Skip to main content

Posts

Showing posts from July, 2010

Contrary to Recent Assertions - Snort 2.9 beta has been released, and it's awesome..

Snort 2.9 has been in the works now internally for awhile and the first beta release is out and ready for community feedback.
It's a big release with lots of enhancements, so here are the current list of things that need to be beta tested in Snort 2.9, and I'll expand upon them a bit:
* Feature rich IPS mode including improvements to Stream for inline deployments. A common active response API is used for all packet responses, including those from Stream, Respond, or React. A new response module, respond3, supports the syntax of both resp & resp2, including strafing for passive deployments. When Snort is deployed inline, a new preprocessor has been added to handle packet normalization to allow Snort to interpret a packet the same way as the receiving host.
This feature really does away with a lot of the old react/resp/reset code and unifies all that broken code under respond3.  It also allows for RST and ICMP injection into a stream in IPS mode (more reliable than IDS), …

Project Razorback has been unleashed on the World

For several months, the Vulnerability Research Team (VRT) here at Sourcefire has been heads down in coming up with a new framework for detection called Razorback, and now, it's been unveiled to the world this this morning.

Being announced at Defcon this weekend by the VRT, so if you are in Defcon this week, reading my posts, First: Have a beer for me, as I am not there this year due to the impending birth of my child, and Second: Attend this talk.  If no other talks are attended during your drunken hacking binge in Vegas, go to this talk.

OH AND BUY THE VRT BEER IF YOU MEET THEM.  Mkay?
What is Razorback?
In Marketing speak: "Razorback is an Open-Source Framework for an intelligence driven security solution."  Okay, okay, what does that mean?

Razorback is a system that detects and decodes, well, just about anything you need it to.  Following that, it has the ability to then block and alert on that activity.  So, for example:

Obfuscated Javascript?  Decoded, Blocked?
Bad PDFs? D…

Safari 5.0.1 Posted this morning

Back in June I wrote a post on a problem with Safari 5 creating a black background around certain objects when moved from one application to another.  For instance, when you attempt to use the "Mail this PDF" function from Preview.  Well, this morning Apple released version 5.0.1 of Safari.  This fixes the issue I described here, along with many others.  As posted on Apple's website here, the following are fixes:

More accurate Top Hit results in the Address Field
More accurate timing for CSS animations
Better stability when using the Safari Reader keyboard shortcut
Better stability when scrolling through MobileMe Mail
Fixes display of multipage articles from www.rollingstone.com in Safari Reader
Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems
Fixes an issue that prevented Safari from launching on Leopard systems with network home directories
Fixes an issue that could cause borders on YouT…

Apple's New Products

Apple announced a few new products this morning on their online Store.  New iMac, new Mac Pro, and a totally new product that I saw rumored a couple weeks ago, called the Magic Trackpad.

For years I've had a Fingerworks iGesture pad, I've been using it off and on since about the 2001 timeframe.  I found it to be the neatest and easiest way to navigate my computer's interface differently from the mouse ever.  I'm a big proponent of the keyboard, and hate taking my hand off of the keyboard to mouse, but for some reason I found the iGesture Pad fun to use (especially doing things like cut, copy, and paste.   Fingerworks was founded 1998 at the University of Delaware (a couple miles from where I live) and produced keyboards, pads, keypads, all to help with RSI and to introduce gesture based navigation into the world.  They weren't exclusively Mac based, in fact, they worked on Linux pretty well as well, of course, on Windows.  Which, back then, is what I used.

Apple boug…

Apple Stores are good to me

Yesterday my wife and I took a visit to the local Apple Store, my Time Capsule had died, and since it was one of the original models, it was under a replacement program. I took the Time Capsule back, they traded my broken one for a brand new one, and I was done.

My wife, however, was a different story. You may remember from a previous post of mine that my wife dropped her iPhone4 while getting my daughter out of the car. Whoops.  Cracked the back glass to shreds.

She was fairly upset, since she had it about a week. Anyway, she went in, explained what she did to the Apple Genius dudes, and guess what?

They gave her a brand new phone.

/That's/ why I like Apple Stores.

Thanks to the Christiana Mall Apple Store Geniuses. You rule.

Reading Spam with Common Sense

Usually when I receive an email that looks like spam, I can just mash my "Send to Junk" keyboard shortcut and it goes away.  But every once in awhile there is a decent looking spam that *might* be real.  At first glance it won't have an images or selling viagra, or anything like that in it, and might just look real.

This is where the common sense approach to reading email kicks in.  Obviously this post it not for the expert, this is probably more of the occasional user, but maybe someone in between will find it useful.

Here's a spam I received this morning that prompted me to write this diary:

From: Comcast

"This is a courtesy reminder that your Comcast Billing Information needs to be verified.

In order to continue using comcast services,  click the link below, sign in and and follow the provided steps:


<Malicious Link was right here>

Regards,
Comcast Billing Department"


So, let's look at this and see how easy this is to detect:

I'm not a Comcast custom…

iPhone 4. A review after practical use, part 2

Part 1 Linked here.
Buttons and other Cosmetics
The volume button, the lock button, and the silent/ringer switch all got the same industrial treatment the rest of the phone did. They work much better, have better tactile feedback and are much more defined, making it much easier to find one of these buttons in the depths of your pocket.  (Like to turn the volume down on your ringer or something)

There is the single button on the front of the phone, the Home button, which they made a bit more "clicky" I would say. But the one thing about the design of the phone is, when you reach in your pocket to grab the phone and bring it out of your pocket in one swift motion while mashing the Home button, you can't do it.

Since the 3GS had that rounded back, it was easy to feel where the backside was and hit the button. With the square design, it's hard to tell which side is the front and back when it's your pocket unless you try and find the buttons on the side.

This isn't a b…

iPhone 4. A review after actual use.

Physical Design
Okay, much has been said about the physical design of this phone, it's industrial features, it's glass front and back, stainless steel metal band around the side that doubles as an antenna, dual camera, and an led flash. The buttons, the glass, the band, everything. It makes for a great design, feels smaller and better in your hand than the 3GS. In fact, the 3GS feels fat, plastic, and bloated. I only see two problems with the design.

One, front and back are both glass, meaning, if you drop it it might break. Even though Apple claims that the glass is harder than sapphire, if you drop the thing at the right angle, it will break. Ask my wife, who has already shattered the back of her phone after dropping it on the driveway. (Which Apple wants 199 dollars to replace the back, which is the cost of a new phone! Apple, have you lost your mind?).

Problem Two: it's slippery. If you place your phone on something smooth, say, like in my car, I have a center console. If…

MobileMe's New Look

I use MobileMe, no big surprise there, I have multiple Macs, iPhone, and the iPad.  MobileMe keeps them all in sync, and I have no problems with it.  However recently, Apple's been working on their web application portion of MobileMe with a new look and feel to the frontpage, the login, the "Find my iPhone", Mail revamp, and most recently the beta for the Calendar.
Mail
Let me talk about the Mail at MobileMe first.  This just came out of beta, (on the web) and the features they added are very nice.  First off, I think the attempt is to make it look like the iPad app for Mail.  It has three columns, the Mailboxes, the Inbox, and the message pane on the right.  Kinda like the newer versions of Outlook, or maybe even Mail.app (if you have the three column view turned on).

At the top there there are buttons, from left to right, they have the "Cloud" Icon (which is basically the Application switcher, allowing you to go back and forth between Calendar and Contacts, etc)…

Microsoft opens source code to Russian secret service

Microsoft opens source code to Russian secret service | Security | ZDNet UK.

The above is a link to ZDNet on the fact that Microsoft has signed a deal with the Russian Federal Security Service (FSB) access to Windows Server 2008 R2, Office 2010, SQL Server, and Windows 7.

The thing to remember about this deal is, this is nothing new...  from the article:

"The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti."

I'm not even sure that the United States Government has access to Microsoft's Source Code, although it stands to reason... If the Russians have it, the US has it too.

Plug-Ins I use for Mail.app

Attention Mac Users that use Mail.app, this one is for you.

Mail.app has a bunch of plugins that are available to it, not like Thunderbird, where Mozilla holds a repository of Plugins, Apple doesn't do that. But there are a ton of them available on the Internet and it would be great if Apple would do something like that (like they are about to do with html5 extensions for Safari). Mail calls these plugins "Bundles" and are found in the ~/Library/Mail/Bundles directory. I just wanted to write a post about a few of the Bundles that I use with Mail.app to make my email a lot easier to use.
1. Mail Act-On
Mail Act-On, written by indev software, the same people who provide MiniMail and Mail Tags (two other great bundles that I don't use), is an Email organization tool. Basically it allows you to tie Mail.app rules to keystrokes. So for example, one of the Keystrokes that I use is "`1" (Backtick, 1). The rule I have tied to that command is to move whatever the …

Mailing lists do not get Anti-Spam

Note: If you are subscribed to a Mailing List, and you have one of those "Auto-answer-back-auto-emailing-verify-that-you-are-a-human-by-clicking-on-this-link-really annoying-things". You are doing it wrong.

Get a frickin Gmail account people.

Plugins I use for mail.app

Attention Mac Users that use Mail.app, this one is for you.

Mail.app has a bunch of plugins that are available to it, not like Thunderbird, where Mozilla holds a repository of Plugins, Apple doesn't do that. But there are a ton of them available on the Internet and it would be great if Apple would do something like that (like they are about to do with html5 extensions for Safari). Mail calls these plugins "Bundles" and are found in the ~/Library/Mail/Bundles directory. I just wanted to write a post about a few of the Bundles that I use with Mail.app to make my email a lot easier to use.
1. Mail Act-OnMail Act-On, written by indev software, the same people who provide MiniMail and Mail Tags (two other great bundles that I don't use), is an Email organization tool. Basically it allows you to tie Mail.app rules to keystrokes. So for example, one of the Keystrokes that I use is "`1" (Backtick, 1). The rule I have tied to that command is to move whatever the…