That's what time I managed to drag myself to bed last night. I blame Steve.  “You should check out Halo, it's pretty cool.  And only 10 bucks at The Store!” he said to me. Yeah, the sirens were blaring inside my head (and there was a flashing red light coming from somewhere, but I may have just imagined that part).  Visions of my all-too-frequent all-nighters playing Quake or Team Fortress during my BSQUARE years started coming back like vague memories of things you've done when you've had way too much to drink (by the way, those stories of me singing ZZ Top's “Sharp Dressed Man“ at...

This is just getting worse and worse. Seems with Panther they dropped support for a number of their hardware platforms.  Certain models of the G3 line will not run Panther.  If you use that hardware, you are out of luck on security patches because you cannot upgrade to Panther. People are saying Apple has only had 2 days to come up with patches, and to give them time.  Wrong.  @Stake says they notified Apple of the core overwrite issue in July and the DMG issue in June.  Apple has had plenty of time to produce patches if they so desired.  If we see...

SecurityFocus is running a story about an unlucky phisher who unwittingly tried to scam an FBI agent.  Seems her cohorts rolled over on her at the earliest possible opportunity.  Good for them. She pled guilty on Tuesday, sentencing is in January.  She is 55 years old.

Added:  Ken Rabold Also, John Greer was kind enough to send us a list of all 750 members of the Washington Software Alliance, including mailing addresses, employee numbers, and the type of work they do.  This is an invaluable resource for job hunters in Washington state.  The zipped-up spreadsheet can be found via the link on the BSQUARE Alumni Page page, or directly by clicking here.

If you own a domain, and you have followed the rules, domain registrars store some pretty sensitive information about you, like your home address, your name, your email address, your phone number, etc.  This information is collectively called the WHOIS database, after the service/tool that is used to query it for information.  Your domain can be taken away from you without notice if they find out you have provided false information to the registrar. Unfortunately, also because of the rules, this sensitive information is freely available to anyone who requests it, including spammers and identity thieves.  There is no effort made to qualify...

Let's talk a moment about the art of “phishing”, shall we?  This ain't your daddy's fishing, no sir.  Phishing is the term being used to describe theft of credit card information, username/passwords, and or identity information using a combination of email and bogus web sites. Consider, if you will, the following email from what appears to be Citibank: Oh crap!  They are going to cancel your checking account unless you clicky the linky!  So you do, and it takes you to something like this...  Looks like a Citibank page, doesn't it?  But is it really?  Where did I *really* send you?  Take a...

I ran across this on a security site yesterday, but now I can't find the source.  So I apologize for not giving props. PBS' Frontline did a feature called Cyberwar that was an hour-long show on the growing threats of cyberwar and what the US is doing about it.  If you follow the link you can watch the entire show in 6 segments. It includes an entire segment on how vulnerable the US power grid is to attack from the Internet.  And this was back in April, well before the big (still unexplained!) power outage in the Northeast. Very fascinating stuff.

Over on the Incidents mailing list there is quite a bit of discussion about a new variant of the CoreFlood trojan that seems to be cropping up lately.  This is classified as a trojan, not a virus, since it does not attempt to propogate itself to other systems. The interesting thing about this one is that it is designed to help spammers obfuscate the source of their emails.  Basically it turns the infected system into a mail relay for spammers. Here's how it works: The first time it starts, it attaches itself to every running process on the system so that it cannot...

So in addition to enabling XP's built-in firewall, Service Pack 2 will also disable the Messenger service.  Which will no longer function anyway, because the built-in firewall will stop any traffic aimed at it. Uhh.  Ok.  Whatever. I guess it's good in the case of people disabling the firewall.  But I have always argued that if you letting in enough types of traffic to allow spammers to talk to your Messenger service, you've got much more to worry about than a few annoying popups. Messenger seems like such a silly thing to disable, when on a system with no firewall protection there are...

That's what Apple is telling customers so far with respect to a flurry of vulnerabilities in OS X.  The recommended fix for the vulnerabilities?  Upgrade to Panther, the 10.3 version of the OS.  Problem is, upgrading to Panther costs $129. As of this posting, Apple has not released patches for these vulnerabilities for any previous version of the OS.  They have stated publicly that they will not provide patches for obsolete versions of their products.  Their tact has been, and continues to be: “We write patches for the current version only“. Microsoft is just now phasing out support for NT4, but even then will...

Even though bmonday(dot)com is running Win2003 Server, IIS6, the .NET Framework, and SQL2000 all on a Celeron 700 that I bought from TigerDirect for like a buck fiddy, it's surprisingly fast.  The only time it slows down is when I'm having trouble contacting the Blogrolling site that dynamically generates the “BlogRoll“ you see on the right hand side of the page. Frankly, they have been so darned unreliable lately, I've been tempted to vote the Blogroll off the front page.  My site slows to a crawl while it waits patiently for the BlogRoll data to come in. If I didn't use the...

Not sure how I missed this, but last month MSNBC did a feature on the war going on between spammers and blacklists.  Though they call them “block lists” in the article (PC much, MSNBC?). The article gives some good insight into what is happening to the people behind the blacklist sites, and why they have generally opted to surrender to the spammers instead of trying to ride out the attacks.

Seems AOL has taken it upon themselves to shut down the Messenger service on their customers' systems without any notification whatsoever.  The service has been an increasingly-common vector for spam, and by all rights it has no purpose on a system at a user's home.  AOL's heart is in the right place, but their methods left a little to be desired. OK, I know I have gone on and on (and on!) about how the end user can't be relied upon to secure their systems, but I'm having an issue with how AOL went about this.  You can't just go around shutting things off...

I recently ranted about a new law proposed by Senator Schumer of New York designed to do to spammers what the “Do-Not-Call” list is doing to telemarketers. Well, a bill containing the controversial proposal has passed in the Senate.  The House is currently considering the matter and hopes to have a bill on the President's desk by the end of the year.

As I reported last week, AT&T was exploring the idea of using whitelists to cut down on their spam intake, since blacklists are going the way of the dinosaur under the crushing load of DDoS attacks by spammers. It seems they quickly scuttled that effort once it became public.  You can read the resulting story over at MSNBC (thanks bmonday(dot)com reader John for sending me the link). Whitelists might work for some small companies, but can you imagine how enormous that list would be for a company the size of AT&T?  They would have to have dedicated staff just to manage it on a...

Sick of site news yet? I have been experimenting with the built-in Image Gallery functions of .Text.  The first one is some pics of our honeymoon cruise to Alaska back in September.  There are some bugs to work out, mainly how the troublesome right-hand column tends to step on the images a bit.  I'll work on that. Enjoy!

I was having trouble enabling the right-hand column with the old theme, so I switched to a theme that already had it in there.  Then I made a few adjustments, and viola! This should be the last major revision for a while.  I might tweak with the font sizes a little more, but other than that the site is pretty much set.  If there is anything you don't like about the new layout, don't hesitate to let me know. .Text is really cool.

I forgot to note some site changes that were necessary in the switch to .Text.  It was 3AM, cut me some slack! The RSS feed has changed.  The new location of the RSS feed is http://www.bmonday.com/Rss.aspx.  You will get a 404 if you attempt to retrieve the old rss.xml feed. Comments and Trackbacks were both lost in the conversion.  I apologize for this, but the way Blogworks/XML stored feedback was not easily migrated. Blogroll:  This will return shortly once I find a home for it.  Likely will be a component of the redesigned right-hand column. Links:  I have to find a home for the...

Added: Bryan Parker John Mueller Kirk Stauffer Scott BufkinUpdated: Bruce Hanson Steve Makofsky

It took me a bit longer than I expected to migrate the old posts into the new archives.  It was basically a lot of cut and pasting.  The monthly archives are not dated correctly.  The posts are in the right month, but that was as far as I got. I apologize if my post migration caused a bunch of RSS activity.  Hopefully that was a one-time event. Left on the to-do list: The Bookshelf and BSQUARE Alumni pages are still in the old design.  Those will need to be more tightly integrated into the new design at some point, but they are functional...

For those of you wondering why I've been limping around the AWS campus this week like I'm 80 years old, I had a little "incident" this weekend while taking the Motorcycle Safety Foundation Basic RiderCourse. The program is managed locally by the Evergreen Safety Council, and it consists of a weeknight of classroom work and a full weekend of riding. You use their motorcycles, which is nice, since I didn't want to risk laying my Sabre over on some of the slow-speed maneuvers they put us through. While I have been riding for a couple years now, I never had bothered...

I really need to stop reading SlashDot, since all it does lately is piss me off. Today's dose of Fear Uncertainty and Doubt (FUD) is a story that ran in the New York Times (I expect FUD from them!) about the "impending IP crisis". For those who are not familiar with the concept, there are those who believe that we are going to run out of IP(v4) Addresses on the Internet in 2005, and that we need to adopt the successor (IPv6) asap to avoid the certain doom that will come about when some guy in Hoboken plugs his e-kegerator (I'm...

I will preface the following diatribe by stating that I work for one of the largest wireless carriers in the US, whose name starts with an "A", a "T", and another "T", and ends with "Wireless" (oh, and there is an ampersand in there somewhere too). But what follows is my opinion as a consumer of wireless service, and does not necessarily represent the views of my current employer. I do not have landlines at home, I am 100% wireless (and have been for years, even prior to my current employment). However, I do have a unique insight into what...

The longer it takes the government to figure out what caused the Great Blackout of 2003, the more likely it is that it's what I have suspected all along: Cyberterrorism. No, I'm not saying it's a direct result of the Blaster worm, that's just coincidence. Blaster wasn't capable of this kind of targetted attack. On the contrary, actually. I think Blaster had a hand in limiting the attack to only the Northeast. Hear me out (I'm warning you now, you are going to be thinking "That Beau, he's one CRAZY mofo"): Follow me down the rabbit hole, for just a minute...

I'm frustrated by the current state of network security. I need to ramble a little bit. Bear with me. Operating systems, and the applications people run on them, are not perfect. This is a fact we all accept (except you Linux types, you guys are just in denial). If you want a 100% secure box, unplug it from the network, lock it in an airtight steel chamber, and dump it into the Marianas Trench. But that's not very useful is it? We all have known how incredibly lax users are when it comes to keeping up with patches. Do I need to...

This is a message to all the home users out there. I apologize in advance for the bluntness, but the message has not been sinking in. If you have a system at home, and it is not protected by some form of firewall (either hardware or software), your computer is a potential weapon of cyberterrorism. If you do not regularly monitor the appropriate vendor sites for important updates to the software you are using (like the OS itself), your computer is a potential weapon of cyberterrorism. If you do not use antivirus software, and keep it updated (yes, that means you...

Just before the wedding, I sent a rare resume in for a job in Colorado. I really have no desire to live in Colorado, I like it here. But this was my dream job. New Belgium Brewery, the makers of the finest beer in the world, needed an IT Director to help them run their little brewery. It would be like telling God "No" to not submit a resume, really.But alas, my 16 years of IT experience (damn, I'm getting old) no longer trumps the Bachelor Degree requirement, like it would have 3 years ago. ...

I just watched the Mariners lose in 11 innings to division rival Anaheim. I've run the sims, and done the math (I knew that accounting degree would come in handy some day!), but being 5 games behind Oakland with 4 games left to play, I'm going to go out on a limb and predict that the Mariners will not win their division this year. The wildcard is still a possibility, albeit a long shot (3 and a half games behind Boston, with 4 to play).The wife and I are going to the last game of the season on...

My weakness for bookstores, by now, is well-documented. It is especially difficult for me because the office complex I work in is a block away from a fairly large Borders bookstore. Worse still, is the fact that this particular bookstore lies directly between my office and the nearest Starbucks. So, every day, I have to trek past the Borders to get my daily dose of chai. Worse yet, is the fact that with doors on both sides of the store, it would be a considerable shortcut to go through the Borders on my way to Starbucks...Obviously...

I'll be taking down bmonday(dot)com for an hour or so tonight to migrate over to the new .Text format. Just a heads up.

Wow, I really like .Text. I spent a couple hours tonight tweaking my .Text test site to match my current one. Everything is so simple, it's just a single CSS file that you tweak for the most part. And the Admin interface is really amazing. I do have a few issues though, that I hope I can work out before I push it to my live server:The "Archives" and "Post Categories" sections cannot be seperated or rearranged. I would prefer to have the Categories list higher up so that it does not get chased off...

As Blacklists around the world are being systematically destroyed by spammers, the concept of "whitelists" has been growing in popularity.While a blacklist is a list of known spammer email servers that you deny email from, whitelists are servers that are known good and specifically authorized to send you email. If you haven't specifically authorized a server to send you email by including it on your whitelist, that email gets unceremoniously dropped. As opposed to blacklists, which have been traditionally maintained in centralized databases on the Internet, whitelists are maintained by each individual company. This makes them more...

So I just dumped the contents of my lunch, which consisted of home-made tamales chef'd up by yours truly, onto the kitchen floor at work. I about cried. Took me the better part of the weekend to make those damn tamales.Like Steve said, welcome to Monday.

Well, I've been playing with dasBlog for a week or so now, getting it morphed into the current site design. I am pretty much done, and have it "in the can" if I want to roll it out. But there are a few things about it that I don't much like. And instead of delving into the code, I'm going to have a hard look at .Text, which seems to address just about all those problems. The thing that chased me away from .Text originally was its requirement for an SQL data source. I run...

Did you know both the Marlins and the Cubs have players named Alex Gonzalez? And did you also know I linked to the wrong one in my Blame Game entry from last week?I had a brief moment of confusion as I watched tonight's game (the first I've watched of the Series), and I saw Alex Gonzalez playing for the Marlins. I was like "WTF is he doing there? DIdn't I just rip him a new one about losing the NLCS for the Cubbies on my blog?"

It seems the esteemed gentleman from New York, Mr. Charles Schumer, is pushing for a new "do-not-spam" list, similar to the recently established "do-not-call" list that has been so popular with consumers.Yeah, let us know how that goes.Any time a US lawmaker tries to extend law into the Internet it displays their ignorance of the entire construct. The Internet is not a US-owned and operated entity that will suddenly come into compliance now that some random US law says it must. What if some spammer from Macedonia emails a US citizen that is on the "do-not-spam" list? ...

Doh, those poor Cubbies. I was rooting for them, I really was. Nobody wants to see a team lose in such a fashion, even if they brought it upon themselves. To hear the Cubs and their fans tell it, the blame lays squarely on the shoulders of one Steve Bartman, a 26-year-old Cubs fan who, in the 8th inning of Game 6, attempted to catch a foul ball hit to him, and in the process denied Moises Alou a chance to make a spectacular catch for an out. The Marlins then proceeded to score 7 more runs in the inning,...

I think you know who I'm talking about. Lord help him if the Cubs lose this series. That is all.

So my friends Ron and Heather dragged me out to see Kill Bill on Sunday night. I was hesitant, as I had heard that the movie was a hackfest, with body parts flying this way and that. I don't have a problem with violence, per se, but I do have trouble with this one-up-manship that is going on with the movie directors these days to show as much blood as possible. I blame Spielberg, really. Saving Private Ryan really opened the floodgates on what was OK to show on a movie screen. But hey, I...

The astute among you may have noticed a few random times where my blog has been acting strangely today. Truth be told, I am exploring a new blog backend. I currently use BlogWorksXML, which is an ASP-based blog that I grew fond of because.... well, because it was the only package I could get working at the time. Because of the security posture of my server, I am unable to run PHP sites, which seems to be the scripting language that dominates the blog world today.Unfortunately, BlogworksXML is now defunct, and is no longer being developed or...

On Thursday, Microsoft laid out their plan to secure the users of their products. Unlike the Trustworthy Computing Initiative, which is focused on writing secure code, the new efforts will focus on making the lives of end users easier.Specifically, Microsoft will focus on the following efforts:Enable ICF by default: Internet Connection Firewall, or ICF, is a surprisingly capable personal firewall package built in to Windows XP. Sadly, few people know about it, and fewer still know how to enable it (it's a checkbox, it takes 3 seconds to enable). Microsoft will be modifying future editions of...

The State Department on Friday disclosed that for the first time, a number of web sites are on the US government's "Foreign Terrorist Organizations" list. This makes it a crime to "provide money or other material support to the designated Web sites".I got a question: If I were to, through the course of my research (I'm very interested in cyberterrorism, as my faithful readers know), visit one of these sites, am I guilty of a crime? If they have a banner ad on the site, and it generates revenue for the site owners (who are known terrorist...

On December 16th select theaters across the country will be showing a special Extended Edition Screening of all 3 Lord of the Rings movies. That means that you see in sequence the entire saga in one glorious 10-hour LoTR orgy.If you want to see the Extended Editions on a big screen for the first time, but not all at once, these same theaters are offering The Fellowship of the Ring extended edition starting December 5th through the 11th, and The Two Towers starting December 12th through the 15th.For Seattle, the single theater showing these special extended editions (and...

I spent a good part of the night researching and writing an entry about the job situation in America. I hit Save on w.Bloggar and it chose to just toss the entry instead of actually saving it. The thought had flashed through my mind to copy it and past it into Notepad before I switched from editing the blog to editing the blog template, but I saw the Save button and relied on it. Fuck. I'm not sure I have the energy to go back and write it all over again. But I'm too pissed off to go to bed....

Updated:  David Brownell  John GreerAs always, the BSQUARE Alumni Page is found by clicking the link at the top of this page, or by clicking THIS.

When Jeremy is posting more often than I am, people start wondering if I'm stuck under a rock or something.... with no pocketknife. Call off the dogs, gentle readers, this blogger is still breathing, and I still have both my arms.Truth be told, I'm motivationally-challenged at the moment. I can't seem to get motivated to write about the things that I have been meaning to write about. I meant to write about the Verisign situation, but that resolved itself while I was procrastinating. I had advance word of what is now known as the QHOSTS virus,...

Well, I'm stuck on this baseball theme, so I might as well go with it. The viewing of the following baseball movies should be mandated by law, in this blogger's humble opinion. Furthermore, it should be against the law to speak ill of these movies within earshot of... well, me at least. Consider yourself warned!The SandlotBull DurhamField of Dreams61*The Pride of the YankeesThe Bingo Long Travelling All-Stars & Motor KingsThe NaturalEight Men OutDamn, half those movies have James Earl Jones in them, which is kinda odd... I never pictured myself as a closet James Earl Jones...

Over the weekend spammers took out 2 more blacklist sites with DDoS attacks similar to those used to destroy Osirusoft and monkeys.com. The targets this time were the blacklist operators at SORBS and OpenRBL.Once again, law enforcement is nowhere to be found, so these attacks will surely continue until the spamming community has taken out all the blacklist servers on the Internet.

You probably don't realize it, but there is a full-blown cyberwar going on between the spamming community and blacklist services who are trying to keep them off the net. Blacklist services keep a list of email gateways that are known spam relays, and many mail systems can be configured to check the lists prior to accepting email from a server. These "blacklists" as they are called, have made life a little more difficult for spammers, forcing them to seek out and compromise more email systems to sustain their spamming needs.Several weeks ago, one of the most popular blacklists,...

So by now, you all know about my penchant for bookstores, and how I have to consciously keep myself out of them lest I buy 2 of just about every book in the computer section.Well, there is another place that has potential to get me into just as much trouble, if not more. And that place is Fry's Electronics. If you are not familiar with Fry's it's a huge (think Costco) electronics superstore.Luckily, the closest Fry's to me was in Portland, which is about a 3-hour drive away from Seattle. Not convenient, right? It's not like...

Whoa. The biggest name in high-end desktop graphics is making the leap to handheld graphic processors. According to this news.com article, Nvidia has recently shipped a new processor specifically designed for handheld devices like cell phones and hendheld gaming systems. The new chip can process eleven 1.3 megapixel pictures per second, and is 25x faster than the processor in the Game Boy Advance.This is great news, the lack of a serious graphics processor has, in this blogger's opinion, been a major roadblock in the convergence of gaming and cell phones.

Check out this article in The Perfect Vision Magazine about Microsoft pushing some very high quality HD content out for Windows Media Player. The reviewer said the WMP version of T2 (included on the special edition that was recently released) actually looked better than the DVD. Interesting.

After reinstalling with a more generic video solution selected, I was able to install the right drivers for my geforce card and now have Linux working. I spent a couple hours trying to get the original installation to boot into text-mode, but for whatever reason none of the things I did worked. Even though now, with a working installation, changing those settings has the desired effect.Anyway, after spending the better part of a day getting Linux on my laptop, I am now regretting putting it on the hard disk that is flaky. It was such a pain...

I'm annoyed by Windows Update (WU). I get annoyed by a lot of things, but today I'll stick with just this one. I'm making no promises about tomorrow, so don't get excited.Have you ever loaded up a clean install of Windows XP, and then run Windows Update (which should be the first thing you do. Don't make me come over there!)? Have you ever noticed that there are like 33 critical patches that you have to apply? Have you ever noticed that nearly ALL of them have the same exact description (say it with me...

I told you I had an unhealthy relationship with bookstores. In addition to Steve's book, I also got a new book on Red Hat 9. I had to replace the hard disk in my laptop over the weekend, and I think the old disk might be useful as a "I don't care if it dies again" place for a Linux installation. So I picked up the Red Hat Linux 9 Bible on the way out of the book store. OK, ok, and a magazine. But that was ALL, I swear!

So 3 hours of feeding the Linux CDs into my laptop, it finally finished installing.I am staring at a completely blank screen.Yay...?

I spent some time reviewing the video of a recent talk Microsoft CEO Steve Ballmer conducted down in Silicon Valley on Monday. I have been wondering what MS was going to be doing with the antivirus technology it purchased from GeCad a few months back.Initially I thought they might go and integrate it into Windows, yet another in a string of great products that gets glommed into the OS as a permanent feature. However, after reviewing Ballmer's recent statements, I think Microsoft is pursuing the development of an antivirus appliance that sits outside the firewall and intercepts virii...

My friend Steve had his new book show up on a warez site recently. This really bums me out. I know some of the sacrifices Steve made to make this book happen, and it saddens me to know that some miscreant warez pirate is stealing from him and his family. Authors are lucky to even break even on a book, much less make a profit. This is exactly why I don't participate in Kazaa and its ilk. Even though I detest the music industry with every fiber of my being, I recognize that the product they sell comes from people just like...

As I reported back in July, Linux continues to grow as the target of choice for hackers. The most recent study puts the ratio at 67% of successfully penetrated servers are now Linux, and 23.2% are Windows-based.I think this gap will only continue to widen. As the "Linux is more secure" propaganda continues to suck in people with fewer and fewer Linux admin skills, the number of poorly-configured (read: vulnerable) Linux boxes will continue to rise. The vast majority of Linux distributions are not secure out of the box, just like Windows is not secure out of...

Not sure why I have sat on this site for so long, it is useful for the home user. It details how to enable the built-in firewall capabilities of your OS, if it has it. It also walks the user through the update process and a few other things.If your OS does not have built-in firewalling capabilities, you should consider upgrading to at least Windows XP. But the site does give some good tips for those running older operating systems as well, so it's still worth a look.If you are a home user, you should go through...

Just when my disgust with the recording industry was starting to fade (it's torture to not go out and buy Warren Zevon's last album, honestly), they go and sue a 12-year-old girl and her single mother who both live in a project in New York City (2 days prior to the 9/11 anniversary, even). They extorted $2000 from this nearly-homeless single mother and her daughter, in exchange for dropping the lawsuit.Let me guess, the poor kid's deadbeat dad works for the RIAA?I haven't bought a CD in months, and I sure as hell don't feel like buying any now....

Microsoft today released an updated patch for the RPC problems originally addressed in MS03-026. The new patch, dubbed MS03-039 supercedes MS03-026.I am trying to determine if the new patch addresses the attack vector that still remained after applying MS03-026. X-Force was not credited in the advisory, and there is nothing on X-Force's web site about the new patch, so I am not sure. Regardless, this is a critical vulnerability, similar in scope to the one exploited by Blaster. You know what to do. Patch!UPDATE: According to CERT, the new patch finally addresses the previously-unmitigated...

Today Scott Bufkin announced he will be leaving BSQUARE at the end of the year. Scott has been the brains behind the Professional Engineering Services (PES) division at BSQUARE for many years. He is well-loved by the people who work(ed) with him, and a lot of folks were surprised he didn't get the nod for CEO when Bill stepped down. This is a tough loss for BSQUARE.

Hello folks. Just a friendly reminder that Microsoft is no longer providing patches (including critical security updates) for Windows 95 or 98 as of July of this year. If you are using either of these operating systems you need to upgrade to at least Windows ME (preferably Windows XP, for our home users) ASAP in order to continue getting regular security updates from Microsoft. NT4 is reaching End-Of-Life too (Workstation support was killed this past July as well, but security-related hotfixes for the Server variants will continue to be provided until the end of 2004). You can view Microsoft's product lifecycle...

Another idiot who took the original Blaster code and tweaked it just enough to incriminate himself was arrested last week in Romania. Talk about a moron. Still no word on Blaster.A author.

In a recent article posted by SANS, the idea is floated of moving the security perimeter out to the ISP in the case of home users. The ISP would by default block commonly-abused ports like tcp/135 by default, thereby acting as a firewall for all their customers. While this idea is not new, I think it will gain some traction this time around. It has become obvious to many of us on the front lines that we cannot rely on home users to secure their own systems. Too much is at stake.

Just because I'm paranoid doesn't mean everyone is NOT out to get me. I have to admit to feeling a bit vindicated in my (even in my mind) crazy theory about cyberterrorism being a major factor in the recent blackout in the Northeast when I read this story from Reuters about the ongoing House investigation into the incident. Of particular interest was the transcript of the First Energy NOC operators as the problem began. Several hours prior to the blackout, a First Energy operator is heard telling an operator at another facility: "Our computer is giving us fits, too. We don't even...

Adds:  Dan O'Brien  Von KaneshiroUpdated:  John Greer (new contact info) The BSQUARE Alumni Page is still found HERE, or by clicking "BSQUARE Alumni" at the top of this page.

We're home, the honeymoon is officially over (the real one, the proverbial one is still going strong). I will say that Alaska was... underwhelming. It was alot of stuff that we are already fortunate enough to see here on a daily basis in Seattle. It really made me appreciate the wonders of my adopted home town, and I am happy to be back in good ol' Seattle. I am working on a travelogue of the trip, and will post it either today or tomorrow. I would like to extend our heartfelt thanks to those of you who came to the wedding. Jessica and...

I'll be on a boat somewhere off the coast of Alaska for the next few days, innoculating myself against the Norwalk Virus (or contracting it, one or the other). As some of you know, I'm getting married tomorrow (well, my fiance is getting married too, technically), and we are leaving immediately on our honeymoon. Unless things go badly, in which case my best man is holding for me a 1-way ticket to France. So I will be away from my keyboard for about a week (which is what /afk means if you haven't joined the rest of us in the new...

As I reported previously, the Java Anonymous Proxy (JAP) had been secretly backdoored by a German court order requested by the German equivalent of the FBI. A new court order has suspended the original request, and according to JAP the backdoor has been disabled after recording a single log entry. That's nice, but the genie is already out of the bottle. Now that we know it's possible for government agencies to request secret backdoors of this sort, nobody will trust anonymizers ever again.

While automatic patching has been a feature of the Microsoft platforms since Win2k, nobody in an enterprise environment ever uses it. Why is that? I'll tell you: Half-Baked Patches: More than once, patches are pushed out so quickly they are not properly tested. This makes IT guys very nervous. Take for instance MS03-010, which broke a lot of ASP web sites once it was applied. How about MS03-007? And I have to take my shoes off to count the number of patches that have broken various Terminal Server implementations.Unnecessary patches: Any decent admin does not surf from the console of his...

According to this article on SecurityFocus, the US government is paying the anonymity site Anonymizer to maintain a special site for Iranians to subvert their government's censorship of the Internet. Yes, that's right folks. The US government is denouncing censorship globally, while trying to force it onto its own citizens at every possible opportunity. Bizarre is the only word I can come up with to adequately describe this debacle.

If you've been paying attention, you know that I have a crazy theory that the recent blackout in the Northeast was a direct result of cyber-terrorists. And until someone proves me wrong, I'm sticking to my guns. However, according to this article in the WorldTechTribune Microsoft is working with the FBI to determine if either of the recent viral outbreaks (SoBig.F and Blaster) were also coordinated terrorist acts. Umm, no. Blaster was poorly written to begin with, and delivered no malware to speak of. And is a DDOS against Microsoft's Windows Update site really going to impact the world economy? Come on....

This was released in late July. Worth a gander. Get It!

Added:  Diane Allerdice  Steve Leytus Welcome!

(Repost due to previously mentioned operator error):Yeah, I know I said I'd give it a rest for a few days, but READ THIS! Apparently the nuclear power plant had a T1 line to the Internet that was bypassing the firewalls (because firewalls get in the way, you know). The result: The systems monitoring the most critical aspects of the plant (core temperature, etc) were disabled for nearly 5 hours. On a side note, this plant is operated by the fine folks at FirstEnergy, who are now the focus of the investigation into the recent blackout in the Northeast. If anyone needs me,...

So I realized the mistake I made on Friday that caused the loss of 2 days' worth of blog entries. On Wednesday, I started updating one of my existing entries for the day, and then just never got around to finishing it up... and left the w.Bloggar window open. On Friday, I used that same machine to submit an entry, but thought that what was on the screen from before was a *new* entry, and told myself "oh I finished that entry on my laptop". So I promptly deleted the contents and proceeded with my Friday entry about JAP. Unbeknownst to...

One night accomodations at Semiahmoo Resort: $219Dinner for 2 at Stars Restaurant: $110Drinks on the deck, watching the boats go by: $50Spending some quality time with my wife-to-be before the families descend upon Seattle for next weekend's nuptuals: PRICELESS Jessica and I took a selfish, but much needed break from things on the home-front and spent most of the weekend up in Blaine at Semiahmoo Resort doing next to nothing. Starting Tuesday friends and distant relations will start pouring into town in preparation for the wedding on Saturday. We have 3 dinners to host on Wednesday, Thursday and Friday, plus some...

Paul over at E2kSecurity.com posted about the *really* big security story that was drowned out by Blaster. The fact that the primary distribution center for the FSF was compromised by a hacker who had full root access to it for up to 6 months. Now consider that this distribution site is where everyone gets Linux drops from. Even the mirrors ultimately get their bits from this site. A hacker may have implanted trojaned code on the site and had it included in nearly every distribution of Linux built over the past 6 months. For example, the gcc compiler, which is...

This is HUGE. The Register is currently running a story about popular anonymity site Java Anonymous Proxy (JAP) being secretly back-doored by a German court order (JAP is located within Germany). Apparently, a few weeks ago, JAP suddenly went dark. The site said they were upgrading server hardware, and would be back in a few days. They also said that once service was restored, a new version of the JAP client would be required in order to continue using the service. What they failed to tell the consumers, is that the new client was trojaned (by JAP), and contained a secret function...

Something strange is going on with my blog. It just ate my posts since Wednesday, and thinks the entry I wrote today was written 2 days ago. Sweet, my own personal time machine! Now I just need to figure out how to set it to Sept 10, 2001... Oh, watch this! I predict my blog will go bonkers on Friday the 22nd, and I will have to rewrite 2 days worth of entries. Watch out Miss Cleo!

Apparently it's not the bad movies that have killed Hollywood's profits this season, it's those damn kids with the mobile phones! It couldn't be the fault of the product, not with sure-fire gems like Gigli (Reviewer: "And the dialogue - sweet, screaming Jehosephat, it's awful"). According to this article, movie studios have always been able to count on "buying" big opening weekends before the word got out to the masses about what a steaming pile of excrement their movie was. But now the masses are connected baby! Careful kids, I wouldn't be surprised if the MPAA lobbies to outlaw bringing...

Let me make one more point about this cyberterrorism issue, then I'll let it rest for a day or two (promise!). Fox News is reporting that sabotage cannot be ruled out as a source of the Blackout. The odd thing is, the government says terror *has* been ruled out, but the possibility that a hacker caused the damage cannot be so readily dismissed. Am I the only one who finds this disturbing? Has our government suddenly forgotten what "cyberterrorism" is? Computer + Terrorist = Cyberterrorism. If you cannot rule out a computer-based attack, you cannot rule out terrorism. Period. End of story. A...

On Thursday the 21st, Microsoft will be doing a webcast entitled What Network Administrators Should Know About The Blaster Worm. So if you've been cowering under your desk the past week, waiting for some direction from Microsoft on what to do with all your infected systems, you should attend it. And then fire yourself.

I know it must seem like I spend most of my day cowering under my desk, waiting for the terrorists to hack my light switch and put me in the dark, but really that's not the case. Honest! This past weekend was full of non-terrorist goodness. Well, I take that back. Me and 100 of my closest biker friends went out on Saturday and terrorized large portions of the population during a poker run the South Sound chapter of the Southern Cruisers was hosting. My bike has a pretty loud exhaust on it, but I couldn't hear it all day Satuday...

In a bizarre twist, one of the newest variants of MSBLAST (and there have been at least a dozen variants found in the wild so far) reportedly uses the same RPC hole to instruct the target system to download the MS03-026 patch from Microsoft. In effect, it's a worm that whacks itself. Spiffy. Update: I know of at least one network that is running dog-slow as a result of the new benevolent worm (dubbed Nachi), while it tries to seek out infected hosts on the same network. The IT guys are not as enthralled with Nachi as I am, I'm thinking.

I'm sorry, but they can't really expect us to believe that a lightning strike (*cough*clear skies in Niagra last night*cough*) hit at just the right place to knock out power to 20% of the population of the US? Is our power infrastructure really so fragile?? I don't buy it. I think what we have here, if the government ever comes to admit it, is the largest case of cyberterrorism in history. Frankly I'd rather it be that than know that our nation's power grid is so fragile that it can't survive a simple hardware failure without dousing an entire quadrant of...

As I (and others) predicted, a new variation of the MSBLAST worm has been found in the wild. According to Kaspersky Labs, the new variant is mostly a copycat of the original, merely renaming the worm executable to "teekids.exe" (as opposed to "msblast.exe"). How disappointing. I was hoping for something a little more imaginative from our black-hatted friends than simply renaming the executable. I have faith though, it's coming. Wait until it's modified to use the RPC attack vector that MS03-026 doesn't address... It's only a matter of time.

I went and dug up some additional information about the unmitigated attack vector that remains on Win2k after applying MS03-026. CERT has an advisory HERE that gives a brief overview of the problem. Proof-of-concept code from the Chinese group X-Focus is linked within that advisory (which obviously means this exploit is currently in the wild). As the CERT advisory states, there is no known patch for this problem, you MUST exercise due diligence on your perimeter (both in AND out).

If rumors are true, Comcast has slipped us Seattle-ites some new Hi-Def channels. I can't wait to get home and see for myself.

It's been a long day. I had performed scheduled maintenance on my servers in the Lab 2 weeks ago to install the RPC patch (and a couple others), but invariably a system gets left off the list. I had 3 systems that for various reasons remained vulnerable to Blaster once it made it past my perimeter (thanks infected laptop users!). But our IDS systems had those machines flagged by the time I got into work this morning, and we got them patched up. One of the systems was reinstalled without the developer telling me, and they did not bother with...

Ever since I wrote that last entry about 193 candidates for governor, I can't get the image of having to scroll through all those names on a ballot out of my head. And naturally, anything relating to scrolling immediately conjures up a StrongBad reference (warning: audio). Carry on.

As of 20 minutes ago, a brand new worm exploiting the recent DCOM vulnerability in all versions of Windows (except ME) broke out and is slamming the Internet pretty hard right now. Unfortunately, MS' patch doesn't actually resolve the exploit on Win2k (contrary to what the Technet article claims), and no word on when they will have it fixed. In the meantime, block outbound requests for udp/69 (tftp) at your perimeter, which should prevent any machines susceptible to this exploit from fetching the worm code and executing it. Update: News.Com has picked up the story. This has the potential to be bigger...

So on Saturday, 3 weeks prior to the wedding, we finally hired a photographer. None of the ones people recommended worked out, mostly because they were booked solid. The ultimate winner was Richard Bush Photography. He's been doing photos for 20 years, including a number of them at the winery. He also charges sanely ($1250 for 4 hours of his time, plus $50 per roll of film used), and we retain full ownership of the negatives and stuff. After meeting with him on Saturday, and seeing his work, I'm pretty excited to have him on the team.

Remember I recently posted about the willies I get when I ponder the thought of electronic voting. Well, it seems that my case of the willies is spreading to others, and now some local governments are having second thoughts about this whole electronic voting concept. The Washington Post ran an article today about the growing concern over the Diebold voting systems, and their reported vulnerabilities. Seems North Dakota is holding off on their e-voting system indefinitely, in light of the recent flurry of security concerns. However, many counties and municipalities are going right ahead with their plans. Hmm, 193 candidates for governor...

Added:  Kari Scully  Paul Tram

One of my favorite sites, SecurityFocus, today published part 2 of a two-part column on blogs, and their relevance in the security realm. While I was not enthralled enough by Part 1 to make mention of it when it was published, Part 2 is quite informative. It lists a good number of security-minded sites, both corporate and individual. Some of them you might already recognize as an established member of my security link list on the left, but there are some new sites that are worth noting:www.djeaux.com's RSS feed of 15 popular security mailing listsMicrosoft RSS Feeds Also make note of the...

Back in the day, people would pay a premium for Logitech gear, and I guess they still do. And honestly I've always held them in high regard when it comes to keyboards and mice, but I've finally come to realize that they just aren't cutting it any more. My office is quite literally a keyboard graveyard. I have at least 4 different keyboards strewn about as I look around right now. And they are all different, which is why I have them all to begin with. Some are "natural" and some are not. Some have the navigation keys (Home, end, page...

C|Net's News.com is reporting that Novell plans to cease development of the Netware platform in favor of providing their award-winning directory technologies to Red Hat and SuSE Linux users. It's quite an about-face for Novell, seeing as how they openly considered Linux an enemy just a year ago. As a one-time Netware admin, I'm quite surprised. After lasting as long as it did, I kinda expected Netware to live on forever. Even though nobody I know would touch it with a 10-foot pole.

Added:  Chao Chen  Ken Fridley Updated:  Brett Schaefer  Keith Breinholt

So my faithful readers know that I bought a big-ass HDTV a week ago. I have to say, HD content is cool. Very cool. But there's not nearly enough of it. Comcast currently offers 2 whopping channels of HD content (HBO and Showtime, of which I only subscribe to HBO). And then you get a couple special Mariners games broadcast on HDTV per month (which, let's be honest here, is Reason #1 for me getting HDTV). But when you find yourself watching Kung Pow: Enter the Fist, just because it's the only HD content currently on, something is horribly wrong. And...

Added:  Brett Schaefer  Paula Tomlinson  Roy Dean Updated:  Glen Furnas  Jani Dikkala  John Crawford I also finally completed the conversion of the Alumni email addresses to bitmaps, to prevent them from being harvested by spammers. Please let me know if I made a mistake on your email address and I will fix it ASAP. Alumni page can be found HERE, or by clicking on the link at the top of the page.

Every time I ask a group of people for some suggestions of fantasy books to read, invariably someone will offer up Robert Jordan's Wheel of Time series. It has such a devout following that I eventually picked up the first 3 copies from my local Barnes and Noble to read while I was on a long vacation to Utah earlier this year. Ugh, what a mistake. I have just finished the third book, after struggling through it for about 3 months. Maybe I'm just not bright enough to "get" his writing style, but the books seemed very disjointed to me. The...

On Monday BSQUARE will be laying off somewhere between 12 and 14 people. A few old-timers too, but I won't mention names here (refer to my Play Nice Policy). You know, I've been digesting this whole "Bill" reorg for the past week, and I have a crazy theory. What if Bill was moved into the Maui top spot in preparation for spinning it off? That would unshackle the ball and chain that is Maui from the money-making portion of the business (PES), and allow BSQUARE proper to return to profitability. It would also let Bill ride quietly off into the sunset...

C|Net's News.Com is again reporting on the IPv4 crisis that isn't. In the article, experts claim that the US doesn't care about IPv6 right now because the "US alotment" is sufficient to carry us well into the next decade. However, again according to the article, the rest of the world is screwed because their individual alotments are all running out. Could it be that the US isn't paniced over the situation because those in the know recognize that this IPv4 crisis is a complete fabrication (as the very same News.Com reported just last month)? Once you consider that this whole "geographical...

According the British research agency Mi2g, for the second quarter of 2003 successful Linux hacks exceeded successful Windows hacks for the first time since they have been keeping score (since 1995). For the 3-month period of March-May, Linux was attacked successfully 19,208 times, compared to 3801 successful Windows attacks during the same time period. If you want to read the full report, you will have to buy it from Mi2g. However, The Inquirer ran a related story, as did Geek.com. Mi2g blames the problem on the misconception that Linux is secure "out of the box", which in most cases is simply untrue....

A week or so ago, I went had lunch with an old acquaintance of mine from my BSQUARE days, Al Dosser. Al was the wisest and most likable of the 3 founders by far, and continues to be someone I look up to, even though we have both been gone from BSQUARE for years now. Anyway, during our lunch I had the chance to see his new plasma HDTV in all its high definition glory. Ever since then, I've been jonesing to get my aging 32-inch Sharp TV (not even flat screen, much less HD) replaced with something a bit more...

Bill steps down as BSQUARE's Chairman and CEO. I heard some big changes were going to happen, but I didn't think it would be this drastic. Update: Bill will now be focusing solely on Maui and related products. Cash flow was positive ($900k)for the quarter, but only the result of a couple significant one-time events (a $2.4M tax refund, and a $1.5M litigation settlement). 3rd quarter will be interesting.

Hey Beau: Check out these wedding photographers people have suggested when you get home:  Brides Keep Negatives (dot com)  Doucette Photography Keep it real, dog!-Beau

The security world is all "abuzz" today about yesterday's announcement from a team of Swiss researchers that they have come up with a way to exploit a 9-year-old Windows password exploit 7 times faster (14 seconds instead of 101 seconds...yay?) than existing tools. The Swiss must be bored as hell. Sadly, most news portals are treating this like some new critical vulnerability in Windows, and the *nix crowd is in its usual feeding frenzy. How about some facts? In order to crack the passwords, you have to somehow obtain a copy of the LanMan (LM) hashes, which (if they exist at all)...

I have to marvel at the hypocrisy of people sometimes. There has been an absolute uproar over RFID technology that is currently being considered by warehouses and large stores to track inventory levels and reduce shoplifting. And cell-phone tracking for users dialing 911, OH MY GOD that was the spawn of Satan himself. But you'd think Steve Wozniak is a conquering hero by the love fest his PEOPLE-TRACKING TECHNOLOGY is generating. Just take one step back for a moment, from kissing the Apple co-founder's butt, and imagine the millions of ways this technology can be exploited to do some really nasty things....

bmonday(dot)com is now running Windows 2003 Enterprise Server.... on a Celeron 700 that I bought from TigerDirect for like $199. Don't laugh, it runs surprisingly well! Frankly, I was surprised the installation didn't look at the processor and pop up "You're kidding, right?" I did end up boosting the memory to 512 megs a month or so ago, but that was purely so I could continue to run the leaky-as-all-hell Matrix Screen Saver on the army of 10-inch monitors that cover my desk (yes, I have 4 monitors on my desk, PURELY so they can all be displaying the Matrix...

Jessica and I treated our friends Ron and Heather to a night at the movies and dinner at our favorite Issaquah steakhouse (which will remain nameless, since it already takes 2-3 hours to get a table there on a Saturday night. Yeah, I'm selfish like that.). The movie of choice was Pirates of the Caribbean starring Johnny Depp and Orlando Bloom. I had pretty low expectations of this film, since I really could not picture Depp pulling off a mean and surly pirate character, and I have a hard time seeing Orlando Bloom with ears that don't get all pointy at...

So everyone I know seems to have had nothing but bad experiences with wedding photographers. Apparently the majority of these folks are right above ambulance-chasers and reality-tv producers on the List of People We'd Like To Launch Into The Sun. If anyone has had a good experience with a photographer in the Seattle area, I'd appreciate a comment. Thanks.

Lance Spitzner (used to drive a tank, personal hero of mine, yada yada) today published a paper on SecurityFocus that deals with the concept of HoneyTokens. The term "HoneyToken" may not be familiar to you, but the concept has been around for quite some time. Hospitals often plant bogus records (John F. Kennedy!) in patient databases to see who might be snooping around and violating patient confidentiality. That is a prime example of what is now being defined as "HoneyTokens". By the very nature of the record, ANY attempt to access it is by default unauthorized. The same concept can...

Your life will not be complete until you watch the following excerpt from a Japanese television show. It's a couple of guys doing a Matrix-esqe ping pong demonstration. Click me!

Quick: What is projected to be Nigeria's 2nd largest industry in 2003? If you answered "Nigerian Email Scam" (or "419 scam", or "Advance Fee Fraud"), you're correct! It is estimated that in 2003, the perpetrators of the scam will bilk about $2 Billion dollars from gullible victims around the world. It's gotten so bad that British intelligence agencies report seeing as many as 5 Americans waiting in hotel lobbies to meet people connect with the scam. Here's how it works:The scammer sends spam (either email of fax, or sometimes even snailmail) to prospective victims, promising them a 30% cut of some...

I've been slacking on updating the Alumni site (I know, how uncharacteristic of me!), so I dragged my butt outa bed early this morning to get them done: Adds:  Paul Richter  Scott Barrow Changes:  Brett Waldbaum  Chris Ashton  Julie Trygstad  Stacy Heinemann  Tor Trygstad Also updated the link for Chris MacGregor's Alumni Mailing List The BSQUARE Alumni Site is located here.

Microsoft today released a technology preview of the 2.0 version of the Web Services Enhancements (WSE) package. WSE adds a number of important features to web services, primarily security-related. If you write web services, you should definitely keep up on this stuff.

An interesting thread developed over the weekend on BugTraq about a flaw in IE (all the way up through version 6 SP1) revolving around the exploitability of "chromeless" windows. Chromeless windows are screen objects that do not have the normal borders and other controls attached to them. As such, they can easily be placed anywhere on the screen, and (here is the problem) be made to obscure or even change important messages from the system. I present, for your consideration, the following web site (it is not malicious, but you must wait for the ActiveX control to finish loading): Exploit Demo. If...

One of the most respected white-hats is hanging up his six-shooter and riding into the sunset, according to this eWeek article.Rain Forest Puppy, or rfp for short, was one of the most creative hackers (in the good sense of the word) the security industry has ever been blessed with. He pioneered guidelines for responsible disclosure. Some of the earliest flaws in IIS were a direct result of rfp's dogged (pardon the pun) and creative approach to trying things that had never been tried. rfp also wrote and freely distributed tools that would detect these vulnerabilities, including the ubiquitous Whisker (while...

My Internet connection went to lunch on Sunday and never came back. Comcast was out today and fixed it, so I'm back online. I have been trying for months to get something a little more appropriate here at the house, to host my web server and stuff. But I'm 15,000 feet away from the nearest switch, and nobody seems to be able to drop DSL of any flavor into the house. I even tried ISDN, but never could get that to work, after spending $2,000 in hardware and consulting services. Qwest is still trying to collect $500 from me for 3...

The Honeynet Project has recently published an interesting paper on automated credit card fraud, and how this particular underworld operates. Identity theft and credit card fraud are both booming businesses that have been helped enormously by the continued growth of online commerce around the world. But that's not the bad news. The bad news is: They're organizing.

I disabled the asp code that was stripping out the formatting. It's an ugly fix, but better than nothing. I will work on BlogWorks' suggested fix some more, my initial efforts were unsuccessful.

There is a huge flaw in the HTML Converter that allows remote code execution across all Windows desktop and server platforms. Details are here, but the KB article (Q823559) has not yet been released. However, you can follow that link to the patches, which are now available. This is a doozy.

Seems the FDA has finally stepped in and compelled food manufacturers to include information about how much trans-fat they are adding into their products. Trans-fat is at least as dangerous to your health as saturated fat, which is one reason I surprised myself and others when I applauded the recent Oreo lawsuit in California. Normally I abhor these types of silly lawsuits, but this time I felt the guy had a point. Dangerous chemicals are put into our foods, and the FDA has done nothing but sit on the problem since the dangers of trans-fats were first brought up for...

Now that I have an RSS reader, I took a look at what I was publishing from the site here. I was dismayed to realize that all the formatting gets stripped in the process of generating my RSS feed, leaving a huge glom of unformatted text for my loyal readers to trudge through. Seems a feature in BlogWorksXML strips all HTML formatting besides links from the RSS 2.0 feed to make it more compliant with the RSS spec. There is a post on the BlogWorks messageboard on how to change the asp code to work around this. I'll get to...

I hope everyone had a safe and happy 4th of July this year. Jessica and I didn't do much of anything, besides prepare for our engagement party scheduled for the following day. The party went better than I had hoped, a lot of people showed up. I'm sorry that I was too busy grilling and stuff to talk to everyone who came. I think we had about 50 people pass through the house at various times during the evening, which was a fantastic showing. Jessica and I are really blessed with a lot of good friends. Sometimes you don't realize...

My initial RSS subscriptions include a couple gems relating to Microsoft: http://www.thundermain.com/rss This feed tracks changes to the Microsoft Downloads site http://msdn.microsoft.com/aboutmsdn/rss.asp This link lists a number of feeds on the MSDN site that you can subscribe to, including one focused on security Thanks go to Susan Bradley via NTBugTraq for pointing these out. Enjoy!

So I came across this NTBugTraq message over the weekend that listed a number of really nice RSS feeds at Microsoft. One of them is actually a feed managed by a third party, but the content is derived from the Microsoft site. Anyway, the list of RSS feeds in my head continues to grow, and has long surpassed my ability to remember them. So I thought back to a conversation I had with Steve and Jeremy about this Outlook plug-in called NewsGator that could bring RSS content right into your Outlook client. I'm surprised I remember much of anything about...

Lance Spitzner (personal hero, drives a tank? Do I really need to go over that EVERY time??) recently posted a link to a paper written by Georgia Tech about how they have used honeypots to detect malicious activity on their 30,000+ node network. The honeypots were able to detect activity that had snuck past other IDS countermeasures, and were very effective in detecting systems that had been compromised. It's an interesting read.

According to this CNET story, HP is sending a batch of Alpha architects over to Intel to help them with their 64-bit processor development. For those of you who do not know, Alpha was the dominant 64-bit processor in the 90's (made by DEC, who was later bought by Compaq, who then merged with HP). The chip's performance was always very good, but 64-bit software wasn't as available as it is today, so the processors didn't sell as well as DEC had hoped. This story is interesting to me, since I spent 2 years working at DEC on the Alpha...

My fiancee (pointless sidebar: Fiancee is female. Fiance is male. Carry on.) and I went to look at a couple wedding locations today. Our primary plan is to have the wedding on the cruise ship while it is docked, then kick everyone off and sail into the sunset for our honeymoon. However, we're covering our bases in case something falls through with that plan by looking into a couple other sites. I had also read an article in The Seattle Post-Intelligencer last week saying that cruise ship business in Seattle is being hurt by the fact that Terminal 30 (where...

Added Aaron McLin Updated Steve Makofsky

WebTalkGuys recently did an interview with one of my personal role models in the security realm, Lance Spitzner. Lance is a senior security architect at SUN Microsystems, a founder of the non-profit Honeynet Project, author of a fantastic book on honeypots, co-author of a fantastic book on honeynets, and can drive an M1A1 Abrams tank. I'm just glad he's on our side!

Thanks Steve for pointing out a new Windows 2000 Hardening Guide on TechNet. Great stuff indeed.

I have to call "bullshit" on the report put out by the ICC recently, that claims 60% of cybercrime originates in the United States. Anyone on the front lines can tell you this is complete BS. The US may lead the world in *reported* cases, but that's because the US is becoming more strict about publicizing intrusions. I read IDS log files every day, and Asia and Eastern Europe top my list. Where the hell is Macedonia anyway?

The only good thing about waking up at 4 A.M. with a hangover is that I get to watch Imus in the Morning, which is about the only compelling program on MSNBC these days. I lived in New York for a few years and listened to Imus every morning on WFAN. WFAN was (still is, I imagine) a sports radio station, which Imus was fond of pointing out during his 4.5 hour show ("4.5 hours of quality radio, followed by 19.5 hours of pointless drivel", I think is how he put it). Do they still play the "quack quack" whenever...

CNET's News.Com is reporting on today's speech by Microsoft's Chief Security Architect Scott Charney at TechEd. The article reports that the former Justice Department cybercrime chief wants to pare down the patch deployment methods from the current 8(!) to 2 by the end of the year, with a target of 1 by the time Longhorn arrives in 2005-ish. As someone who has to apply patches to upwards of 30 servers weekly, I applaud this effort. Hopefully they come through. On a related note, Microsoft also launched 2 new security-focused certification extensions available to the MCSE and MCSA crowds. Too bad home users...

I'm on the verge of a rant here about the furor over the first security patch affecting Windows 2003. Some sites are calling it "embarrassing", which, in this blogger's opinion, borders on irresponsible journalism. Guess what. Patches are a good thing, ok? I remember a time when it was Microsoft's goal to put out a Service Pack *quarterly*. But they took so much flak in the press for updating "an obviously flawed" product that we're reduced to this individual patching nightmare that we have to put up with today. <sarcasm>Thanks, much better!</sarcasm> Criticizing MS for putting out patches is assinine....

The Organization for Internet Safety (OIS), of which Microsoft, Caldera, and a bunch of security heavy hitters are members, have just submitted a new proposal suggesting a different approach to disclosure. The disclosure debate has raged (and raged, and raged!) for years now, and is always one of the hottest topics in the security community. OIS is actively soliciting feedback from the security community on the draft of their proposal to delay the disclosure of proof-of-concept code until the affected customers have had a chance to schedule downtime and apply the appropriate patches.

I tried to make the strawberry pudding from the Strawberry Sky episode of Good Eats. Seems a simple enough recipe, I've mastered harder ones! This was a disaster. Maybe I used the wrong wine? I might try it with some CSM Gewurztraminer, I think the red wine I used was too strong. Or not enough sugar perhaps? I dunno, at 10-ish hours per attempt, I can only experiment so often.

Is it wrong of me to secretly hope it takes another month for Roger Clemens to get his 300th win? I have nothing against the Rocket, and I'm sure he'll do it eventually. I just think it would be funny as hell to watch him hauling around his 100-person entourage to every one of his games only to watch him fail... AGAIN. I heard Reggie Jackson even flew in from California for the attempt last weekend. I wonder how many times he'll do that. After the 4th or 5th game, I'd be like "I'd love to come see you pitch...

Quick, who is the artist on this CD? Give up? It's RadioHead, OK Computer. Want it? I have 2, actually. "But Beau, how many copies of OK Computer do you need?", I hear you asking (Yes, I can hear you. Watch your mouth). It's because the record companies, in this case EMI, are much smarter than I am. It's bad enough that they sucker me into paying upwards of 20 bucks for a plastic disc that costs them less than 80 cents to produce, but then they don't bother labelling the damn thing sufficiently so that the poor shmuck who...

Welcome to the party boys! Sorry, the beer ran out 2 years ago. It's about time the gubment start taking seriously what whitehats have been shouting from every available rooftop: Cybercrime/CyberTerrorism is a real threat to the security of this nation, and the private sector can't stave it off alone. Conducting acts of cybercrime isn't nearly as hard as hijacking 4 aircraft and flying them into a building. You don't need to recruit some extremist wacko who is willing to strap a bomb to his chest and die for the cause. Al Qaeda has already proven it has the skills...

It seems I can have no other kind of weekend besides busy lately. Saturday I had a little "me" time. My new tabs came in for the Sabre, and I started the insurance back up, so I am legal again. After about a 6-month break from riding, I'm really feeling the pull again. It's strange, for a while there I had absolutely no desire to ride. But now that it's summer again, I can't wait. I swung by I-90 Motorsports in Issaquah and picked up a new half-helmet. It's amazing the difference in experience between riding with a full-face helmet...

My friend and fellow BSQUARE Alum Jeremy Kercheval recently hinted (in his own subtle way) that he wouldn't object to being listed on the BSQUARE Alumni List. So I obliged him :) I also added Eric Hesselgesser. Welcome Eric.

There has been a rather heated debate in the community lately about the new(?) security-focused supplemental certifications that Microsoft recently announced for existing MCSEs and MCSAs. On one hand, some folks are saying security-focused training should be an integral part of the MCSE track already, instead of merely an optional enhancement. Alan Paller, the Director of Research for the highly respected SANS Institute, and a long-time critic of Microsoft's certification programs, points out that the additional security training sessions have been available for years (in some cases), and are just not a very popular choice among MCSE students. It's an...

Warning: What follows will certainly devolve into a rant, and will likely result in frequent cursing. I will try to maintain the family-friendly rating of this blog by using strategically-placed asterisks. But I guarantee nothing, dammit. In a crushing blow to this blogger (and semi-proud owner of 2 ReplayTVs) ReplayTV's new parent company D&M Holdings (makers of Denon and Marantz AV gear) has announced that they are removing pretty much the only differentiating features from their future line of DVRs (sharing recordings, and the ability to skip commercials). F*cking sellouts. I will never buy another Denon or Marantz product ever...

Steve linked to a really cool security news site called HackinTheBox.org. Instead of making blog entries for each of the interesting articles, which could take up the rest of the night, I'll just suggest that you go there and start reading. I could spend all night at a site like that. Great stuff. I'll have to do some further research on their link list too. I have a sudden craving for Jack In The Box. Gotta run.

Security Focus reports on the impact of recent large-scale worms on the Internet infrastructure in this article. As many of us in the security realm realize, the routing protocols being most widely used on the Internet are fragile as hell, and represent (in my humble opinion), the "Achilles' Heel" of the Internet. Government Computer News is reporting a new type of trojan horse recently found in the wild. CERT has not confirmed the report at this time. I'd like to send a big shout-out to @Stake who demonstrated what Responsible Disclosure is all about when they worked with Nokia to...

I know some of you grow tired of me preaching the evils of the home user, and how their always-on high-bandwidth systems are all-too-commonly recruited into botnets and used for evil purposes by Wile E Hacker. But I'm not making this stuff up! I give you Exhibit A: A study conducted recently by AOL and the National Cyber Security Alliance that says 86% of broadband users think they are sufficiently protected from black hats, yet only 11%(!!!!!) actually had adequately secured systems. Millions of poorly-secured systems, with big fat pipes to the Internet, just ripe for the picking. It's no...

Hardly a week passes where someone doesn't ask the security community if Honeypots are legal, or if they constitute entrapment. Lance Spitzner (Personal hero of mine? Drove a tank? Yeah, that guy) posted an article on Security Focus about the legality of Honeypots. Helping Lance on this paper was Richard Salgado, who works at the DoJ and is a frequent contributor on the Honeypots Mailing List, as well as Jennifer Grannick, Director of Stanford Center for Internet and Society. It's a good read.

I swear the people doing security research at Gartner are completely clueless, and are starting to cause serious damage to corporate security efforts by publishing poorly researched recommendations like the one they put out yesterday. The article actually recommends that corporations devote all the money they would have spent on Intrusion Detection Systems (IDS) to firewall products instead. As if the two were competitive technologies. News flash for you idiots: IDS is an auditing tool more than anything else, and it works in conjunction with a firewall infrastructure. It validates your firewall policy, and shows you what is getting past...

Forgive me for not being encouraged by former presidential Internet security advisor (and now eBay's head security czar) when he goes on record saying (and I quote) "Soon we'll see a zero-day exploit". Uhh, where the hell have you been, pal? It should be common knowledge that black hats are often using expoits in the wild well before white hats have discovered them. In fact, a good percentage of zero-day exploits are discovered by honeypots and IDS systems as they are executed against target networks. eBay is so screwed.

We'll get the rare opportunity to talk to Mike Nash, VP of Microsoft's Security Business Unit. The chat will be on June 16th, at 17:00 GMT. You can go HERE for more information, and to log into the chat room. Now why do I have to read a 12-page legal agreement just to log into a chat anyway? Sheesh. I think I'll just wait for the transcript.

I admit it. I'm a fan of Zone Alarm. It has consistently earned top honors in the personal firewall class. With version 4, Zone Alarm now adds email scanning abilities (inbound and outbound), a popup blocker, and IDS-like reporting capabilities. They have also enhanced the granularity of the firewall controls, allowing geeks like me to fine tune the protection. Best 50 bucks you can ever spend for your computer, especially if you don't have a real firewall sitting between you and your internet connection. If you can't spare the 50 bones for the Pro version, at least grab the free...

Seems I wasn't the only one who thought Gartner's recent analysis of the state of IDS was complete bunk. Gary Golomb, an engineer at Enterasys (an IDS developer, mind you), and a frequent contributor in the IDS community, has posted a reply to the report on the SecurityFocus IDS mailing list, debunking the research (and I use that term loosely) the Gartner author cites in his original report. Gartner is losing credibility with each new report they are putting out lately.

Added Kent Peterson Updated Dennis Peter Welcome Kent!

So I took my eyes off of BSQUARE for a millisecond and they take the opportunity to whack the CFO and bid farewell to the Senior Marketing guy! I had to read about it like normal people do! I'll do better next time, faithful listeners, I promise.

I saw this gem while perusing HackInTheBox at home last night, but my BAC at the time left me with only the ability to type "ARE YOU F***ING KIDDING ME?!?!" over and over again, and I just don't think that's good blogging. Basically, this tard senator from (*gasp!*) Utah, thinks it would be a great idea to allow copyright holders to remotely destroy the computer systems of suspected thieves. Then he astutely points out that they'd need to draft an exemption of current hacking laws to ensure it was all nice and legal. What can you expect from a state...

I was wondering when someone was going to start looking at the security capabilities of Bluetooth. Sure, the range is short (2 meters roughly), but how long of a range do you need on a crowded subway? The fine folks at @Stake have released the first known tool specifically targetting Bluetooth. Dubbed "RedFang", the tool is merely a brute-force method of discovering non-broadcasting BT devices. In most cases, the fact that the device is not broadcasting its address is the sole security enabled from the factory, and with RedFang, you can blow right past that. Take for example, the Compaq...

According to this News.Com article, Verizon has just started shipping a hybrid phone that utlizes your landline if you're at home, or will switch automatically to cellular networks when out of range from the homebase. I assume it comes with some sort of cordless base station, like regular cordless phones do. That is an incredibly cool idea. I'd love to be able to use the cheaper landline when I'm at home, but having two numbers is annoying, and my landline phone is too big to fit neatly in my pocket like my cell does. FOLLOW-UP: There are a few more...

Anil John over @Cyberforge compiled a very handy list of the various Security Centers over on TechNet. I'm glad Microsoft is putting such effort into training engineers how to effectively secure their products and how to write safer code. It seems daily now I read about some new bit of content on TechNet or MSDN that is focusing on how to write secure code and how to make Microsoft products secure. Thanks Anil!

BSQUARE Alumni Update: Updated company and contact info for Tor and Julie Trygstad. If you are looking for a job you might drop them a resume. I like the new company name guys! BSQUARE Rumor Mill: BSQUARE is looking for new digs. With the glut of office space in the Bellevue area, rent prices have been dropping like a rock. Some facilities are offering a year of free rent. That makes a compelling argument for moving, even if it means eating penalties on the existing space. They were going to wait until next year to move, but rumor has it...

This has been a hard week for me personally. I broke a tooth last weekend, and subsequently came to realize that I have a full-blown phobia when it comes to dentists. I always knew I wasn't a "fan" of dentists, not having found myself in a dentist office in about, oh, 15 years, but I had no idea I was actually phobic until I had an anxiety attack on Tuesday shortly after the dentist told me all the mean things they needed to do to my mouth to make things right. Thankfully, my friends were able to talk me down,...

A while ago, someone (Steve maybe?) turned me onto this hilarious spoof of the Mac "Switch" commercials. A friend of mine is having trouble locating a copy of it, so I put a copy up HERE. It's big, around 50 megs, so I recommend right-clicking and "Save target as", then running it from your local machine once it finishes downloading. This is definitely one of the funniest damn things I ever did see, and I pull it out whenever I need a gut-ripping laugh. Enjoy!

Anil John is shutting down @CyberForge, one of my favorite security-related blogs. Sorry to see you go Anil, hopefully it's for all the right reasons.

Sometimes the smallest things get me excited. For a long time now, I have been joined at the hip to Google's toolbar, which sits right under IE's toolbar and gives you handy access to Google from whatever page you happen to be on. Recently they put out a new beta of the 2.0 version of Toolbar, which now includes a configurable popup blocker (cool!), auto-fill functionality (fully configurable, of course!) as well as a "Blog This!" feature that makes a blog entry for whatever page you happen to be on. All this for free. You can even disable the PageRank...

Thanks LinuxSecurity.com for pointing out an upcoming webcast on Wednesday regarding Honeynets. Lance Spitzner (personal hero of mine, drove a tank, blah blah blah) will be speaking on the top 3 advances in honeynet technology. Some other guy is talking after Lance, but he didn't used to drive a tank, so I'm just not interested. The webcast is hosted by SANS and can be accessed by clicking here.

Added:    Andy Weiffenbach    John Childs    Karen Noller    Rom Jurewicz Alumni page is found HERE

I polled the Alumni last week, asking them their opinion on the issue of posting the layoff lists like I have been in the past. With one exception, the Alumni fully supported the continued posting of the lists. However, BSQUARE has made it clear to me that if I continue to post past and future layoff lists on this site, they will no longer promote this site as a resource for terminated employees during the exit interviews, as they have been doing (unbeknownst to me) for some time. While I do not derive any sort of tangible benefit from this...

Time for another round of updates after this latest layoff. While these are not necessarily victims of the latest round, my emails do tend to prompt a flurry of replies asking to be added or updated. Added: Elizabeth Brock John Hatch Mark Dodrill Tim Johnson Updated: Andrew Tucker Michael Adcock The web page is HERE

Tonight I finished the "Bookshelf" page, which (in case it's not obvious) lists the books currently taking up real estate on the bookshelf/floor in my office. Well, except for the Iron Chef book, copies of which can be found in every room of the house. Even the laundry room. Editor's Note: There is a small chance a portion of this blog entry is not entirely truthful, and comments regarding Iron Chef books should probably be taken with a grain of salt, if not discounted entirely. It's way past this Iron Chef's bedtime.