Skip to main content

Posts

Showing posts from February, 2008

Microsoft chops Vista retail prices

Okay, wait.

HAHAHAHAHAA.

Okay, I'm over it. Apparently Microsoft can't sell Vista fast enough so they decided to cut prices. News flash MSFT, I don't think it's the price (although that doesn't help), is the damn 6 different versions and horrible codebase to begin with that keep people from going to Vista. The suggested price for Vista Ultimate dropped from $299 from $219, while Home Premium fell from $159, to $129.

It didn't work with XP Home, XP media edition, and XP pro! What makes you think that 6 versions would be better than 3?

Just buy a Mac people. Come on, seriously, do you really need more of an excuse?

Subscribe in a reader

Microsoft chops Vista retail prices

Okay, wait.

HAHAHAHAHAA.

Okay, I'm over it. Apparently Microsoft can't sell Vista fast enough so they decided to cut prices. News flash MSFT, I don't think it's the price (although that doesn't help), is the damn 6 different versions and horrible codebase to begin with that keep people from going to Vista. The suggested price for Vista Ultimate dropped from $299 from $219, while Home Premium fell from $159, to $129.

It didn't work with XP Home, XP media edition, and XP pro! What makes you think that 6 versions would be better than 3?

Just buy a Mac people. Come on, seriously, do you really need more of an excuse?

Subscribe in a reader

iPhone SDK

Next week on March 6th, Apple, will have an event at the Cupertino Apple Campus to announce, what looks like an SDK.  From the image, I don't think they are going to actually ANNOUNCE an SDK.  They are going to announce their roadmap.  I could be wrong on this one, but that's the way I read the news blast.  "iPhone Software Roadmap".  Roadmaps are usually just an idea of how things are going to go, not really a product announcement.  
The picture has three interesting pictures on it.  One says "SDK", one says "Software Update", and another says "Enterprise".  This leads me to believe that Apple is going to have a Software Update first, then we're going to get the SDK.
But the enterprise logo is interesting.  Does that signal iPhone's exchange capability that I know Apple is working on?  (BTW -- The only reason I know this is because of the job postings on Apple's website wanting developers to integrate the iPhone and Exchange).

iPhone SDK

Next week on March 6th, Apple, will have an event at the Cupertino Apple Campus to announce, what looks like an SDK.  From the image, I don't think they are going to actually ANNOUNCE an SDK.  They are going to announce their roadmap.  I could be wrong on this one, but that's the way I read the news blast.  "iPhone Software Roadmap".  Roadmaps are usually just an idea of how things are going to go, not really a product announcement.  
The picture has three interesting pictures on it.  One says "SDK", one says "Software Update", and another says "Enterprise".  This leads me to believe that Apple is going to have a Software Update first, then we're going to get the SDK.
But the enterprise logo is interesting.  Does that signal iPhone's exchange capability that I know Apple is working on?  (BTW -- The only reason I know this is because of the job postings on Apple's website wanting developers to integrate the iPhone and Exchange).

Apple MACOS X xnu <= 1228.3.13 ipv6-ipcomp remote kernel DoS POC

Posted today, "Apple MACOS X xnu <= 1228.3.13 ipv6-ipcomp remote kernel DoS POC" is a remote Denial of Service against OSX 10.5.1, 10.5.2, Freebsd 5.5, 4.9.0, and NetBSD 3.1.

It appears that the only reason for this DoS to exist is basically, a typo.

See? Copy and Paste from Exploit:
" * ipcomp6_input does not verify the success of the first call
* to m_pulldown (m -> md typo?).
*
* md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
* if (!m) {
* ->
* md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
* if (!md) {"


New MacBooks and MacBook Pros

In what is basically a simple refresh of the product line, Apple put out new Macbooks and Macbook Pro's this morning, with each one getting new processors.
The MacBook Pros got a multitouch trackpad inherited from the MacBook Air, and instead of having two models of 15" laptop, and one of the 17"...  there is just now one model of the 15, and two of the 17.  So clearly Apple is going towards "bigger is better".  The second 17 offering simply more screen resolution.
Each laptop possess 802.11n capability for the fastest wireless, and of course an ethernet jack as well.
Subscribe in a reader

Random IDS musings

I've seen alot of traffic lately on the snort-users list about how to clean out a database periodically and it got me thinking..

Basically the basis of the story is that people want to clean out the events from their DB on a periodic basis, 1 month, 2 months, whatever. Basically I look at it like this then, why are there events in your database that are that old?

If you have events in your IDS DB, you should look at them. That's the reason you have an IDS/IPS. To review the events (and in the case of IPS, prevent the attacks) and make sure the evil hax0rs are not getting you. If you have events in your current DB that are a month old, that tells me either one of two things:
A) You don't care about your alerts
B) You have too many alerts, and you don't have a system.

So let me help you get a system.

Make an archive DB (for the people using BASE, then this is pretty simple), now, you have two db's. One current, and one archive.

1) Events come in from Snort via barnyard…

Apple MACOS X xnu <= 1228.3.13 ipv6-ipcomp remote kernel DoS POC

Posted today, "Apple MACOS X xnu <= 1228.3.13 ipv6-ipcomp remote kernel DoS POC" is a remote Denial of Service against OSX 10.5.1, 10.5.2, Freebsd 5.5, 4.9.0, and NetBSD 3.1.

It appears that the only reason for this DoS to exist is basically, a typo.

See? Copy and Paste from Exploit:
* ipcomp6_input does not verify the success of the first call
* to m_pulldown (m -> md typo?).
*
* md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
* if (!m) {
*
* md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
* if (!md) {"

New MacBooks and MacBook Pros

In what is basically a simple refresh of the product line, Apple put out new Macbooks and Macbook Pro's this morning, with each one getting new processors.
The MacBook Pros got a multitouch trackpad inherited from the MacBook Air, and instead of having two models of 15" laptop, and one of the 17"...  there is just now one model of the 15, and two of the 17.  So clearly Apple is going towards "bigger is better".  The second 17 offering simply more screen resolution.
Each laptop possess 802.11n capability for the fastest wireless, and of course an ethernet jack as well.
Subscribe in a reader

Yep, new Macbook part numbers are in Best Buy's database

Posted from Engadget.  Take a look at the "In Stock Date" and the "Out Stock Date".  I guess it's easy to see when the new computers are coming and when they are leaving.
Yep, new Macbook part numbers are in Best Buy's databaseFiled under: Our tip jar, it brings us so much joy -- and it brings you, dear reader, this printout of what's purported to be the Best Buy database listing for one of those heretofore-unknown MacBook model numbers. You'll note that whatever MB402LL/A turns out to be, it's said to be in stock on March 2nd, which is just a few days away -- but also note that current MacBook Pros have MA-series model numbers, while the regular MacBook has traditionally carried the MB designation. That's interesting, but we doubt a $1,999 MacBook is about to surface -- besides, the current MacBook box is 15 inches square, smaller than the 19 inches listed here. (Yes, we measured.) As always, we'll see when we see -- come on Tues…

Yep, new Macbook part numbers are in Best Buy's database

Posted from Engadget.  Take a look at the "In Stock Date" and the "Out Stock Date".  I guess it's easy to see when the new computers are coming and when they are leaving.
Yep, new Macbook part numbers are in Best Buy's databaseFiled under: Our tip jar, it brings us so much joy -- and it brings you, dear reader, this printout of what's purported to be the Best Buy database listing for one of those heretofore-unknown MacBook model numbers. You'll note that whatever MB402LL/A turns out to be, it's said to be in stock on March 2nd, which is just a few days away -- but also note that current MacBook Pros have MA-series model numbers, while the regular MacBook has traditionally carried the MB designation. That's interesting, but we doubt a $1,999 MacBook is about to surface -- besides, the current MacBook box is 15 inches square, smaller than the 19 inches listed here. (Yes, we measured.) As always, we'll see when we see -- come on Tues…

Microsoft to employees: We're still buying Yahoo!

In an internal email to MSFT employees Kevin Johnson, President of the Services and Platform division, says that they are still pursuing the Yahoo buy-out,  and that until MSFT's deal to purchase Yahoo is finalized, Yahoo should still be seen as rivals.
So it's looks like the battle isn't over yet.  Hostel takeover from MSFT time? 
Subscribe in a reader

Microsoft to employees: We're still buying Yahoo!

In an internal email to MSFT employees Kevin Johnson, President of the Services and Platform division, says that they are still pursuing the Yahoo buy-out,  and that until MSFT's deal to purchase Yahoo is finalized, Yahoo should still be seen as rivals.
So it's looks like the battle isn't over yet.  Hostel takeover from MSFT time? 
Subscribe in a reader

Microsoft throws open the door

If you haven't heard about it already, Microsoft has published a ton of their protocols on their MSDN page.  Everything from Windows Update to Remote Desktop.  What is (MSFT) trying to do here?  Are they going for the "open up the OS, we're moving to the online services" market?  I guess we'll see.
What will this lead to?  Well, people will try and make things interoperable, find the bugs, publish the bugs, exploits will reign down, cats and dogs, living together, MASS HYSTERIA.
But this may be nice for security researchers as well.  No more having to brute-force reverse engineer MSFT's protocols.  They are out in the open now.  
Subscribe in a reader

Microsoft throws open the door

If you haven't heard about it already, Microsoft has published a ton of their protocols on their MSDN page.  Everything from Windows Update to Remote Desktop.  What is (MSFT) trying to do here?  Are they going for the "open up the OS, we're moving to the online services" market?  I guess we'll see.
What will this lead to?  Well, people will try and make things interoperable, find the bugs, publish the bugs, exploits will reign down, cats and dogs, living together, MASS HYSTERIA.
But this may be nice for security researchers as well.  No more having to brute-force reverse engineer MSFT's protocols.  They are out in the open now.  
Subscribe in a reader

Okay, so the blog lives to be down another day

Verizon made a liar out of me.  They apparently had problems with the transferring of my phone number from my old provider to Verizon.  So let me gripe for a second, because it took me about 2 hours to get this answer.
1) I hate voice operated prompts: "Please say Support, Billing, Order Status, or help menu"  I say "Order Status", the computer says back to me "What Support question can I help you with?"  AHHHHHH!!!
2) Oh, and if you order FIoS, they tell you to check your order status online.  But when you do, and it says "for further information, please click here.  Then you click there, under "To find out the status of your FIoS order, please see the online order status screen here."  Essentially taking you back a screen.  AHHHHHHH!!!
3) Verizon says they can't install the tv and internet until the phone order comes through (seems broke).
4) Hold Sucks.
5) I want my damn FIoS. Subscribe in a reader

Okay, so the blog lives to be down another day

Verizon made a liar out of me.  They apparently had problems with the transferring of my phone number from my old provider to Verizon.  So let me gripe for a second, because it took me about 2 hours to get this answer.
1) I hate voice operated prompts: "Please say Support, Billing, Order Status, or help menu"  I say "Order Status", the computer says back to me "What Support question can I help you with?"  AHHHHHH!!!
2) Oh, and if you order FIoS, they tell you to check your order status online.  But when you do, and it says "for further information, please click here.  Then you click there, under "To find out the status of your FIoS order, please see the online order status screen here."  Essentially taking you back a screen.  AHHHHHHH!!!
3) Verizon says they can't install the tv and internet until the phone order comes through (seems broke).
4) Hold Sucks.
5) I want my damn FIoS. Subscribe in a reader

Blog may be down

The blog may be down for a bit today, I am switching ISP's to Verizon FIOS.  Well, I hope I am, the guy isn't here yet, and it snowed last night... so I hope I am switching today.
But anyway, just want to let you know the blog may be down for a bit or something while I get the DNS and ports and everything figured out.   Thanks!
Subscribe in a reader

Blog may be down

The blog may be down for a bit today, I am switching ISP's to Verizon FIOS.  Well, I hope I am, the guy isn't here yet, and it snowed last night... so I hope I am switching today.
But anyway, just want to let you know the blog may be down for a bit or something while I get the DNS and ports and everything figured out.   Thanks!
Subscribe in a reader

Thanks

I just wanted to thank all of you guys that sent me a Happy Birthday. I guess most people found out through Plaxo and everyone else found out from there. But I literally (actually?) received about 50 emails today wishing me Happy Birthday. Thank you all very much.

Thanks

I just wanted to thank all of you guys that sent me a Happy Birthday. I guess most people found out through Plaxo and everyone else found out from there. But I literally (actually?) received about 50 emails today wishing me Happy Birthday. Thank you all very much.

Recent Template Changes

As you probably have noticed, (or been annoyed by), I've changed the template again. Obviously I am experimenting with different code and layouts and looks.

I like the darker colors with the lighter fonts, but people write into me and tell me that it's hard to read. So I change it a bit. It's a never ending cycle. Basically, you can't make everyone happy. But I can at least try. ;)

So, I'm going to experiment with this blog layout for a bit. See how it goes.

Recent Template Changes

As you probably have noticed, (or been annoyed by), I've changed the template again. Obviously I am experimenting with different code and layouts and looks.

I like the darker colors with the lighter fonts, but people write into me and tell me that it's hard to read. So I change it a bit. It's a never ending cycle. Basically, you can't make everyone happy. But I can at least try. ;)

So, I'm going to experiment with this blog layout for a bit. See how it goes.

Snort Drinking Game by Erek Adams

Today I went looking for the "Snort Drinking Game". A joke made by Erek Adams, who, unfortunately for all those involved with Snort and his family + friends, passed away last October. So, in honor of Erek, I repost HIS drinking game here. I did NOT make it, this is EREK's. However, the game is getting a bit hard to find (only via the WayBack machine was I able to find it), now that Erek's servers are gone.

So, in honor of him:

Welcome to the Snort-Users Drinking Game!
version 1.00
By Erek Adams
The most current version of this can be found at
http://www.theadamsfamily.net/~erek/snort/drinking_game.txt . Please send
suggestions/updates to erek@theadamsfamily.net.

-----
WARNING: Excessive use of alcohol can be dangerous to your health. Please
play this game sensibly. If you start to feel ill or sick, stop playing!
Alcohol poisioning is not fun, and you can kill yourself!

Please be sensible! This is fo…

Snort Drinking Game by Erek Adams

Today I went looking for the "Snort Drinking Game". A joke made by Erek Adams, who, unfortunately for all those involved with Snort and his family + friends, passed away last October. So, in honor of Erek, I repost HIS drinking game here. I did NOT make it, this is EREK's. However, the game is getting a bit hard to find (only via the WayBack machine was I able to find it), now that Erek's servers are gone.

So, in honor of him I've found it and placed it here, plus we've updated it:

http://blog.joelesler.net/the-snort-drinking-game

Snort Hints

I recently received a question via the blog email. Email read:

"I'm a new Snort user in a IDS class and I'm getting the following error message about my bad traffic rule. however, if I comment out this rule it still appears in every successive rule. I have also open the bad traffic rule file and I see no "!any" syntax. Can you give some more advice?

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: c:\snort\rules/bad-traffic.rules(27) => !any is not allowed
Fatal Error, Quitting..
C:\Snort\bin>

Additionally, I get this error message if I'm trying to run a custom rule named testing.rule:

ERROR: Unable to open rules file:
c:\snort\rules/TESTING.rules or C:\snort\etc\c:\snort\rules/TESTING.rules
Fatal Error, Quittting...
Any advice here also?"


Now, this looks like two separate problems. Let's look at the first one.

The (27) in Bold above tells you exactly what line you have the error on. You can find this in vi by s…

New Template

I switched templates from the green one that I used to have this newer template made over here by TemplatesForBlogger. I think it looks rather nice, except I see that it has at least one error in it. I've noticed that if I put two paces after a period, like you are supposed to, you get this funky character.  See?  Right there.

Any CSS and Html people know what the issue is?  I suck at HTML and CSS.

Go, Walk no.. Run to CostCo

If you are lucky enough to have a CostCo in your area, go ahead and go. Went there today, and they had a nice deal on Thumbdrives. You can get 3 2Gb Sandisk Retractable USB Cruizer Drives for 48 bucks. (16 dollars a piece). So it's slighty cheaper (or about the same as) Newegg.com's prices here. Except, you get 3.

I think it's a good deal, at least comparable. Hell, I remember spending 89 dollars for my 512 Mb thumbdrive back in the day, and that was a steal. Now 2 Gb ones are McDonalds money. (Reference:  McDonalds money means "roughly the same as it would cost my family to eat at McDonalds"

Toshiba to give up on HD DVD

According to a Source that Reuters has, HD-DVD is done.  

Money Quote: "TOKYO (Reuters) - Toshiba Corp is planning to give up on its HD DVD format for high definition DVDs, conceding defeat to the competing Blu-Ray technology backed by Sony Corp, a company source said on Saturday."

Glad I went the Blu-Ray route.

New Template

I switched templates from the green one that I used to have this newer template made over here by TemplatesForBlogger. I think it looks rather nice, except I see that it has at least one error in it. I've noticed that if I put two paces after a period, like you are supposed to, you get this funky character.  See?  Right there.

Any CSS and Html people know what the issue is?  I suck at HTML and CSS.

Go, Walk no.. Run to CostCo

If you are lucky enough to have a CostCo in your area, go ahead and go. Went there today, and they had a nice deal on Thumbdrives. You can get 3 2Gb Sandisk Retractable USB Cruizer Drives for 48 bucks. (16 dollars a piece). So it's slighty cheaper (or about the same as) Newegg.com's prices here. Except, you get 3.

I think it's a good deal, at least comparable. Hell, I remember spending 89 dollars for my 512 Mb thumbdrive back in the day, and that was a steal. Now 2 Gb ones are McDonalds money. (Reference:  McDonalds money means "roughly the same as it would cost my family to eat at McDonalds"

Toshiba to give up on HD DVD

According to a Source that Reuters has, HD-DVD is done.  

Money Quote: "TOKYO (Reuters) - Toshiba Corp is planning to give up on its HD DVD format for high definition DVDs, conceding defeat to the competing Blu-Ray technology backed by Sony Corp, a company source said on Saturday."

Glad I went the Blu-Ray route.

Google Calendar and iCal Syncing

Well, I wanted a way for my wife to be able to accept events on her iCal, have it sync, automatically to her Blackberry, and even more, sync automatically with my iCal.  So, I found a nifty Google app called Google Mobile Sync for the Blackberry that automatically syncs the Blackberry and Google Calendar.  Great.  That's what I needed.

So I made a calendar in Google Calendar under my wife's Google account and tied the Blackberry to that.

Now I had to get her iCal (where she presently has all her events) to be able to sync with her Google Calendar.  Here is the tricky part.  You can read and subscribe to a Google Calendar, even setting permissions, per user, but you can't write to a Google Calendar (you can't use webdav from iCal to publish to Google Calendar.  That sucks.  (Hey Google, fix this, I know a couple of you read this blog.  I have logs, I have logs...)

So I found this app called SpanningSync which syncs your Google Calendar and you iCal (both ways).  Which is …

Google Calendar and iCal Syncing

Well, I wanted a way for my wife to be able to accept events on her iCal, have it sync, automatically to her Blackberry, and even more, sync automatically with my iCal.  So, I found a nifty Google app called Google Mobile Sync for the Blackberry that automatically syncs the Blackberry and Google Calendar.  Great.  That's what I needed.

So I made a calendar in Google Calendar under my wife's Google account and tied the Blackberry to that.

Now I had to get her iCal (where she presently has all her events) to be able to sync with her Google Calendar.  Here is the tricky part.  You can read and subscribe to a Google Calendar, even setting permissions, per user, but you can't write to a Google Calendar (you can't use webdav from iCal to publish to Google Calendar.  That sucks.  (Hey Google, fix this, I know a couple of you read this blog.  I have logs, I have logs...)

So I found this app called SpanningSync which syncs your Google Calendar and you iCal (both ways).  Which is …

Mossberg previews Lenovo's 'Air-killer' X300

I read this article about Lenovo's (Thinkpad) MacBook Air 'Killer' X300, and kinda threw up in my mouth a little bit.

So let's take a look. This thing has 3 USB ports (as opposed to the MacBook Air's 1), it has a DVD Drive, (Air doesn't), has Wifi, and an optional 3G or GPS receiver, a removable battery (air doesn't -- well, easily) and not one, but TWO mouse pointing devices.

So there are pros and cons.

Lenovo --
Has more USB, Apple could do with more USB devices.
DVD Drive, I think Apple did the right thing here and killed the DVD drive. In fact, I think that they will kill off the optical drive in all systems and start shipping their software on USB sticks. Think about how much THAT would save in shipping costs.
Removable Battery -- Okay, well, I'd like to have the ability to easily swap out the MacBook Air's battery. So I kinda have to agree with it.
The Lenovo is thicker, uglier, and really Lenovo, wtf is with TWO mice? The red stick and the tr…

Wordpress plugin exploit

Wordpress seems to be getting it's butt kicked lately with all the xploits that are coming out for it and it's plugins. In a new one just published to milw0rm today, this one deals with "Simple Forum". I guess there is no rest for the exploit writers out there, even if this one does seem rather weak. Especially when the tag line at the bottom of the exploit reads: "i AM NOT HACKER". Instead of the much better "I am not A hacker". It's all in the details.

The Difference between two operating systems

Often I am critized because I rave on and on about the Mac platform and constantly put down Microsoft without ever actually saying why I hate (MSFT) so much.

Its simply because its hard to explain. When you are using Microsoft Windows, let's say XP because that's what I am forced to use, you get the overwhelming sense of misplacement. Things don't function as they should, icons, toolbars, and menus feel out of place and not well constructed. The whole OS just feels like a kludge. Like it was designed by a commitee, on a white board, and no one in the room was told "no" to any idea.

Installing apps is insane. Next, next, next, agree, ok, next, done, reboot (sometimes). Now yes there are a bunch of mac programs that do the same thing, especially the ones from Apple itself but I think the apps that really get it right on the Mac platform are the ones that, when you download them, they automount and present you with two icons. The one for the program you just do…

Wordpress plugin exploit

Wordpress seems to be getting it's butt kicked lately with all the xploits that are coming out for it and it's plugins. In a new one just published to milw0rm today, this one deals with "Simple Forum". I guess there is no rest for the exploit writers out there, even if this one does seem rather weak. Especially when the tag line at the bottom of the exploit reads: "i AM NOT HACKER". Instead of the much better "I am not A hacker". It's all in the details.

The Difference between two operating systems

Often I am critized because I rave on and on about the Mac platform and constantly put down Microsoft without ever actually saying why I hate (MSFT) so much.

Its simply because its hard to explain. When you are using Microsoft Windows, let's say XP because that's what I am forced to use, you get the overwhelming sense of misplacement. Things don't function as they should, icons, toolbars, and menus feel out of place and not well constructed. The whole OS just feels like a kludge. Like it was designed by a commitee, on a white board, and no one in the room was told "no" to any idea.

Installing apps is insane. Next, next, next, agree, ok, next, done, reboot (sometimes). Now yes there are a bunch of mac programs that do the same thing, especially the ones from Apple itself but I think the apps that really get it right on the Mac platform are the ones that, when you download them, they automount and present you with two icons. The one for the program you just do…

Teen hax0rs iPhone. Again.

In the quest for people to keep hacking the iPhone (at least, I guess party until the SDK comes out), the Register is running an article about a teen that has re-hacked the iPhone on the new 1.1.3 firmware.  Except this time it wasn't like exploiting the tiff flaw.  This was much harder.

Money quote: "The latest salvo was fired late last week, following a 24-hour hacking spree by Geohot that was broken up by only three hours of sleep. It turns out the latest firmware contained modifications to the device's memory registers to prevent unlocking. Geohot worked around those changes by finding another, much higher register that was vulnerable."

When the SDK comes out, I am sure some of the hacking (or the pace of it) will probably slow down, because people will actually have a legit way of getting apps on the iPhone.  However, there will be a certain percentage that will be interested in it because of the SIM card unlocks.

>People want to be able to take their phones to …

Teen hax0rs iPhone. Again.

In the quest for people to keep hacking the iPhone (at least, I guess party until the SDK comes out), the Register is running an article about a teen that has re-hacked the iPhone on the new 1.1.3 firmware.  Except this time it wasn't like exploiting the tiff flaw.  This was much harder.

Money quote: "The latest salvo was fired late last week, following a 24-hour hacking spree by Geohot that was broken up by only three hours of sleep. It turns out the latest firmware contained modifications to the device's memory registers to prevent unlocking. Geohot worked around those changes by finding another, much higher register that was vulnerable."

When the SDK comes out, I am sure some of the hacking (or the pace of it) will probably slow down, because people will actually have a legit way of getting apps on the iPhone.  However, there will be a certain percentage that will be interested in it because of the SIM card unlocks.

>People want to be able to take their phones to …

Handler posting

I was the Handler of the Day today at the ISC.  I posted absolutely nothing.  I apologize to you all that were expecting me to write something.  I was very busy today with work related stuff, and to be honest, not much came into the ISC today that we haven't already seen or posted about.  I would say about 90% of the emails that came in today (100+) were about the Trend Micro whoopsie.  Out of the remaining 10%, I'd say a bunch were about the Adobe vulnerabilities.  Two things we have written about already, so, not much to say today.

I had to work with Snort, some rules, and a few pcaps today for a customer.  So I am tired ;)

Apple releases Apple TV "Take 2" software update

In Apple's quest to update, um, pretty much every thing they have, Apple TV's update has hit the streets as well.  Apple is on a roll.Apple releases Apple TV "Take 2" software update Apple on Tuesday quietly released its much-anticipated Apple TV "Take 2" software update, which introduces a brand new on-sreen interface and allows users to rent high definition movies directly from their widescreen TVs. The update is available f... URL: http://www.appleinsider.com/article.php?id=3740

iLife Support Update 8.2

Apple is cranking out the updates recently.  Wow!  This is probably the third or forth upgrade in the past week.  Go ahead Apple!
Apple describes this one as: "This update supports system software components shared by all iLife ’08 applications to improve their stability and performance. "
Subscribe in a reader

Apple releases Apple TV "Take 2" software update

In Apple's quest to update, um, pretty much every thing they have, Apple TV's update has hit the streets as well.  Apple is on a roll.Apple releases Apple TV "Take 2" software update Apple on Tuesday quietly released its much-anticipated Apple TV "Take 2" software update, which introduces a brand new on-sreen interface and allows users to rent high definition movies directly from their widescreen TVs. The update is available f... URL: http://www.appleinsider.com/article.php?id=3740

Leopard Graphics Update

I received an email today at the ISC talking about the Quicktime update and I thought to myself "there is another one? Didn't we just get Quicktime 7.4.1?"  So I clicked on Software Update to see if there was, turns out, no, there wasn't a new Quicktime Update, but there is an update called "Leopard Graphics Update" which is downloading right now to my machine.
So, aside from the 10.5.2 that rolled out last night, there is also the Leopard Graphics Update.  So make sure you grab that one as well.
Subscribe in a reader

SC Magazine Interview

I was contacted today by a writer for SC Magazine named Dan Kaplan.   He wanted me to shed some light on what I thought about the OSX update that just came out and specifically, if I thought that OSX would become increasingly a target for future vulnerabilities as Apple's Market Share continued to go up.
The article is live and you can get to it here.  Thanks Dan for putting in a few of my comments.  However, I wrote, practically a whole blog entry for him (overkill I guess ;), and thought that I should post what I wrote to him on the blog here.
Feel free to comment.
"The patches really strike me as Apple listening to it's users and really taking it's competition in the OS space to heart. Apple has always prided itself on being different yet being able to implement functionality in a coherent product. They have realized that it's not about the features of the OS, or trying to make it "pretty", it's about how the user approaches the product. How can t…

iLife Support Update 8.2

Apple is cranking out the updates recently.  Wow!  This is probably the third or forth upgrade in the past week.  Go ahead Apple!
Apple describes this one as: "This update supports system software components shared by all iLife ’08 applications to improve their stability and performance. "
Subscribe in a reader

Leopard Graphics Update

I received an email today at the ISC talking about the Quicktime update and I thought to myself "there is another one? Didn't we just get Quicktime 7.4.1?"  So I clicked on Software Update to see if there was, turns out, no, there wasn't a new Quicktime Update, but there is an update called "Leopard Graphics Update" which is downloading right now to my machine.
So, aside from the 10.5.2 that rolled out last night, there is also the Leopard Graphics Update.  So make sure you grab that one as well.
Subscribe in a reader

Mac OSX 10.5.2 and Security Update 2008-0001 hit the streets

Listed below are all the updates for Leopard 10.5.2 and Security Update 2008-0001.  All in all, this is a much needed and timely update.  All in all, it looks to be huge.  (Downloading right now on my MacBook Pro, the size shows 180 Mb.
Active DirectoryAddresses issues which could hinder or prevent binding Mac OS X 10.5.x clients to Active Directory domains.AirPortImproves connection reliability and stabilityIncludes 802.1X improvements.Resolves certain kernel panics.Back to my MacAdds support for more third-party routers, as detailed in this article.DashboardImproves performance of certain Apple Dashboard widgets (such as Dictionary).Addresses an issue in which Dashboard widgets may no longer be accessible after switching to or from an account that has Parental Controls enabled.DockUpdates Stacks with a List view option, a Folder view option, and an updated background for Grid view.DesktopAddresses legibility issues with the menu bar with an option to turn off transparency in Desktop …

Handler Shift on Wednesday

Looks like I am the Handler for the Internet Storm Center on Wednesday.  The day after 12 patches hit the intarwebz from (MSFT).   I don't do alot of postings (read: usually any) during the day when I am on shift, (because I am working!) and on Wednesdays there is usually so much email we have a hard time keeping up.  
Everyone writing in asking why the ISC rated something Critical, when it's not.  (BTW -- it takes alot for us to make a determination between Client and Server).  If you don't know what I am talking about, tune in tomorrow around noon EST.  You'll see.

Subscribe in a reader

Mac OSX 10.5.2 and Security Update 2008-0001 hit the streets

Listed below are all the updates for Leopard 10.5.2 and Security Update 2008-0001.  All in all, this is a much needed and timely update.  All in all, it looks to be huge.  (Downloading right now on my MacBook Pro, the size shows 180 Mb.
Active DirectoryAddresses issues which could hinder or prevent binding Mac OS X 10.5.x clients to Active Directory domains.AirPortImproves connection reliability and stabilityIncludes 802.1X improvements.Resolves certain kernel panics.Back to my MacAdds support for more third-party routers, as detailed in this article.DashboardImproves performance of certain Apple Dashboard widgets (such as Dictionary).Addresses an issue in which Dashboard widgets may no longer be accessible after switching to or from an account that has Parental Controls enabled.DockUpdates Stacks with a List view option, a Folder view option, and an updated background for Grid view.DesktopAddresses legibility issues with the menu bar with an option to turn off transparency in Desktop …