Skip to main content

Posts

Showing posts from 2006

The Snort Top 10

I work with SNORT®..... constantly. It's my job to do so. I've been using Snort for many years, I teach classes on how to configure it, I teach classes on how to write Snort rules. I've been using Snort and setting up Sourcefire and Snort devices on hundreds of different networks for years on end now.

I am frequently asked questions, many of the questions are the same things over and over again, and I always see the same mistakes being made when setting it up. So, i've compiled a list of the top ten mistakes and commonly misconfigured or overlooked things when configuring everyone's favorite IDS.

None of these override the necessity to read the Snort manual, however. The manual supersedes all Snort books, because as great as these books are, they can't keep up with the fast-paced updates at which Snort is updated. So here goes...

1. The Snort.conf file.
Almost all your options are set in this file. This file should be read line by line, from top to bottom, taking t…

Are CAC (Common Access Cards) worth it?

A buddy of mine Richard Bejtlich, a known security blogger and consultant, had this article on his blog... I made a big long comment about it.. displayed below, and linked above...

--- begin ---

Yes. The CAC is used for signing on, email signing and encryption, web authentication, basically anything that can be done, or is done with a certificate.

It's only being used in NIPR (Unclassified) systems. It has a magnetic strip on the back that is blank, and can be coded for swipe doors at whatever location you are currently working at.. (problem is, most DOD facilities have proximity cards).

Could this be implemented in a commercial setting? Yes. But at what cost? What what expense? What do you gain out of it? When I worked for DOD, all I got out of the deal was a headache... implementation, it became our ID, which.. only SOME people accepted (like, the gate guards on post wanted our Drivers License sometimes -- grrrr) going to get a new one every three years, using it for sign-on, usin…

Are CAC (Common Access Cards) worth it?

A buddy of mine Richard Bejtlich, a known security blogger and consultant, had this article on his blog... I made a big long comment about it.. displayed below, and linked above...

--- begin ---

Yes. The CAC is used for signing on, email signing and encryption, web authentication, basically anything that can be done, or is done with a certificate.

It's only being used in NIPR (Unclassified) systems. It has a magnetic strip on the back that is blank, and can be coded for swipe doors at whatever location you are currently working at.. (problem is, most DOD facilities have proximity cards).

Could this be implemented in a commercial setting? Yes. But at what cost? What what expense? What do you gain out of it? When I worked for DOD, all I got out of the deal was a headache... implementation, it became our ID, which.. only SOME people accepted (like, the gate guards on post wanted our Drivers License sometimes -- grrrr) going to get a new one every three years, using it for sign-on, usin…

A Question for my readers

Please describe to me.. At what point does security become an operational burden?

When too many passwords, authentication mechanisms, log-on tokens, segmentation..etc... mount up.. what what point do you just say "hey, you know, this sucks!"

Please leave comments.

A Question for my readers

Please describe to me.. At what point does security become an operational burden?

When too many passwords, authentication mechanisms, log-on tokens, segmentation..etc... mount up.. what what point do you just say "hey, you know, this sucks!"

Please leave comments.

Christmas, and the holiday spirit, and Internet security

Recently, since we've all been shopping, out there paying attention to gifts, what we are going to get, and what we aren't going to get. An attack has been going on. Apparently, against my web server.

I review my weblogs (I review all my logs) on a weekly basis. Because really, what's the point in having logs if you're not going to look at them? A log that isn't looked at is a pointless log. You might as well shut off syslog if you aren't going to look at the logs. But I digress.

I review my weblogs. I have mod_security installed on my apache webserver here, so through my custom mod_security rules, I am provided with audit_log in my logging directory.

I usually get about 200 to 300 entries a week in that file. All denied.

Last week that number jumped to almost 9000. As of this morning (my logs roll over on Sunday), I had over 3000.

As I am on my blackberry I don't have a copy of the logs, so I'll post a sample entry later.

But the string I see a …

who makes up these rules?

On some flights, you can't have your phones with the wireless turned on.
Then some you can't have them on at all.
On ASA you can't fly with the windows shades down, but on delta you can.
Today we were told that laptop computers had to be completely off, and NOT in the standby mode.

Why can't we just have one set of rules? Everyone the same. The flight attendants all having the same info, so we don't have flight attendants just making stuff up arbitarily?

FAA -- is this so hard?

who makes up these rules?

On some flights, you can't have your phones with the wireless turned on.
Then some you can't have them on at all.
On ASA you can't fly with the windows shades down, but on delta you can.
Today we were told that laptop computers had to be completely off, and NOT in the standby mode.

Why can't we just have one set of rules? Everyone the same. The flight attendants all having the same info, so we don't have flight attendants just making stuff up arbitarily?

FAA -- is this so hard?

0wned

0wned

Okay New rule

Okay, New (old) rule.

When responding to a post on a mailing list, and you want to start a new thread, don't reply to someone else's thread and change the subject. Make a new email.

It messes up my threading in mutt and Mail.

Okay New rule

Okay, New (old) rule.

When responding to a post on a mailing list, and you want to start a new thread, don't reply to someone else's thread and change the subject. Make a new email.

It messes up my threading in mutt and Mail.

Plane captains in the cockpit

Why does every captain of a palne think they are a tour guide? "If you look out the right side of the plane"

What is a "seat area"? "Look around your immediate seat area for any items you may have brought on board.". What the hell is a seat area? And 'may' have brought on board?

(Yes I know that's part of a Carlin bit, but it's true!)

I hate it when people (flight attendants, gate agents, whatever) treat me like I am stupid, AFTER they thank me for being a Platinum member. Obviously if I am a platinum member I fly a lot, and obviously know that I have to take my shoes off to go through security (or something like that).

Crown rooms that are BEFORE security? Now what kind of sense does that even make?

Ah... The frustrations of travel.

-sent from 30,000 feet.

Plane captains in the cockpit

Why does every captain of a palne think they are a tour guide? "If you look out the right side of the plane"

What is a "seat area"? "Look around your immediate seat area for any items you may have brought on board.". What the hell is a seat area? And 'may' have brought on board?

(Yes I know that's part of a Carlin bit, but it's true!)

I hate it when people (flight attendants, gate agents, whatever) treat me like I am stupid, AFTER they thank me for being a Platinum member. Obviously if I am a platinum member I fly a lot, and obviously know that I have to take my shoes off to go through security (or something like that).

Crown rooms that are BEFORE security? Now what kind of sense does that even make?

Ah... The frustrations of travel.

-sent from 30,000 feet.

Zune vs. iPod

Zune vs. iPod

Smartphone switching

Okay, so for about a year and a half now, I've been using the Treo 650. It's a nice phone, except that:

A) The battery sucks.
B) Email SUCKS
C) Useability sucks

So recently, I switched to the Blackberry 8700. YES. now THIS is a nice phone. I've never used a Blackberry before, and always looked down on those who do as being "Crackberry" addicts. But now I see why. This is a nice damn phone. Battery life is excellent (lasts about 3 days while using Cell phone and email regularily), bluetooth, and the EMAIL!! OOOOH the email!!! Push technology is so freaking great.

Things I miss:

The IR port.
The extensive amount of Applications for the Palm Platform (although I haven't found a program yet that I haven't found a blackberry equivalent for)
The ability for it to charge from my laptop (Yes, I know some people have done this with their Palm [points to Roesch], but I didn't so I suck okay?)
Auto Sync.


Blackberry 10, Palm 5. 4th Quarter.

Idiot commenting

Okay, so I read ALOT of news, blogs, and websites. As does everyone now adays I suspect, we all read our share of blogs.

So why, when I read stuff like.. Digg, like Slashdot, like the Crazy Apple Rumors site, and any number of other sites that I frequent on a repetative basis, do these damn morons who make the first post, have to announce to the world that they did so?

We CAN SEE IT'S YOUR FIRST POST PEOPLE, QUIT TELLING US. You're killing me.

1. Frist post!! OMGWTF!!!!111!!ponies!!!

Go choke.

Idiot commenting

Okay, so I read ALOT of news, blogs, and websites. As does everyone now adays I suspect, we all read our share of blogs.

So why, when I read stuff like.. Digg, like Slashdot, like the Crazy Apple Rumors site, and any number of other sites that I frequent on a repetative basis, do these damn morons who make the first post, have to announce to the world that they did so?

We CAN SEE IT'S YOUR FIRST POST PEOPLE, QUIT TELLING US. You're killing me.

1. Frist post!! OMGWTF!!!!111!!ponies!!!

Go choke.

San Francisco

Alrighty, so I'm here in San Francisco. Again.

I like this town, not as much as I like Chicago, but San Fran is cool. I'm staying in Chinatown at the Hilton Financial District. I highly recommend this hotel if you are a Hilton Gold or Diamond member. (and you achieve Executive level floor). I don't know what the regular rooms are like, but the desk in this one is bad ass.

Anyway, so I am teaching this Sourcefire 3D class for my company. I really like teaching. Allows me to interact and share my thoughts on topics with several people. I like being able to get and give opinions about topics with me. Lots of fun.

The new Snort book is coming up. Should be soon. I think everything is being finalized getting ready for print. Go pick up a copy.

Delta

Following up on my post to Delta: I had someone email me and ask me how it went...

1. They refunded my ticket from ATL to AGS
2. They also gave me 10,000 miles for my problems.

However, I made Platinum Medallion in the meantime, so I don't know if they did all that stuff because I am Platinum now, or were they just being nice.

We'll see how things are different for Platinum. As much as I have flown over the past many years, I have never made Platinum, (I could have done it a couple times, but could never dedicate to one airline). I've have flown (almost) exclusively Delta in the past 9 months, and I have achieved over 85K miles in those 9 months.

I'll probably break 100K by the end of the year.

All I know is, I have a flight booked for my butt to fly to San Francisco on Monday, and I already have a First Class seat. (Delta upgrades Medallion members based on status, ticket fare, standbys...etc.. there's a bunch of criteria.) But I do know that I have the last s…

Delta

Following up on my post to Delta: I had someone email me and ask me how it went...

1. They refunded my ticket from ATL to AGS
2. They also gave me 10,000 miles for my problems.

However, I made Platinum Medallion in the meantime, so I don't know if they did all that stuff because I am Platinum now, or were they just being nice.

We'll see how things are different for Platinum. As much as I have flown over the past many years, I have never made Platinum, (I could have done it a couple times, but could never dedicate to one airline). I've have flown (almost) exclusively Delta in the past 9 months, and I have achieved over 85K miles in those 9 months.

I'll probably break 100K by the end of the year.

All I know is, I have a flight booked for my butt to fly to San Francisco on Monday, and I already have a First Class seat. (Delta upgrades Medallion members based on status, ticket fare, standbys...etc.. there's a bunch of criteria.) But I do know that I have the last s…

Baby Pictures

So, the Wife and I go and get 3D Ultrasound pictures of our baby done. It's pretty cool I think. They are hard to see IMO, but click on them to make them bigger.



Here's a picture of the baby sleeping, kinda curled up in there.

Baby Pictures

So, the Wife and I go and get 3D Ultrasound pictures of our baby done. It's pretty cool I think. They are hard to see IMO, but click on them to make them bigger.



Here's a picture of the baby sleeping, kinda curled up in there.

An OSX Background

I like Wallpapers. I'm not really a fan of any of the OSX ones that are out there, so I found one that was sort of what I wanted, ran it through a bit of Photoshop, and out popped this:

I tend to like it (i'm biased), feel free to use:

An OSX Background

I like Wallpapers. I'm not really a fan of any of the OSX ones that are out there, so I found one that was sort of what I wanted, ran it through a bit of Photoshop, and out popped this:

I tend to like it (i'm biased), feel free to use:

DCR-SR40 on OSX

How to get your Sony Handycam DCR-SR40 to work on OSX:

When you purchase the DCR-SR40 Sony Handycam, it has a link in the instruction book on where to go to purchase software to be able to use the camera with OSX. It is NOT free, and second of all, the software is absolutely horrible.

Do NOT for one second think that you can use firewire with this camera either. Nope. Also, do not assume that this camera will work with iMovie or iDVD, because it won't. Why? Well, first of all it's USB, (OSX needs firewire with Digital Video Cameras, even HDD based ones)

It won't work, it won't work, it won't work. Don't buy the crappy software suggested in the manual.

The problem is, the video that is stored on the camera is in Mpeg-2. Well. That sucks.

Steps to get it to work:

1. Plug the Camera's dock into the Mac.
2. Plug the Camera's dock into the electricty.
3. Record something
4. Plug the camera into the dock.
5. Turn the camera on, and put it in VCR mode (the …

DCR-SR40 on OSX

How to get your Sony Handycam DCR-SR40 to work on OSX:

When you purchase the DCR-SR40 Sony Handycam, it has a link in the instruction book on where to go to purchase software to be able to use the camera with OSX. It is NOT free, and second of all, the software is absolutely horrible.

Do NOT for one second think that you can use firewire with this camera either. Nope. Also, do not assume that this camera will work with iMovie or iDVD, because it won't. Why? Well, first of all it's USB, (OSX needs firewire with Digital Video Cameras, even HDD based ones)

It won't work, it won't work, it won't work. Don't buy the crappy software suggested in the manual.

The problem is, the video that is stored on the camera is in Mpeg-2. Well. That sucks.

Steps to get it to work:

1. Plug the Camera's dock into the Mac.
2. Plug the Camera's dock into the electricty.
3. Record something
4. Plug the camera into the dock.
5. Turn the camera on, and put it in VCR mode (the …

San Diego, CA

So here I am. Tired as hell, in San Diego. I have to fly back to Georgia tomorrow. Then fly to Pheonix on Friday.



I travel too much.

Picture of my wife and I in San Antonio

My boss took this picture of my wife and I on the one of the tour boats that goes around the Riverwalk in San Antonio, TX. Good times.

"But Joel, you went to San Antonio, did you take a picture of The Alamo?"

yes.

Picture of me teaching

One of my guys in my class I was teaching in Rhode Island not too long ago took this snap shot. The picture is of me assisting the screen in showing all the words. You can see the projection over running the right hand side of the screen. Heh. oh well.

San Diego, CA

So here I am. Tired as hell, in San Diego. I have to fly back to Georgia tomorrow. Then fly to Pheonix on Friday.



I travel too much.

Picture of my wife and I in San Antonio

My boss took this picture of my wife and I on the one of the tour boats that goes around the Riverwalk in San Antonio, TX. Good times.

"But Joel, you went to San Antonio, did you take a picture of The Alamo?"

yes.

Fun in Texas

As if I needed another example of why I don't live in Texas, my wife's uncle sent me these pictures of a snake inside of the motor box that controls their boat lifter. (Raises the boat up and down into the water)

Avis is stupid

I was in the line at Avis in ATL recently. I saw this sign and thought it was funny and yet dumb. Who are the advertising/marketing people that should be shoved off a cliff for this one?

Fun in Texas

As if I needed another example of why I don't live in Texas, my wife's uncle sent me these pictures of a snake inside of the motor box that controls their boat lifter. (Raises the boat up and down into the water)

Avis is stupid

I was in the line at Avis in ATL recently. I saw this sign and thought it was funny and yet dumb. Who are the advertising/marketing people that should be shoved off a cliff for this one?

American Airlines

I wound up flying First Class in American Airlines today. Let me just compliment AA. Best two flights I have ever had. Aside from being late out of ATL (which was ATL's fault, I am sure), I sat in first class, I got a meal, (vegetable pizza and a salad. it was good!), and aside from the lady who had a panic attack on the plane and had to be given oxygen.

American Airlines rox. I'd fly American Airlines if I could everytime if their service was that good every time.

American Airlines

I wound up flying First Class in American Airlines today. Let me just compliment AA. Best two flights I have ever had. Aside from being late out of ATL (which was ATL's fault, I am sure), I sat in first class, I got a meal, (vegetable pizza and a salad. it was good!), and aside from the lady who had a panic attack on the plane and had to be given oxygen.

American Airlines rox. I'd fly American Airlines if I could everytime if their service was that good every time.

More Airport fun

So, I get to the airport today, and they cancel my flight when it was almost here.

Quick Story: I am currently sitting in the Augusta, GA (AGS) airport. I was booked on flight 4293 out of Augusta to Atlanta. They apparently cancelled the connecting flight from ATL to AGS, thusly canceling the return 4293.

Since flying at 2 was going to miss my connecting flight on flight 397 from ATL to SAN. (Where I had a first class upgrade) So Delta rebooked me through American Airlines. (Where i am sitting in coach!) and I wind up getting to SAN 4 hours later.

Just another late flight where the customers get screwed going from ATL to AGS or AGS to ATL. How can ASA possibly be against the customer (stay in business doing this to their customers) this much?

Delta's response

Delta wrote me back. I believe this to be an UNACCEPTABLE response.


Dear Mr. Esler,

Thank you for your e-mail and for sharing your disappointing travel
experience with us. We welcome your comments as they assist us in the
continuous evaluation of our performance.

We regret you were inconvenienced because of a missed flight connection.
Delaying a flight for a confirmed passenger is a difficult situation for
the airlines. In the past our policy was to wait for passengers whenever
possible even at the expense of on-time performance. Now, our customers
tell us that being on time is a high priority, and we have changed our
practices to better meet these expectations.

We expect our people to do everything they can to help customers
transfer between flights; however, they have been instructed not to make
guarantees about connections. The operations supervisors in each city
are responsible for the final decision to delay a flight. They have
access to all necessary information, such as flig…

Delta sucks

Okay. I could write this big long post about how Delta sucks. But I already did. Here an email I wrote to Delta:

------------

Yesterday, October 21, 2006, I was traveling from Denver, CO to Augusta,GA and had a connection in Atlanta Hartsfield-Jackson Airport. My flight from Denver was approximately 7 minutes late in arrival (the plane had to be de-iced in DEN), so I had hustle from one gate to the next. When I got to the original gate, I was notified of a gate change of just a few more gates down the concourse.

When I arrived at the gate at 2:55 p.m., I was told by the gate attendant that the flight had already left. I was disappointed to hear that the flight was already packed up and gone, yet the scheduled departure was not until 3:07 p.m. What bothered me the most is that I could still see the baggage crew loading the plane and the gate attendants were still printing out the passenger manifest.

I contacted the customer service department for Medallion members and expressed m…

More Airport fun

So, I get to the airport today, and they cancel my flight when it was almost here.

Quick Story: I am currently sitting in the Augusta, GA (AGS) airport. I was booked on flight 4293 out of Augusta to Atlanta. They apparently cancelled the connecting flight from ATL to AGS, thusly canceling the return 4293.

Since flying at 2 was going to miss my connecting flight on flight 397 from ATL to SAN. (Where I had a first class upgrade) So Delta rebooked me through American Airlines. (Where i am sitting in coach!) and I wind up getting to SAN 4 hours later.

Just another late flight where the customers get screwed going from ATL to AGS or AGS to ATL. How can ASA possibly be against the customer (stay in business doing this to their customers) this much?

Delta's response

Delta wrote me back. I believe this to be an UNACCEPTABLE response.


Dear Mr. Esler,

Thank you for your e-mail and for sharing your disappointing travel
experience with us. We welcome your comments as they assist us in the
continuous evaluation of our performance.

We regret you were inconvenienced because of a missed flight connection.
Delaying a flight for a confirmed passenger is a difficult situation for
the airlines. In the past our policy was to wait for passengers whenever
possible even at the expense of on-time performance. Now, our customers
tell us that being on time is a high priority, and we have changed our
practices to better meet these expectations.

We expect our people to do everything they can to help customers
transfer between flights; however, they have been instructed not to make
guarantees about connections. The operations supervisors in each city
are responsible for the final decision to delay a flight. They have
access to all necessary information, such as flig…

Delta sucks

Okay. I could write this big long post about how Delta sucks. But I already did. Here an email I wrote to Delta:

------------

Yesterday, October 21, 2006, I was traveling from Denver, CO to Augusta,GA and had a connection in Atlanta Hartsfield-Jackson Airport. My flight from Denver was approximately 7 minutes late in arrival (the plane had to be de-iced in DEN), so I had hustle from one gate to the next. When I got to the original gate, I was notified of a gate change of just a few more gates down the concourse.

When I arrived at the gate at 2:55 p.m., I was told by the gate attendant that the flight had already left. I was disappointed to hear that the flight was already packed up and gone, yet the scheduled departure was not until 3:07 p.m. What bothered me the most is that I could still see the baggage crew loading the plane and the gate attendants were still printing out the passenger manifest.

I contacted the customer service department for Medallion members and expressed m…

Blogging Amount

Obviously lately, I haven't been blogging alot. I've been on the road straight now for about 6 weeks. I'm a bit tired, and don't get the chance to blog as much as I wish I could.

I will be off in a week or so, then I might be able to catch up a bit with all the stuff going on. In the meantime, enjoy Star Wars parodies.

Blogging Amount

Obviously lately, I haven't been blogging alot. I've been on the road straight now for about 6 weeks. I'm a bit tired, and don't get the chance to blog as much as I wish I could.

I will be off in a week or so, then I might be able to catch up a bit with all the stuff going on. In the meantime, enjoy Star Wars parodies.

IE7 and how much it sucks

I wrote this article on isc.sans.org... i got lots of MS zealot feedback saying that I was bashing.

---
Thanks to one of our readers that wrote in to tell us that IE7, will be released this month via Automatic Update according to Microsoft's "IEBlog".

Unfortunately, it's still based on a similar code base, and will still hold the majority of market share. So, this brings me to the point of the article which I had originally intended..

My advice? Diversify. Use other browsers. I use Safari, Firefox, and Opera. I own zero Windows based computers, but I have access to thousands. I suggest you out there in 'reader land' switch to something else. Unless we see empirical evidence that IE7 is vastly more secure and superior.. it will wind up like its predecessors.

Yes, I know that on some corporate environments, its impossible to switch. There are applications that are dependent on IE. But I blame the Application Developers. Code to more open standards, tr…

Blog entries around

During my daily blog reads, I was reading David Weiss's blog, and he mentions some recent customer service he received from Apple. Turns out he, like me, bought the three free episodes of ABC's finalies of last season, and was accidentally charged for them. Read his entry here.

Not only did Apple refund his money, but they GAVE HIM MONEY.

Now THAT'S customer service. That's why I buy Apple products, that's why I am a loyal customer. Everything I have EVER needed from Apple was immediate and responsive. When I had to send my iBook back to Apple for the Logic Board recall. They overnighted me a box, gave me packing instructions, tape, and everything. I overnighted the box back to them, (at their expense), they fixed it in about 4 days, and overnighted it back. Everything was intact, the data was there. Everything. and it didn't take forever. I wasn't without my laptop very long.

THAT's why I buy Apple products, and the fact that they are awesome,…

Blog entries around

During my daily blog reads, I was reading David Weiss's blog, and he mentions some recent customer service he received from Apple. Turns out he, like me, bought the three free episodes of ABC's finalies of last season, and was accidentally charged for them. Read his entry here.

Not only did Apple refund his money, but they GAVE HIM MONEY.

Now THAT'S customer service. That's why I buy Apple products, that's why I am a loyal customer. Everything I have EVER needed from Apple was immediate and responsive. When I had to send my iBook back to Apple for the Logic Board recall. They overnighted me a box, gave me packing instructions, tape, and everything. I overnighted the box back to them, (at their expense), they fixed it in about 4 days, and overnighted it back. Everything was intact, the data was there. Everything. and it didn't take forever. I wasn't without my laptop very long.

THAT's why I buy Apple products, and the fact that they are awesome,…

iTunes 7 feature

You know, I found an unpublished (or maybe it was, and I didn't see it) feature of iTunes 7.

Especially useful for large libraries that may have multiple copies of the same song. (say you imported a bunch of mp3's and CD's)

Click on View -> Show Duplicates.

It finds all the Duplicates in your iTunes DB. This is a really nice feature.

I ran it on my huge iTunes library, and it found alot of dups. It also found some dups that I didn't want to get rid of, for example, two copies (or three) of the same song, one album, one live, or two live.

Kinda nice.

0-day

Okay. I've been receiving emails like mad through isc.sans.org internal lists, full-disclosure, security, irc, jabber rooms I'm in, blah blah...

About all these "0-day's" in MS Windows. (As if we were surprised!?). I am just ranting to the point of... I am REALLY getting tired of hearing "0-day" every three seconds, frankly, it's getting annoying.

Please security professionals, I know that 0-day gets your bosses attention, because 0day has went from 'hax0r' term to freaking Marketing. bleh. Marketing (Yes, I know it has a purpose.. I just don't like it sometimes)

So... security guys... lets develop a new term. 0-day is dead.

P.S. It's pronounced "ZERO-DAY" not "O-day" like in the "O-jays". get it right.

iTunes 7 feature

You know, I found an unpublished (or maybe it was, and I didn't see it) feature of iTunes 7.

Especially useful for large libraries that may have multiple copies of the same song. (say you imported a bunch of mp3's and CD's)

Click on View -> Show Duplicates.

It finds all the Duplicates in your iTunes DB. This is a really nice feature.

I ran it on my huge iTunes library, and it found alot of dups. It also found some dups that I didn't want to get rid of, for example, two copies (or three) of the same song, one album, one live, or two live.

Kinda nice.

Pcap Checksum fixer

This program was NOT WRITTEN BY ME. Just so we're all clear on that.

Brian Caswell wrote this program and posted it on his blog. However, I find it very useful.

Sometimes when people have problems with their pcap's when they are trying to run them through Snort, I would say 90% of the time, it's because of bad chksums. Now, that's not a bad thing, it's just that people forget to check them.

So this little proggie takes a pcap, rewrites the checksum so its correct, and spits it back out. THEN you can run it through Snort. (Or whatever)

Here is the program that I did not write.

It requires Net::Pcap and Net::Ethereal. Install these through cpan. If you don't know how to do that, well, May God have mercy on your soul. (see link for a judge actually using that quote in a filing. That's awesome. /me claps for that judge.

Credit goes to Brian Caswell. He wrote it. and it rox.

Oh Nigel, your boyfriend called

Your man called, he wants his Harley back.

Oh Nigel, your boyfriend called

Your man called, he wants his Harley back.

New iMac's

Quietly this morning, Apple introduced some new iMac's The new iMac's are advertised as being "Faster, Brighter, and Bigger".

First thing I noticed was the 24in iMac. That's cool, looks like a brighter screen, bigger video card..

Also looks like a new processor (64 bit).

The 24in model gets (instead of two 400 firewire) gets one 400 and one 800. Also comes standard with a 250 Gb harddrive, 24 watt digital amplifier, and NVIDIA GeForce 7300 GT graphics processor with 128MB of GDDR3 SDRAM using PCI Express.

Prices are here, but also, look at the picture at the bottom there... Doesn't the new 24in look thinner?

New iMac's

Quietly this morning, Apple introduced some new iMac's The new iMac's are advertised as being "Faster, Brighter, and Bigger".

First thing I noticed was the 24in iMac. That's cool, looks like a brighter screen, bigger video card..

Also looks like a new processor (64 bit).

The 24in model gets (instead of two 400 firewire) gets one 400 and one 800. Also comes standard with a 250 Gb harddrive, 24 watt digital amplifier, and NVIDIA GeForce 7300 GT graphics processor with 128MB of GDDR3 SDRAM using PCI Express.

Prices are here, but also, look at the picture at the bottom there... Doesn't the new 24in look thinner?

Found a new Blog today.

Found a new InfoSec Blog today. Entitled: Headlines from the Computer Security Blogosphere, it makes for a good read. Check it out here. Or check it out on the right hand pane of my blog, with all the other blogs I find interesting.

Found a new Blog today.

Found a new InfoSec Blog today. Entitled: Headlines from the Computer Security Blogosphere, it makes for a good read. Check it out here. Or check it out on the right hand pane of my blog, with all the other blogs I find interesting.

xkcd - A webcomic of romance, sarcasm, math, and language - COMPLY

xkcd - A webcomic of romance, sarcasm, math, and language - COMPLY

Exploding Batteries?

So, Japanese authorities told Apple to look into the Apple computers catching fire.  Um..  THEY DID.  They recalled all the BATTERIES.  You geniuses. What else.. Um..  Sony, who manufactures the batteries, is a JAPANESE company.
"TOKYO -- Japanese authorities reported Tuesday the first case of an Apple laptop catching fire in Japan and ordered the U.S. company to investigate the trouble involving the faulty Sony batteries and report back within a week."Japan Orders Apple to Probe Laptopstechnorati tags:, , ,

HP heir to Apple's Throne?

Below is a quote and the link to an article that was published about HP stealing Apple's throne as the marketing genius and cult following.  Yeah. Um..  Good luck with that.


"For darn near half-a-decade, no company has been able to touch the folks in Cupertino, Calif., in terms of sheer corporate karma. Everything Apple (Nasdaq: AAPL) Latest News about Apple did seemed smarter and cooler than what anyone else did. Think of the media frenzy surrounding the release of every update to the iconic iPod music player or each new version of its resurgent Mac line. It didn't hurt that Apple's stock has risen more than eightfold in the past five years, due not only to its beautifully crafted products, but also to its rock-solid operational performance and terrific marketing. Halo effect, indeed."Technology News: Strategy: Is HP the Heir to Apple's Halo?technorati tags:, ,

Exploding Batteries?

So, Japanese authorities told Apple to look into the Apple computers catching fire.  Um..  THEY DID.  They recalled all the BATTERIES.  You geniuses. What else.. Um..  Sony, who manufactures the batteries, is a JAPANESE company.
"TOKYO -- Japanese authorities reported Tuesday the first case of an Apple laptop catching fire in Japan and ordered the U.S. company to investigate the trouble involving the faulty Sony batteries and report back within a week."Japan Orders Apple to Probe Laptopstechnorati tags:, , ,

HP heir to Apple's Throne?

Below is a quote and the link to an article that was published about HP stealing Apple's throne as the marketing genius and cult following.  Yeah. Um..  Good luck with that.


"For darn near half-a-decade, no company has been able to touch the folks in Cupertino, Calif., in terms of sheer corporate karma. Everything Apple (Nasdaq: AAPL) Latest News about Apple did seemed smarter and cooler than what anyone else did. Think of the media frenzy surrounding the release of every update to the iconic iPod music player or each new version of its resurgent Mac line. It didn't hurt that Apple's stock has risen more than eightfold in the past five years, due not only to its beautifully crafted products, but also to its rock-solid operational performance and terrific marketing. Halo effect, indeed."Technology News: Strategy: Is HP the Heir to Apple's Halo?technorati tags:, ,

isc.sans.org

Recently, (as of Friday) i became an Incident Handler at isc.sans.org or incidents.org. I think it's great, obviously.

I think this will allow me to learn alot more, help people out, and most of all, make sure people have accurate and up to date information on the IDS/IPS world, as well as emerging threats.

I look forward to seeing you online over there, and be sure and drop me a note at eslerj@gmail.com whenever you get a chance.

isc.sans.org

Recently, (as of Friday) i became an Incident Handler at isc.sans.org or incidents.org. I think it's great, obviously.

I think this will allow me to learn alot more, help people out, and most of all, make sure people have accurate and up to date information on the IDS/IPS world, as well as emerging threats.

I look forward to seeing you online over there, and be sure and drop me a note at eslerj@gmail.com whenever you get a chance.

Back from Chicago and a small milestone

Welp, spent all week in Chicago (again). I like that city. I recommend The Palmer House Hilton if you are staying in Chicago.

Nice place. I know my friend Nigel is "W" fan, and theres one of those too.

As for the milestone, Blogger.com tells me that THIS post is #701. 700 posts! I don't know how much of a milestone that is, but I think it's pretty cool.

Beer:30

Traffic

I've started taking a look at my access_log file in apache, I've been blogged on a couple different rather public blogs recently and my traffic has increased exponentially.

So, let me put this out there.

My web server is protected by at least 6 different methods (3rd party programs). If I don't like what you are doing on my site, (like trying to wget -r it or something), or hell, if I don't like your User-Agent, you will be denied.

mod_security + Inline Snort + Firewalls and some other tidbits of niceness, are handy.

Marty (or Martin) Roesch joins the Blogging masses

Well Marty, it didn't take us long, we found your blog. Martin Roesch (or Marty), my CTO of Sourcefire and original author of Snort, the world famous (de facto standard) Intrusion Detection and Prevention System has a blog.

I for one, welcome our Blogging overlords. :-), So on behalf of the blogging community, Marty, Welcome. Click here for Marty's Blog

Back from Chicago and a small milestone

Welp, spent all week in Chicago (again). I like that city. I recommend The Palmer House Hilton if you are staying in Chicago.

Nice place. I know my friend Nigel is "W" fan, and theres one of those too.

As for the milestone, Blogger.com tells me that THIS post is #701. 700 posts! I don't know how much of a milestone that is, but I think it's pretty cool.

Beer:30

IBM Buys ISS for 1.3B

Okay, so IBM bought ISS. Interesting.

Now, in recent years IBM has kinda ditched their software/hardware business and have went more MSSP, (Managed Services). Did IBM buy ISS for that? Did they buy them to enhance their customer base? Did they buy them to suddenly jump both feet directly into the Security space?

My good friend Alan Shimel had this to say:

"[...] ISS for years has been growing more and more services and less and less software revenue. In fact some might claim they were more a services company than a software company. Also, to a certain extent was ISS part of the walking dead. Still a player, but frankly not keeping up with cutting edge stuff and living on their reputation. [...] I think Tom Noonan and the rest of the ISS team should be congratulated on bringing this ship into port. The real question is what does IBM do with this company. Do they emphasize the services and research or do they revitalize the product line up. Time will tell. It certainly mak…

IBM Buys ISS for 1.3B

Okay, so IBM bought ISS. Interesting.

Now, in recent years IBM has kinda ditched their software/hardware business and have went more MSSP, (Managed Services). Did IBM buy ISS for that? Did they buy them to enhance their customer base? Did they buy them to suddenly jump both feet directly into the Security space?

My good friend Alan Shimel had this to say:

"[...] ISS for years has been growing more and more services and less and less software revenue. In fact some might claim they were more a services company than a software company. Also, to a certain extent was ISS part of the walking dead. Still a player, but frankly not keeping up with cutting edge stuff and living on their reputation. [...] I think Tom Noonan and the rest of the ISS team should be congratulated on bringing this ship into port. The real question is what does IBM do with this company. Do they emphasize the services and research or do they revitalize the product line up. Time will tell. It certainly mak…

Funny

A funny picture my friend Nigel sent me yesterday.

Credit goes to whomever made it.

Funny

A funny picture my friend Nigel sent me yesterday.

Credit goes to whomever made it.

Leopard vs. Vista

Apparently, Paul Thermott over here is a Windows fan.

OKay.

I'm an Apple fan. While he does bring up some good points, leaves out some others, and basically rants about how little of a significance stuff like 'Time Machine's' graphics are (Apple does this to LOOK GOOD, that why it's done), he does bring up some good points.

One he leaves out, and I think of people missed..

Leopard introduces the ability to make a Dashboard widget out of any website. To have live content on the Desktop. MS did this awhile ago.. It's called 'Active Desktop', agreed, not as pretty, and very clunky, but it's done tech.

Leopard vs. Vista

Apparently, Paul Thermott over here is a Windows fan.

OKay.

I'm an Apple fan. While he does bring up some good points, leaves out some others, and basically rants about how little of a significance stuff like 'Time Machine's' graphics are (Apple does this to LOOK GOOD, that why it's done), he does bring up some good points.

One he leaves out, and I think of people missed..

Leopard introduces the ability to make a Dashboard widget out of any website. To have live content on the Desktop. MS did this awhile ago.. It's called 'Active Desktop', agreed, not as pretty, and very clunky, but it's done tech.

MS 06-040

Been reading alot about MS06-040. Apparently this is going around the internet as being 'THE' thing. THE next vulnerability. Now, I've also seen alot of people trying to run around writing Snort signatures for it.

Be honest with you.. these signatures are not written by normal humans... :) The VRT team is 'Above the Rim' when it comes to netbios rules. Netbios rules are like, easily the most difficult rules written, and perhaps the hardest to understand. I teach rule classes all the time, and let me tell you, when I put a netbios rule up on the screen, after i get done teaching pcre, and byte_test, byte_jump.. students still don't understand it. So, if you have a Sourcefire rules subscription for VRT rules, go grab these guys. If you don't, well you'll have to wait 5 days. But these rules are exactly the reason that you should buy a subscription. This is why one is needed.

So, let me just say... today, we published rules for these guys. Chec…

Apple stuffz

Okay, I'm Blogging from an Apple Store in Tampa, Fl.

(I got to alot of Apple Stores)

Apple Store visit

Couple questions I've overheard from the people at the store:

"Should I get the 17 or the 20 in iMac". Price isn't the issue, it's whether or not to get the 17 or the 20. UM GET THE 20!

"Should I get the 30G or the 60G iPod". 60. no question.

One note. People love these stores. Have you ever been to one? No? Go to one. Find one and go. I'll wait here.

Apple stuffz

Okay, I'm Blogging from an Apple Store in Tampa, Fl.

(I got to alot of Apple Stores)

Apple Store visit

Couple questions I've overheard from the people at the store:

"Should I get the 17 or the 20 in iMac". Price isn't the issue, it's whether or not to get the 17 or the 20. UM GET THE 20!

"Should I get the 30G or the 60G iPod". 60. no question.

One note. People love these stores. Have you ever been to one? No? Go to one. Find one and go. I'll wait here.

(mutt|muttng)

Lets just give this a shot people, okay?

If you are using a *nix based client, (or even cygwin), give (mutt|muttng) a shot would you? I have been using muttng for about two months now, recently tried to use Apple's Mail.app again, and it irritated me. Muttng is SO much better.

Give it a shot. Just for a month. You'll be hooked.

It takes a bit to set it up, (i'm not going to lie), but it is SO worth it.

(mutt|muttng)

Lets just give this a shot people, okay?

If you are using a *nix based client, (or even cygwin), give (mutt|muttng) a shot would you? I have been using muttng for about two months now, recently tried to use Apple's Mail.app again, and it irritated me. Muttng is SO much better.

Give it a shot. Just for a month. You'll be hooked.

It takes a bit to set it up, (i'm not going to lie), but it is SO worth it.

Blog was down

Sorry about that everyone. The Blog was down. I got emails from several people notifying me of this. I appreciate it. Keep them coming.

I was mucking around with a couple networking processes and forgot to reset one. All is well now.

Blog was down

Sorry about that everyone. The Blog was down. I got emails from several people notifying me of this. I appreciate it. Keep them coming.

I was mucking around with a couple networking processes and forgot to reset one. All is well now.

MacBook Complaints

Okay,

Recently I've been reading alot of stuff about the complaints people have had with the MacBooks. Now, I can't speak as to the whining noise that is heard (other than it may be a fan that is caught up...)

But the discoloration. I've heard alot about this 'mysterious miscoloration' that is taking place on the palmrest area of the MacBook.

Well, go take a look at this link, or even at the picture below.



Look at the discoloration. There are four major spots. Left and right. Where the wrists sit. On the mouse bad button, where the thumb rests from clicking, and near the space bar where the thumb rests to hit the spacebar while typing. The user in the picture is obviously right hand dominant. You can see the shape of the thumb on the mousepad button!!

Now, It's a WHITE computer. You have dirty hands. And you guys are complaining because of the discoloration? How about, 'wash your hands before using the computer'!? Whats up with that little tid…

"Stop making fun of us." - Microsoft

A picture that brings new meaning to Microsoft "Avenger".

read more | digg story

MacBook Complaints

Okay,

Recently I've been reading alot of stuff about the complaints people have had with the MacBooks. Now, I can't speak as to the whining noise that is heard (other than it may be a fan that is caught up...)

But the discoloration. I've heard alot about this 'mysterious miscoloration' that is taking place on the palmrest area of the MacBook.

Well, go take a look at this link, or even at the picture below.



Look at the discoloration. There are four major spots. Left and right. Where the wrists sit. On the mouse bad button, where the thumb rests from clicking, and near the space bar where the thumb rests to hit the spacebar while typing. The user in the picture is obviously right hand dominant. You can see the shape of the thumb on the mousepad button!!

Now, It's a WHITE computer. You have dirty hands. And you guys are complaining because of the discoloration? How about, 'wash your hands before using the computer'!? Whats up with that little tid…

"Stop making fun of us." - Microsoft

A picture that brings new meaning to Microsoft "Avenger".

read more | digg story

The World According to Nigel

Click on me to make me bigger!!

The World According to Nigel

Click on me to make me bigger!!

For Nigel

Nigel, buddy, this is for you.

For Nigel

Nigel, buddy, this is for you.

I'm in Jamaica

Well all, I'm in Jamaica. It's nice down here (temperature wise), however, it looks like the country has seen better days. Of course, I'm in Downtown Kingston, not in Montego Bay, where I am told, it is much nicer.

Anyway.

Here's some pictures out of the window of my hotel.

http://tinyurl.com/gn22q

Enjoy.