Wednesday, June 30, 2004
== I was troubleshooting a video distribution system (cables!!!) and was
faced with the choice of editing text or five hours sleep. Guess which
one I chose.
As for the cause of the text problems, blame Microsoft.
Seems that even when you tell Outlook to use straight text to compose
messages, it still encodes things like equal signs (=). One more
support for my rant against claiming compliance with industry standards.
Tuesday, June 29, 2004
pointer to an article which talks about 429,000 violations of the DNC
law. We receive these calls occasionally and have given up trying to
report them. Instead, my wife has gotten quite nasty with some of the
Me? I think the epitome of rude is
which discusses various statistics about the Scob Trojan which users
The other thing that still needs to be determined was how the
Monday, June 28, 2004
Sunday, June 27, 2004
It should be noteworthy that while Mr. Hatch's 8-page argument for passing the bill talks about P2P and "protecting the children", the actual Bill does not. Various people have taken it upon themselves to rebut Mr. Hatch's arguments.
This one is going to be interesting to watch.
Saturday, June 26, 2004
I still need to get the other feeds online, get them all validated and tweak out all of the other kruft from the old blog. Repairing the wiki is much further down the road. Wish me luck.
I'm still new to Blosxom so if anyone knows of any other problems I should fix, please let me know. I'm also considering switching over to static files also. Due to the number of entries already in the blog, it takes a bit to do all the background work to build a dynamic page.
Friday, June 25, 2004
Thursday, June 24, 2004
The Register has an articlein which Philippe Gerard, a senior EU official, berates the anti-spam industry for lack of co-operation. Basically, he states the legislation exists, it's now up to the industry to enforce them.
Err.. how? How do I, as a lowly SA or NSO, enforce those laws? Do I now have a federal charter to kick doors in and incarcerate miscreats? (I'm exaggerating but you get my point?) My response to Mr. Gerrard is: we need to go back to the drawing board on this one.
Prevention tools include: content filtering for web and mail traffic, pop-up blockers, anti-virus software (those that include spyware scanning), and active systems adminstration and network monitoring. A good portion of the problem can be prevented by blocking specific sites. Unlike worms/viruses, the sources of spyware do not move around much.
Detection/clean-up tools include: spyware scanners or anti-virus scanners with spyware detection capabilities, active systems administration and network monitoring.
Spyware gets in (mostly) via user interaction. It also is included in legitimate software and can even be installed via RPC. People noticed the Blaster worm because it was noisy and infected other systems. How many people have noticed spyware that was quietly installed and only occasionally connects to a website?
Anyone want to convince me otherwise?
Tuesday, June 22, 2004
Sunday, June 20, 2004
I only agree up to a point. They will lose their value as employers go through a period "realization", (that hiring Bob at the NOC really was a mistake). However, this will also be a shakedown period as the employers figure out what the truly valuable certifications are. (There's a reason why CCIE's get salaries which are in the 6-figure range.) In other words, the valuable security certifications are going to be the ones that are HARD to get.
Friday, June 18, 2004
What really ticks me off is that Comcast seems to think we watched out of hero worship: "Shane described the cancellation of Call for Help as "just a programming decision." He added that Laporte can be seen on segments of The Screen Savers... Err... yeah, that's it, right...
I wonder if James Burke would consider doing "Connections4"? (My wife calls that cocaine for history geeks.)
Thursday, June 17, 2004
Wednesday, June 16, 2004
Tuesday, June 15, 2004
Sunday, June 13, 2004
- Building a More Secure Network
- A Company in Chapter Eleven Doesn't Have to Eat Spam
- Algorithm-based Approaches to Intrusion Detection and Response
- Cyber Risk Insurance
- Worm Propogation and Countermeasures
- Psychology: A Precious Security Tool
- Security and Vulnerability Analysis of an Ethernet-based Attack on Cisco IOS
- An Ettercap Primer
- Securing Your Wireless Access Point: What Do All Those Settings Mean Anyways?
- CIRT, Through Conception Labor and Delivery
- Defeating Overflow Attacks
- Utilizing Open Source Software to Build a (Relatively) Secure, Spam- and Virus-free Mail Service
- Developing & Implementing an Information Secuirty Policy and Standard Framework
- Design and Devolopment of a Rapid Response Security Vulnerability Scanning Infrastructure
- Overview of Security Issues Facing Computer Users
- Designing and Implementing an Effective Information Security Program: Protecting The Data Assets of Individuals, Small and Large Businesses
- The Next Internet Privacy in Internet Protocol Version 6 (IPv6)
- Budget File and System Integrity Verification for Windows
- The Shift to Security Implementation in a Healthcare Facility
- Eradicating Spam Through a Hybrid Sender-Pays Model
- Printing the Paper and Sending the News After a Localized Disaster
Keep in mind that some are technical, others are highly opinionated. (I have issues with any anti-spam scheme that includes specialized technology or money.) If you're willing to argue an issue, I'm sure that many of the authors are willing to discuss points. Give 'em a few weeks or so though. Speaking from experience, their brains are probably feeling a bit bruised at the moment.
Saturday, June 12, 2004
Friday, June 11, 2004
A real-world example of this was the Blaster worm. Until that incident, the majority did not filter/block ports 135-139.
Thursday, June 10, 2004
Tuesday, June 8, 2004
Sunday, June 6, 2004
The clue: it depends on the definition of "national security"?
To quote them, "If catastrophic failure of the network is the threshold by which national security threats are defined, Microsoft wouldn't qualify, simply because their monoculture is not at the core of the network," says the George Mason report. "No matter how many Windows operating sytems are infected or fail, the core of the network will still run, even if there is nobody left to send traffic."
Err... I have a headache now.
I'll be leaning into it over the next few weeks.
Saturday, June 5, 2004
One of the common questions was about how to get into the field. Here's some of the answer(s) to that type of question (I try not to blather on in person about it but, here, it's a brain dump):
- Don't do it unless you're really interested in it. The money's good but unless you really like your job, it can be a real ball-buster (not in those words)
- When you're first starting out, don't try to specialize. Learn as much as you can about the underlying theory. Ex: you want to know as much as possible about TCP/IP before you work on Foundry or Cisco equipment. (Doctors learn general medicine before they specialize.) Learn as much as you can about DNS before you work with just *nix or MS implementations. (Don't be a point-and-click administrator.) Specialization comes naturally as you find favorite topics/areas to learn more about.
- Leave the "which OS is better/more secure" argument behind. It's a religious argument which will never be settled. Your job will be to protect the castle, not just the chapel in the north-east tower. The actual question isn't "which one is better". It's "which one is worse". The answer is "all of them". OS's are only as secure as the people managing them.
- Plan on spending a good portion of the rest of your life in school (something most teenagers find painful). It doesn't have to be formal though. The idea is to keep current in technology or to learn more of what you're interested in. If you're focused enough, this leads to a Masters or a PHD. If not, (like me) it, at least, adds up a lot of college credits in varied curriculums, a decent GPA, and working relationship with a LOT of the people you need to know in your local neighborhood. (Hint: the people "in power" are doing the same thing: continuing/broadening their education to keep ahead.) Or, at least, you make a lot of friends.
- To go along with that, read. The Internet makes it easy. Current developments with RSS make the process even easier. (Heck, borrow/steal from my blog feeds if you're that desparate.) Learn about the advanced features on your favorite search engines (an invaluable skill!!).
- To get ahead of the rest of the pack, keep yourself busy. During the week, find something you're interested in. Spend the weekend learning more about it. Set up a DNS/mail/web server. Learn about all of the switches in tcpdump (or whatever utility strikes your fancy). Barring any projects, read up on the bleeding-edge technologies.
- No matter how painful it is, be polite and honest. Your career in the technology field depends on three inter-related things: your knowledge/experience, your ability to interact, and the amount of trust your employer has in you. The first two may offset lack of the third to some degree but trust and integrity are large parts of the package that your employer is "buying".
- As part of that, "keep your nose clean". Contrary to popular myth, very few organizations hire hackers to to protect their systems. Nowadays, the big-money positions require a LOT of talent and a LOT of integrity (both of which you'll be selling to your employers).
- Pay attention in English Composition (at least). To be recognized "within the community", you're going to have to research and talk about new (or new twists to old) developments. This means "publishing", either in trade journals or magazines. (Or even blathering periodically in a blog.)
Not that I'm the fount of wisdom here, but the main points are: only "do it" if you really like it, plan on working to staying current, and remember the Boy Scout creed.
To be honest, we had aimed at a slightly different audience but, due to layers 8 and 9 of the OSI model, other groups were invited to "fill in" for the missing attendees.
Thursday, June 3, 2004
- they ignore the fact that, if you futz up the recipient's address, one or more postmasters automatically receive a copy of your message and
- people are generally lazy. They are more likely to forward or copy the message (to someone else) without deleting anything, not even the obnoxious signature blocks or silly disclaimers.