Wednesday, May 28

Apple also released Security Update 2008-003

  • AFP Server

Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich
  • Apache

Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.
  • AppKit

Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

  • Apple Pixlet Video

Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.
  • ATS
Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College
  • CFNetwork

Issue: Vulnerability leading to disclosure of sensitive information
Solution: User prompts
  • CoreFoundation

Issue: Vulnerability leading to unexpected application termination or
arbitrary code execution
Solution: Additional validation of length parameters.
  • CoreGraphics
Issue: Vulnerability that may lead to an unexpected application
termination or arbitrary code execution
Solution: Proper initialization of pointers
  • CoreTypes

Issue: Lack of prompting against opening "certain potentially unsafe
content types" in Automator, Help, Safari, and Terminal
Solution: Enhancements to Download Validation in Mac OS X v10.4, and
Quarantine in Mac OS X v10.5
Credit: Brian Mastenbrook
  • CUPS
Issue: Information disclosure
Solution: Validation of environment variables
  • Flash Player Plug-in

Issue: Arbitrary code execution
Solution: Updating to version 9.0.124.0
  • Help Viewer

Issue: Vulnerability to application termination or arbitrary code
execution
Solution: Improved bounds checking
Credit: to Paul Haddad of PTH Consulting
  • iCal

Issue: Vulnerability to unexpected application termination or
arbitrary
code execution
Solution: "Improving reference counting in the affected code"
Note: This issue only affects pre-Mac OS X 10.5 systems.
Credit: Rodrigo Carvalho of Core Security Technologies
  • International Components for Unicode

Issue: Disclosure of sensitive information
Solution: "...replacing invalid character sequences with a fallback
character."
  • Image Capture

Issue: Path traversal vulnerability
Solution: Improved URL handling

Issue: Privilege elevation
Solution: Improved handling of temporary files
  • ImageIO

Issue: Out-of-bounds memory read leading to information
disclosure
Solution: Additional validation of BMP and GIF images
Credit: Gynvael Coldwind of Hispasec

Issue: Multiple vulnerabilities in libpng version 1.2.18
Solution: Updating to version 1.2.24

Issue: Vulnerability to unexpected application termination or
arbitrary code execution
Solution: Additional validation of JPEG2000 images.
  • Kernel

Issue: Remote vulnerability to unexpected system shutdown due
to undetected failure condition
Solution: Proper detection of the failure condition.

Issue: Local user vulnerability to unexpected system shutdown
due to mishandling of code signatures
Solution: Perform additional validation of code signatures
  • LoginWindow

Issue: Race condition preventing MCX preferences being applied
Solution: Eliminate the race condition
  • Mail

Issue: IPv6 vulnerability leading to unexpected application
termination, information disclosure, or arbitrary code execution
Solution: Properly initializing variable.
Credit: Derek Morr of The Pennsylvania State University
  • ruby

Issue: Remote vulnerability
Solution: Mongrel updated to version 1.1.4
  • Single Sign-On

Issue: Password disclosure in sso_util
Solution: Make password parameter optional, force sso_util to promp
Credit: Geoff Franks of Hauptman Woodward Institute
  • Wiki Server

Issue: Remote vulnerability to information disclosure
Solution: Improved handling of error messages
Credit: Don Rainwater of the University of Cincinnati

Apple also released Security Update 2008-003

  • AFP Server

Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich
  • Apache

Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.
  • AppKit

Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

  • Apple Pixlet Video

Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.
  • ATS
Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College
  • CFNetwork

Issue: Vulnerability leading to disclosure of sensitive information
Solution: User prompts
  • CoreFoundation

Issue: Vulnerability leading to unexpected application termination or
arbitrary code execution
Solution: Additional validation of length parameters.
  • CoreGraphics
Issue: Vulnerability that may lead to an unexpected application
termination or arbitrary code execution
Solution: Proper initialization of pointers
  • CoreTypes

Issue: Lack of prompting against opening "certain potentially unsafe
content types" in Automator, Help, Safari, and Terminal
Solution: Enhancements to Download Validation in Mac OS X v10.4, and
Quarantine in Mac OS X v10.5
Credit: Brian Mastenbrook
  • CUPS
Issue: Information disclosure
Solution: Validation of environment variables
  • Flash Player Plug-in

Issue: Arbitrary code execution
Solution: Updating to version 9.0.124.0
  • Help Viewer

Issue: Vulnerability to application termination or arbitrary code
execution
Solution: Improved bounds checking
Credit: to Paul Haddad of PTH Consulting
  • iCal

Issue: Vulnerability to unexpected application termination or
arbitrary
code execution
Solution: "Improving reference counting in the affected code"
Note: This issue only affects pre-Mac OS X 10.5 systems.
Credit: Rodrigo Carvalho of Core Security Technologies
  • International Components for Unicode

Issue: Disclosure of sensitive information
Solution: "...replacing invalid character sequences with a fallback
character."
  • Image Capture

Issue: Path traversal vulnerability
Solution: Improved URL handling

Issue: Privilege elevation
Solution: Improved handling of temporary files
  • ImageIO

Issue: Out-of-bounds memory read leading to information
disclosure
Solution: Additional validation of BMP and GIF images
Credit: Gynvael Coldwind of Hispasec

Issue: Multiple vulnerabilities in libpng version 1.2.18
Solution: Updating to version 1.2.24

Issue: Vulnerability to unexpected application termination or
arbitrary code execution
Solution: Additional validation of JPEG2000 images.
  • Kernel

Issue: Remote vulnerability to unexpected system shutdown due
to undetected failure condition
Solution: Proper detection of the failure condition.

Issue: Local user vulnerability to unexpected system shutdown
due to mishandling of code signatures
Solution: Perform additional validation of code signatures
  • LoginWindow

Issue: Race condition preventing MCX preferences being applied
Solution: Eliminate the race condition
  • Mail

Issue: IPv6 vulnerability leading to unexpected application
termination, information disclosure, or arbitrary code execution
Solution: Properly initializing variable.
Credit: Derek Morr of The Pennsylvania State University
  • ruby

Issue: Remote vulnerability
Solution: Mongrel updated to version 1.1.4
  • Single Sign-On

Issue: Password disclosure in sso_util
Solution: Make password parameter optional, force sso_util to promp
Credit: Geoff Franks of Hauptman Woodward Institute
  • Wiki Server

Issue: Remote vulnerability to information disclosure
Solution: Improved handling of error messages
Credit: Don Rainwater of the University of Cincinnati

Apple posts Mac OS X 10.5.3 Update

Apple has released the 10.5.3 update for OSX Leopard.  I'll install it and let you know my feedback, however, in the meantime, here is a list of issues that have been fixed.

  • General

Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
Addresses an issue with stuttering video and audio playback in certain USB devices.
Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
Fixes an issue in which certain attached hard drives may not show up in the Finder.
Addresses an issue with .Mac syncing of Dashboard widgets over multiple Macs that use different screen resolutions.
Includes additional RAW image support for several cameras.
Improves the accuracy of the Software Update progress bar indicator.
Addresses an issue in which Finder may not be available if the computer name is blank in Sharing preferences.
Improves Active Directory binding and login.
Eliminates a delay when logging in as an Active Directory user in a .local domain.
Improves Spotlight searches on a AFP file server volumes.
Clients can now change their password at the login window when bound to a Mac OS X 10.4 Open Directory server.
Improves Safari reliability when connecting to the Internet through a Microsoft ISA proxy.

  • Address Book

Addresses reliability issues when searching for contacts using built-in search.
Resolves issues with mapping addresses that contain an ampersand character (&).

  • AirPort

Improves 802.1X behavior and reliability.
Improves reliability when using Time Capsule.

  • Automator

Addresses an issue in which some actions may not work with the "Show When Run" option enabled.
Resolves an issue in which the "New iCal Event" action may not work.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Fixes reliability issues for Automator scripts that search for files by date.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Addresses an issue in which Automator workflows as Finder plugins do not work when the workflow begins with the "Get Selected Finder Items" action.
Fixes an issue in which the "Copy Files" action does not reliably work when added from Automator’s warning dialog.

  • iCal

Addresses potential privacy issues by allowing events to be marked as private.
Resolves an issue in which the inspector does not show capacity and availability info for conference rooms within a building.
Addresses an issue in which the current day could appear in the left-most column of the weekly view.
Addresses reliability issues with meeting alarms, invitations and attachments.
Resolves issues with reliability when restoring from iCal backups.
Fixes accuracy issues with auto-completion, availability data and location names.
Resolves an issue in which iCal may send cancellation notices for events in the past after a calendar is deleted.
Fixes reliability issues with iCal syncing.

  • iChat

Addresses reliability issues with screen sharing.
Resolves an issue in which saved chat transcripts may reported as "still in use" after opening and closing them in iChat.
Resolves an issue with group chats not being indexed in Spotlight.
Only the last 250 messages of an active chat are saved. Fixed to save unlimited number of lines.
Addresses issues with echo cancellation that may occur on portable Macs.

  • Mail

Resolves an issue in which Mail may prevent idle sleep when set to automatically check for new messages every minute.
Addresses stability issues that may be encountered when dragging large attachments into an email message.
Fixes an issue that could occur if two compose windows are open when dragging a file to the Mail icon in the Dock.
Addresses reliability issues when changes are made to a mailbox while offline.
Resolves wrapping issues that may be found with consecutive spaces in plain text.
Fixes issues with certain web pages appearing garbled when emailed from Safari.
Fixes an issue in which the Sent, Drafts, and Outbox mailboxes incorrectly list the "cc" recipients in the "To" column.
Addresses reliability issues with attachments added to plain text notes.
Fixes reliability issues with authenticated RSS feeds.
Resolves an issue in which attaching an alias to an email message may not send the actual file.

  • Parental Controls

Addresses reliability issues with application logging and time limits.
Resolves an issue in which Parental Controls may prevent forced sleep.
Addresses performance issues with web content filters.
Fixes an issue with managed accounts in which iChat transcripts may not be created.
Addresses issues with 4-byte files and whitelist.

  • Spaces

Resolves an issue in which switching to a different space and returning back to the original space may reorder the application windows with a different active window.
Resolves an issue in which activating an application from the Dock switches to a different space, even if there is a window for that application in the current space.
Fixes an issue in which Command-Tab may incorrectly switch to a new space.
Addresses reliability issues with Spaces when syncing preferences over .Mac.

  • Time Machine

Includes fixes for Time Machine compatibility with Time Capsule.
Resolves certain issues when backing up a portable Mac that is on battery power.
Addresses compatibility issues with Aperture 2.
Addresses reliability issues when performing a full restore from a Time Machine backup.
Fixes an issue in which certain function keys may be disabled after using Time Machine.
Fixes a possible alert message that incorrectly states a backup volume does not have enough space.
Updates Time Machine to reliably restore attachments and messages in Mail.

  • VoiceOver

Includes Braille Update 1.0 which enables GW Micro, HandyTech, HIMS, Nippon, and Papenmeier Refreshable Braille displays.
Addresses an issue with Braille dot 7 and 8 underlining.
Fixes an issue in which HTML page anchors may be ignored by the VoiceOver cursor.
Fixes an issue that prevented Hot Spots from being used in text areas.
Resolves an issue with spell checking in which VoiceOver may only announce the first misspelled word if there are multiple words spelled incorrectly.

 Subscribe in a reader

Lack of posts

Sorry about the recent lack of posts, wife, daughter, mother-in-law, and I were at Disney world all last week, so I didn't have any posts while on the road. My brain is currently fried as I've read about 2000 emails in the past two days. So I'll get back into blogging here in a day or so.

Subscribe in a reader

Podcast Episode Five has been released!

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 5 this morning. We had a special guest with us! Larry Pesce of PaulDotCom Security Weekly! The guys over at PaulDotCom do a great job, and we loved having Larry on the show! Congradulations to Paul, as he is home with a new baby!

Don't forget the Live Podcast that we are doing at SANSFIRE on July 23rd at 8pm.

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!

Apple posts Mac OS X 10.5.3 Update

Apple has released the 10.5.3 update for OSX Leopard.  I'll install it and let you know my feedback, however, in the meantime, here is a list of issues that have been fixed.

  • General

Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
Addresses an issue with stuttering video and audio playback in certain USB devices.
Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
Fixes an issue in which certain attached hard drives may not show up in the Finder.
Addresses an issue with .Mac syncing of Dashboard widgets over multiple Macs that use different screen resolutions.
Includes additional RAW image support for several cameras.
Improves the accuracy of the Software Update progress bar indicator.
Addresses an issue in which Finder may not be available if the computer name is blank in Sharing preferences.
Improves Active Directory binding and login.
Eliminates a delay when logging in as an Active Directory user in a .local domain.
Improves Spotlight searches on a AFP file server volumes.
Clients can now change their password at the login window when bound to a Mac OS X 10.4 Open Directory server.
Improves Safari reliability when connecting to the Internet through a Microsoft ISA proxy.

  • Address Book

Addresses reliability issues when searching for contacts using built-in search.
Resolves issues with mapping addresses that contain an ampersand character (&).

  • AirPort

Improves 802.1X behavior and reliability.
Improves reliability when using Time Capsule.

  • Automator

Addresses an issue in which some actions may not work with the "Show When Run" option enabled.
Resolves an issue in which the "New iCal Event" action may not work.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Fixes reliability issues for Automator scripts that search for files by date.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Addresses an issue in which Automator workflows as Finder plugins do not work when the workflow begins with the "Get Selected Finder Items" action.
Fixes an issue in which the "Copy Files" action does not reliably work when added from Automator’s warning dialog.

  • iCal

Addresses potential privacy issues by allowing events to be marked as private.
Resolves an issue in which the inspector does not show capacity and availability info for conference rooms within a building.
Addresses an issue in which the current day could appear in the left-most column of the weekly view.
Addresses reliability issues with meeting alarms, invitations and attachments.
Resolves issues with reliability when restoring from iCal backups.
Fixes accuracy issues with auto-completion, availability data and location names.
Resolves an issue in which iCal may send cancellation notices for events in the past after a calendar is deleted.
Fixes reliability issues with iCal syncing.

  • iChat

Addresses reliability issues with screen sharing.
Resolves an issue in which saved chat transcripts may reported as "still in use" after opening and closing them in iChat.
Resolves an issue with group chats not being indexed in Spotlight.
Only the last 250 messages of an active chat are saved. Fixed to save unlimited number of lines.
Addresses issues with echo cancellation that may occur on portable Macs.

  • Mail

Resolves an issue in which Mail may prevent idle sleep when set to automatically check for new messages every minute.
Addresses stability issues that may be encountered when dragging large attachments into an email message.
Fixes an issue that could occur if two compose windows are open when dragging a file to the Mail icon in the Dock.
Addresses reliability issues when changes are made to a mailbox while offline.
Resolves wrapping issues that may be found with consecutive spaces in plain text.
Fixes issues with certain web pages appearing garbled when emailed from Safari.
Fixes an issue in which the Sent, Drafts, and Outbox mailboxes incorrectly list the "cc" recipients in the "To" column.
Addresses reliability issues with attachments added to plain text notes.
Fixes reliability issues with authenticated RSS feeds.
Resolves an issue in which attaching an alias to an email message may not send the actual file.

  • Parental Controls

Addresses reliability issues with application logging and time limits.
Resolves an issue in which Parental Controls may prevent forced sleep.
Addresses performance issues with web content filters.
Fixes an issue with managed accounts in which iChat transcripts may not be created.
Addresses issues with 4-byte files and whitelist.

  • Spaces

Resolves an issue in which switching to a different space and returning back to the original space may reorder the application windows with a different active window.
Resolves an issue in which activating an application from the Dock switches to a different space, even if there is a window for that application in the current space.
Fixes an issue in which Command-Tab may incorrectly switch to a new space.
Addresses reliability issues with Spaces when syncing preferences over .Mac.

  • Time Machine

Includes fixes for Time Machine compatibility with Time Capsule.
Resolves certain issues when backing up a portable Mac that is on battery power.
Addresses compatibility issues with Aperture 2.
Addresses reliability issues when performing a full restore from a Time Machine backup.
Fixes an issue in which certain function keys may be disabled after using Time Machine.
Fixes a possible alert message that incorrectly states a backup volume does not have enough space.
Updates Time Machine to reliably restore attachments and messages in Mail.

  • VoiceOver

Includes Braille Update 1.0 which enables GW Micro, HandyTech, HIMS, Nippon, and Papenmeier Refreshable Braille displays.
Addresses an issue with Braille dot 7 and 8 underlining.
Fixes an issue in which HTML page anchors may be ignored by the VoiceOver cursor.
Fixes an issue that prevented Hot Spots from being used in text areas.
Resolves an issue with spell checking in which VoiceOver may only announce the first misspelled word if there are multiple words spelled incorrectly.

 Subscribe in a reader

Lack of posts

Sorry about the recent lack of posts, wife, daughter, mother-in-law, and I were at Disney world all last week, so I didn't have any posts while on the road. My brain is currently fried as I've read about 2000 emails in the past two days. So I'll get back into blogging here in a day or so.

Subscribe in a reader

Podcast Episode Five has been released!

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 5 this morning. We had a special guest with us! Larry Pesce of PaulDotCom Security Weekly! The guys over at PaulDotCom do a great job, and we loved having Larry on the show! Congradulations to Paul, as he is home with a new baby!

Don't forget the Live Podcast that we are doing at SANSFIRE on July 23rd at 8pm.

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!

Tuesday, May 20

Podcast Episode Four released

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!



 Subscribe in a reader

Podcast Episode Four released

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!



 Subscribe in a reader

Thursday, May 15

Apple Blogger's Network

Hey everyone, if you like/love Apple products and are interested in following a spliced feed from a bunch of different Bloggers who ALSO love Apple, be sure and subscribe to the Apple Blogger's Network.  There are all kinds of interesting ideas and posts, all from people who love to use and talk about Apple products.

If YOU are a person that is interested in blogging about Apple, if you have an Apple Blog, etc, please email me here, and i'll send you an invitation.  All the network is is an aggregate feed for a bunch of blogs, so you will see some non-Apple posts, however, it makes for a great read!

 Subscribe in a reader

Apple Blogger's Network

Hey everyone, if you like/love Apple products and are interested in following a spliced feed from a bunch of different Bloggers who ALSO love Apple, be sure and subscribe to the Apple Blogger's Network.  There are all kinds of interesting ideas and posts, all from people who love to use and talk about Apple products.

If YOU are a person that is interested in blogging about Apple, if you have an Apple Blog, etc, please email me here, and i'll send you an invitation.  All the network is is an aggregate feed for a bunch of blogs, so you will see some non-Apple posts, however, it makes for a great read!

 Subscribe in a reader

Debian ftw?

So, all you Debian users your ssh is ftl.

All the other security blogs are covering it at this point, (so I won't, much) however, it is of high concern, so hopefully you are/have regen'ed all your ssh/ssl keys by now.  

We will probably move the ISC to Yellow at some point today to raise awareness.

 Subscribe in a reader

Debian ftw?

So, all you Debian users your ssh is ftl.

All the other security blogs are covering it at this point, (so I won't, much) however, it is of high concern, so hopefully you are/have regen'ed all your ssh/ssl keys by now.  

We will probably move the ISC to Yellow at some point today to raise awareness.

 Subscribe in a reader

Friday, May 9

Live Stream from my Office

Just playing around with a live stream from my office on Stickam.  Feel free to pop in and say hello if you want, you'll know if I am in there, I'll be there, I'll have the audio off the majority of the time unless I'm in the office and someone asks me a question.  But I'll have the camera on.  I put the link over there on the right as well (Live stream from my office)  But here is the link as well.  This is the office where I record the Internet Storm Center Podcast as well, so soon, I might be able to get that going on there.

 Subscribe in a reader

Live Stream from my Office

Just playing around with a live stream from my office on Stickam.  Feel free to pop in and say hello if you want, you'll know if I am in there, I'll be there, I'll have the audio off the majority of the time unless I'm in the office and someone asks me a question.  But I'll have the camera on.  I put the link over there on the right as well (Live stream from my office)  But here is the link as well.  This is the office where I record the Internet Storm Center Podcast as well, so soon, I might be able to get that going on there.

 Subscribe in a reader

Thursday, May 8

Live Podcast

Hey everyone, just to kinda tease you a bit, the Internet Storm Center is planning a live Podcast for SANSFIRE 2008. We are going to have a special event, with some surprise guest hosts and everything. We don't have dates nailed down yet, but if you are going to be at SANSFIRE 2008, please feel free to email me at my contact link, or follow me on Twitter (both links at the top of the blog). Of course I will be updating here as well, but we've got something special planned!

Hope to see you there, we hope to have a great turn out!

Subscribe in a reader

Live Podcast

Hey everyone, just to kinda tease you a bit, the Internet Storm Center is planning a live Podcast for SANSFIRE 2008. We are going to have a special event, with some surprise guest hosts and everything. We don't have dates nailed down yet, but if you are going to be at SANSFIRE 2008, please feel free to email me at my contact link, or follow me on Twitter (both links at the top of the blog). Of course I will be updating here as well, but we've got something special planned!

Hope to see you there, we hope to have a great turn out!

Subscribe in a reader

Wednesday, May 7

Things I was Googled for

Here we are with Episode 2 of the "Things I was Google for Blog Entries"

"san antonio 2006 war" -- I have no idea why you wound up here. I've been to San Antonio, once, and I thought it was nice.

"kevin spacey star wars" -- Dude, hilarious. I know how you got here. This entry right here. My God that's funny.

"$8 gas" -- Gas is going to get to 8 bucks, I hope soon they do something about it. I wanna drive my Hummer. (No, I don't actually have a Hummer)

"isc podcast" -- Yup, that's the podcast I host. Check it out right here. http://isc.sans.org/podcast.xml

"relay transfer skype" -- You probably got here because of the article on Skype that I wrote. Read it.

"gdbm tiger" -- Here you go. You are probably trying to get gdbm working on OS X Tiger. Go here.

"GTD" -- GTD, stands for "Getting Things Done" I have a whole category of posts about it.

"weather.com-local weather page" -- I have no idea how you wound up on my page. haha. I'm not the weather site.

"killbits" -- You are looking for some information about Microsoft Killbits.

"army 'change of lifestyle' discharge" -- I used to be in the Army, but I still don't know how you wound up here. A Change of Lifestyle discharge is for people that win the lottery or something while in the military. It changes their lifestyle. The Army usually lets you out for this kind of thing. However, if you won the lottery, you shouldn't be Googling. Go use your open door policy and talk to your Battalion Commander.

Until next time. Happy Googling.

Subscribe in a reader

Things I was Googled for

Here we are with Episode 2 of the "Things I was Google for Blog Entries"

"san antonio 2006 war" -- I have no idea why you wound up here. I've been to San Antonio, once, and I thought it was nice.

"kevin spacey star wars" -- Dude, hilarious. I know how you got here. This entry right here. My God that's funny.

"$8 gas" -- Gas is going to get to 8 bucks, I hope soon they do something about it. I wanna drive my Hummer. (No, I don't actually have a Hummer)

"isc podcast" -- Yup, that's the podcast I host. Check it out right here. http://isc.sans.org/podcast.xml

"relay transfer skype" -- You probably got here because of the article on Skype that I wrote. Read it.

"gdbm tiger" -- Here you go. You are probably trying to get gdbm working on OS X Tiger. Go here.

"GTD" -- GTD, stands for "Getting Things Done" I have a whole category of posts about it.

"weather.com-local weather page" -- I have no idea how you wound up on my page. haha. I'm not the weather site.

"killbits" -- You are looking for some information about Microsoft Killbits.

"army 'change of lifestyle' discharge" -- I used to be in the Army, but I still don't know how you wound up here. A Change of Lifestyle discharge is for people that win the lottery or something while in the military. It changes their lifestyle. The Army usually lets you out for this kind of thing. However, if you won the lottery, you shouldn't be Googling. Go use your open door policy and talk to your Battalion Commander.

Until next time. Happy Googling.

Subscribe in a reader

Friday, May 2

Podcast update

It seems that little experiment we tried with the Internet Storm Center podcast paid off.  We released Episode 3 of the Podcast yesterday, and we have already received over 5000 downloads in 24 hours.  Seems we are going quite well.  

Thanks to all of you that listen, every episode is getting better.  We are soliciting feedback, I've received about 10 emails this morning about the podcast, so if you have a suggestion, please feel free to click "contact" up above and jot me an email.  Thanks.

 Subscribe in a reader

900 posts

In true Joel Esler fashion...  I've reached the 900 post point.  Milestone for me I guess.  See you at 1000!

 Subscribe in a reader

Podcast update

It seems that little experiment we tried with the Internet Storm Center podcast paid off.  We released Episode 3 of the Podcast yesterday, and we have already received over 5000 downloads in 24 hours.  Seems we are going quite well.  

Thanks to all of you that listen, every episode is getting better.  We are soliciting feedback, I've received about 10 emails this morning about the podcast, so if you have a suggestion, please feel free to click "contact" up above and jot me an email.  Thanks.

 Subscribe in a reader

900 posts

In true Joel Esler fashion...  I've reached the 900 post point.  Milestone for me I guess.  See you at 1000!

 Subscribe in a reader

Thursday, May 1

What went wrong with the Podcast?

This morning we had a reader write into the Internet Storm Center telling us that the intro music and the outro music was there but there was no vocal track on the podcast.

Turns out what happened was, when I copied and pasted the vocals from the track that I recorded the podcast on into the template I have set up for music and what not, it overwrote the vocal track.  

It's hard to describe, but basically Garageband overwrote itself, so the vocal track ceased to exist.  What a pain.  So, here I am this morning panicking to myself saying 'oh crap I erased the vocal, we'll have to re-record, blah blah'.  

Then I thought about it, I have Time Machine.  I know my laptop backed up to Time Machine after I recorded the podcast right?  So I went to my ~/Music/Garageband folder, and hit the Time machine button, went back in time till yesterday at 7 pm between the time when we got done recording the podcast and I saved it, to when I edited the podcast and put music in it at about 830 pm.  There was the original recording, I clicked restore and Time Machine asked me if I wanted to keep the old one, the new one, or both.  I clicked both.    Then I was able to get the audio from one session to another successfully, then mix it down to mp3.

Worked great.  Thank you Apple.  Thank you Time Machine.  If I didn't have time machine we would have had to re-record the podcast, because of a stupid copy and paste error that I made.  Saved me about 3 hours worth of work.  Awesome.

 Subscribe in a reader

ISC Podcast Episode 3

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast. Available via iTunes here, and for you non-iTunes users, here.

 Subscribe in a reader

Apple's Safari Market Share on Windows Tripled!

Normally I'd be excited about this, but I am not.  Not really.  Since the way that Apple went about was slightly shady.  I wrote about it here.  And Apple did exactly as I thought they were going to do and trumpet the fact that they now have three times the market share that they used to, but they did it in kind of a shady way.  I called it!

 Subscribe in a reader

What went wrong with the Podcast?

This morning we had a reader write into the Internet Storm Center telling us that the intro music and the outro music was there but there was no vocal track on the podcast.

Turns out what happened was, when I copied and pasted the vocals from the track that I recorded the podcast on into the template I have set up for music and what not, it overwrote the vocal track.  

It's hard to describe, but basically Garageband overwrote itself, so the vocal track ceased to exist.  What a pain.  So, here I am this morning panicking to myself saying 'oh crap I erased the vocal, we'll have to re-record, blah blah'.  

Then I thought about it, I have Time Machine.  I know my laptop backed up to Time Machine after I recorded the podcast right?  So I went to my ~/Music/Garageband folder, and hit the Time machine button, went back in time till yesterday at 7 pm between the time when we got done recording the podcast and I saved it, to when I edited the podcast and put music in it at about 830 pm.  There was the original recording, I clicked restore and Time Machine asked me if I wanted to keep the old one, the new one, or both.  I clicked both.    Then I was able to get the audio from one session to another successfully, then mix it down to mp3.

Worked great.  Thank you Apple.  Thank you Time Machine.  If I didn't have time machine we would have had to re-record the podcast, because of a stupid copy and paste error that I made.  Saved me about 3 hours worth of work.  Awesome.

 Subscribe in a reader

ISC Podcast Episode 3

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast. Available via iTunes here, and for you non-iTunes users, here.

 Subscribe in a reader