continuation. In that case, it behooves me to comment on every post on those blogs. Setting up an RSS feed for comments is another nice thing. Ha.ckers.org does this, but I have to admit there is no real kind way to present them. New comments on old posts get thrown into the middle of new comments on new posts, which really muddies the waters of trying to follow any sort of continuity. But for anyone who diligently reads the feeds, this can be an effective, if jarringly annoying, way to keep up. The author can re-post the articles based on comments and responses, but this just perpetuates the cycle until no comments are left (or all the readers have left!).
So what is one to do? Well, slowly I've been moving back into IRC and I want to get back into forums as well. Blogs have their high points, but unless one is a real fan of a particular blog and sticks around a lot, RSS feeds are just best suited to scatter-shot news posts and catching the latest releases in podcasts or tools than for real educational dialogue.
I think this is also why I maintain my blogs more like personal journals (and I prefer the term journal to blog), where the only real reader I'm looking to keep informed is me. Letting out my own ideas, thoughts, and otherwise documenting my own life and knowledge. *shrug*
by LonerVamp 01.15.07 at 2:24 PM in /terminal23 - comments(6)
So it has been a while since my last on linux as my main box, I've really basically just been using Linux every day. After getting past some of the usability issues with DVDs, movies, mp3s, and other media, I've definitely settled into a nice rhythm with Ubuntu.
My biggest issue lately has been my external firewire drive which is NTFS. Since I run Ubuntu on my laptop, and laptops shouldn't be tethered to anything except a mouse and power, I decided it was in my best interest to stop wrestling every 4 days with Ubuntu vs NTFS (which typically I did get to work...until unplugging and replugging the drive back in and trying to remount- Nautilus is very picky and whiney), and just plug the drive into something on my network that is on all the time and likes NTFS much more (Windows). I now quite easily just smbmount over the network when I want. The added benefit is my other systems can get on it now as well.
Other than that, I've become very happy with my Ubuntu installation, which is kinda illustrated by the fact that I've not booted into Windows on this laptop since the last update a few months ago. I do cheat, however, since I have other boxes including a slightly less-powerful laptop running XP, but I definitely give Ubuntu my daily tasks. The XP box is just there for misc things and other Windows programs. Heck, I've even taken much more to cygwin on all my Windows boxes.
Will I stick with Linux? Yeah, I will. The reasons remain the same, though:
1) Tired of paying for an OS license at home.
2) I want much more practice with foundational Linux tools.
3) I really like being familiar with a Linux box day-to-day in addition to just knowing how to use the apps. I feel much more flexible this way. (And it adds to my skillsets.)
Will I fully ditch Windows? Never. I have older machines that love my Windows 2000 installs. My other good laptop and gaming rig both have Windows XP. And as long as my job involves any semblance of Windows, I'll do my best to keep up with it. And Windows will always remain my backup boot option.
My goals moving forward this year in regards to Linux:
1) Become intimately familiar with BackTrack. Also adopt a couple other Livecd distros for flexibility sake. Likely Auditor, Helix, Trinity, or something related... Livecds are just too cool when it comes to laptop use.
2) Become more practised with a wider range of tools for Linux. The only difficulty here will be delving outside Debian/Ubuntu-ready packages and tracking down my own dependencies with things not in Synaptic. I might just use an older laptop as a test bed so I don't screw up my main box too badly. :) I might even look into FreeBSD.
3) Start getting familiar with running a Linux server and replacing Windows as my main server. I might look to something beyond Ubuntu for that, and might just run it from the command-line as well. This is definitely more of a "maybe by the end of the year" sort of goal.
by LonerVamp 01.22.07 at 1:18 PM in /terminal23 - comments(1)
Reading some stuff on spam and email today got me all inspired to keep a mail project in mind as the year progresses. I'd like to stand up a linux mail server on my home network someday. It's not like I dislike my windows mail server application, but it's done. It's there, and implemented. And, of course, there is still spam getting through. Unless I go with Exchange (overkill, although valuable experience) and some commercial apps to help support it, my best bet it to go with Linux, a mail server, (likely sendmail), and spamassassin. The problem is those latter two are very daunting and quite bearlike in their configurations. I would need some good time to pour over the settings and how to get things working. Thankfully, I do understand SMTP and have done what would amount to first level support on a sendmail server before (bigger issues I would escalate to someone more experienced). Maybe someday I will move towards that route. I could always just leave my current Windows mail server up as backup.
by LonerVamp 01.23.07 at 2:07 PM in /terminal23 - comments(3)
I stayed on the down-low all weekend and didn't do much to feed the geek; instead sticking to things around and outside my apartment. However, I did upgrade Movable Type from 3.33 to 3.34. I didn't think this would be a huge improvement, but anything to do with the cgi part of the site loads very significantly faster now. Yay!
I also loaded Akismet (which has nothing to do with wireless tech), based on suggestions, and have started playing with the configuration of it and MT's built-in spam filtering. I can definitely see the improvement as I have to delete less and less comments every day. And I am pretty adamant about leaving my blog's comments open to anyone.
Eventually I need to make sure my outbound firewall (host-based on the server) is allowed outbound connections so I get proper blacklists and updates, but I decided to wait. My background in sciences in college always tugs at me in the computer world: set the stage and then change things only one at a time to see the effect on the system.
by LonerVamp 03.05.07 at 9:02 AM in /terminal23 - comments(2)
Andrew Storms posted a really nice bit over at nCircle about our personal privacy stances online, namely some commentary about pseudonyms online.
Obviously I maintain a pseudonym online. In fact, I have two. "LonerVamp" is a carry-over from years long past and I keep it mostly because it is far more unique than "Michael" or even "Michael Dickey." If ever someone from my past wants to look me up, by god, they can do so just fine. And sometimes they do.
Another reason I still like this name is simply the extra layer between my time online and my real person. I really have no difference in who I am based on my screenname anymore. I think I got over that back in 1997. But anyone looking to poke around at me from either the "Michael" or the "LonerVamp" direction will have to do at least some measure of work beyond the first 5 hits on Google to put two and two together, find the bridges, and then actually cross them. Not impossible, by far, but at least not trivial for any nobody to do. Someone really has to want to do it.
I do maintain another pseudonym on a few low-usage sites and mailing lists. For instance, my MySpace identity is linked to another Gmail account and I only use it to comment on journal entries of friends or view pictures. Basically, I can maintain this because it is low interaction. When something is low interaction, I don't have to worry as much about my real self coming out in that identity.
Andrew is also mostly correct in saying if you want to "properly" enact change, you do need to step away from the veil of anonymity and put yourself out there. I agree with that, which is another reason I don't mind the connection between my real name and screenname. I accept that connection and likely always will. But I will say some perfectly anonymous people enact change, especially in IT and security, just fine from their dark corners. And I would be willing to bet that a few people with names like Tim Conners are really obfuscated pseudonyms. Why use LordofDespairXX when you can look like everyone else as Jimmy Toulouse? However, like Curphey recently mentioned, why hide your feelings and your opinions and, basically, yourself?
By the way, if you call me LV, Loner, or LonerVamp at a con or meetup or even in IM someday, that is fine. I'm used to it and have always been called that at gaming LANs anyway. In fact, if I have a name-tag, that will be the prominent name although both will likely be present.
by LonerVamp 03.22.07 at 12:44 PM in /terminal23 - comments(1)
My projects and other things have been taking up way too much of my time lately.
My bracket in the NCAA tournament (mens) has been about as bipolar as any bracket I've ever done. Typically I do very well in these things, but like most, picking the winner is the make-or-break decision. Pick the winner, and you've no doubt gained points throughout, miss the winner, and you're sunk. This year I had only 20 hours from selection show to entry submission, and the lack of research showed through, although I was saved by a very well-seeded bracket. I did horrendously in the first two rounds, but picked 7 of the 8 Elite Eight teams and, until UNC lost, I still had all Final Four teams.
My WoW time has suffered as well, although that might not be a bad thing! My main is still level 60 and my Draenei Shaman is level 36. Yeah, I'm slow and my time/effort has dropped considerably (thankfully). If I didn't have real life buds in game, I'd have left it long ago.
At home last night I enjoyed just how easy Linux is becoming as I continue to just be immersed into it. Much like my idling in some IRC channels or mailing lists, just hearing things for a while means I gain some understanding; or being around something. I'm not planning on taking my CCNA for a bit, yet I am already just sitting in and contributing to some local buddies doing their studying and talking, and I pick things up. Hang out with baseball fanatics for a while, and you'll find yourself learning about baseball until, before you know it, you're considered someone "in the know." My Ubuntu install and SSH server took all of 15 minutes once the actual OS installer finished. Talk about easy. Next I will be playing with Squid and Snort and setting up more ubiquitous remote access, if I can (from Windows and Linux boxes without using VNC...)
At work, I've been busy exercising my scripting muscles by automating our installation process for web applications and servers. I've done all of the easy work so far, although the hard stuff I have saved may turn out really easy if I ease up on my own requirements and utilize Windows-native exe apps rather than programmtically build my own (gacutil and regsvcs). Scripting is really exciting and amazingly powerful. With Exchange 2007 on the horizon for many orgs (whose management seems to be fully PowerShell-based), I like this head-start I'm getting. Someday soon I'll dig a bit more into Perl and/or Python to round out my scripting exposure.
by LonerVamp 03.27.07 at 1:02 PM in /terminal23 -
I have finally decided to post my resume up for, well, feedback or if a potential dream job employer happens along. No big deal, but it has been something I've wanted to do for a while now.
by LonerVamp 04.02.07 at 8:08 PM in /terminal23 - comments(1)
Everyone has stories to tell. In fact, one of the best secrets to dating is to realize that simple fact and give your date a chance to tell their stories, and for you to show genuine interest in listening. This is one reason the web has blossomed so much: we all have something to say and really hope at least one other person out there wants to hear it.
Likewise, us IT professionals have our stories on how we got started in this field. Recently a thread along this vein was started at the SecurityCatalyst community and Rebecca Herold tagged me to put my story up. So here it is!
Part 1: the geekdom
I've long been a geek. I have always been a video gamer (since Atari), I love arcades, and I enjoy science and puzzles. I got my first computer, a Pentium-60 just to play Doom and a handful of other games at the time (Wing Commander, Descent, Hexen...). From there, I really took to computers but I never evolved beyond gaming and online chats.
Part 2: college
I started college in the fall of 1996 at Iowa State U. My roommate and good friend, Ryan, got me interested in having my own web page, so in the winter of 1996 I started learning what View Source did and how to write my own HTML markup. I've had a web page ever since. This, along with my addiction to Quake (the first one, you noobs) was my main involvement with computers.
I started out college by going about 2.5 years into Environmental Science. Yes, I wanted to save the whales (and otters!). But I faced some harsh realities during those early, largely unmotivated years. I knew that that field was not quite what I was looking for, was highly competitivem, and really would never be lucrative in pay. And as much as I have a passion for that area, I realized I could do just as much on my own as a hobby or lifelong interest as I could do pursuing it for a career. I spent a semester or two doing some deep soul-searching for what I wanted to do. Eventually I realized that I loved computers and had a bit of a knack for them; I was a go-to guy in my dorms for computer questions. (Years of computer gaming can really enhance your troubleshooting skills...) So I switched majors to Management Information Systems, lost 45 credits that didn't apply in the transition from sciences, and graduated in 2001 by taking the max number of credits for my remaining semesters. Needless to say, I was very happy even though I walked out into the IT world the year after the .com boom busted.
Part 3: security
Upon graduation I really wanted to get into web design and coding, but with the dot com busting, the IT class of 2001 was really not a lucrative class like the previous years. I spent a lot of my time during job searching to hone my skills and learn new things.
On a whim, I picked up the book Hack Attacks Revealed by John Chirillo. I was immediately hooked and knew that I could happily trade web coding for systems management and eventually security. Since then, I've been working in this area and pursuing the field ever since. Picked up my first real job in early 2002. Within a month of working on the technical support team, I was offered a place on the web dev team, but turned it down to hold out for another role I knew would soon become needed: systems administration. I got that a year later, in 2003, and have since been a sysadmin with a big interest in security.
by LonerVamp 04.07.07 at 11:09 AM in /terminal23 -
Man, it is amazing the backlog of things to play with and check out that an IT geek can accumulate. Having not had too much time lately, I've gotten a 6 month backlog of about 200 little notes to myself to check this site out or that blog out, check this tool our of that tutorial. Crazy! If I happen to start posting a bunch of stuff here, don't yell at me. I used to use my blog as my notes place on new tools and things, and sometimes I'd post about something for my own benefit but never really ever get around to playing with it. I hate it, but that's the way of keeping up with technology!
Scope! I need scope! Perhaps a job change that reduces my scope of responsibility might be helpful? I could just get a job where I create Exchange email accounts all day. :) Yikes!
by LonerVamp 04.19.07 at 10:00 AM in /terminal23 -
I have finally begun the road of post-college continuing education (way behind schedule!). Today I passed what I consider my warm-up certification: Security+. Go me!
I was surprised by some of the questions on the exam, for instance what protocol does the ESP portion of IPSec run over? I had no idea (heck, I don't think I really knew what they meant by that!). Interestingly, Wikipedia knows! I think if I have any advice on this test, look up the objectives not just in books but also Wikipedia.
Some other questions I see as rather tough for someone who has been in IT a while. "What is the first thing to do in XYZ?" You can easily overthink some of the questions and/or argue the subjectivity of some of the answers. There was another rather technical question that I wish I had the answer to (or even how to look it up!). If an unauthorized user got hold of a Linux /etc/passwd file, what would likely be the cause? SSH 0.9.4 (I might have that # wrong) installed and configured; Sendmail set up with access to administrator's web mail; SSL something using the Apache account without virtual hosts defined; FTP server with anonymous access configured. I was like, "huh?" I could maybe pop SSH if that version is vulnerable to something, maybe that sendmail answer is referring to being able to remote in as root, maybe that Apache account has root level permissions, or maybe that FTP server somehow allows access to the otherwise normally protected /etc/passwd location? I think I answered the SSH one...no clue if that was correct.
I'm pretty sure the exam is taken from a pool of questions so I don't see them all, but I was surprised by the number of MAC (Mandatory Access Control) questions I had (at least 5!), some of which were almost word-for-word like others. Anyway, I don't want to go over too many questions from the exam, but suffice to say it is a nice mix of technical and conceptual questions dealing with security.
Coming up:
GSEC
CISSP
CCNA
by LonerVamp 04.23.07 at 12:25 PM in /terminal23 - comments(7)
If you come to my site every now and then you may have noticed my head images changed slightly, randomly. Well, I added some more images (stolen shamelessly from other places on the net, you'll recognize some I'm sure) to the rotation. Where before I had 3, I now have 43. I've not had time to QA anything and I already see a couple I want to remove or need to resize, but all in all, get out of your RSS shell and click through to check it out if you want. The change of scenery is really just helpful to someone like me who has to view the page daily, hehe.
by LonerVamp 04.24.07 at 11:53 PM in /terminal23 - comments(3)
I guess I forgot which pages I had imported into MT as templates. In redeploying my entire site last night, MT replaced my random image code! Oops, anyway, they are up again although I won't be able to edit any sizes or remove any until after work. :)
by LonerVamp 04.25.07 at 8:48 AM in /terminal23 -
I'm feeling talkative today...makes me wish I had IM or IRC at work! Alas, I get to only post here or comments elsewhere!
I really cannot explain just how valuable a little IT experience is. Six years ago out of college I had to beg to get interviews for IT positions, and even then, a very small percentage would ever get back to me. This made sense and I knew it, for a college grad with no practical experience. In the last few months alone I've had calls come in with zero solicitation, which is astounding to me. It is a lot different from the "I'll take any job, anything!" mentality of 6 years ago to the "I can be picky now and say no if I foresee minor problems" of today. Those first few years are definitely the hardest. Hrm...I'm maybe a little too positive today...better bring it back down!
by LonerVamp 04.30.07 at 2:19 PM in /terminal23 -
Alex Hutton just posted a comment to my last post referencing a Star Wars (the best movie ever) quote. You know, I have this list of things to see and/or experience on a daily basis that make life happier. Ya know, kinda like petting a tiny kitten or watching a young puppy waddle around, they just make the soul happy. Here's my going list with this one new addition at the bottom (yes, some of these might be a little disturbing, I apologize, but they make me laugh):
- violent pelvic thrusts into the air (think: don't fuck with the jesus" from the big lebowski)
- dry heaves (from someone else, and not to be confused with actual puking; think an overweight linebacker who has run way too many sprints...)
- uncontrollable writhing on the ground (although NOT induced by a medical condition, that's just mean)
- any quote from Star Wars (or Monty Python can substitute)
(cute images from cuteoverload.com)
by LonerVamp 05.01.07 at 10:43 AM in /terminal23 - comments(1)
Looks like my flurry of posts early this week were just pre-empting my lack of posts through hump day. Things at work have heated up a bit, especially with me learning some new things. In particular today, I am working with Wise MSI packages for our web server deployments in addition to new SSL management now that we have a hardware load-balancer which is performing SSL termination for us. I"m utilizing tools in OpenSSL to not only convert existing IIS exported keys into readable formats but also to generate new keys via scripting.
We're also working on a new development environment: 1 of 13. Yes, 13. Don't ask, I think it's the wrong way to go and half of them won't get used or updated enough. It'll turn into our nightmare before someone gets wise and trims that back down to something simpler like "dev-staging-prod" plus a few others. Thankfully, all of the servers will be virtual.
Also into this week I've been re-turning our IPS. Our IPS management server took a final dump on Friday and wasn't about to come back on. Thankfully we do backups of the full MySQL database so I recreated the server as a virtual box, reinstalled the product manager, got it talking to the appliance IPS itself, and then restored everything from backups. Talk about slick! I only had to do minor tweaks and retuning on things not covered in the backup. Not bad, and it is nice to be able to properly validate our backup/restore procedures. Backups always bother me in the back of my head until we can actually do them once and verify things work as needed. In addition, since this box was put together before I came on board, it was also nice to see we had documentation on the build and settings (thank you Accuvant!).
Lastly, parts for my new vmware box are arriving. The case arrived yesterday and the rest should be in today when I get home. These will be married to a few extra core parts I already had on hand to be turned into a dedicated Ubuntu VMWare Server box that will run a variety of "always on" machines. (In contrast to my gaming rig which only doubles as a VMWare box now and then for throw-away VMs or testing.) This should keep me busy until the weekend as I make sure I don't have to RMA anything. I'll post pics and notes later on about this box.
by LonerVamp 05.02.07 at 2:34 PM in /terminal23 -
I had forgotten the joy of building one's own computer, since last I put one together about 3 years ago. I got all the parts for my system last night, but the bugger won't give me any display. It started out with two long POST beeps, which the AMI BIOS specs say should be a memory or parity error. Great. After a lot of reseating (which eventually became rather redundant especially after I got out my dice and starting trying some saving rolls...) I started getting 1 long, 2 short beeps which should indicate a video display issue. Hrm, that's not making any sense...
In the end, I'll likely purchase a few more parts to swap around and see if something needs to be RMAd. I'm guessing either the motherboard has a problem or maybe one RAM module is DOA or the video card isn't compatible. The one thing I don't miss from building personal systems is the voodoo (not the card, for those old school enough...) you need to make sure all parts are compatible. A complete part list can be found on my wiki under "vmware box".
by LonerVamp 05.04.07 at 8:13 AM in /terminal23 -
Phew! Swapped out my Radeon 9500 card for an equally pricey (haha!) Diamond Radeon X550 and my vmware box has signs of life. In fact, the signs were so good that I finished mounting the parts, finished up the cabling, and powered on long enough to make sure Ubuntu 6.04 loaded from CD and saw everything. Good deal!
by LonerVamp 05.08.07 at 10:25 PM in /terminal23 -
Sometimes life turns into a pinball machine for small stretches; shot up the lane and into play, rolling and bouncing around and not really able to do anything about it. That's the story of my weekend and likely the rest of this week. I'm a pretty laid-back guy, but sometimes life's little needs and emergencies require immediate attention. And no, none of my issues are hugely important. :)
My vmware box has just been cleared from the infirmary. Last week, fairly randomly, two things kept occurring that might have been related. Every few hours the kernal would throw some irq alerts to do with my video card. At other random intervals, the networking on the box would "lose itself." Once I would get on the console and attempted to access the network, the system would realize that eth0 had timed out, bring it back up, and all was well for another random period. I added "irqpoll" to the startup parameters for reasons I cannot explain, and all was solid all weekend. So now the system is cleared and back to building vms. The IRQ alerts still come in, but so far I've seen no reason to pursue fixing those.
Tomorrow I have a major service appt for my car, but yesterday my battery decided it had had enough. It had corroded enough to affect the leads and died in the afternoon. Sunday afternoons are maybe the worst time to have a car issue since few shops are open. I waited until this morning to get a jump, drove it in to the shop, and got the battery replaced. Since this is the first time I've had it die on me, at least I got to see the effects on my car of a dead and/or weak battery: what things worked and what didn't (beyond the obvious lack of action upon key-turn).
I also am hoping to ramp up more focused CCNA studying. I finished the book I have at the dealership this morning, albeit in between being distracted by Regis and other stupid morning television. I'm pretty happy with the knowledge I gained, and I just need to look into some more detailed things like making sure I can quickly calculate subnets (evil).
And this week one teammate of mine is off on a cruise which leaves me caring for all his duties for the next week+. A bit hectic and overwhelming, but things should be fine, albeit busy.
by LonerVamp 05.21.07 at 10:42 AM in /terminal23 -
If you don't watch Diggnation and you even remotely like my blog, watch it. Here's some gems from this past week.
Top 15 quotes from Han Solo that you can use in daily life - omg I love it!
You know you're in college when... - Too true...ahh memories!
10 reasons it doesn't pay to be the computer guy - More memories...eek!
by LonerVamp 05.22.07 at 7:40 PM in /terminal23 -
Sometimes you really just have to be able to laugh and enjoy yourself in this field. Often we can get frustrated (especially as we get more experienced!) when we do new things and they don't work on the first or second try. Or maybe something you just don't do all that often. Part of being jaded by users and management, I think...? Failure (i.e. troubleshooting!) becomes less tolerated.
Two things have been giving me grief all week, but thankfully I really enjoy my personal time when working on stuff. Put on some music or pop in a movie on a laptop nearby, grab a beer or tea and have some fun. (Just to inject more personality in here, I watched The Crow, one of my favorite movies ever.)
The first thing I've been working on is getting OpenVPN working on an Ubuntu Fiesty VM. None of the pre-fab tutorials online seem to be complete. I think every one leaves out some important steps or makes detrimental assumptions. Either way, the progress has been slow, but I'm getting there. I'm familiar with the client end, so that shouldn't be a problem. It is just really getting the routing and bridging and junk figured out; getting the server stood up and performing.
The second happened last night. For my VM box I had bought a new DVD burner. Instead of letting this go to waste in the VM box, I swapped it with a DVD-ROM from my gaming rig a few weeks back. I had forgotten about this until yesterday, so on the way home I bought some DVD+R Lightscribe and DVD+R DL disks and vowed to get things working. I spent about 2 hours trying to get it recognized by Windows. Windows Device Manager showed an Asus CRW device. WTF? No, it's Samsung! Firmware failed! Why the crap is this coming up as Asus?!?
It wasn't until this morning as my alarm went off that I thought, "wait, I already have a drive in this computer and...oh god...it's an Asus CD-RW drive. Ugh, I'm an idiot!" Yup, the drive, while powered, is probably just misjumpered or loose on the IDE cable or something else such that Windows or the BIOS were not really seeing it. I kept trying to get my Asus drive to turn into a Samsung burner. Poor bugger...kinda like treating a daughter like a son?
by LonerVamp 05.25.07 at 2:20 PM in /terminal23 -
Pardon me for a moment while I think out loud. If I got into a web application security job of some sort, how long would it take me to get to a personally acceptable level of competence (for me: a decent enough expert in the field)? Given a day job that lets me focus on that topic and my propensity for self-study, I think it would take me a year to become satisfactorily proficient. This can differ, however, based on how deeply I will need to know various programming languages when it comes to code reviews. My self-study would likely be designed around working and familiarizing myself with various codes by doing some personal projects here and there... Food for my brain.
I think this way because I am open to "awesome" job opportunities lately, and if something in this space opens up, I don't want to spend a week trying to play introspective catch-up and miss the opp.
by LonerVamp 05.31.07 at 1:04 PM in /terminal23 - comments(3)
"Nothing great was ever achieved without enthusiasm." -Ralph Waldo Emerson
Yeah, I love quotes, and some of my favorite authors (the naturists, or maybe transcendentalists) are the most quotable. I'd not actually read this one before, but coming across it today reminds me about what I want out of work and career, and what lots of people want. An inspiration and a barometer.
by LonerVamp 06.04.07 at 1:58 PM in /terminal23 -
Item #1: As much as I think SMTP is broken, spam filters make it even more so. I run my own home mail server for one of my domains, which means sometimes my mail gets dropped because I am using a DHCP/residential service. In other words, my ISP address space is blacklisted by some services. Lame. So then I try Hushmail or Gmail, which is also sometimes blocked. A pretty big WTF situation...
Item #2: You have a Yahoo and Gmail email account. Service is excellent and you nearly live by these email accounts. What one thing would make it better? Being able to replace @gmail.com with your domain, of course.
Conclusion: Enter Google Apps. I just got signed up for a beta service through Google Apps using the domain name terminal23.net. I went through all I needed to go through and about 25 minutes later, I have a couple working email addresses on this domain, and I can add new ones within seconds. Rock on! The interface is exactly like Gmail, although I could change the top logo if I wanted to, and I can stay logged into it and Gmail at the same time. Slick!
Feel free to check it out. It took maybe 2 weeks to get approved and an invite emailed out, but it is well worth the wait. This will make an excellent backup to my normal domain and home mail server.
by LonerVamp 06.26.07 at 9:23 PM in /terminal23 -
I've been quiet this week and weekend for really one reason: took a stab at the CCNA test yesterday. I didn't pass, but I didn't expect to pass either. I was finding myself spinning my wheels more and more with my studying, especially since I'm not getting very much of a chance at work to get hands-on with the equipment we have. So I used the test period to get myself re-oriented on where I stand. I scored a 783 and needed 849 to pass. I was pretty happy as I felt I would do worse than that, even when taking the test. The bottom line, though, is that I get a chance to mix things up and refocus on what I stumbled on, what I didn't expect, and what wasn't tested that I did expect. Things look good, and I plan to retake the test in a couple weeks or so. Kinda like running a long race, passing the starting line and getting a look at the time to see whether I'm on pace or not and what I need to do to stay on pace to win out.
What I expected that didn't happen: More detailed WAN questions on implementation commands and the minutae of such settings. Instead, I got two questions about what DLCIs do and how they relate to the local and remote routers, and one question about which WAN technology to choose given a situation. Heck, I even only got one OSPF question and one EIGRP question... Not much there with my luck of the draw.
What I didn't expect: To not only be tested heavily on switch commands, but to actually stumble and not know those answers as quickly or accurately as I should. Definitely focusing on switches for a while, since I even have some at home! Ugh to having missed those! Switches, VTP, VLANs, STP.
by LonerVamp 07.17.07 at 3:07 PM in /terminal23 - comments(1)
A drunk employee knocks out the power for 365 Main. That's awesome. I'll just take this time to say if you ever see my work desk, that's iced tea in that cup, not beer! I can also happily say that I am not an easily irritable or angry or berzerk-prone kind of guy at all, whether sober or drunk. If you're a not-so-happy drunk, just keep that in mind if you're on call or working the next day... In the immortal words of Socrates (and later expounded by Thoreau), "Know thyself."
Thanks for the clarification, dre. Damn, I thought this felt too funny to be true. :)
by LonerVamp 07.25.07 at 12:46 PM in /terminal23 - comments(1)
The past weeks' worth of business days I took some vacation time, not just from work, but also from reading security blogs for the most part. I also was able to look at my own time spent here (in between rediscovering WoW pvp), and decided to shift things up a bit (or so the plan goes).
I'm really...I want to say sick or tired, but those words are too strong. I guess I'm just really bored reading security industry or business commentary (with some exceptions for those people who do excel at writing) with almost zero technical content or anything beyond feel-good vagueness (or maybe vagary), otherwise known as best practices. A lot of this is common sense and while I understand other people have things to say (I do too!), I sometimes just find myself skimming fluffy posts that really leave me with absolutely nothing new.
Sometimes it is cathartic to vent (or as most people call it, "post commentary"), and I'll likely still do so now and then, but I really see little need for it most of the time, at least on my site. I can vent just fine in person, on IRC, on IM, or in comments. And maybe Skype someday if I get back on it.
This is just me telling myself to stay technical and actionable, for now. :) I used to post a lot more information about tools and things to do, and have gotten away from that in the past year. I can see a correlation between this shift and my personal and work lives, so I think I know the problems and the measures on how to fix them.
Of course, this itself is a rant, but it is one I have the compulsion to post for my own benefit.
by LonerVamp 08.09.07 at 10:13 AM in /terminal23 -
For any other WoW players out there, thought I'd throw down an update for no other reason than I want to. My focus has shifted to simply leveling up and a bit towards pvp; something that doesn't require me to be a slave to other people 6 hours a night 6 days a week. This is fully just a distraction for me, now.
My Draenei Shaman is now level 61 on Kul'Tiras. He's been Enhancement spec while leveling with a friend who plays a Hunter. I'll respec him to Resto in a few levels, I think, and likely look into going pvp with him. I don't anticipate ownage in pvp over any pure classes, but he should do ok once I get him some gear bought through pvp. A fun class, nonetheless.
My "main" is finally getting some love again and putting on some levels and pvp honor. My 64 affliction gnome warlock on Crushridge is having tons of fun in pvp, especially since his previous raiding gear is better than any but the top level 70 pvp gear so I can save up all my points. Likewise, at 64, I don't shy away from level 70s. Being a warlock has always owned; it fits my playstyle, and I really can't enjoy a class more. At level 61, I scored my first legit, 1on1 non-BG level 70 kill...another warlock no less! And about half the time, I am top 1 or 2 in overall damage in AB or WSG. Two more talent points and I'll fully enjoy an instant cast aoe fear.
Lastly, I am also playing my level 60 priest on Crushridge as well. I happily spent his refunded (from last christmas!) talent points and made him a shadow priest (he was a backup dorf healer in raiding back in the day) to see what it is like. So far it has been fun, especially since I solo him in the Outlands. I doubt I'll ever devote too much time to him, but he's at least an option and fun.
by LonerVamp 08.14.07 at 1:29 PM in /terminal23 -
Last night I finally moved my last (and main laptop) system up to Ubuntu 7.04 (Feisty). The install was painless. Started up the Update Manager, clicked the button to upgrade to 7.04, waited about 40 minutes where I also had to click Ok/Accept/Forward a couple times, and that was it.
I upgraded for a few reasons. First, some things I wanted to get working on my laptop were (supposedly) easily fixed in Feisty, but still overly complicated on Edgy, including using Silc/Tor with IRSSI and OpenVPN client management. Second, I believe in keeping software as updated as possible (within bleeding edge reasons, of course). You don't want to ever be left behind with unsupported (or unloved!) software that has reduced functionality. It's a lot like living in the past.
by LonerVamp 08.16.07 at 8:12 AM in /terminal23 - comments(1)
Had an outage on my home cable network which may have been related to weekend reports of midwest AT&T issues (I use Qwest). The outage started Saturday evening and lasted until Sunday morning. The cable modem lost connection and reverted to its default internal IP (192.168.100.14).
A note to myself not to mess with the Internet On/Off button on the device. Since it didn't behave like a switch (when you push it, it doesn't sink in and stay in and then pop out with a second push), I didn't think it would save state over a power cycle. Alas, 2 hours after physical connectivity returned, I finally hit the button and everything came back up.
On the bright side, my IP was not renewed. Pretty odd for that long of an outage.
by michael 02.04.08 at 10:13 AM in /terminal23 -
It has been almost 2 years since I changed my job situation up. I was hoping, 2 years ago, to get into a networking or security job when I took up my current role as a Network Analyst. Instead, I found myself back in the hole of Windows web administration and developer support, among many other things some of which does include security. I've been slowly clawing my way out of that area, but now the more senior coworker that managed our company's web environment with me has resigned, leaving me as the sole expert in this area on our team. I've definitely had happier days as I now try to catch up on what he managed while also my own stuff. I was hoping I would get out of here before he did so I could avoid this! :)
So that means I'm even more stuck in web administration (and various other things) for at least another 6 months here. It really does start to cause one to question one's career direction or personal happiness just a wee little bit
On the bright side, I do have more things to look forward to here, such as a Foundstone vulnerability scanning box I have sitting in the corner and a web app firewall/load-balance solution on the way in the next few weeks. And I do have a project to upgrade our host-based firewall solution and assume full control over it. But oh how I wish I could leave the developer/web support behind!
I also received access to my Offensive Security coursework this weekend. The material includes a couple PDFs and a nearly 700MB rar of tutorial videos. I've yet to extract the movies, but I'm really excited they're just a download and I don't have to bother picking them from the server one by one. I also have my access to the virtual labs on their VPN. I'm anxious to start in on learning more about BackTrack 3!
by michael 04.14.08 at 1:58 PM in /terminal23 -
Last week I finished putting everything together for my 2008 gaming machine. It's been about 6 years since my last gaming machine, so I was due for an upgrade. The parts list is saved on my wiki. Special props to NewEgg, my hardware supplier for many, many years. And I added PetrasTechShop.com as my water cooling parts supplier. Excellent service at both, and absolutely no bad parts this go-around! My source of most information comes from the HardForum.
Total cost is probably somewhere around $1100-1300 (not including monitors), with probably the largest chunk being all the water cooling parts. Six years ago, I saved a lot by putting the system together myself, but these days gaming boutiques and other computer outlets have pretty damn good pricing, and I likely didn't save all that much off a comparably performing pre-built system. But few of them do water cooling at all without a premium cost. So to get silence with water, I did save a bundle.
The system is running on WinXP 32-bit right now. I know, I lose some performance, but I didn't want to spend any huge time (getting everything to work and run) or money (a real, honest license [damn Microsoft]), until I hear more details on when Windows 7 will be out and how long Windows XP will be extended. If they start to overlap, I'm just going to skip Vista like I skipped ME. (DirectX 10 support/availability may make a difference when Starcraft II comes out.)
Everything works great. Wow sits at 60 fps no matter what I do (including fraps recording), and isn't taxing the system at all. Temperatures stay barely above room temp, even after hours of gaming, so I'm very happy with the water cooling.
I ended up water cooling my GPU as well. When powering up system components the first time, I was terribly disappointed with the noise from my HD-3870 fan. With that gone, the system hums away unnoticed.
What would I do differently with my setup if I knew what I know now:
Bigger case. It took a lot of experimenting to get everything in a good position in the midtower case I got. I lucked out with the top fan (didn't have to drill more holes to mount the top radiator), but I got screwed with the hard drive cage and other crap in the lower right corner of the case. I moved what I could, but the pump still is at a non-optimal angle. Also, I wouldn't mind making a bigger hole on the top and mounting the radiator on the inside of the top of the case rather than the outside. Alas, not a huge deal.
Bought all the water cooling parts at once. Since this was my first time parting water cooling out, I did it in very small orders. I think 6 total! I would have planned a bit better too: gotten a flow indicator somewhere in the line, better fill setup (currently the only thing still in progress) so I don't even have to open the case to add liquid (not that I will need to very often), and maybe a drain port if I ever upgrade stuff and need to remove parts. As it is, I'll need to turn the case upside down and around to fully drain it.
by michael 05.02.08 at 9:07 AM in /terminal23 -
A couple iPhone flaws released by a frustrated Aviv Raff illustrate that Apple has a ways to go to become a respectable security citizen (to their defense, so do most people and companies).
One flaw released takes advantage of the iPhone not displaying the middle sections of long URL links. This could lead to a rise in Rickrolling. The second flaw leverages the iPhone's behavior of automatically downloading images in mail. Both of these issues are old, obvious use-cases.
Hey, when business wants to move forward, security/insecurity just isn't a stopping power.
by michael 10.03.08 at 9:17 AM in /terminal23 -
A couple articles skittered across my desk the other day. Los Angeles traffic engineers admit hacking into traffic light control systems and Rogue IT admin hands former employer's network over to spammers.
There is lots of talk about the criminality of the black hat underworld and about profit-pursuing hacker groups (although maybe this is just the growing up of the teenage hacker vandals from 10 years ago now needing income), but there is another important set of threats: relatively normal people with access.
This includes former employees that can still use accounts for bad things, easy password guessing, or abuse of legitimate access just, well, because they can. It stems from both negligence and the simple aging of our reliance on technology. Ever wonder how many stale accounts you might have in your organization just because people with knowledge have left? And I'm not talking about obvious stores like LDAP/AD, email, VPN, network devices.
by michael 11.07.08 at 11:15 AM in /terminal23 -
The weakness I posted about yesterday is being presented right now at the CCC. I listened to the beginning of the preso just enough to get an idea of what they are doing (the stream is too broken up to properly listen to right now). It appears the team is able to leverage md5 collisions to fake a CA root certificate because the CA roots still validate by md5 hashes. So I suppose if you can MITM connections (or MITM the CA check?) you can pose as a Root CA and validate SSL certs that you control. I might have missed something there, since I'm not watching the rest of the preso right now.
Does this mean the Internet is buckling right now? Not really. I might change my mind if Joe Teenager down the street can hop on an open wifi network and MITM all SSL connections successfully without my knowing it.
by michael 12.30.08 at 8:59 AM in /terminal23 -
Quick note that BackTrack 4 beta is publicly available now.
I-Hacked has a series of nice links on installing BackTrack 4 that I didn't feel up to snagging and reposting here.
by michael 02.12.09 at 8:48 AM in /terminal23 -
Getting a list of servers can be a pretty valuable first task for working with large numbers of computers. Yesterday I had a reason to get a list of them all, and thankfully all of my servers are in the same OU tree in AD (/Machines/Servers). I also see SynJunkie did a similar thing this week, but I prefer not to use third-party cmdlets. :)
$blagh = [ADSI]"LDAP://ou=Servers,ou=Machines,dc=my,dc=domain,dc=com"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $blagh
$objSearcher.Filter = "(objectCategory=computer)"
$PropList = "name","cn","lastlogon"
foreach ($i in $PropList){$objSearcher.PropertiesToLoad.Add($i)}
$Results = $objSearcher.FindAll()
Write-Host "found $($Results.Count) servers"
$Results
What this does is look for all computer objects under Machines/Servers in my domain my.domain.com. For all computers that it finds, it pulls out the name, cn, and lastlogon properties.
To find a list of all the properies that can be pulled out, after that above script do this:
$Results[0].Properties
Based on the properties I pulled, it should be obvious I was looking for signs of dead computer accounts. This can easily be changed to look for user accounts, properties in them, and other OUs.
by michael 04.24.09 at 11:25 AM in /terminal23 -
|
