Thursday, December 28

The Snort Top 10

I work with SNORT®..... constantly. It's my job to do so. I've been using Snort for many years, I teach classes on how to configure it, I teach classes on how to write Snort rules. I've been using Snort and setting up Sourcefire and Snort devices on hundreds of different networks for years on end now.
 
I am frequently asked questions, many of the questions are the same things over and over again, and I always see the same mistakes being made when setting it up. So, i've compiled a list of the top ten mistakes and commonly misconfigured or overlooked things when configuring everyone's favorite IDS.
 
None of these override the necessity to read the Snort manual, however. The manual supersedes all Snort books, because as great as these books are, they can't keep up with the fast-paced updates at which Snort is updated. So here goes...
 
1. The Snort.conf file.
Almost all your options are set in this file. This file should be read line by line, from top to bottom, taking the time to fully understand what each one of the configuration options are. 90% of all the questions I get can be answered by just reviewing the documentation in the snort.conf file.
 
2. Variables.
At the very top of the Snort.conf file there are variables to be set. The very least of which is "HOME_NET". HOME_NET should ALWAYS be configured. Depending on the placement of your IDS, your HOME_NET is loosely interpreted as "whatever the Snort box is protecting". For instance, on my network, it's 192.168.1.0/24. The whole network is controlled by my router, and no other IP addresses should be on the network unless it has this range. If I *had* other IP's pop on my network, I would definitely not want them treated as mine! Common settings for HOME_NET may be your whole internal network range, such as any RFC 1918 addresses. Depending upon the placement of your sensor (such as at your border) you many want to have your public IP address space in your HOME_NET as well. Remember that only CIDR notation is accepted within the variable notation. 192.168.1.1:254 won't work, neither will 192.168.1.1-254. Only 192.168.1.0/24 will. Another big thing to note is your setting for EXTERNAL_NET. By default, EXTERNAL_NET is set to "any". "Any" includes your HOME_NET. In order to make Snort treat traffic that is NOT in your HOME_NET as EXTERNAL, you can set your EXTERNAL_NET to "!$HOME_NET". Which setting applies to you is dependent upon the placement of your sensor.
 
3. Frag3 preprocessor.
Snort is able to avoid many different types of evasions. One of the big ones that people think they can slip by on any IDS is through IP fragmentation, or using malicious overlapping and underlapping fragments in order to slip the payload past your IDS's, but have it reassembled correctly on the target.
 
Okay.. I realized I may have just thrown a big ball at you... Let's back up.
 
IP fragmentation is when Packet A on Network A is too big to go onto Network B. So the router on the Network A side splits Packet A into Packet A.1, A.2, A.3, and so on, so it's able to fit onto Network B. However, these smaller packets aren't put back together until they reach the final destination IP. Still with me so far right? Cool...
 
The problem with that is, different operating systems put fragmented packets back together in different orders depending on the type of operating system. (and you thought they were all the same!) Well, the problem with IDS's is, they have absolutely not idea what the Operating Systems are that they are protecting. Frag3 allows you to tell it. Now, without writing a book about the subject, you need to go into the docs/ directory that is enclosed with your Snort tarball and read the README on frag3. (As well as the accompanying section in the Snort manual.)
 
However, in order to FULLY understand what I am talking about, go read the whitepaper written by Judy Novak. (You have to register to download it) She's one of the authors of the SANS 503 IDS course, one of the designers behind frag3, and currently a Vulnerability Research Team (VRT) employee at Sourcefire.
 
4. HTTP Inspection preprocessor.
The most misunderstood preprocessor there is. This preprocessor analyzes, normalizes, and alerts on http traffic. The thing to remember is, it's SERVER based. It's meant to analyze traffic coming inbound to your http SERVERS. It basically has two settings, the "global default" setting, which you should set to the majority of your web servers. For instance, are most of your web servers IIS, on port 80?  Then you need to set that to the global setting.  If only some of your web servers are not IIS, or  only some of them are not on port 80,  then those need to be specified INDIVIDUALLY, by IP! Does that mean you will have to create a separate line for each of your "non-standard" web servers? Yes! That's the way it's SUPPOSED to work!
 
5. Portscan preprocessor.
Also very mis-understood piece of code. You need to read the README for the "sfportscan" preprocessor in the docs/ directory. There is no better explanation on how to configure this preprocessor.
 
6. The rest of the preprocessors, to include the new "dynamic" preprocessors.
All of the preprocessors have configuration lines. Each need to be configured to the networks you are protecting with Snort. Review the documentation for each of them extensively. All the documentation is well written, and is written with the user in mind.
 
7. Rules.
The Rules in Snort are key. At the bottom of the Snort.conf you will see a bunch of "include" lines. "include $RULE_PATH/web-iis.rules" for example. This line will call the rules file web-iis.rules and load it in at runtime. Alot of people ask "what is the best ruleset to run?" Well, by far the first and foremost ruleset to run the VRT ruleset available after registration here. However, does this mean that you need to run every rule in that ruleset? NO! Take a look at the categories.. pop3.rules, imap.rules, oracle.rules, web-coldfusion.rules, pop2.rules, mysql.rules.. etc... Do you run these services on your network? Do you run pop3? Do you run pop2? Do you run imap? No? Then turn the rule category off! There is no sense in running rules that have no application to your network! All you are doing is potentially creating more work for yourself through false positives, as well as making the Snort engine work harder then it needs to.
 
"But I hear there are other rulesets besides the VRT set!" YES! There are. There are basically two. The BleedingThreats set available at www.bleedingthreats.com and the Community ruleset. Each of these rulesets is contributed to regularly by YOU the Snort community and each have their own pros and cons. Should you run all three rulesets? Sure! However, you need to go through each rule file, and turn on/off what you are not interested in or what does not apply to your network. For example, do you have Vertias on your network? No? Then go into exploit.rules and shut off the Veritas rules.
 
8. Output.
Snort can output to syslog, to pcap format (default), to a database, or lastly, to Unified. The "official" recommendation is to unified. The unified file format is the fastest output format coming out of the backend of Snort. Especially when you are trying to output to database! When Snort has to output to a database directly, it has to perform an INSERT into the db... doing so is CPU intensive. Do you want your IDS to be an IDS? Or a database insertion tool?  So use Unified! Well, the problem with unified is, you need something that reads unified file format and outputs it into the db, or tcpdump file format you want....
 
9. Barnyard (or FLoP)
Barnyard reads the unified file format and inserts what it finds into a db, or outputs into tcpdump file format. FLoP is another tool that also reads Snort's output (albeit in a different method) and does what you want with it. Both are excellent tools and both need to be checked out and use the one that's appropriate to you.
 
10. Rule updates.
However you choose to update your rules is up to you, I recommend Oinkmaster. Nice perl proggie to keep your rules up to date. Just don't forget to register on Snort.org and get your oinkmaster code if you wish to download the VRT registered user set.
 
Notice that I didn't put a recommendation for any type of Snort log reviewing tool. BASE, Sguil, Placid, etc.. all have their merits and you will want to check out the one that is most appropriate to your situation. However, I do have one recommendation that I will make here... and it's turning into more of a "RULE" now. Do NOT use ACID. Don't get me wrong, ACID was great for it's day, however, with over 200+ bug fixes, feature implementations, and the fact that ACID hasn't been updated in.. going on 4 years now... go with BASE if all you are looking for is an Alert browser. BASE works with your existing ACID db, and is very easy to upgrade to.
 
So there you go. I hope this helps a bit to get you started down the correct path of tuning Snort. Don't forget to hit the mailing list archives, post to the mailing lists with any questions, look for your local Snort User Group, visit the Snort Forums, or even write into us here at the ISC (several of us use Snort constantly, not just me).. or drop into irc.freenode.net into #snort and say hello! Thanks!
 
Stay tuned for another article on Snort in the future.. If you have suggestions about what I should write about as far as Snort goes, feel free to write in!
 
/** Joel Esler **/
 
Sourcefire and Snort are registered trademarks of Sourcefire.

Thursday, December 21

Are CAC (Common Access Cards) worth it?

A buddy of mine Richard Bejtlich, a known security blogger and consultant, had this article on his blog... I made a big long comment about it.. displayed below, and linked above...

--- begin ---

Yes. The CAC is used for signing on, email signing and encryption, web authentication, basically anything that can be done, or is done with a certificate.

It's only being used in NIPR (Unclassified) systems. It has a magnetic strip on the back that is blank, and can be coded for swipe doors at whatever location you are currently working at.. (problem is, most DOD facilities have proximity cards).

Could this be implemented in a commercial setting? Yes. But at what cost? What what expense? What do you gain out of it? When I worked for DOD, all I got out of the deal was a headache... implementation, it became our ID, which.. only SOME people accepted (like, the gate guards on post wanted our Drivers License sometimes -- grrrr) going to get a new one every three years, using it for sign-on, using it to get in the building. Here's the kicker. Say you left it in your computer at night, your computer would screensaver lock after a while, no problem.. but you couldn't get back in the building the next day!

Annoying is the key. I never liked it. The Email signing and authentication never worked across all platforms with ease. Doesn't work with ALL email clients. (and IMO, trying to say something like "well everyone MUST use OUTLOOK" is not an answer, it's a 'way out'.) Ours didn't work with sign on to the network. The only feature about the CAC that I DID like, is when I walked away from my computer, I took the CAC out of the reader, and viola... my computer locked.

That was about it. Now. You know whats kinda cool (but involves us going back to terminals), is Sun's (yes Sun Microsystems, as much as I hate Sun...) card that you can carry from machine to machine and wherever you plug it in.. you can call up YOUR desktop. That's a descent idea. However, no one likes dummy terminals. I digress.

Could it be done? Yes. Is it worth it? No. Not in my opinion.

Are CAC (Common Access Cards) worth it?

A buddy of mine Richard Bejtlich, a known security blogger and consultant, had this article on his blog... I made a big long comment about it.. displayed below, and linked above...

--- begin ---

Yes. The CAC is used for signing on, email signing and encryption, web authentication, basically anything that can be done, or is done with a certificate.

It's only being used in NIPR (Unclassified) systems. It has a magnetic strip on the back that is blank, and can be coded for swipe doors at whatever location you are currently working at.. (problem is, most DOD facilities have proximity cards).

Could this be implemented in a commercial setting? Yes. But at what cost? What what expense? What do you gain out of it? When I worked for DOD, all I got out of the deal was a headache... implementation, it became our ID, which.. only SOME people accepted (like, the gate guards on post wanted our Drivers License sometimes -- grrrr) going to get a new one every three years, using it for sign-on, using it to get in the building. Here's the kicker. Say you left it in your computer at night, your computer would screensaver lock after a while, no problem.. but you couldn't get back in the building the next day!

Annoying is the key. I never liked it. The Email signing and authentication never worked across all platforms with ease. Doesn't work with ALL email clients. (and IMO, trying to say something like "well everyone MUST use OUTLOOK" is not an answer, it's a 'way out'.) Ours didn't work with sign on to the network. The only feature about the CAC that I DID like, is when I walked away from my computer, I took the CAC out of the reader, and viola... my computer locked.

That was about it. Now. You know whats kinda cool (but involves us going back to terminals), is Sun's (yes Sun Microsystems, as much as I hate Sun...) card that you can carry from machine to machine and wherever you plug it in.. you can call up YOUR desktop. That's a descent idea. However, no one likes dummy terminals. I digress.

Could it be done? Yes. Is it worth it? No. Not in my opinion.

Tuesday, December 19

A Question for my readers

Please describe to me.. At what point does security become an operational burden?

When too many passwords, authentication mechanisms, log-on tokens, segmentation..etc... mount up.. what what point do you just say "hey, you know, this sucks!"

Please leave comments.

A Question for my readers

Please describe to me.. At what point does security become an operational burden?

When too many passwords, authentication mechanisms, log-on tokens, segmentation..etc... mount up.. what what point do you just say "hey, you know, this sucks!"

Please leave comments.

Monday, December 18

Christmas, and the holiday spirit, and Internet security

Recently, since we've all been shopping, out there paying attention to gifts, what we are going to get, and what we aren't going to get. An attack has been going on. Apparently, against my web server.

I review my weblogs (I review all my logs) on a weekly basis. Because really, what's the point in having logs if you're not going to look at them? A log that isn't looked at is a pointless log. You might as well shut off syslog if you aren't going to look at the logs. But I digress.

I review my weblogs. I have mod_security installed on my apache webserver here, so through my custom mod_security rules, I am provided with audit_log in my logging directory.

I usually get about 200 to 300 entries a week in that file. All denied.

Last week that number jumped to almost 9000. As of this morning (my logs roll over on Sunday), I had over 3000.

As I am on my blackberry I don't have a copy of the logs, so I'll post a sample entry later.

But the string I see a lot is "x-aaaaaaaaaaa" in the header.

Anyone else seeing these?

Friday, December 15

Two words for Delta....

In reference to your Crown Rooms, take a note from your partner Continental...

FREE INTERNET

who makes up these rules?

On some flights, you can't have your phones with the wireless turned on.
Then some you can't have them on at all.
On ASA you can't fly with the windows shades down, but on delta you can.
Today we were told that laptop computers had to be completely off, and NOT in the standby mode.

Why can't we just have one set of rules? Everyone the same. The flight attendants all having the same info, so we don't have flight attendants just making stuff up arbitarily?

FAA -- is this so hard?

Two words for Delta....

In reference to your Crown Rooms, take a note from your partner Continental...

FREE INTERNET

who makes up these rules?

On some flights, you can't have your phones with the wireless turned on.
Then some you can't have them on at all.
On ASA you can't fly with the windows shades down, but on delta you can.
Today we were told that laptop computers had to be completely off, and NOT in the standby mode.

Why can't we just have one set of rules? Everyone the same. The flight attendants all having the same info, so we don't have flight attendants just making stuff up arbitarily?

FAA -- is this so hard?

Monday, December 4

Excellent Patent Article

This article is an excellent article on patents concerning Apple and the GUI and stuff. Really interesting stuff.

Excellent Patent Article

This article is an excellent article on patents concerning Apple and the GUI and stuff. Really interesting stuff.

Friday, December 1

Apple needs to go to a subscription model? Pullleeezz

Hey dude, Apple owns 75%+ Market share. I am pretty sure that they know what the hell they are doing.

Apple go to a subscription model?

Apple needs to go to a subscription model? Pullleeezz

Hey dude, Apple owns 75%+ Market share. I am pretty sure that they know what the hell they are doing.

Apple go to a subscription model?

Tuesday, November 28

Okay New rule

Okay, New (old) rule.

When responding to a post on a mailing list, and you want to start a new thread, don't reply to someone else's thread and change the subject. Make a new email.

It messes up my threading in mutt and Mail.

Okay New rule

Okay, New (old) rule.

When responding to a post on a mailing list, and you want to start a new thread, don't reply to someone else's thread and change the subject. Make a new email.

It messes up my threading in mutt and Mail.

Monday, November 20

Plane captains in the cockpit

Why does every captain of a palne think they are a tour guide? "If you look out the right side of the plane"

What is a "seat area"? "Look around your immediate seat area for any items you may have brought on board.". What the hell is a seat area? And 'may' have brought on board?

(Yes I know that's part of a Carlin bit, but it's true!)

I hate it when people (flight attendants, gate agents, whatever) treat me like I am stupid, AFTER they thank me for being a Platinum member. Obviously if I am a platinum member I fly a lot, and obviously know that I have to take my shoes off to go through security (or something like that).

Crown rooms that are BEFORE security? Now what kind of sense does that even make?

Ah... The frustrations of travel.

-sent from 30,000 feet.

Plane captains in the cockpit

Why does every captain of a palne think they are a tour guide? "If you look out the right side of the plane"

What is a "seat area"? "Look around your immediate seat area for any items you may have brought on board.". What the hell is a seat area? And 'may' have brought on board?

(Yes I know that's part of a Carlin bit, but it's true!)

I hate it when people (flight attendants, gate agents, whatever) treat me like I am stupid, AFTER they thank me for being a Platinum member. Obviously if I am a platinum member I fly a lot, and obviously know that I have to take my shoes off to go through security (or something like that).

Crown rooms that are BEFORE security? Now what kind of sense does that even make?

Ah... The frustrations of travel.

-sent from 30,000 feet.

Wednesday, November 15

Smartphone switching

Okay, so for about a year and a half now, I've been using the Treo 650. It's a nice phone, except that:

A) The battery sucks.
B) Email SUCKS
C) Useability sucks

So recently, I switched to the Blackberry 8700. YES. now THIS is a nice phone. I've never used a Blackberry before, and always looked down on those who do as being "Crackberry" addicts. But now I see why. This is a nice damn phone. Battery life is excellent (lasts about 3 days while using Cell phone and email regularily), bluetooth, and the EMAIL!! OOOOH the email!!! Push technology is so freaking great.

Things I miss:

The IR port.
The extensive amount of Applications for the Palm Platform (although I haven't found a program yet that I haven't found a blackberry equivalent for)
The ability for it to charge from my laptop (Yes, I know some people have done this with their Palm [points to Roesch], but I didn't so I suck okay?)
Auto Sync.


Blackberry 10, Palm 5. 4th Quarter.

Idiot commenting

Okay, so I read ALOT of news, blogs, and websites. As does everyone now adays I suspect, we all read our share of blogs.

So why, when I read stuff like.. Digg, like Slashdot, like the Crazy Apple Rumors site, and any number of other sites that I frequent on a repetative basis, do these damn morons who make the first post, have to announce to the world that they did so?

We CAN SEE IT'S YOUR FIRST POST PEOPLE, QUIT TELLING US. You're killing me.

1. Frist post!! OMGWTF!!!!111!!ponies!!!

Go choke.

Idiot commenting

Okay, so I read ALOT of news, blogs, and websites. As does everyone now adays I suspect, we all read our share of blogs.

So why, when I read stuff like.. Digg, like Slashdot, like the Crazy Apple Rumors site, and any number of other sites that I frequent on a repetative basis, do these damn morons who make the first post, have to announce to the world that they did so?

We CAN SEE IT'S YOUR FIRST POST PEOPLE, QUIT TELLING US. You're killing me.

1. Frist post!! OMGWTF!!!!111!!ponies!!!

Go choke.

Dvorak says something right

John Dvorak finally said something I agree with. Zune will be a flop.

Reading the first sentence of this article is correct as hell.
"If anything is doomed to failure, it is the Microsoft Zune" Go John. (at least on this article)

Tuesday, November 14

San Francisco

Alrighty, so I'm here in San Francisco. Again.

I like this town, not as much as I like Chicago, but San Fran is cool. I'm staying in Chinatown at the Hilton Financial District. I highly recommend this hotel if you are a Hilton Gold or Diamond member. (and you achieve Executive level floor). I don't know what the regular rooms are like, but the desk in this one is bad ass.

Anyway, so I am teaching this Sourcefire 3D class for my company. I really like teaching. Allows me to interact and share my thoughts on topics with several people. I like being able to get and give opinions about topics with me. Lots of fun.

The new Snort book is coming up. Should be soon. I think everything is being finalized getting ready for print. Go pick up a copy.

Dvorak says something right

John Dvorak finally said something I agree with. Zune will be a flop.

Reading the first sentence of this article is correct as hell.
"If anything is doomed to failure, it is the Microsoft Zune" Go John. (at least on this article)

Thursday, November 9

Delta

Following up on my post to Delta: I had someone email me and ask me how it went...

1. They refunded my ticket from ATL to AGS
2. They also gave me 10,000 miles for my problems.

However, I made Platinum Medallion in the meantime, so I don't know if they did all that stuff because I am Platinum now, or were they just being nice.

We'll see how things are different for Platinum. As much as I have flown over the past many years, I have never made Platinum, (I could have done it a couple times, but could never dedicate to one airline). I've have flown (almost) exclusively Delta in the past 9 months, and I have achieved over 85K miles in those 9 months.

I'll probably break 100K by the end of the year.

All I know is, I have a flight booked for my butt to fly to San Francisco on Monday, and I already have a First Class seat. (Delta upgrades Medallion members based on status, ticket fare, standbys...etc.. there's a bunch of criteria.) But I do know that I have the last seat in First Class, which means, when the 3 day marker rolls around for Gold members (Saturday), no Gold members will get upgraded.

So I guess my Platinum Status is paying off already. We'll see if I get my upgrade on my return flight. So for now, has saved face.

(Image copyright Delta)

Delta

Following up on my post to Delta: I had someone email me and ask me how it went...

1. They refunded my ticket from ATL to AGS
2. They also gave me 10,000 miles for my problems.

However, I made Platinum Medallion in the meantime, so I don't know if they did all that stuff because I am Platinum now, or were they just being nice.

We'll see how things are different for Platinum. As much as I have flown over the past many years, I have never made Platinum, (I could have done it a couple times, but could never dedicate to one airline). I've have flown (almost) exclusively Delta in the past 9 months, and I have achieved over 85K miles in those 9 months.

I'll probably break 100K by the end of the year.

All I know is, I have a flight booked for my butt to fly to San Francisco on Monday, and I already have a First Class seat. (Delta upgrades Medallion members based on status, ticket fare, standbys...etc.. there's a bunch of criteria.) But I do know that I have the last seat in First Class, which means, when the 3 day marker rolls around for Gold members (Saturday), no Gold members will get upgraded.

So I guess my Platinum Status is paying off already. We'll see if I get my upgrade on my return flight. So for now, has saved face.

(Image copyright Delta)

Wednesday, November 8

Baby Pictures

So, the Wife and I go and get 3D Ultrasound pictures of our baby done. It's pretty cool I think. They are hard to see IMO, but click on them to make them bigger.



Here's a picture of the baby sleeping, kinda curled up in there.

Baby Pictures

So, the Wife and I go and get 3D Ultrasound pictures of our baby done. It's pretty cool I think. They are hard to see IMO, but click on them to make them bigger.



Here's a picture of the baby sleeping, kinda curled up in there.

Monday, November 6

An OSX Background

I like Wallpapers. I'm not really a fan of any of the OSX ones that are out there, so I found one that was sort of what I wanted, ran it through a bit of Photoshop, and out popped this:

I tend to like it (i'm biased), feel free to use:

An OSX Background

I like Wallpapers. I'm not really a fan of any of the OSX ones that are out there, so I found one that was sort of what I wanted, ran it through a bit of Photoshop, and out popped this:

I tend to like it (i'm biased), feel free to use:

Sunday, November 5

DCR-SR40 on OSX

How to get your Sony Handycam DCR-SR40 to work on OSX:

When you purchase the DCR-SR40 Sony Handycam, it has a link in the instruction book on where to go to purchase software to be able to use the camera with OSX. It is NOT free, and second of all, the software is absolutely horrible.

Do NOT for one second think that you can use firewire with this camera either. Nope. Also, do not assume that this camera will work with iMovie or iDVD, because it won't. Why? Well, first of all it's USB, (OSX needs firewire with Digital Video Cameras, even HDD based ones)

It won't work, it won't work, it won't work. Don't buy the crappy software suggested in the manual.

The problem is, the video that is stored on the camera is in Mpeg-2. Well. That sucks.

Steps to get it to work:

1. Plug the Camera's dock into the Mac.
2. Plug the Camera's dock into the electricty.
3. Record something
4. Plug the camera into the dock.
5. Turn the camera on, and put it in VCR mode (the bottom LCD light)
6. Press the "Burn to DVD" button on the Dock.

This will mount the Video Camera into OSX.

7. Open the "NO_NAME" drive, present on your desktop.
8. Navigate through the folders until you find the mp2 files that are named something like "M2U00001.MPG".
9. Drag and drop this file to your desktop (you can erase it off the camera if you want)

Quicktime will NOT play this file, you have to up convert it mp4

10. Download and install "ffmpegX", a free program, and all the tools that go with it. (You will need mplayer)
11. Drop "M2U00001.MPG" file into ffmpegX, and then select what file type to convert it to on the right (I suggest 2-pass option for H.264)
12. Click "Encode"
13. Whenever later (a long time if you have a slow puter...) it will spit out a file, that file you can do whatever you want with (into iMovie, iDVD whatever)

OR!!!!

Return the camera, pay the restocking fee, and go buy the Panasonic PV-GS300.

I suggest the latter.

DCR-SR40 on OSX

How to get your Sony Handycam DCR-SR40 to work on OSX:

When you purchase the DCR-SR40 Sony Handycam, it has a link in the instruction book on where to go to purchase software to be able to use the camera with OSX. It is NOT free, and second of all, the software is absolutely horrible.

Do NOT for one second think that you can use firewire with this camera either. Nope. Also, do not assume that this camera will work with iMovie or iDVD, because it won't. Why? Well, first of all it's USB, (OSX needs firewire with Digital Video Cameras, even HDD based ones)

It won't work, it won't work, it won't work. Don't buy the crappy software suggested in the manual.

The problem is, the video that is stored on the camera is in Mpeg-2. Well. That sucks.

Steps to get it to work:

1. Plug the Camera's dock into the Mac.
2. Plug the Camera's dock into the electricty.
3. Record something
4. Plug the camera into the dock.
5. Turn the camera on, and put it in VCR mode (the bottom LCD light)
6. Press the "Burn to DVD" button on the Dock.

This will mount the Video Camera into OSX.

7. Open the "NO_NAME" drive, present on your desktop.
8. Navigate through the folders until you find the mp2 files that are named something like "M2U00001.MPG".
9. Drag and drop this file to your desktop (you can erase it off the camera if you want)

Quicktime will NOT play this file, you have to up convert it mp4

10. Download and install "ffmpegX", a free program, and all the tools that go with it. (You will need mplayer)
11. Drop "M2U00001.MPG" file into ffmpegX, and then select what file type to convert it to on the right (I suggest 2-pass option for H.264)
12. Click "Encode"
13. Whenever later (a long time if you have a slow puter...) it will spit out a file, that file you can do whatever you want with (into iMovie, iDVD whatever)

OR!!!!

Return the camera, pay the restocking fee, and go buy the Panasonic PV-GS300.

I suggest the latter.

Thursday, October 26

San Diego, CA

So here I am. Tired as hell, in San Diego. I have to fly back to Georgia tomorrow. Then fly to Pheonix on Friday.



I travel too much.

Picture of my wife and I in San Antonio




My boss took this picture of my wife and I on the one of the tour boats that goes around the Riverwalk in San Antonio, TX. Good times.

"But Joel, you went to San Antonio, did you take a picture of The Alamo?"

yes.

Picture of me teaching



One of my guys in my class I was teaching in Rhode Island not too long ago took this snap shot. The picture is of me assisting the screen in showing all the words. You can see the projection over running the right hand side of the screen. Heh. oh well.

Wednesday, October 25

Apple Store visits

Well I added a couple more to the Apple Store Visits list.

See for yourself

San Diego, CA

So here I am. Tired as hell, in San Diego. I have to fly back to Georgia tomorrow. Then fly to Pheonix on Friday.



I travel too much.

Picture of my wife and I in San Antonio




My boss took this picture of my wife and I on the one of the tour boats that goes around the Riverwalk in San Antonio, TX. Good times.

"But Joel, you went to San Antonio, did you take a picture of The Alamo?"

yes.

Apple Store visits

Well I added a couple more to the Apple Store Visits list.

See for yourself

Fun in Texas



As if I needed another example of why I don't live in Texas, my wife's uncle sent me these pictures of a snake inside of the motor box that controls their boat lifter. (Raises the boat up and down into the water)

Avis is stupid



I was in the line at Avis in ATL recently. I saw this sign and thought it was funny and yet dumb. Who are the advertising/marketing people that should be shoved off a cliff for this one?

Tuesday, October 24

Fun in Texas



As if I needed another example of why I don't live in Texas, my wife's uncle sent me these pictures of a snake inside of the motor box that controls their boat lifter. (Raises the boat up and down into the water)

Avis is stupid



I was in the line at Avis in ATL recently. I saw this sign and thought it was funny and yet dumb. Who are the advertising/marketing people that should be shoved off a cliff for this one?

The Macbook Pro finally gets updated

Link It's about time.

YEAH!

The Macbook Pro finally gets updated

Link It's about time.

YEAH!

American Airlines

I wound up flying First Class in American Airlines today. Let me just compliment AA. Best two flights I have ever had. Aside from being late out of ATL (which was ATL's fault, I am sure), I sat in first class, I got a meal, (vegetable pizza and a salad. it was good!), and aside from the lady who had a panic attack on the plane and had to be given oxygen.

American Airlines rox. I'd fly American Airlines if I could everytime if their service was that good every time.

Monday, October 23

American Airlines

I wound up flying First Class in American Airlines today. Let me just compliment AA. Best two flights I have ever had. Aside from being late out of ATL (which was ATL's fault, I am sure), I sat in first class, I got a meal, (vegetable pizza and a salad. it was good!), and aside from the lady who had a panic attack on the plane and had to be given oxygen.

American Airlines rox. I'd fly American Airlines if I could everytime if their service was that good every time.

More Airport fun

So, I get to the airport today, and they cancel my flight when it was almost here.

Quick Story: I am currently sitting in the Augusta, GA (AGS) airport. I was booked on flight 4293 out of Augusta to Atlanta. They apparently cancelled the connecting flight from ATL to AGS, thusly canceling the return 4293.

Since flying at 2 was going to miss my connecting flight on flight 397 from ATL to SAN. (Where I had a first class upgrade) So Delta rebooked me through American Airlines. (Where i am sitting in coach!) and I wind up getting to SAN 4 hours later.

Just another late flight where the customers get screwed going from ATL to AGS or AGS to ATL. How can ASA possibly be against the customer (stay in business doing this to their customers) this much?

Delta's response

Delta wrote me back. I believe this to be an UNACCEPTABLE response.


Dear Mr. Esler,

Thank you for your e-mail and for sharing your disappointing travel
experience with us. We welcome your comments as they assist us in the
continuous evaluation of our performance.

We regret you were inconvenienced because of a missed flight connection.
Delaying a flight for a confirmed passenger is a difficult situation for
the airlines. In the past our policy was to wait for passengers whenever
possible even at the expense of on-time performance. Now, our customers
tell us that being on time is a high priority, and we have changed our
practices to better meet these expectations.

We expect our people to do everything they can to help customers
transfer between flights; however, they have been instructed not to make
guarantees about connections. The operations supervisors in each city
are responsible for the final decision to delay a flight. They have
access to all necessary information, such as flight times, the number of
customers already on board, and the availability of alternate flights.
Nevertheless, we regret your inconvenience and and we will continue to
make efforts to improve in this area. Customer service is very
important to us, and we are working hard to transform our company.

We have reviewed your e-ticket, xxxxxxxxxxxx, and have determined an
adjustment is due for the unflown segment. A copy of your e-mail has
been forwarded to our Refunds Department for processing. As you paid
with a credit card, the adjustment will appear on your statement within
1-2 billing cycles.

Please accept our apology for the unfavorable impression you received in
this instance. We appreciate your selection of Delta and will always
consider it a privilege to be of service.

Delta sucks

Okay. I could write this big long post about how Delta sucks. But I already did. Here an email I wrote to Delta:

------------

Yesterday, October 21, 2006, I was traveling from Denver, CO to Augusta,GA and had a connection in Atlanta Hartsfield-Jackson Airport. My flight from Denver was approximately 7 minutes late in arrival (the plane had to be de-iced in DEN), so I had hustle from one gate to the next. When I got to the original gate, I was notified of a gate change of just a few more gates down the concourse.

When I arrived at the gate at 2:55 p.m., I was told by the gate attendant that the flight had already left. I was disappointed to hear that the flight was already packed up and gone, yet the scheduled departure was not until 3:07 p.m. What bothered me the most is that I could still see the baggage crew loading the plane and the gate attendants were still printing out the passenger manifest.

I contacted the customer service department for Medallion members and expressed my concern with one of the Delta representatives. She informed me that according to gate check-in rules, a plane is allowed to leave up to 15 minutes prior to scheduled departure if everyone is accounted for. However, they are aware of those who have connections and should have allowed for more time. Apparently, that was not the case and they closed out early. The customer representative was quite confused as she looked further and found that flight 4103 was not even a full flight when they left.

After doing additional research I found that DL flight 4103 never pushed back from the gate until 3:30 p.m (23 minutes later than scheduled departure) and took off at 3:40. They arrived in Augusta, GA at 4:16 p.m.

I am a Delta Gold Medallion member and will achieve Platinum status by the end of this year. Unfortunately, I have not yet seen many benefits with Delta in being such a dedicated member. Flying out of Augusta, GA where my flights almost always originate, I have a choice of two airlines.
Depending on cost of flight and convenience I can pick from Delta or US Air/United.
Since I started to achieve Medallion status, I almost always pick Delta, spending well over 40K a year with your airline, for just business travel. Whether my employer pays for my travel or it is a personal purchase, this kind of service is unacceptable.

Please consider my frustration and address such issues with the Delta staff and crew.

Thank you!

-------

More Airport fun

So, I get to the airport today, and they cancel my flight when it was almost here.

Quick Story: I am currently sitting in the Augusta, GA (AGS) airport. I was booked on flight 4293 out of Augusta to Atlanta. They apparently cancelled the connecting flight from ATL to AGS, thusly canceling the return 4293.

Since flying at 2 was going to miss my connecting flight on flight 397 from ATL to SAN. (Where I had a first class upgrade) So Delta rebooked me through American Airlines. (Where i am sitting in coach!) and I wind up getting to SAN 4 hours later.

Just another late flight where the customers get screwed going from ATL to AGS or AGS to ATL. How can ASA possibly be against the customer (stay in business doing this to their customers) this much?

Delta's response

Delta wrote me back. I believe this to be an UNACCEPTABLE response.


Dear Mr. Esler,

Thank you for your e-mail and for sharing your disappointing travel
experience with us. We welcome your comments as they assist us in the
continuous evaluation of our performance.

We regret you were inconvenienced because of a missed flight connection.
Delaying a flight for a confirmed passenger is a difficult situation for
the airlines. In the past our policy was to wait for passengers whenever
possible even at the expense of on-time performance. Now, our customers
tell us that being on time is a high priority, and we have changed our
practices to better meet these expectations.

We expect our people to do everything they can to help customers
transfer between flights; however, they have been instructed not to make
guarantees about connections. The operations supervisors in each city
are responsible for the final decision to delay a flight. They have
access to all necessary information, such as flight times, the number of
customers already on board, and the availability of alternate flights.
Nevertheless, we regret your inconvenience and and we will continue to
make efforts to improve in this area. Customer service is very
important to us, and we are working hard to transform our company.

We have reviewed your e-ticket, xxxxxxxxxxxx, and have determined an
adjustment is due for the unflown segment. A copy of your e-mail has
been forwarded to our Refunds Department for processing. As you paid
with a credit card, the adjustment will appear on your statement within
1-2 billing cycles.

Please accept our apology for the unfavorable impression you received in
this instance. We appreciate your selection of Delta and will always
consider it a privilege to be of service.

Delta sucks

Okay. I could write this big long post about how Delta sucks. But I already did. Here an email I wrote to Delta:

------------

Yesterday, October 21, 2006, I was traveling from Denver, CO to Augusta,GA and had a connection in Atlanta Hartsfield-Jackson Airport. My flight from Denver was approximately 7 minutes late in arrival (the plane had to be de-iced in DEN), so I had hustle from one gate to the next. When I got to the original gate, I was notified of a gate change of just a few more gates down the concourse.

When I arrived at the gate at 2:55 p.m., I was told by the gate attendant that the flight had already left. I was disappointed to hear that the flight was already packed up and gone, yet the scheduled departure was not until 3:07 p.m. What bothered me the most is that I could still see the baggage crew loading the plane and the gate attendants were still printing out the passenger manifest.

I contacted the customer service department for Medallion members and expressed my concern with one of the Delta representatives. She informed me that according to gate check-in rules, a plane is allowed to leave up to 15 minutes prior to scheduled departure if everyone is accounted for. However, they are aware of those who have connections and should have allowed for more time. Apparently, that was not the case and they closed out early. The customer representative was quite confused as she looked further and found that flight 4103 was not even a full flight when they left.

After doing additional research I found that DL flight 4103 never pushed back from the gate until 3:30 p.m (23 minutes later than scheduled departure) and took off at 3:40. They arrived in Augusta, GA at 4:16 p.m.

I am a Delta Gold Medallion member and will achieve Platinum status by the end of this year. Unfortunately, I have not yet seen many benefits with Delta in being such a dedicated member. Flying out of Augusta, GA where my flights almost always originate, I have a choice of two airlines.
Depending on cost of flight and convenience I can pick from Delta or US Air/United.
Since I started to achieve Medallion status, I almost always pick Delta, spending well over 40K a year with your airline, for just business travel. Whether my employer pays for my travel or it is a personal purchase, this kind of service is unacceptable.

Please consider my frustration and address such issues with the Delta staff and crew.

Thank you!

-------

Friday, October 20

Blogging Amount

Obviously lately, I haven't been blogging alot. I've been on the road straight now for about 6 weeks. I'm a bit tired, and don't get the chance to blog as much as I wish I could.

I will be off in a week or so, then I might be able to catch up a bit with all the stuff going on. In the meantime, enjoy Star Wars parodies.

Blogging Amount

Obviously lately, I haven't been blogging alot. I've been on the road straight now for about 6 weeks. I'm a bit tired, and don't get the chance to blog as much as I wish I could.

I will be off in a week or so, then I might be able to catch up a bit with all the stuff going on. In the meantime, enjoy Star Wars parodies.

Monday, October 9

IE7 and how much it sucks

I wrote this article on isc.sans.org... i got lots of MS zealot feedback saying that I was bashing.

---
Thanks to one of our readers that wrote in to tell us that IE7, will be released this month via Automatic Update according to Microsoft's "IEBlog".

Unfortunately, it's still based on a similar code base, and will still hold the majority of market share. So, this brings me to the point of the article which I had originally intended..

My advice? Diversify. Use other browsers. I use Safari, Firefox, and Opera. I own zero Windows based computers, but I have access to thousands. I suggest you out there in 'reader land' switch to something else. Unless we see empirical evidence that IE7 is vastly more secure and superior.. it will wind up like its predecessors.

Yes, I know that on some corporate environments, its impossible to switch. There are applications that are dependent on IE. But I blame the Application Developers. Code to more open standards, try not to use ActiveX controls. Other browsers don't use them, and they work fine. I had a reader write in and say that in their environment (healthcare), they are dependent on IE. My wife works in healthcare, so I feel your pain. I know, I know, its unfortunate, sometimes corporate rollouts of Firefox..et all.. are not possible, however, give it a shot.

I used to work in an environment where IE was necessary for a couple of things. So, we used IE for those two things, and Firefox for the rest. My whole diary entry can be summed up in one line: "Where you don't HAVE to use IE, don't."

II have received alot of feedback since I wrote the initial article. Most people don't like the fact that I am saying that IE's security is lacking. It's fact. Everything has vulnerabilities. Every OS, every product, every browser. I have been cited, publicly stating that if Apple was 95% of market share and Microsoft was 5%, who is to say that the roles wouldn't be reversed. Hackers target the 70% of the browser market (IE) because that's the MAJORITY of what is out there. However, if the roles were reversed, who is to say that it wouldn't be backwards? Who is to say that there wouldn't be hundreds of thousands of vulnerabilities for Apple out there? Yes, I think that Apple is inherently more secure, (I use macs), but that's not to say that if the tables weren't turned we wouldn't have a different result.

In other Microsoft News:
Microsoft rewards Adware programmer with MVP status. Link here

Reader Dan writes in to tell us:
"You may also want to note that Firefox even has a plug-in available to open certain links in IE. This makes it even easier to follow your advice of only using IE when you absolutely must." -- https://addons.mozilla.org/firefox/35/

Update #1
Mentioned native apps.

Update #2
Mentioned Feedback

Update #3
Clarifying the article for it's original intention: Diversification.

Update #4
Added MS MVP article

Updated #5
Added Firefox plugin

----

I still say I'm right.

SANS article

I wrote an article about my recent trip to Vegas over at isc.sans.org. Since I am too lazy to copy and paste it, or retype it.. here is a direct link. Go read it here.

SANS article

I wrote an article about my recent trip to Vegas over at isc.sans.org. Since I am too lazy to copy and paste it, or retype it.. here is a direct link. Go read it here.

Tuesday, October 3

Marty Roesch strikes again

Marty made a post on his blog here about the new weapon on the war on terror.

A Ziploc Baggie.

Hilarious

Friday, September 29

tf green airport providence.

more about this later, because I am on a plane. but the providence ri airport. tf green. is THE WORST airport on Earth.

tf green airport providence.

more about this later, because I am on a plane. but the providence ri airport. tf green. is THE WORST airport on Earth.

Tuesday, September 26

Blog entries around

During my daily blog reads, I was reading David Weiss's blog, and he mentions some recent customer service he received from Apple. Turns out he, like me, bought the three free episodes of ABC's finalies of last season, and was accidentally charged for them. Read his entry here.

Not only did Apple refund his money, but they GAVE HIM MONEY.

Now THAT'S customer service. That's why I buy Apple products, that's why I am a loyal customer. Everything I have EVER needed from Apple was immediate and responsive. When I had to send my iBook back to Apple for the Logic Board recall. They overnighted me a box, gave me packing instructions, tape, and everything. I overnighted the box back to them, (at their expense), they fixed it in about 4 days, and overnighted it back. Everything was intact, the data was there. Everything. and it didn't take forever. I wasn't without my laptop very long.

THAT's why I buy Apple products, and the fact that they are awesome, but, the customer service rocks too.

Blog entries around

During my daily blog reads, I was reading David Weiss's blog, and he mentions some recent customer service he received from Apple. Turns out he, like me, bought the three free episodes of ABC's finalies of last season, and was accidentally charged for them. Read his entry here.

Not only did Apple refund his money, but they GAVE HIM MONEY.

Now THAT'S customer service. That's why I buy Apple products, that's why I am a loyal customer. Everything I have EVER needed from Apple was immediate and responsive. When I had to send my iBook back to Apple for the Logic Board recall. They overnighted me a box, gave me packing instructions, tape, and everything. I overnighted the box back to them, (at their expense), they fixed it in about 4 days, and overnighted it back. Everything was intact, the data was there. Everything. and it didn't take forever. I wasn't without my laptop very long.

THAT's why I buy Apple products, and the fact that they are awesome, but, the customer service rocks too.

Tuesday, September 19

Starbucks + Apple

Here's an idea Steve Jobs. Partner with Starbucks. Sell iPods, sell iTunes cards, encourage people to bring in their laptops. I don't know. Something...

Look at that potential for money...

iTunes 7 feature

You know, I found an unpublished (or maybe it was, and I didn't see it) feature of iTunes 7.

Especially useful for large libraries that may have multiple copies of the same song. (say you imported a bunch of mp3's and CD's)

Click on View -> Show Duplicates.

It finds all the Duplicates in your iTunes DB. This is a really nice feature.

I ran it on my huge iTunes library, and it found alot of dups. It also found some dups that I didn't want to get rid of, for example, two copies (or three) of the same song, one album, one live, or two live.

Kinda nice.

Starbucks + Apple

Here's an idea Steve Jobs. Partner with Starbucks. Sell iPods, sell iTunes cards, encourage people to bring in their laptops. I don't know. Something...

Look at that potential for money...

0-day

Okay. I've been receiving emails like mad through isc.sans.org internal lists, full-disclosure, security, irc, jabber rooms I'm in, blah blah...

About all these "0-day's" in MS Windows. (As if we were surprised!?). I am just ranting to the point of... I am REALLY getting tired of hearing "0-day" every three seconds, frankly, it's getting annoying.

Please security professionals, I know that 0-day gets your bosses attention, because 0day has went from 'hax0r' term to freaking Marketing. bleh. Marketing (Yes, I know it has a purpose.. I just don't like it sometimes)

So... security guys... lets develop a new term. 0-day is dead.

P.S. It's pronounced "ZERO-DAY" not "O-day" like in the "O-jays". get it right.

iTunes 7 feature

You know, I found an unpublished (or maybe it was, and I didn't see it) feature of iTunes 7.

Especially useful for large libraries that may have multiple copies of the same song. (say you imported a bunch of mp3's and CD's)

Click on View -> Show Duplicates.

It finds all the Duplicates in your iTunes DB. This is a really nice feature.

I ran it on my huge iTunes library, and it found alot of dups. It also found some dups that I didn't want to get rid of, for example, two copies (or three) of the same song, one album, one live, or two live.

Kinda nice.

Monday, September 18

Apple to update Laptops?

Apple Insider link

Friend of mine, Jim, pointed this article out to me. Looks like Apple is about to update their MacBook Pros. I'm not really prone to blogging rumors, however, I really hope this one is true.

Pcap Checksum fixer

This program was NOT WRITTEN BY ME. Just so we're all clear on that.

Brian Caswell wrote this program and posted it on his blog. However, I find it very useful.

Sometimes when people have problems with their pcap's when they are trying to run them through Snort, I would say 90% of the time, it's because of bad chksums. Now, that's not a bad thing, it's just that people forget to check them.

So this little proggie takes a pcap, rewrites the checksum so its correct, and spits it back out. THEN you can run it through Snort. (Or whatever)

Here is the program that I did not write.

It requires Net::Pcap and Net::Ethereal. Install these through cpan. If you don't know how to do that, well, May God have mercy on your soul. (see link for a judge actually using that quote in a filing. That's awesome. /me claps for that judge.

Credit goes to Brian Caswell. He wrote it. and it rox.

Apple to update Laptops?

Apple Insider link

Friend of mine, Jim, pointed this article out to me. Looks like Apple is about to update their MacBook Pros. I'm not really prone to blogging rumors, however, I really hope this one is true.

Thursday, September 14

Free downloads of LOST, Desperate Housewives and Grey's Anatomy on iTunes

It's promo time! In an attempt to woo new customers ABC is giving away free copies of last season's finales of Lost, Desperate Housewives and Grey's Anatomy

read more | digg story

Free downloads of LOST, Desperate Housewives and Grey's Anatomy on iTunes

It's promo time! In an attempt to woo new customers ABC is giving away free copies of last season's finales of Lost, Desperate Housewives and Grey's Anatomy

read more | digg story

Monday, September 11

September 11th & How Google Changed.

An intresting article on how Google changed their website so many times on September 11th. How many hits, and for what.

Check this out

September 11th & How Google Changed.

An intresting article on how Google changed their website so many times on September 11th. How many hits, and for what.

Check this out

Saturday, September 9

Wednesday, September 6

New iMac's

Quietly this morning, Apple introduced some new iMac's The new iMac's are advertised as being "Faster, Brighter, and Bigger".

First thing I noticed was the 24in iMac. That's cool, looks like a brighter screen, bigger video card..

Also looks like a new processor (64 bit).

The 24in model gets (instead of two 400 firewire) gets one 400 and one 800. Also comes standard with a 250 Gb harddrive, 24 watt digital amplifier, and NVIDIA GeForce 7300 GT graphics processor with 128MB of GDDR3 SDRAM using PCI Express.

Prices are here, but also, look at the picture at the bottom there... Doesn't the new 24in look thinner?

New iMac's

Quietly this morning, Apple introduced some new iMac's The new iMac's are advertised as being "Faster, Brighter, and Bigger".

First thing I noticed was the 24in iMac. That's cool, looks like a brighter screen, bigger video card..

Also looks like a new processor (64 bit).

The 24in model gets (instead of two 400 firewire) gets one 400 and one 800. Also comes standard with a 250 Gb harddrive, 24 watt digital amplifier, and NVIDIA GeForce 7300 GT graphics processor with 128MB of GDDR3 SDRAM using PCI Express.

Prices are here, but also, look at the picture at the bottom there... Doesn't the new 24in look thinner?

Tuesday, August 29

Found a new Blog today.

Found a new InfoSec Blog today. Entitled: Headlines from the Computer Security Blogosphere, it makes for a good read. Check it out here. Or check it out on the right hand pane of my blog, with all the other blogs I find interesting.

Found a new Blog today.

Found a new InfoSec Blog today. Entitled: Headlines from the Computer Security Blogosphere, it makes for a good read. Check it out here. Or check it out on the right hand pane of my blog, with all the other blogs I find interesting.

xkcd - A webcomic of romance, sarcasm, math, and language - COMPLY

xkcd - A webcomic of romance, sarcasm, math, and language - COMPLY

Classic.

xkcd - A webcomic of romance, sarcasm, math, and language - COMPLY

xkcd - A webcomic of romance, sarcasm, math, and language - COMPLY

Classic.

Exploding Batteries?

So, Japanese authorities told Apple to look into the Apple computers catching fire.  Um..  THEY DID.  They recalled all the BATTERIES.  You geniuses. What else.. Um..  Sony, who manufactures the batteries, is a JAPANESE company.

"TOKYO -- Japanese authorities reported Tuesday the first case of an Apple laptop catching fire in Japan and ordered the U.S. company to investigate the trouble involving the faulty Sony batteries and report back within a week."

Japan Orders Apple to Probe Laptops

technorati tags:, , ,

HP heir to Apple's Throne?

Below is a quote and the link to an article that was published about HP stealing Apple's throne as the marketing genius and cult following.  Yeah. Um..  Good luck with that.



"For darn near half-a-decade, no company has been able to touch the folks in Cupertino, Calif., in terms of sheer corporate karma. Everything Apple (Nasdaq: AAPL) Latest News about Apple did seemed smarter and cooler than what anyone else did. Think of the media frenzy surrounding the release of every update to the iconic iPod music player or each new version of its resurgent Mac line. It didn't hurt that Apple's stock has risen more than eightfold in the past five years, due not only to its beautifully crafted products, but also to its rock-solid operational performance and terrific marketing. Halo effect, indeed."

Technology News: Strategy: Is HP the Heir to Apple's Halo?

technorati tags:, ,

Exploding Batteries?

So, Japanese authorities told Apple to look into the Apple computers catching fire.  Um..  THEY DID.  They recalled all the BATTERIES.  You geniuses. What else.. Um..  Sony, who manufactures the batteries, is a JAPANESE company.

"TOKYO -- Japanese authorities reported Tuesday the first case of an Apple laptop catching fire in Japan and ordered the U.S. company to investigate the trouble involving the faulty Sony batteries and report back within a week."

Japan Orders Apple to Probe Laptops

technorati tags:, , ,

HP heir to Apple's Throne?

Below is a quote and the link to an article that was published about HP stealing Apple's throne as the marketing genius and cult following.  Yeah. Um..  Good luck with that.



"For darn near half-a-decade, no company has been able to touch the folks in Cupertino, Calif., in terms of sheer corporate karma. Everything Apple (Nasdaq: AAPL) Latest News about Apple did seemed smarter and cooler than what anyone else did. Think of the media frenzy surrounding the release of every update to the iconic iPod music player or each new version of its resurgent Mac line. It didn't hurt that Apple's stock has risen more than eightfold in the past five years, due not only to its beautifully crafted products, but also to its rock-solid operational performance and terrific marketing. Halo effect, indeed."

Technology News: Strategy: Is HP the Heir to Apple's Halo?

technorati tags:, ,

Monday, August 28

isc.sans.org

Recently, (as of Friday) i became an Incident Handler at isc.sans.org or incidents.org. I think it's great, obviously.

I think this will allow me to learn alot more, help people out, and most of all, make sure people have accurate and up to date information on the IDS/IPS world, as well as emerging threats.

I look forward to seeing you online over there, and be sure and drop me a note at eslerj@gmail.com whenever you get a chance.

isc.sans.org

Recently, (as of Friday) i became an Incident Handler at isc.sans.org or incidents.org. I think it's great, obviously.

I think this will allow me to learn alot more, help people out, and most of all, make sure people have accurate and up to date information on the IDS/IPS world, as well as emerging threats.

I look forward to seeing you online over there, and be sure and drop me a note at eslerj@gmail.com whenever you get a chance.

Friday, August 25

Back from Chicago and a small milestone

Welp, spent all week in Chicago (again). I like that city. I recommend The Palmer House Hilton if you are staying in Chicago.

Nice place. I know my friend Nigel is "W" fan, and theres one of those too.

As for the milestone, Blogger.com tells me that THIS post is #701. 700 posts! I don't know how much of a milestone that is, but I think it's pretty cool.

Beer:30

Traffic

I've started taking a look at my access_log file in apache, I've been blogged on a couple different rather public blogs recently and my traffic has increased exponentially.

So, let me put this out there.

My web server is protected by at least 6 different methods (3rd party programs). If I don't like what you are doing on my site, (like trying to wget -r it or something), or hell, if I don't like your User-Agent, you will be denied.

mod_security + Inline Snort + Firewalls and some other tidbits of niceness, are handy.

Marty (or Martin) Roesch joins the Blogging masses

Well Marty, it didn't take us long, we found your blog. Martin Roesch (or Marty), my CTO of Sourcefire and original author of Snort, the world famous (de facto standard) Intrusion Detection and Prevention System has a blog.

I for one, welcome our Blogging overlords. :-), So on behalf of the blogging community, Marty, Welcome. Click here for Marty's Blog

Back from Chicago and a small milestone

Welp, spent all week in Chicago (again). I like that city. I recommend The Palmer House Hilton if you are staying in Chicago.

Nice place. I know my friend Nigel is "W" fan, and theres one of those too.

As for the milestone, Blogger.com tells me that THIS post is #701. 700 posts! I don't know how much of a milestone that is, but I think it's pretty cool.

Beer:30

Thursday, August 24

IBM Buys ISS for 1.3B

Okay, so IBM bought ISS. Interesting.

Now, in recent years IBM has kinda ditched their software/hardware business and have went more MSSP, (Managed Services). Did IBM buy ISS for that? Did they buy them to enhance their customer base? Did they buy them to suddenly jump both feet directly into the Security space?

My good friend Alan Shimel had this to say:

"[...] ISS for years has been growing more and more services and less and less software revenue. In fact some might claim they were more a services company than a software company. Also, to a certain extent was ISS part of the walking dead. Still a player, but frankly not keeping up with cutting edge stuff and living on their reputation. [...] I think Tom Noonan and the rest of the ISS team should be congratulated on bringing this ship into port. The real question is what does IBM do with this company. Do they emphasize the services and research or do they revitalize the product line up. Time will tell. It certainly makes for excitement in the security industry though."

Interesting.

Wednesday, August 23

IBM Buys ISS for 1.3B

Okay, so IBM bought ISS. Interesting.

Now, in recent years IBM has kinda ditched their software/hardware business and have went more MSSP, (Managed Services). Did IBM buy ISS for that? Did they buy them to enhance their customer base? Did they buy them to suddenly jump both feet directly into the Security space?

My good friend Alan Shimel had this to say:

"[...] ISS for years has been growing more and more services and less and less software revenue. In fact some might claim they were more a services company than a software company. Also, to a certain extent was ISS part of the walking dead. Still a player, but frankly not keeping up with cutting edge stuff and living on their reputation. [...] I think Tom Noonan and the rest of the ISS team should be congratulated on bringing this ship into port. The real question is what does IBM do with this company. Do they emphasize the services and research or do they revitalize the product line up. Time will tell. It certainly makes for excitement in the security industry though."

Interesting.

Thursday, August 17

Star Wars Episode 3: A Lost Hope

Click here

This is pretty damn funny. Someone made a 6 minute long paroday of Episode 3. Very well done, pretty damn funny too.

Star Wars Episode 3: A Lost Hope

Click here

This is pretty damn funny. Someone made a 6 minute long paroday of Episode 3. Very well done, pretty damn funny too.

Stephen Colbert loses it

This is back when Colbert was on the Daily Show, and if you watch Colbert now, you have to wonder how he doesn't crack up at himself.

But he loses it here...

Funny

A funny picture my friend Nigel sent me yesterday.

Credit goes to whomever made it.

Stephen Colbert loses it

This is back when Colbert was on the Daily Show, and if you watch Colbert now, you have to wonder how he doesn't crack up at himself.

But he loses it here...

Funny

A funny picture my friend Nigel sent me yesterday.

Credit goes to whomever made it.

Sunday, August 13

Out to visit all the mac stores

Apparently this guy is out to visit all the Apple Stores there are.

Apparently someone Dugg my mac.com site. I'm a big geek.

read more | digg story

Out to visit all the mac stores

Apparently this guy is out to visit all the Apple Stores there are.

Apparently someone Dugg my mac.com site. I'm a big geek.

read more | digg story

Wednesday, August 9

Leopard vs. Vista

Apparently, Paul Thermott over here is a Windows fan.

OKay.

I'm an Apple fan. While he does bring up some good points, leaves out some others, and basically rants about how little of a significance stuff like 'Time Machine's' graphics are (Apple does this to LOOK GOOD, that why it's done), he does bring up some good points.

One he leaves out, and I think of people missed..

Leopard introduces the ability to make a Dashboard widget out of any website. To have live content on the Desktop. MS did this awhile ago.. It's called 'Active Desktop', agreed, not as pretty, and very clunky, but it's done tech.

Leopard vs. Vista

Apparently, Paul Thermott over here is a Windows fan.

OKay.

I'm an Apple fan. While he does bring up some good points, leaves out some others, and basically rants about how little of a significance stuff like 'Time Machine's' graphics are (Apple does this to LOOK GOOD, that why it's done), he does bring up some good points.

One he leaves out, and I think of people missed..

Leopard introduces the ability to make a Dashboard widget out of any website. To have live content on the Desktop. MS did this awhile ago.. It's called 'Active Desktop', agreed, not as pretty, and very clunky, but it's done tech.

MS 06-040

Been reading alot about MS06-040. Apparently this is going around the internet as being 'THE' thing. THE next vulnerability. Now, I've also seen alot of people trying to run around writing Snort signatures for it.

Be honest with you.. these signatures are not written by normal humans... :) The VRT team is 'Above the Rim' when it comes to netbios rules. Netbios rules are like, easily the most difficult rules written, and perhaps the hardest to understand. I teach rule classes all the time, and let me tell you, when I put a netbios rule up on the screen, after i get done teaching pcre, and byte_test, byte_jump.. students still don't understand it. So, if you have a Sourcefire rules subscription for VRT rules, go grab these guys. If you don't, well you'll have to wait 5 days. But these rules are exactly the reason that you should buy a subscription. This is why one is needed.

So, let me just say... today, we published rules for these guys. Check out the vulnerability notice we put out today here Also here:

Sunday, August 6

Apple stuffz

Okay, I'm Blogging from an Apple Store in Tampa, Fl.

(I got to alot of Apple Stores)

Apple Store visit

Couple questions I've overheard from the people at the store:

"Should I get the 17 or the 20 in iMac". Price isn't the issue, it's whether or not to get the 17 or the 20. UM GET THE 20!

"Should I get the 30G or the 60G iPod". 60. no question.

One note. People love these stores. Have you ever been to one? No? Go to one. Find one and go. I'll wait here.

Apple stuffz

Okay, I'm Blogging from an Apple Store in Tampa, Fl.

(I got to alot of Apple Stores)

Apple Store visit

Couple questions I've overheard from the people at the store:

"Should I get the 17 or the 20 in iMac". Price isn't the issue, it's whether or not to get the 17 or the 20. UM GET THE 20!

"Should I get the 30G or the 60G iPod". 60. no question.

One note. People love these stores. Have you ever been to one? No? Go to one. Find one and go. I'll wait here.

Tuesday, August 1

(mutt|muttng)

Lets just give this a shot people, okay?

If you are using a *nix based client, (or even cygwin), give (mutt|muttng) a shot would you? I have been using muttng for about two months now, recently tried to use Apple's Mail.app again, and it irritated me. Muttng is SO much better.

Give it a shot. Just for a month. You'll be hooked.

It takes a bit to set it up, (i'm not going to lie), but it is SO worth it.

(mutt|muttng)

Lets just give this a shot people, okay?

If you are using a *nix based client, (or even cygwin), give (mutt|muttng) a shot would you? I have been using muttng for about two months now, recently tried to use Apple's Mail.app again, and it irritated me. Muttng is SO much better.

Give it a shot. Just for a month. You'll be hooked.

It takes a bit to set it up, (i'm not going to lie), but it is SO worth it.

Monday, July 31

For my MacBook Pro readers

Hey all. If you have a MacBook Pro, 15in type..

You may be entitled to a brand new battery. Click here, and go get it

For my MacBook Pro readers

Hey all. If you have a MacBook Pro, 15in type..

You may be entitled to a brand new battery. Click here, and go get it

Saturday, July 29

Blog was down

Sorry about that everyone. The Blog was down. I got emails from several people notifying me of this. I appreciate it. Keep them coming.

I was mucking around with a couple networking processes and forgot to reset one. All is well now.

Blog was down

Sorry about that everyone. The Blog was down. I got emails from several people notifying me of this. I appreciate it. Keep them coming.

I was mucking around with a couple networking processes and forgot to reset one. All is well now.

Thursday, July 27

MacBook Complaints

Okay,

Recently I've been reading alot of stuff about the complaints people have had with the MacBooks. Now, I can't speak as to the whining noise that is heard (other than it may be a fan that is caught up...)

But the discoloration. I've heard alot about this 'mysterious miscoloration' that is taking place on the palmrest area of the MacBook.

Well, go take a look at this link, or even at the picture below.



Look at the discoloration. There are four major spots. Left and right. Where the wrists sit. On the mouse bad button, where the thumb rests from clicking, and near the space bar where the thumb rests to hit the spacebar while typing. The user in the picture is obviously right hand dominant. You can see the shape of the thumb on the mousepad button!!

Now, It's a WHITE computer. You have dirty hands. And you guys are complaining because of the discoloration? How about, 'wash your hands before using the computer'!? Whats up with that little tidbit?

I use a powerbook, its metal. But even the dirt on my hands transfers to the medium after months of use. I clean it, it goes away, end of story.

Use your brains people. It's not Apple's fault that there is a 'weird discoloration', if you people knew what soap was, you wouldn't have the problem.

"Stop making fun of us." - Microsoft

A picture that brings new meaning to Microsoft "Avenger".

read more | digg story

MacBook Complaints

Okay,

Recently I've been reading alot of stuff about the complaints people have had with the MacBooks. Now, I can't speak as to the whining noise that is heard (other than it may be a fan that is caught up...)

But the discoloration. I've heard alot about this 'mysterious miscoloration' that is taking place on the palmrest area of the MacBook.

Well, go take a look at this link, or even at the picture below.



Look at the discoloration. There are four major spots. Left and right. Where the wrists sit. On the mouse bad button, where the thumb rests from clicking, and near the space bar where the thumb rests to hit the spacebar while typing. The user in the picture is obviously right hand dominant. You can see the shape of the thumb on the mousepad button!!

Now, It's a WHITE computer. You have dirty hands. And you guys are complaining because of the discoloration? How about, 'wash your hands before using the computer'!? Whats up with that little tidbit?

I use a powerbook, its metal. But even the dirt on my hands transfers to the medium after months of use. I clean it, it goes away, end of story.

Use your brains people. It's not Apple's fault that there is a 'weird discoloration', if you people knew what soap was, you wouldn't have the problem.

"Stop making fun of us." - Microsoft

A picture that brings new meaning to Microsoft "Avenger".

read more | digg story

Monday, July 24

For Nigel



Nigel, buddy, this is for you.

Jamaica Trip

Okay, well, I got around to posting some of the pictures I took while I was in Jamaica last week.

Go here to view the pictures.

Click here for pictures

For Nigel



Nigel, buddy, this is for you.

Wednesday, July 19

Office Space Super Friends

Office Space Super Friends

I'm in Jamaica

Well all, I'm in Jamaica. It's nice down here (temperature wise), however, it looks like the country has seen better days. Of course, I'm in Downtown Kingston, not in Montego Bay, where I am told, it is much nicer.

Anyway.

Here's some pictures out of the window of my hotel.

http://tinyurl.com/gn22q

Enjoy.

Thursday, July 13

Two more down

Well, I've been to two more Apple Stores. Ten now.

http://web.mac.com/joel.esler

Go see.