Great read. I've never read her writing. But she's good.
Sunday, October 30
Thursday, October 20
Snort.org Blog: Snort 2.9.1.2 has been posted!
Snort.org Blog: Snort 2.9.1.2 has been posted!: Snort 2.9.1.2, a minor bug fix, has just been posted to the Snort.org website.
Check out the blog post there!
Wednesday, October 19
MacOSX Flashback Trojan is covered by ClamAV
So called because it looks like an Adobe Flash Installer. There seems to be a ton of news around this Trojan on various Mac-related websites. http://www.tuaw.com/2011/10/19/trojan-variation-disables-mac-malware-protection/ for instance.
We wrote protection for this in ClamAV about 5 days ago. I know a lot of Mac users run ClamAV, so I just thought I'd throw this out there.
Please leave comments below.
We wrote protection for this in ClamAV about 5 days ago. I know a lot of Mac users run ClamAV, so I just thought I'd throw this out there.
Please leave comments below.
Apple - Remembering Steve Jobs
Apple - Remembering Steve Jobs:
One more thing...
One more thing...
Apple today put up a "Remembering Steve" site. Where you can basically go and read emails from the people that wrote in at rememberingsteve@apple.com.
Nice tribute. Apparently today the Apple employees are attending a "remembrance" service for Steve. Apparently this won't be broadcast to the world. Too bad, I am sure many would have watched it.
Please leave comments below.
Please leave comments below.
E-mail improvements in iOS 5 - iPhone J.D.
E-mail improvements in iOS 5 - iPhone J.D.:
Sorry, a link to another interesting iOS 5 article. Sorry if I am not adding a bunch of color commentary to each of these articles. I am blogging them because I think they are of interest to the readers of my blog. (Which, according to the stats, most of you run OSX.)
Sorry, a link to another interesting iOS 5 article. Sorry if I am not adding a bunch of color commentary to each of these articles. I am blogging them because I think they are of interest to the readers of my blog. (Which, according to the stats, most of you run OSX.)
I am sure some of my friends will accuse me of trying to draw hits to my blog instead of twittering about the article directly. Here's the truth to that: When I post to my blog, Twitter picks up the article and tweets it immediately. If I don't post to my blog and only to twitter, the readers of my blog through direct links and RSS feeds won't get the article.
So it's a loss either way. So I post on the blog, and it goes to both.
Anyway... read the article. ;)
Please leave comments below.
Please leave comments below.
My Dinner With Android - Four months with Android: reflections, grievances and some tenuous metaphors bundled up into a weighty tome
My Dinner With Android - Four months with Android: reflections, grievances and some tenuous metaphors bundled up into a weighty tome:
Interesting article, no matter if you are an Android user or an iOS user. He makes a couple interesting points in the article. One being, you can't approach Android like you are using iOS, it just doesn't work like that. Vise Versa as well.
I have a friend that has had an Android phone for awhile, and recently moved to the iPhone 4S. We were talking yesterday and he mentioned to me that it was very strange. I answered him saying that you can't approach iOS like you do with Android.
Another quote from the article that is pointed:
"Fans of Android, let’s not tiptoe around this: Android exists because it is a rip off of iOS. Sure, it has grown into its own in a lot of ways, but its roots are decidedly placed at the introduction of iOS in 2007. Consider the before and after that caused a stir last year. Things changed when the iPhone came out. Apple changed the mobile phone game, and Google did a one-eighty to realign with what they recognized to be a better direction."
Friday, October 7
Steve Jobs narrates The Crazy Ones
Steve Jobs narrates The Crazy Ones:
One of my favorite Steve Jobs "things".
Please leave comments below.
One of my favorite Steve Jobs "things".
Please leave comments below.
Wednesday, October 5
Steve Jobs
Over the next few days, there will be countless specials, news casts, and thrown together documentaries about Steve Jobs and Apple.
Everyone will be focusing on his products. The iPod, iPhone, the personal computer, and the iPad. This was a part of his legacy, but not his genius.
His genius was how all the products worked together in a single coherent strategy (iCloud is a perfect example). Making everything work together seamlessly. Simply.
So that my two year old could operate it, as well as my 75 year old Dad.
You could interact with any of the products without an instruction book.
I think the best example of that is Siri. Being able to interact with your devices in a natural language way.
His genius was how everything was simple. The packaging, the website, the buying experience, the product, the operation, the genius bar. The way Apple itself functioned.
This was his genius. He was a visionary in the best way.
Call me a fanboy all you want.
He was smart. He demanded brilliance. He settled for nothing less than awesome.
RIP.
Everyone will be focusing on his products. The iPod, iPhone, the personal computer, and the iPad. This was a part of his legacy, but not his genius.
His genius was how all the products worked together in a single coherent strategy (iCloud is a perfect example). Making everything work together seamlessly. Simply.
So that my two year old could operate it, as well as my 75 year old Dad.
You could interact with any of the products without an instruction book.
I think the best example of that is Siri. Being able to interact with your devices in a natural language way.
His genius was how everything was simple. The packaging, the website, the buying experience, the product, the operation, the genius bar. The way Apple itself functioned.
This was his genius. He was a visionary in the best way.
Call me a fanboy all you want.
He was smart. He demanded brilliance. He settled for nothing less than awesome.
RIP.
Tuesday, October 4
Let's just assume this pcap is bad...mkay?
Alerts (2.9.1.1, 4924362.pcap)
1:18347:3 BLACKLIST USER-AGENT known malicious user-agent string AutoIt Alerts: 4
1:19734:1 BLACKLIST DNS request for known malware domain 770304123.cn Alerts: 2
1:16816:5 BOTNET-CNC known command and control channel traffic Alerts: 1
1:18762:1 BLACKLIST URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW Alerts: 1
1:17834:3 BLACKLIST DNS request for known malware domain 343.boolans.com Alerts: 1
120:3:1 (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE Alerts: 3
1:16815:4 BOTNET-CNC known command and control channel traffic Alerts: 1
Please leave comments below.
1:18347:3 BLACKLIST USER-AGENT known malicious user-agent string AutoIt Alerts: 4
1:19734:1 BLACKLIST DNS request for known malware domain 770304123.cn Alerts: 2
1:16816:5 BOTNET-CNC known command and control channel traffic Alerts: 1
1:18762:1 BLACKLIST URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW Alerts: 1
1:17834:3 BLACKLIST DNS request for known malware domain 343.boolans.com Alerts: 1
120:3:1 (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE Alerts: 3
1:16815:4 BOTNET-CNC known command and control channel traffic Alerts: 1
Please leave comments below.
Friday, September 30
QR Codes Found Sending Users to Site Containing Android Trojan | threatpost
QR Codes Found Sending Users to Site Containing Android Trojan | threatpost:
It really sucks that Android is taking a beating on the malware front. I guess that's the difference between the walled garden (iPhone) approach and the "free for all" approach (Android).
Please leave comments below.
It really sucks that Android is taking a beating on the malware front. I guess that's the difference between the walled garden (iPhone) approach and the "free for all" approach (Android).
Please leave comments below.
Ninja Turtles: Hey Apple App reviewers, you let one slip through
App Store - Ninja Turtles
This is pretty funny, read the review on it. However, the funniest part to me is the background in the screenshots.
It's the original Contra.
Wednesday, September 14
IDC: Apple's iPad 2 took market share from Android tablets in Q2 2011
AppleInsider | IDC: Apple's iPad 2 took market share from Android tablets in Q2 2011
Dear IDC, your headline is wrong. You meant to say "Android tablets lost more ground to Apple's iPad 2"
You can't take market share away from someone when you already own the whole market.
Wednesday, August 24
Steve Jobs Resigns as CEO
Daring Fireball: Resigned:
I think the link above says exactly what I think about it.
We knew Steve was going to resign. Tim Cook has been running the company for awhile now in transition, and now the title has changed hands.
Steve is still there, the people he has put in place are still there, and his ideas are still there.
Just the titles changed.
Saturday, August 20
Microsoft courting webOS developers with free phones
AppleInsider | Microsoft courting webOS developers with free phones
Please leave comments below.
Fantastic idea Microsoft:
"To Any Published WebOS Devs: We'll give you what you need to be successful on #WindowsPhone, incl.free phones, dev tools, and training, etc.," Watson wrote on Twitter.
Please leave comments below.
Wednesday, August 17
iSec Partners' presentation on "Macs in the Age of APT"
Interesting slide deck here if you are interested in OSX vs. Windows security. I'd like to see Dino Dai Zovi's take on the slide deck.
Related: Dino's recent iOS 4 security evaluation slide and whitepaper (written in Pages ;)
1st Review of my Gfirst 2011 talk
Nice review of my Gfirst 2011 talk.
"This talk was presented by Joel Esler of Sourcefire. Joel is a really smart guy and a great presenter and he didn’t disappoint. My big take away from this one was his discussion of Razorback, which I really think is going to be one of the next big things in intrusion detection. I think a lot of the crowd missed the point on this. There were a lot of complaints because of the amount of legwork required to integrate the tool, but I think most of those people were overlooking the early stage the tool was in and the potential impact of the community released nuggets and detection plugins. I played with Razorback when it was first released and look forward to digging into it again once some of the setup and configuration pains are eased. I’ve already thought of quite a few nuggets that I could possibly write for it."Thanks Chris!
Please leave comments below.
Android isn't free, unless you are the end user.
Android isn't free.
Apparently Google has found that out that a free OS isn't free. It's going to cost you legal fees. Being sued by everyone under the sun, Google has found itself in a sticky predicament, and has to defend itself with patents. However, Apple still holds the patent on multitouch, so we'll have to see how that all works out.
So they bought Motorola Mobility. yes. That division of Motorola that almost shut down and is nearly bankrupt -- and they paid 12.5B for it. Srsly.
Even Balmer says Android isn't free. Awhile ago. http://tech.fortune.cnn.com/2010/05/21/steve-ballmers-claim-android-isnt-really-free/
Unless you are the end user, when you can download and compile Android "for free" for use on your phone.
Should be interesting.
Please leave comments below.
Apparently Google has found that out that a free OS isn't free. It's going to cost you legal fees. Being sued by everyone under the sun, Google has found itself in a sticky predicament, and has to defend itself with patents. However, Apple still holds the patent on multitouch, so we'll have to see how that all works out.
So they bought Motorola Mobility. yes. That division of Motorola that almost shut down and is nearly bankrupt -- and they paid 12.5B for it. Srsly.
Even Balmer says Android isn't free. Awhile ago. http://tech.fortune.cnn.com/2010/05/21/steve-ballmers-claim-android-isnt-really-free/
Unless you are the end user, when you can download and compile Android "for free" for use on your phone.
Should be interesting.
Please leave comments below.
Friday, July 29
What have I been up to?
Well, as promised, I haven't written a post in awhile. I've been really really busy, so I'll give you a crash course on what I've been doing that's kept me, and thoughts about things that have come to market in the past month or so.
1) My Mother passed away. As anyone who has had this happen knows, it's a pretty hard time, emotionally, as well as just, all the stuff you have to do. Writing your own mother's obituary isn't necessarily a good time. Selecting what she's going to wear, the casket, ... just a lot. The people that have written me and talked to me face to face have been great and I thank you all very much.
2) VRT. April 1st I moved to the Vulnerability Research Team at Sourcefire. I'm one of the many other analysts responsible for writing Snort (and now recently ClamAV!) rules to detect the known, and the unknown. It's a difficult job, it's challenging, it's fun, and it's busy. I currently have over 100 bugs in my cue. Lots of bugs and research to do. My current focus is Malware and some redesign efforts. We're trying to make the Snort rules easier to manage and provide more intelligence to the end user as well as increase our coverage in a lot of areas. Making our rules harder to bypass and more and more adaptable to today's client-based landscape. Over the rest of 2011, the VRT ruleset is going to change, for the better, and significantly. There's essentially going to be three steps to this, and I'll post about the changes soon over on the Snort Blog.
3) Snort Community. It's growing. When I took over the job in October of last year, I thought the Snort community had reached critical mass. Most open source projects that I've seen plateau after awhile. When I was running the BASE project we got up to about 15k downloads a day, and that was our plateau. But since I took over, I've started to keep a lot of metrics. Metrics about email postings, forum postings, users, downloads, etc. Lots of metrics. They are all going up. We're doing well.
4) Snort. It's changing and evolving. We're rolling out 2.9.1 soon with some very significant changes (read about PAF!) in detection and the IP reputation preprocessor. The changes we have planned for post 2.9.1 make Snort even faster (we are already hitting WAY over 20 G/sec in detection, and the next number we are aiming for is unheard of in our industry), and easier to deploy. Changes in it's detection will make it more accurate and significantly increase the effectiveness of our rules and keywords.
5) ClamAV. Also growing. Now built into Immunet 3.0 (the company we acquired in December of last year) providing not only cloud based detection (so awesome), and offline detection. Immunet is growing very fast by the looks of our daily metrics which means ClamAV use is increasing as well. OEM solutions that are building ClamAV are also growing, and now recently we are going to start accepting community virus detection as well. This will grow our detection rate exponentially.
6) OSX Lion. It's out. I'm using it (have been for about a month and a half). It works great. The only thing I don't like about it is the deletion of the scroll bar. I don't mind it as much as my wife will (I haven't converted her yet).
7) Defcon. We'll (VRT) be there. Look for us in pink. For those of you that were able to get an invite to TheBarCon, we'll see you there.
I can't think of anything more right now, and am being summoned for dinner. I'll write more when I have a chance. If you have any questions, leave a comment below.
Please leave comments below.
1) My Mother passed away. As anyone who has had this happen knows, it's a pretty hard time, emotionally, as well as just, all the stuff you have to do. Writing your own mother's obituary isn't necessarily a good time. Selecting what she's going to wear, the casket, ... just a lot. The people that have written me and talked to me face to face have been great and I thank you all very much.
2) VRT. April 1st I moved to the Vulnerability Research Team at Sourcefire. I'm one of the many other analysts responsible for writing Snort (and now recently ClamAV!) rules to detect the known, and the unknown. It's a difficult job, it's challenging, it's fun, and it's busy. I currently have over 100 bugs in my cue. Lots of bugs and research to do. My current focus is Malware and some redesign efforts. We're trying to make the Snort rules easier to manage and provide more intelligence to the end user as well as increase our coverage in a lot of areas. Making our rules harder to bypass and more and more adaptable to today's client-based landscape. Over the rest of 2011, the VRT ruleset is going to change, for the better, and significantly. There's essentially going to be three steps to this, and I'll post about the changes soon over on the Snort Blog.
3) Snort Community. It's growing. When I took over the job in October of last year, I thought the Snort community had reached critical mass. Most open source projects that I've seen plateau after awhile. When I was running the BASE project we got up to about 15k downloads a day, and that was our plateau. But since I took over, I've started to keep a lot of metrics. Metrics about email postings, forum postings, users, downloads, etc. Lots of metrics. They are all going up. We're doing well.
4) Snort. It's changing and evolving. We're rolling out 2.9.1 soon with some very significant changes (read about PAF!) in detection and the IP reputation preprocessor. The changes we have planned for post 2.9.1 make Snort even faster (we are already hitting WAY over 20 G/sec in detection, and the next number we are aiming for is unheard of in our industry), and easier to deploy. Changes in it's detection will make it more accurate and significantly increase the effectiveness of our rules and keywords.
5) ClamAV. Also growing. Now built into Immunet 3.0 (the company we acquired in December of last year) providing not only cloud based detection (so awesome), and offline detection. Immunet is growing very fast by the looks of our daily metrics which means ClamAV use is increasing as well. OEM solutions that are building ClamAV are also growing, and now recently we are going to start accepting community virus detection as well. This will grow our detection rate exponentially.
6) OSX Lion. It's out. I'm using it (have been for about a month and a half). It works great. The only thing I don't like about it is the deletion of the scroll bar. I don't mind it as much as my wife will (I haven't converted her yet).
7) Defcon. We'll (VRT) be there. Look for us in pink. For those of you that were able to get an invite to TheBarCon, we'll see you there.
I can't think of anything more right now, and am being summoned for dinner. I'll write more when I have a chance. If you have any questions, leave a comment below.
Please leave comments below.
Wednesday, July 27
Hackinations: 5 really good Lion tweaks | TUAW - The Unofficial Apple Weblog
Hackinations: 5 really good Lion tweaks | TUAW - The Unofficial Apple Weblog
I know I haven't written in awhile, I have a blog post planned in my head, just have been too busy to put it down on paper. But in the meantime, I saw this article and thought it was pretty good for you OSX readers that have upgraded to Lion.
Subscribe to:
Posts (Atom)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
In my constant state of trying to make things a bit more efficient for myself. (I'm a big believer in automation, ask anyone that has e...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
