Skip to main content


Showing posts from October, 2010

Snort Community Pig Roast

(If you read this on Twitter, please RT!)

Sourcefire is going to throw a community pig roast at our World Wide Headquarters on November 12, 2010.  We'll have some talks by Marty Roesch (our fearless leader) and Matt Watchinski (or VRT fearless leader).

Date: Friday, November 12, 2010
Time: 12:00PM

Where: Sourcefire HQ
9770 Patuxent Woods Dr.
Columbia, MD 21046

The event is open to our community, and we'd like you to come on over and hang out!

Please RSVP at:

Notes syncing between and iPhone, finally

I've written several times over the years about the need for Notes to sync automatically between the iPhone and the Mac Desktop application.  Well, unbeknownst to me (because I stopped using Notes in because of the lack of this feature), in iOS 4.0 Apple has built this in.

I didn't test it right away when the release came out, and just now that I haven't written about it either since they built this in.  But it works.

If you have an IMAP account, you can go into your account settings on your iPhone and turn on "Notes" in that account's preferences.  Mail will create a folder called "Notes" on the IMAP server, and your "Notes" on will be sync'ed Over-the-Air with your iPhone.

I have my set up like this:

So that all my notes and to-do's stay intact in one account, and not spread apart different accounts.  But there is more than one advantage to MobileMe for this particular feature.  If you set it to Mo…


Facetime, Apple’s new iPhone 4 to iPhone 4 video chat application got a bit of an update on Tuesday of this week.

Jobs said it himself, the biggest thing that people wanted when facetime was shown on the iPhone for the first time was the integration of the system into the Mac desktop.  I talked about this back on this original post when the iPhone 4 came out.  Finally, at Tuesday’s speech Jobs and Apple rolled out the Facetime client for the desktop.

It works.

You can call Mac to Mac using Facetime, you can also call Mac to iPhone or iPhone to Mac, likewise with the iPod Touch. The resolution is good (it’s scaled down a bit if you are used to iChat’s resolution), audio is excellent, and it works flawlessly. In fact, when it came out, I was on a hotel network. I tried to initiate an iChat connection to my Dad, and we couldn’t do it for lack of bandwidth, however, Facetime connected right away without a problem.

The only thing that I thought was a bit strange, and I know I'm not the onl…

The Mac App Store, why it's awesome.

On Tuesday this week, Steve Jobs got up in front of journalists and announced several things.  I'd like to cover them all at once, but I realized the post was going to be way too long, so I thought I'd cover them in separate topics.
The Mac App Store
First let me talk about, what I thought was the biggest announcement of the entire press conference.  The Mac App Store.

Similar to the iOS App store that you can find in iTunes, Apple will be rolling out a separate application onto the OSX platform where developers can upload their apps to Apple in order for them to be purchase-able through the "one-click" easy access of this app.

Apple is taking the same 'cut' that it takes for the iTunes app store, 70/30.  70% of the developers revenue for selling an app goes to the developer, the other 30% goes to Apple to pay for the store, the hosting, the bandwidth, etc.  Some developers will think that this is Apple gouging into their profits, and while true, they have to thi…

Ray Ozzie leaving post as Microsoft's chief software architect

Ray Ozzie is the gentleman that took Bill Gates's place after he retired from his day to day duties at Microsoft, and unfortunately, this kinda makes me feel more confident in the opinion I had when that event took place.

Microsoft is losing their spirit.

Let's face it, it's quite obvious now that Bill Gates was the driver behind the Microsoft brand and direction.  This is the third notable post that is being vacated since Bill Gates left (the first being the designer behind the Zune interface Robbie Bach, second being CFO Chris Liddell), and yet, somehow Ballmer stays in charge.

Don't get me wrong, Ballmer knows how to make money.  Which is why he's a good CEO, but in my opinion, it doesn't feel like he is ushering in a strong "direction" for the company.  But maybe I'm being a little critical, trying not to compare him to Steve Jobs, but hate him or love him, Steve Jobs is a great CEO.

It just feels to me that Microsoft is playing the catchup game. …

MobileMe Calendar Comes out of Beta

Following up on this post that I wrote back in July, the MobileMe calendaring system has come out of Beta.  Which means that if you are using the MobileMe service and you are on Snow Leopard (or Leopard) your iCal calendar should automatically switch over to WebDAV.  As well as your iPhone's calendar if you are running 4.0.

The nicest part about the system is the ability to invite other people to events from your iPhone and iCal, as well as see their Free/Busy schedules.

Update:  Apple's article on the subject.

I'm speaking at Security B-Sides Delaware

We have a lot going on in Delaware.  Tax-free shopping, we elect crazy people, and we have the Security B-sides Delaware event happening in November.

I was asked if I would submit a talk to the conference, and lo and behold, it was accepted. (Along with a bunch of other great presenters, check out the first round of CFP accepts here.  Hopefully lots of people will come.  I actually have a confession to make, I've never actually been to a Security B-sides, although, from watching the Twitter, they are very popular.

Abstract of my talk:
Shining light into the "now what" arena of IDS and IPS tuning, I'll talk about  what the next steps should be with the alerts, tuning, and maintenance of the ruleset and  configuration deployed into an IDS or an IPS.  General guidelines will be provided, however,  all guidelines must be adapted to your specific environment.
I look forward you seeing many of you there, thanks for supporting B-sides.  Okay, back to making slides.

Security B-Si…

Snort 2.9.0 has been released

Now available from, Snort 2.9.0 and DAQ 0.2.    I'll be writing some articles at some point to expand upon some of the functionality of Snort 2.9, but for now, know that there are some very nice new keywords in 2.9 and also an improved Stream model, as well as lots of improvements all over the place in the engine.

...and now some cut and paste from the release notes!   Download it now!

[*] New Additions
* Feature rich IPS mode including improvements to Stream for
inline deployments.  Additionally a common active response API is
used for all packet responses, including those from Stream,
Respond, or React.  A new response module, respond3, supports the
syntax of both resp & resp2, including strafing for passive
deployments.  When Snort is deployed inline, a new preprocessor
has been added to handle packet normalization to allow Snort
to interpret a packet the same way as the receiving host.

* Use of a Data Acquisition API (DAQ) that supports m…