Monday, May 31

Stop the lies! The day that Microsoft saved Apple

Stop the lies! The day that Microsoft saved Apple | ZDNet.

An interesting article from ZDNet about the days when Microsoft bought 150M of non-voting stock shares and committed to producing MS Office for the next 5 years. A lot of people claim that Apple would have died if not for MS saving Apple back then. That may be partially true, but only because MSFT had to pay them a considerably large amount of cash for the patents.

Check out the article above.

Wednesday, May 26

Wired 11.09: PowerPoint Is Evil

An article by Edward Tufte about why Powerpoint is evil. Very awesome read.

Stop using bullet points!!

Wired 11.09: PowerPoint Is Evil.

Reminder to update PulledPork and Oinkmaster URLs

As you may know, about 30 days ago, we announced the new rulepack download method for users.

Today is that day that we talked about back on April 26th, and if you haven't already, you need to update your URL's within PulledPork, Oinkmaster, or whatever script you are using, to download the correct rulepacks by their correct names.
If you are using, and you are a registered (non-subscriber) user, your name should read:

If you are using, and you are a registered (non-subscriber) user, your name should read:

If you are using, and you are a subscriber, your name should read:

If you are using, and you are a subscriber, your name should read:

If you are running legacy versions of Snort, take the opportunity to now update to the current version ( here:

Tuesday, May 25

Mark Zuckerberg - From Facebook, answering privacy concerns with new settings

Mark Zuckerberg, in an article on answers some of the privacy accusations that have been thrown in his direction about Facebook.  It reads like PR copy, so take it for what it's worth, but at least he came out and said something about it.

Kudos for him to at least acknowledging it.

Mark Zuckerberg - From Facebook, answering privacy concerns with new settings. is still alive.

Today I posted a quick "Yes, we're still here" over at  We received an email from a user/contributor saying that we haven't updated the blog in awhile, we haven't been very noisy about what's going on in the background. is a community, it's here for you guys to submit pcaps to, exchange pcaps, and use those pcaps for analysts, testing of employees, testing of IDS/IPSs, whatever you can see to use pcaps for, that's why it's there.  We'd like more of your pcaps, and we're willing and able to use them at the site.

Please contribute!

Monday, May 24

Educating our fellow Humans

I wrote this post in conjunction with my last "Top 10 hints" post, but somehow it disappeared.  So I thought I'd try and write it again, trying to remember the key points I hit.

Many of the people that read this blog are security professionals like me, my peers.  We learned about our profession, mostly on our own.  Self-taught individuals with a penchant for curiosity and the likeness to break things.  There are very few schools and certifications to be "professional" at what we do for a living, and it's because of that, that our community is so small.

Take a look at something like Defcon or Blackhat.  You can throw a stone at one of those conferences and usually hit about 4 people you know on a first name basis, and 10 people that you know by their online name.  Think about it.

Along the growth of our careers we've probably had a few mentors, four or five people during our professional growth that have pushed us in the correct direction.  Gave us hints, wrote blog posts, wrote books, wrote articles, and while you mostly taught yourself how to do this job, there probably are some people that you can point at in your career and say "he helped me by handing me my first copy of 2600".  I clearly remember the first person in my life who handed me my first copy of "2600" and "Blacklisted!411" magazines.  He was and remains to be my best friend and was the best man at my wedding, even though his job has nothing at all to do with computers (ironic, IMO).

As I was saying, the vast majority of the people that read this blog are either Apple people (who read because of my rantings on Apple), Google people (because of the same), or security people.  (God knows why you read my drivel?!  Thanks though.)

However, there is a group of you, especially the friends that I have on Facebook that I've pointed over here to get my content, that are not security people.  There are a group of you that are barely computer people.  You may think that getting on the "Internet" means clicking on the big blue "E" on the desktop.

Those are the people I'd like to make aware with those top 10 articles that I post.  With the Facebook article that I wrote on Saturday while my wife was napping on the couch.  Those are the people that I want to reach out to and help and say "yes, you do need antivirus on your Windows computer", and "Do you know what a firewall is on your computer?  Do you have it on?", and "No!  Don't click on that attachment! Are you crazy!?"

Be aware of what you are doing online.  Don't let one of your security questions be "What is your mother's maiden name?"

To my fellow security professionals:  Help out your fellow Humans.  They may take time, they may take patience, but they need our help.  The bad guys won't stop, the code won't get more secure.  There will always be holes, the bad guys have money, they are most likely, in some way-shape-or form already in your network, and they want what you have.  Help your fellow Humans, they need it.

Top 10 Privacy Tweaks You Should Know About

Along the lines of my Facebook post that I put up on Saturday, I found this article (linked below) over on Lifehacker.

Top 10 Privacy Tweaks You Should Know About.

The perspective of a 3 year old, waiting with Dad

My daughter, the photographer, while waiting for Dad and Mom at the store.  A perspective.

Saturday, May 22

Facebook privacy, why you should be careful, and what I'm doing personally.

It seems everyone has been jumping on the "Facebook is evil" bandwagon lately, some of it being fair, some of it not.  I thought I'd try and jump on the bandwagon too, but this time, let's lay out the facts and reflect on them and see how they are changing my outlook on Facebook and why it might be good to change yours too.

<bear with me, it's a long one, but it's a real one, and it's meant for you to read>

Facebook is a social networking site.  Two words.

Social -- relating to or designed for activities in which people meet each other for

Networking -- a group or system of interconnected people or things

A place where people come together to be interconnected and share things and activities.  Facebook.  Exactly what it does, so why is everyone so up in the air about it, why are people complaining about it?

Privacy.  Those of you that signed up for Facebook in the beginning, and are like me, take the world on the Internet with the assumption that everything that you do online can be read by anyone, you are careful what you put on Facebook.  I personally live with the realization that I have an Internet stalker.  A guy out there on the Internet -- for whatever reason -- follows me.  Goes to every email listserver I am on, listens to every podcast I do, watches everything that I do.  Now, some of you will look at that and say "Whoa, that dude is nuts!"  Well, I agree.

However, having someone like that is like a check and balance in Government.  It makes you realize that what you put out there on the Internet, no matter how mundane and stupid it may be, someone will jump on it like a horse and ride that sucker for all it's worth.  So you really pay attention to what you put up on the Internet in the first place.

Facebook, when it started out was this concept, very different from "MySpace", where MySpace was "Everything is public".  When Facebook started many people jumped on it, thinking, "Wow, some privacy!"  Everything you put on Facebook could only be seen by your friends.  Those you invited to be your friends, or you authorized to be your friends.  Then, along the way, as Facebook started stealing ideas from Twitter, started making things more public, if you didn't change you privacy settings at each step along the way, your privacy was gone, and everything that was yours and your friends was now available to "Everyone".

Facebook's privacy policy got longer and longer, more and more confusing, until recently this article came out that compared Facebook's privacy policy length to that of the United States Constitution, the document that established and Governs our ENTIRE country, and found that the Facebook privacy policy was longer.

I started thinking about ditching my Facebook page back in November or December of last year when all of this was coming down, and it's just gotten worse and worse.  Take a look at this article written by Jason Calacanis (say what you will about Calacanis, but he brings up some good points to think about, and things that you might want to read yourself).

Jason recently wrote another article about Facebook has overstepped the lines and violated the privacy and trust of it's users.  Both are worth a read.  He talks about how Facebook screwed Foursquare, how they screwed Twitter, how they have screwed their users by changing their privacy model three times.

All of this stems from one guy.  Mark Zuckerberg.  Facebook's CEO and Founder.

"Zuck" as he's known in the "Valley" (I've never met the dude.) started Facebook, or at least came up with the concept for it while he was at Harvard.  Now, there is a lot of controversy about how the idea for Facebook came up, and that he stole it from other people, and this that and the other thing.  I'm not here to decide that, there are lawsuits in progress, and the courts will decide that one.

Zuckerberg has apparently (allegedly) screwed over many companies, partners, etc in the setting up of Facebook.  Claims are (from "they") that he wants to be the next Bill Gates, and is doing so by doing the same thing that Bill Gates allegedly did back in the 80's/90's, by "stealing" the idea for "x" from "y".  (Not mentioning names, because, like I said, allegedly.)

"Good artists copy, Great artists steal" -- Pablo Picasso (Allegedly)

Personally, I don't trust the dude, and neither should you.  <-- Read that.

So what does that mean for you?

If you have the realization that everything you put on the Internet, everyone can see, you are fine.  However, I don't like the fact that Facebook started off with one idea about privacy, and now it's a different story.

So what am I doing personally?

My "content" that I "produce" will no longer go on Facebook.  I'll point to my content on other places, (my pictures, my posts, my comments), however, I won't put things on Facebook anymore.  This will give me a metric.  A metric that says "How much do you really use Facebook".

I use Facebook for a couple things.  I like to put pictures up there and have people comment on them.  I like to put funny sayings and what not up there, but I also like to read what people have to say and look at their pictures as well.  I really use mine as a Social Network.

The people that I add on Facebook are my real-life friends.  Not "Facebook friends".  Not "Internet Friends".  I probably receive about 10 requests to be my "Facebook friend" from people everyday.  People who read my articles on the blog, people who read my articles on the Internet Storm Center..  People who just read my emails on the Snort user groups (or God knows where else) and want to be my friend.  However, no, I don't add them.  Unless I've met you in real life, I don't add you.  In fact, I've deleted a bunch of people recently.

Facebook isn't for those people.  Those people can read this blog, and they are welcome to participate with me through the comments fields.  They are also welcome to follow me on Twitter.  But on Facebook, I have stuff like, pictures of my daughter and other things on there that I just don't want everyone to have complete access to.

I've locked down my Facebook profile along the way as well, making my profile viewable "Only to Friends".  But the trust that I've put in Facebook is lost.  Have you read their privacy policy?

Here are some choice quotes:

"Access Device and Browser Information. When you access Facebook from a computer, mobile phone, or other device, we may collect information from that device about your browser type, location, and IP address, as well as the pages you visit."

I'm not tracking you when you come to my blog.  I don't know who you are.  I don't much care.

"If in any of these cases we receive data that we do not already have, we will “anonymize” it within 180 days, meaning we will stop associating the information with any particular user."

But they don't delete it.

"Deactivating or deleting your account. If you want to stop using your account you may deactivate it or delete it. When you deactivate an account, no user will be able to see it, but it will not be deleted. We save your profile information (connections, photos, etc.) in case you later decide to reactivate your account."

But they don't delete it.

So make sure you read the privacy page.  Oh but wait there's more!  There's the Statement of Rights and Responsibilities page.

My favorite is here:

"For content that is covered by intellectual property rights, like photos and videos ("IP content"), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook ("IP License"). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it."

So..  Anything I upload to Facebook belongs to Facebook.  They can use it however they want.  Including photos, and videos, and what else.

What about individual Apps?  Oh, there's a page for that too.  Check this out.  Good luck locking that down!

So, where am I putting my pictures?

I'm going to put them on my MobileMe gallery.  That allows me to have public photo albums, photo albums I can mark as private, and even more, I can secure certain photo albums with a password.

My Mobile Photo gallery is here. (Pictures that I take while I am on the go.)

But otherwise all my public galleries are here.

Can you subscribe to those photo galleries?  Yes, you sure can.  Via the RSS button at the top.  You can even subscribe to them in iPhoto if you are an iPhoto/Mac user.

If I have a special gallery that I want you to be able to see, I'll post it.  But I don't want my Intellectual Property rights being turned over to Facebook just because I uploaded a photo.  My pictures are mine.  Free for me to do what *I* want to with them.  Not Facebook.

I'm not going to put anymore photos on Facebook.  Done with that.  When I put new photos up in one of my galleries, I'll post a link on Facebook pointing to the gallery.

I'm not going to put any more "content" on Facebook.  I'll put it here, on the blog, or I'll put it on Twitter, then I'll point to it on Facebook.  Annoying as that may be for those of you that are my Facebook Friends, I ask that you respect that I do that, and play along.  I feel that my real friends will still participate, and my "Facebook friends" will fall off.  That's life.

Lock your stuff down people, you have no idea what you are sharing with the world.  For proof, go here.  Take a look at what people are saying!

Does this mean I'm getting off Facebook?  No.  I am just controlling what goes up there.  I'm still going to participate with my friends, I'm still going to comment, and I'm still going to have fun.

Plus this alleviates my annoyance about having to "hide" and "ignore" all those stupid Applications that you people keep putting on there, wanting to share your Pirate Gold and wondering if I'll help you water your crops in Farmville.

I ask that you read what I've written above, click on those links I've put in the post, and decide for yourself.

Oh, and for God's sake.  Lock your PROFILE DOWN.

Friday, May 21

IBM unleashes virus on AusCERT delegates through flash drives

IBM unleashes virus on AusCERT delegates - Se - Flash Player Installation.

As with anything, flash drives, digital picture frames, and other distributeable media, you have to be careful.

This is the same problem that we used to see back in the day with floppies and cd's. The media is just changed. Nothing to see here.

Wednesday, May 19

Java for Mac OS X 10.6 Update 2 released by Apple

Apple, yesterday, released a bunch of security patches for Java OSX 10.5 and 10.6.  Patching a ton of CVE's.  These little updates sometimes don't get the press that the big 10.6.x updates do, however, all the security updates are important, so be sure, if you use an Apple computer version 10.5 and 10.6, go ahead and run Software Update.

About the security content of Java for Mac OS X 10.6 Update 2.

Metasploit 3.4.0 Framework is released

Here is a link to the Metasploit 3.4.0 Framework release notes, I'm not going to summarize them for you because there are a ton of points in the release notes.

Check it out below.

Metasploit Framework - Release Notes 34 - Metasploit Redmine Interface.

6 Tech Certifications That Will Get You Hired as a Security Pro

I'm not a gigantic fan of Security Certifications, but this is interesting, as it allows you to know your audience, and it allows the audience to know what to look for.

Why am I not a Gigantic Fan of Certifications?

  • Anything that can be bootcamp'ed is worthless.

  • Anything where all the answers can be found in the book for the classware, and you are allowed to take the classware book with you to the test.. worthless

  • Anything that does not require a practical exam.  (Either written or physically typing something) is worthless.  Which is why I am a slightly larger fan of the Gold GIAC certifications.  As they require you to write a practical.  Or the harder Cisco ones, or the Redhat exams.

Personally I'd rather hire someone that can do the job, do it well, and if they don't know the answer, know where to find it.

6 Tech Certifications That Will Get You Hired as a Security Pro |

LifeLock CEOs Identity Has Been Stolen 13 Times

Can't say I'm surprised at this one.  Any guy that trapes around putting his name and SSN on the side of a billboard is waiting to be had.  I remember remarking to my wife the first time I saw a LifeLock commercial "I call BS."

Of course, now, LifeLock has been fined 12 Million dollars and called liars.

LifeLock CEOs Identity Has Been Stolen 13 Times - IdentityTheft - Gizmodo.

Wednesday, May 12

All you ever needed to know about Tranmissions


This video was sent to me via email by my Dad (as one of those forwards) with this caption:

Several years ago, Rockwell International decided to get into the heavy duty transmission business. They were getting ready to tape a first introduction video, and, as a warm up, the professional narrator began what has become a legend within the trucking industry. This is reported to have been strictly "off the cuff," nothing written down.

This guy is a professional bullshitter.

Tuesday, May 11

Leon’s ten rules for improved network security

Leon,  a fellow Sourcefire employee, puts out a good post here detailing some 10 views of "Improved Network Security".

Definitely worth the read here.

Leon’s ten rules for improved network security « An alchemists view from the bar.

Wednesday, May 5

Chromes Unconventional Speed Tests Are Incredible, oh, and fake.

Chromes Unconventional Speed Tests Are Incredible - googlechrome - Gizmodo.

Okay, so here's Google's Chrome browser being speed tested against a potato gun, lightning, and...well... Paint sitting in a speaker (I guess that's supposed to be fast). It's an incredible commercial, I love the imagery. Oh, and as I posted earlier today Chrome beta 5 is fast as heck.

However the commercial is a lie. Maybe not all of it, but the loading of the pages is certainly bullshit.

Watch the commercial, watch it fullscreen, go ahead, I'll wait here.

Watch it! NOW.

The two url's that you can plainly see are not being loaded live. They are being loaded off of /Users/Kevin/Desktop....

Okay, so maybe it's not Kevin, but it's certainly a local load. I went to with chrome earlier today, and it did load really really fast. But the test is done off of local cache.

If you are going to go to such elaborate "tests", use the real webpage. Not the local cache of one.

Like I said, love the commercial, browser is great, but come on..

Chrome 5 is freaking fast.

I've been using Chrome since it came out for the Mac awhile back, off and on, and staying current with the beta builds.  However, this build that came out yesterday is AMAZING.

Chrome 5, as a result of some "tuning" they have been doing with the Chrome rendering and javascript engines is noticeably faster.  There are some lovely bar graphs on Google's blog here.  But, stupid graphs aside, I've noticed a difference this morning when loading my regular webpages (my gmail page, my gmail calendar, my account, etc.)  Anything that can load the whole interface in about 2 seconds is a freaking fast browser.

Nice job on this one Google.

To the readers:  If you have the ability to check it out, do so.  It's pretty impressive.

Tuesday, May 4

Internet Explorer web browser use drops below 60%

Now remember, that these aren't specifically browsers, these are representations of rendering engines.  IE's rendering engine is called Trident, Firefox's is called Gecko, etc.  So it's interesting that IE is falling, yes it's still built into every Windows Machine, but the alternative browsers are gaining market in there as well.  Look at Firefox, it's up a bit, but the one that is the biggest uptick is Webkit.  Webkit is the rendering engine behind Safari (Mac's browser), Chrome (Google's browser), Android's browser, the iPhone browser, and the iPad browser.

Now, I don't know if they counted mobile browsers in this mix (iPhone, iPod, and iPad) but it's an interesting graph none-the-less.

AppleInsider | Internet Explorer web browser use drops below 60%.

Monday, May 3

Verizon to block outbound port 25 for residential customers

For those of you that have Verizon Home Internet (FiOS or other), Verizon is about to start blocking outbound port 25.


Why is Verizon blocking outbound port 25?

The majority of spam (unsolicited email) on the Internet is caused by malicious software viruses that take control of infected computers. These viruses direct the infected machines to send email through port 25. Verizon takes spam very seriously. Verizon blocks outgoing connections on port 25 to prevent infected computers from being used by spammers to send unsolicited email. Outbound port 25 blocking is a standard industry method to control spam.

For more information, click the link below:

Verizon | High Speed Internet - Your Attention Needed: Re-configure Your Email Settings to Send Email.

Saturday, May 1

Social Strata hacked, Ars Technica users being spammed

Ars Technica used to use a service from Social Strata for the their forums, I say used to, because some time ago, they moved off of the platform. But apparently, Social strata did not delete the information from their servers. Hmm.. Okay.

So, as it would come to pass, Social Strata's server (one of them apparently) was rooted, I think the cause of which is still being investigated, but anyway, they got rooted. The only thing that was gotten a hold of was email addresses. So the users of Ars Technica's forums from that long ago started receiving phishing emails.

While it's important that the passwords were not compromised, the moral of this story is that companies and users need to check with cloud-based server provider's license agree to see what the retention clause is on the data, or at least make sure there is one. When you leave a service, you can't immediately assume that your data is leaving that service too.

Be careful out there. Below is a transcript of the forum post with a bit more detail. Supposedly, if you were affected, you would receive the following in an email as well.

This stresses the importance of good password control (don't use the same password for several different sites), and the importance of having a disposable email address that you can use to set up forum accounts, finally, good spam filters to catch that phishing if the unthinkable does actually happen.


You are receiving this message because you have a registered an Ars Technica account with this email address.

Our previous forum provider (Social Strata, formerly known as Groupee and Infopop) had a server hacked recently, and has advised us that private registration email addresses were harvested. These included email addresses for anyone who registered with Ars Technica while we were still using their services. In addition, the rooted server was used to send out at least one mass phishing attempt.

Although Groupee/Social Strata tells us that no password information of any kind was accessible from that server, we still recommend that you change your Ars Technica password (and any account on a third party site you use that password with) just to be safe.

We became aware of this issue this morning and are following up with Groupee/Social Strata to see if we can get more details and assurances on the scope of the compromise. We have also requested that they purge all Ars Technica data from their systems so future problems don't affect our users.

We apologize for any inconvenience this may have caused. If you would like to read further updates on this issue, please see the active announcement we have in our new forums:

Please contact us with any questions.


One of Social Strata/Groupee's servers got rooted and was used to both harvest private emails and send out spam. I'm trying to get clarification on what exact data was accessible from that server (since their report wasn't quite clear). They claim that passwords weren't stolen, just email addresses.

Original post:

It seems that many users received phishing attempts to Ars only email addresses this morning. We're working on it and will update this post when we find something out.

We believe that our previous forum provider has some exploit that allows people to send messages to private email addresses through their servers. Every report we've seen has originated at one of their web front ends. If we are correct, your email addresses have not been compromised. It's obviously pretty bad to be getting phishing attempts forwarded through someone else, but not quite as bad as if an email DB had been jacked or something.

We have emails out to them. There's a chance we won't hear back for a couple of hours since they're on pacific time, but we're doing what we can.

Call of Duty Error 6034 for the Xbox

Several friends and I play Call of Duty nearly every night.  However, Activision’s most recent multiplayer update broke the heck out of Call...