OK, not so much “ketchup”, more like “catch up”.  I have a list of short things that have been languishing because they haven't deserved the full-on bmonday(dot)com treatment.  So I'll lump them into one big post here since I have the time: I don't care who you are, you have to admit it takes some cajones for the President of the United States to fly into Baghdad and serve food to the troops on Thanksgiving.  Especially since a DHL cargo plane had been struck by a rocket on takeoff at that very airport the day before.  Hoorah, Mr. President.  And don't start all that “publicity stunt“...

So it seems when Verizon stated back in June that they would not charge fees related to number portability activities they really meant “not yet”. According to CNET's News.Com, Verizon plans to start adding a 45-cent per month fee to all subscribers to cover the cost of number portability.  Even though they have stated publicly that the costs of portability activities are only around 15 cents per month.  I wonder what that other 30 cents will be paying for. Remember folks, every subscriber gets to pay these fees, whether they intend to move to a new carrier or not.  Thank you FCC, I appreciate...

I've made no secrets about my personal belief that the power outages of August 2003 were a result of cyberterrorism.  I have no facts to base this opinion on, aside from an avalanche of circumstantial evidence, and the fact that everyone acknowledged it was possible to conduct such a strike due to the insecurity of the SCADA systems.  And then there was that Slammer attack in January that forced the Davis-Besse nuclear plant offline. Well, the DOE has finally published their initial findings.  The thing is huge, and I haven't had a chance to really read it closely. The notable quotes so far from...

During a discussion on BugTraq this week regarding a recently-discovered vulnerability in OpenBSD's kernel that could cause the system to crash, a developer on the FreeBSD project chimed in with this gem: “...it isn't really a security issue, the bug puts the system into one of its most secure states: halted.” Oh boy, I wish Microsoft could get away with saying a crashed system is just a system in its “most secure state”. Priceless.

I slept like crap last night.  Wednesday is trash day in my neighborhood, and everyone tends to put their trash out the night before.  Even though the wind is gusting to 40MPH.  And the recycle bins are not covered.  So I got to listen to wind-driven beer cans rattling up and down our streets all night long. I must have finally made it to sleep though, because when I woke up the clock was flashing.  Power had gone out sometime over night, and my alarm clock reset.  It must have gone out right at midnight though, because the time was only about...

The fine folks at Send-Safe are now selling a new bit of software that reportedly detects honeypots set up to snare and harass spammers. From their website: “Send-Safe Honeypot Hunter is a tool designed for checking lists of HTTPS and SOCKS proxies for so called "honey pots". "Honey pots" are fake proxies run by the people who are attempting to frame bulkers by using those fake proxies for logging traffic through them and then send complaints to ones' ISPs.” Haha, attempting to frame bulkers indeed!  If your clients were not aware of a particular system being a honeypot they obviously don't have permission...

Also on SecurityFocus is an extremely detailed analysis of a recent phishing scam targetting mostly Citibank customers.  This same ring of spammers also went after customers of Paypal, E-Loan, E-Gold, Wells Fargo, Yahoo, and eBay during an intense 3-week period of activity.  These folks were very organized, and very sophisticated.  The initial emails originated from a server in Italy that was likely compromised, and the links in the email directed users to a server in Russia.  Incredibly, the server recorded 200,000 hits on it as a result of the initial string of emails.  Which means 200,000 people responded to this...

SecurityFocus has an article about a pair of guys who hacked into a Lowe's home improvement store in Michigan and planted some credit card snatching software on the network. The noteworthy part is that they did it from the parking lot, while sitting in their Pontiac.  Seems the store was using a wide open wireless network to conduct business. Luckily, only 6 credit cards were captured by the rogue software before Lowe's noticed the Grand Prix with all the antennas sticking out of it and called in the feds. Too bad there's not a law against doing stupid things that might expose your customers' credit card information. ...

I wanted to also address the growing number of black hats that are using the techniques I just described for getting the users to install malware on their computers under the guise of a security patch.  But I didn't want that message to be lost in all the images of my original post. It is critical, as members of the Internet community, that end users put some thought into what they do on their computers.  Black hats are using techniques similar to the ones below in order to trick users into installing trojans and other malware onto their computers.  One click and...

I don't have a problem with popup ads, really I don't.  I will not think less of a company using them as a marketing technique.  Of course, I use Google's popup blocker, so I don't see them any more anyway. But what really chaps my ass is companies using plain old lies and deceit to sell their wares to an unsuspecting user. For a prime example of this shady sales technique, I present the following popup ad (pop-under ad, technically) from a company called inKline Global: inKline has gone through an awful lot of trouble to make this look like a page from...

I stumbled across this gem while I was looking for a webcast that supposedly happened this morning (to no avail!). Microsoft is dedicating an entire week to Security webcasts on the Technet website.  Being on Technet, the webcasts should be fairly detailed, designed for IT professionals. Topics include: Penetration Testing, Vulnerability Scanning, and Security Auditing Designing a Secure - Reliable - and Usable Patch Management Infrastructure Using Portable Handheld Devices in a Secure Manner 10 Things Hackers Don’t Want You To Know So far there are 13 webcasts scheduled for the week.

Dana posted last week about Microsoft's new Security Update CD.  It appears to be one of the deployment mechanisms being considered for the upcoming Service Pack 2. This is a welcome change from the current download-only patching mechanisms.  Downloading a 300MB service pack over a modem connection is not something users are looking forward to.  And I know that has long been a defense users offer up when charged with being lazy about patching. I would love to see Microsoft offer updated CDs on a quarterly basis to anyone who wants them.

Gonna take a short break from my Chicken Little act here and post some thoughts on a few Issaquah eateries that Jessica and I have recently had the pleasure of patronizing: Coho Café:  Every time we drive by this place it's packed, no matter what time of day it is.  So we figured we'd go down and see what all the fuss was about.  I like the layout of the place, because the kitchen is open to the dining room so you can see what is going on in there.  However, it does make for a somewhat noisy dining experience.  The...

CERT has recently published a new website dedicated to securing your home computer.  It goes through the basic threats to the home computer, and runs users through 9 “tasks” to make their systems more secure.  It's written at a really basic level that anyone should be able to understand. This is a great resource for home users who need help getting a handle on securing their systems at home. Update:  Actually, this document was written over a year ago, according to the dates on the pdf file.  Weird.  Still chock full of yummy security goodness though!

Adds:     Glen Sherwood     Rich Henthorn Updates:     Dan O'Brien I think I am up-to-date on adds and changes, so please let me know if I have overlooked your request to be added to the list.  I get a lot of spam on my qwest email account, and sometimes I mistake valid emails for spam. As always, you can reach the BSQUARE Alumni Page by clicking on the link to the left, or by clicking here.

One of my favorite sites for security editorial content is SecurityFocus.com (owned by Symantec, actually, but you'd never guess it). Yesterday one of their writers did a really interesting article on the troubles Diebold has been having with their e-voting machines, now that we've gone through a real election using a good number of them across the nation.  To recap quickly, Diebold is the manufacturer of the most popular (by far) e-voting platform in the country.  And they are a major contributor to the Republican Party.  And their CEO has vowed to deliver Ohio to George Bush in the next election. ...

I meant to blog about this, but I forgot until Dana Epp reminded me (Dana's site is one of my top 5 right now, really informative stuff): Remember a few months back I blogged about some new Bluetooth vulnerabilities that were starting to come to light? Well, since then, the white hats have been hitting Bluetooth right in the kisser, and the folks at A.L. Digital have uncovered some real doozies.  The worst one of them will allow a remote bluetooth device to attach to your device and download the entire contents of your device, including contacts and other personal information. Now, as was the case...

In the first ever complaint from a *nix guy about Windows being too durned difficult, I give you today's post from Joat.  Apparently in *nix there is a big neon sign somewhere that says “CLICK HERE TO CHANGE YOUR MAC ADDRESS!!!!!1111!!11“ so it's much more obvious, and nobody ever has to look up the instructions (or “the trick“ as it's called in the Windows world). You can download a free utility to change a NIC's MAC address if you *nix guys find changing a single registry entry too “tricky“ for you. (Come on, I haven't pissed anyone off all week.  I have a quota...

CNet's News.Com is reporting that large botnets are more commonly being used to blackmail Internet businesses into giving them money.  It's the age-old protection racket, using 21st-century technology. Basically, the bad guys grow a network of mostly home computers that have been hacked and sit on fat broadband connections.  Once the “botnet” is large enough, they point it at a victim site and pull the trigger.  The botnet, sometimes consisting of hundreds of thousands of hacked systems, then proceeds to overwhelm the victim's network with bogus traffic, effectively putting them out of business.  Once they make their point, the criminals turn off...

Michael Howard sent an email to the NTBUGTRAQ mailing list this morning with a link to a new document at Microsoft that details what developers need to understand about Service Pack 2 for Windows XP. Lots of good information in here, I encourage everyone to give it a read.

Here is a page from Microsoft about how to stop Messenger spam on Windows XP.  Their solution?  Disable the Messenger service. How about enabling the built-in firewall instead?  Then you won't have to worry about what ports are listening on your system.  I think that's a better solution for securing an end-user's system.  If your system is exposed enough to receive Messenger spams, you have much more to worry about than annoying little popups, trust me. I find some of Microsoft's security suggestions to be a bit puzzling at times.

Thundermain maintains an RSS feed that tracks changes on Microsoft's download pages.  This is an awesome tool to get a jump on security patches, since they are often posted to the downloads site prior to being published. Get the feed here.

One of the most informative HDTV sites for Comcast users in the Seattle area was the appropriately-named Seattle HDTV News site.  The site was run by a Comcast CSR named Jeremy, but it was not company sanctioned.  The great thing about it was he would keep folks in the loop with regards to new channels and new equipment coming down the pipe.  He also gave some great insight into how HDTV worked on the back-end. Unfortunately, the site has been down for several weeks.  I hope the corporate grinch didn't get to poor Jeremy and shut him down.  If anyone knows...

Jessica and I have gone to a few movies lately, and I have been negligent reporting my opinions of these films to my faithful readers.  I know how you all hang on my every word, and I apologize for leaving you hanging for so long! School of Rock:  Jack Black's much anticipated return to the big screen.  I am a huge Jack Black fan, I'll admit.  But I think his agent deserves an ass-whuppin for putting him in movies like Orange County.  With School of Rock, Jack returns to what is obviously close to his own heart, rock and roll baby! ...

Microsoft recently posted an Excel spreadsheet that details the tcp and udp ports that the operating systems use.  Good to know!  (thanks Scoble)

According to this article on Wired News, California has recently decertified the Diebold voting machines, stating only that they had discovered unauthorized software on the systems.  The systems in question were used in the most recent elections.  They declined to go into details about the nature of the software that had been discovered. Still feeling OK about electronic voting?  The whole concept scares the bejesus out of me, as I have eluded to in the past.  I don't think anyone with a healthy level of respect for hackers feels good about the whole e-voting thing.

As you read here and elsewhere, Microsoft recently began offering bounties for information leading to the arrests of major virus/worm authors.  Topping the list are the authors of SoBig and Blaster. It's a good start, and I hope the efforts bear fruit.  Sadly, law enforcement agencies in the US have not been very effective providing a deterrent to hackers.  Let's hope some good old fashioned greed will get these miscreants captured, and give pause to those who are considering like courses of action. Some are proposing bug bounties, as a way to encourage researchers (and I use that term loosely) to submit...

I guess Microsoft is now toying with the idea of updating Internet Explorer in the upcoming (?) Service Pack 2 for Windows XP.  The new feature will stop pop-ups. I've ranted often enough about my many concerns with SP2, so I will spare you.  I will say only that they better not be delaying the security changes we desperately need so they can put a damned popup blocker on IE (which you can already get from people like Google). Update:  Let me add that if they decide to add a popup blocker to IE as part of this “service pack” they better...

So Jessica and I tried this new little mexican place in Issaquah last night for dinner. It's called Su Casa, and it's on Maple. Oh man, was this great mexican food. It's so hard to find good mexican fare here in Seattle, but these guys do it right. Everything is homemade, even the tortillas. I highly recommend the "Gordo", which is basically a soft taco, but with their special extra-thick homemade flour tortillas. You can get Gordos with any combination of about 20 ingredients. I tried Chicken, Beef, Ground Beef, and Carne Asada...

I've made references to a certain steakhouse in Issaquah, usually be some lame “steakhouse that shall remain nameless” cop-out, in some of my previous blog entries.  It was for my own protection, really.  It's already impossible to get a table at the place on a Friday or Saturday night unless you are willing to wait 2 or more hours.  I can't eat at Su Casa every day, you know! But Steve outed the place today.  Damn.  He's even giving away the local secrets, like how to get mashed potatoes AND a potato pancake with your meal.  Is nothing sacred, Steve?!?! At least he...

Steve turned me on to a great MSDN article that documents the specific changes being implemented in Service Pack 2 for Windows XP. I still feel strongly that ICF should be enabled as an inbound-only firewall, even though Steve (and Microsoft) disagrees with me.  Let's just say I don't have a lot of faith in end users or software developers.  Can the new ICF be successful without a new level of commitment by both sides?  That remains to be seen.  Perhaps I'm too much the cynic.  I would love to be proven wrong.

By the way, I finally added Michael Howard's blog to the BlogRoll on the right.  I would have done it sooner, but he seems to have been having trouble with his site the past few days. Mr. Howard is one of the guys calling the shots with regards to security in Microsoft products.

There is a good article on MSNBC right now about phisher scams that I wrote about (and demonstrated) recently on bmonday(dot)com.  They have some helpful tips about what you can do if you think you've been a victim of a phishing scam.

According to News.com, Microsoft and the FBI on Wednesday will jointly announce a $250,000 bounty for information leading to the arrests of the authors of the Blaster worm and the Sobig virus. This should be interesting.  Personally I hope the author of Blaster rots in jail for the rest of his natural life, once he's caught.  Maybe that would make a few miscreants think twice?

Robert Scoble and I traded comments late last night on his blog about the upcoming service pack for XP, and the expected changes to ICF.  I went to bed a bit stunned after reading his initial reply (bold emphasis is mine): “Beau, I hear you, but there are other nasties coming and we decided to fix a few more than just the firewall, since we know many people will simply turn off the firewall (I saw this happening over and over at the PDC).  Beta starts in mid-November.“ I tossed and turned all night, trying to understand the logic of this decision,...

It could have been so simple.  Just ship the service pack that enables ICF and includes the post-SP1 fixes.  Why in the world is it now being pushed back until Q2 of 2004?  Why do we have to wait another 8 months for such a simple batch of fixes? The reason why SP2 has been pushed back until Q2 of 2004 is because Microsoft is using it as a test run of a new project called “Springboard” that will slowly introduce new Longhorn security technologies into existing products.  One of them is a new memory management feature that will help combat buffer...

I thought I'd post a current pic of myself, seeing as how I've aged about 5 years since the last pic that I published. Here you go: Yes, that's really me.  Signed copies are available.