Skip to main content

Posts

Showing posts from July, 2008

Lack of Posts

Not that there hasn't been alot to write about recently, I've just been dealing alot with this DNS issue, so by the time I get home a night I'm tired, and don't want to blog.  I have had lots of interesting ideas too, I just am so tired!  Sorry about that, i'll get back on track shortly.
I am going to Defcon next week, so anyone that is going, I'll see you there!
Subscribe in a reader

Lack of Posts

Not that there hasn't been alot to write about recently, I've just been dealing alot with this DNS issue, so by the time I get home a night I'm tired, and don't want to blog.  I have had lots of interesting ideas too, I just am so tired!  Sorry about that, i'll get back on track shortly.
I am going to Defcon next week, so anyone that is going, I'll see you there!
Subscribe in a reader

Webinar with Dan Kaminsky

There is a webinar with Dan Kaminsky today to talk about the DNS issue.
Link is here.  Go and register and listen to all the news about the DNS vuln/exploit.
List of people on the panel: * Dan Kaminsky, Director of Penetration Testing, IOactive
* Jerry Dixon, Former Director of the National Cyber Security Division, DHS
* Rich Mogul, Securosis
* Joao Damas, Sr. Programme Manager, ISC

Subscribe in a reader

Podcast Last night

The podcast last night (and my speech) went great, we had a great attendance (about 50-70 ish) turn out.
Unfortunately we were not able to broadcast it live since we had no internet, but we did get video and audio recordings of the whole thing.  We'll try and make those available soon!
Thanks for all those that turned out!
UPDATE:  I received word that there were 65 in the speech.  Even more in the podcast!
Subscribe in a reader

Webinar with Dan Kaminsky

There is a webinar with Dan Kaminsky today to talk about the DNS issue.
Link is here.  Go and register and listen to all the news about the DNS vuln/exploit.
List of people on the panel: * Dan Kaminsky, Director of Penetration Testing, IOactive
* Jerry Dixon, Former Director of the National Cyber Security Division, DHS
* Rich Mogul, Securosis
* Joao Damas, Sr. Programme Manager, ISC

Subscribe in a reader

Podcast Last night

The podcast last night (and my speech) went great, we had a great attendance (about 50-70 ish) turn out.
Unfortunately we were not able to broadcast it live since we had no internet, but we did get video and audio recordings of the whole thing.  We'll try and make those available soon!
Thanks for all those that turned out!
UPDATE:  I received word that there were 65 in the speech.  Even more in the podcast!
Subscribe in a reader

Woot.

Woot.

SANSFIRE 2008

For those of you that are going to SANSFIRE, I'll be there on Wednesday night giving a talk on the "Mistakes made with Snort, How to correct them, and why you should".  It's at 7:00 pm.   The SANS @night stuff does NOT require a fee, so you can come and watch + participate.  Check it out here.
On another note we have the Internet Storm Center Podcast, live at 8:00 pm on Wednesday as well.  Between Johannes, Paul Asadoorian (Pauldotcom Security Weekly), and I (plus some other special guests?) we'll keep you entertained.  Please come by and support us!  If you can't make it in person, please listen live.  I don't know what URL we'll be using yet.  So keep your eyes posted here.
Subscribe in a reader

SANSFIRE 2008

For those of you that are going to SANSFIRE, I'll be there on Wednesday night giving a talk on the "Mistakes made with Snort, How to correct them, and why you should".  It's at 7:00 pm.   The SANS @night stuff does NOT require a fee, so you can come and watch + participate.  Check it out here.
On another note we have the Internet Storm Center Podcast, live at 8:00 pm on Wednesday as well.  Between Johannes, Paul Asadoorian (Pauldotcom Security Weekly), and I (plus some other special guests?) we'll keep you entertained.  Please come by and support us!  If you can't make it in person, please listen live.  I don't know what URL we'll be using yet.  So keep your eyes posted here.
Subscribe in a reader

DNS Vuln!

Hey, did you guys know there was some sort of DNS vuln?  Imagine that!
(No really.)
BTW -- The cat is out of the bag.  The vulnerability has been published out there, so if you have been holding off on updating.  Hold off no longer.
Subscribe in a reader

DNS Vuln!

Hey, did you guys know there was some sort of DNS vuln?  Imagine that!
(No really.)
BTW -- The cat is out of the bag.  The vulnerability has been published out there, so if you have been holding off on updating.  Hold off no longer.
Subscribe in a reader

iPhone 3G review

Okay, so I have had my iPhone 3G with iPhone 2.0 software for a solid week now.  
BLUF:  I like it.
Now, I live in a 3G area.  Which means I get the full capabilities of the speed, and it's nice.  Browsing the internet is faster, Mail is faster, everything is nice and quick.  Even the apps I use.  The truth is, I was considering not getting one, but the touchscreen stopped working on my old iPhone about a month ago, and therefore, I had to upgrade (oh darn).
iPhone 2.0 software -- This is the greatest feature about the new iPhone (and the old iPhone too) is the apps.  Now that you can have apps, it's awesome.  I hacked my phone in the past but there were no apps that I was excited about and I really didn't care to do it again.  There were really three apps I wanted on my old iPhones software.   1) something to manage my to-do's 2) some kind of music buying app 3) Instant messenger.
Well, now I have Omnifocus for the iPhone (and the mac, and it's great, everything syncs up..…

iPhone 3G review

Okay, so I have had my iPhone 3G with iPhone 2.0 software for a solid week now.  
BLUF:  I like it.
Now, I live in a 3G area.  Which means I get the full capabilities of the speed, and it's nice.  Browsing the internet is faster, Mail is faster, everything is nice and quick.  Even the apps I use.  The truth is, I was considering not getting one, but the touchscreen stopped working on my old iPhone about a month ago, and therefore, I had to upgrade (oh darn).
iPhone 2.0 software -- This is the greatest feature about the new iPhone (and the old iPhone too) is the apps.  Now that you can have apps, it's awesome.  I hacked my phone in the past but there were no apps that I was excited about and I really didn't care to do it again.  There were really three apps I wanted on my old iPhones software.   1) something to manage my to-do's 2) some kind of music buying app 3) Instant messenger.
Well, now I have Omnifocus for the iPhone (and the mac, and it's great, everything syncs up..…

iPhone 3G

Yes, I have an iPhone 3G.  (Yes I live in a 3G accessible area.)
So far I think it's absolutely great.  But I'll post a longer review after I've used it for a couple days.  I think I am more excited about iPhone 2.0 more than the 3G phone itself.  MobileMe ftw.
I posted a picture of me taking a picture of my old iPhone with my new iPhone 3G, and using the new pownce app to upload it to the internet.
www.pownce.com/joelesler
Subscribe in a reader

iPhone 3G

Yes, I have an iPhone 3G.  (Yes I live in a 3G accessible area.)
So far I think it's absolutely great.  But I'll post a longer review after I've used it for a couple days.  I think I am more excited about iPhone 2.0 more than the 3G phone itself.  MobileMe ftw.
I posted a picture of me taking a picture of my old iPhone with my new iPhone 3G, and using the new pownce app to upload it to the internet.
www.pownce.com/joelesler
Subscribe in a reader

iPhone 2.0 had more than I thought in it.

APPLE-SA-2008-07-11 iPhone 2.0 and iPod touch 2.0

iPhone 2.0 and iPod touch 2.0 are now available and address the
following issues:

CFNetwork
CVE-ID: CVE-2008-0050
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: A malicious proxy server may spoof secure websites
Description: A malicious HTTPS proxy server may return arbitrary
data to CFNetwork in a 502 Bad Gateway error, which could allow a
secure website to be spoofed. This update addresses the issue by not
returning the proxy-supplied data on an error condition.

Kernel
CVE-ID: CVE-2008-0177
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: A remote attacker may be able to cause an unexpected device
reset
Description: An undetected failure condition exists in the handling
of packets with an IPComp header. Sending a maliciously crafted
packet to a system configured to use IPSec or IPv6 may cause an
unexpected device reset. This update addresses the issue by properly
detecting the fai…

Line

This is picture I took yesterday when I was standing in the iPhone 3G line.

Line

This is picture I took yesterday when I was standing in the iPhone 3G line.

.mac phishing? Say it ain't so

Check this guy out!  Phishing attempt specifically targeted at mac.com users.  Be aware for this one!  
Subscribe in a reader

.mac phishing? Say it ain't so

Check this guy out!  Phishing attempt specifically targeted at mac.com users.  Be aware for this one!  
Subscribe in a reader

Podcast Episode 8 Record Notice

Hey everyone, we're going to have a live Podcast record tomorrow at 6 pm EDT.  (That's Eastern Daylight Savings Time)
We'll be streaming it live via Stickam, and as always we welcome your feedback.  The link we'll be stream from is: http://www.stickam.com/joelesler
Please feel free to join us, we look forward to hearing your live feedback either in the Stickam Chat room, or in #dshield on irc.freenode.net.
Subscribe in a reader

MobileMe Launch is Wednesday

Today, at the bottom left of the status window of the mac.com webpage read the attached screenshot.  Seems like MobileMe is going live tomorrow at 6pm PT.  Now, one would assume, since this will change how things work, that the iPhone 2.0 software will come out at the same time?  Or is Apple not going to turn on the push functionality until Friday?
Subscribe in a reader

MobileMe Launch is Wednesday

Today, at the bottom left of the status window of the mac.com webpage read the attached screenshot.  Seems like MobileMe is going live tomorrow at 6pm PT.  Now, one would assume, since this will change how things work, that the iPhone 2.0 software will come out at the same time?  Or is Apple not going to turn on the push functionality until Friday?
Subscribe in a reader

New Blog Part Deux

Right, so I started this new blog.  Things were going great.  Then, out of nowhere...  I get put on Gizmodo.  Which, I'm not going to complain about, don't get me wrong.  But I went from 5 hits to 6000 hits in less than 24 hours.  
I wanted people to write in with suggestions.  So what do I get?  100's of emails.  
Of course I had the site over on .mac's servers, and my monthly download stats went from about 60 Mb/s a month (on .mac's servers) to well over 3 Gig's in less than 24 hours.  So I had to do something quick.
I moved the whole blog over to blogspot, where I don't have to pay for bandwidth --thank you Google-- and now everything is fine.  Oh wait, I have to get everyone over here from .mac's servers.  
So I had to play url redirection and dns games for the past hour until I got it right.
Anyway -- http://blog.dearcupertino.com is where it's at.
Subscribe in a reader

New Blog Part Deux

Right, so I started this new blog.  Things were going great.  Then, out of nowhere...  I get put on Gizmodo.  Which, I'm not going to complain about, don't get me wrong.  But I went from 5 hits to 6000 hits in less than 24 hours.  
I wanted people to write in with suggestions.  So what do I get?  100's of emails.  
Of course I had the site over on .mac's servers, and my monthly download stats went from about 60 Mb/s a month (on .mac's servers) to well over 3 Gig's in less than 24 hours.  So I had to do something quick.
I moved the whole blog over to blogspot, where I don't have to pay for bandwidth --thank you Google-- and now everything is fine.  Oh wait, I have to get everyone over here from .mac's servers.  
So I had to play url redirection and dns games for the past hour until I got it right.
Anyway -- http://blog.dearcupertino.com is where it's at.
Subscribe in a reader

Math

Apparently, this person thinks that they will never get a date, and actually did all the statistical analysis to figure it out.
I don't think the problem is that you won't find a date, I think the reason that you can't find a date is because you spend all your time doing complex math about why you can't find a date ;)  Now THAT'S probably the reason.
Subscribe in a reader

New Blog

I've started a new blog.  Don't worry, I am still keeping this one, and will dedicate the same amount of time to this one, however, I've started a new one over at DearCupertino.com.  As much as I enjoy Apple Products, I really wanted a place to throw some ideas that I've had for Apple.  Suggestions as it were.
New Projects, Products. Suggestions or ideas, feature enhancements as it were.
Also, a place to write gripes.  Hopefully someone from Apple, who has influence, will see it and read it.  But, I'm a realist.  I doubt that will happen.
In other words, I'm just having fun.  Subscribe to the RSS feed here.
Subscribe in a reader

Math

Apparently, this person thinks that they will never get a date, and actually did all the statistical analysis to figure it out.
I don't think the problem is that you won't find a date, I think the reason that you can't find a date is because you spend all your time doing complex math about why you can't find a date ;)  Now THAT'S probably the reason.
Subscribe in a reader

New Blog

I've started a new blog.  Don't worry, I am still keeping this one, and will dedicate the same amount of time to this one, however, I've started a new one over at DearCupertino.com.  As much as I enjoy Apple Products, I really wanted a place to throw some ideas that I've had for Apple.  Suggestions as it were.
New Projects, Products. Suggestions or ideas, feature enhancements as it were.
Also, a place to write gripes.  Hopefully someone from Apple, who has influence, will see it and read it.  But, I'm a realist.  I doubt that will happen.
In other words, I'm just having fun.  Subscribe to the RSS feed here.
Subscribe in a reader

AT&T iPhone 3G rate plans

For those of you that haven't seen them yet..  Here they are.  
I'd like to know one thing AT&T, so if anyone from AT&T is reading this, or someone who is reading this knows someone that can give me a really good damn answer.  Can I give my old iPhone to my wife, and we can be on the family talk unlimited plan for 129 a month?  That's a good deal!
Subscribe in a reader

AT&T iPhone 3G rate plans

For those of you that haven't seen them yet..  Here they are.  
I'd like to know one thing AT&T, so if anyone from AT&T is reading this, or someone who is reading this knows someone that can give me a really good damn answer.  Can I give my old iPhone to my wife, and we can be on the family talk unlimited plan for 129 a month?  That's a good deal!
Subscribe in a reader