October 2004 Entries

Sitting for the CISSP

Dana told me that ISC2 is conducting a CISSP test in Seattle the Saturday before the West Coast Security Forum.  He deftly pointed out that my primary procrastination reason (they never have tests in our area) has now been obliterated, so it looks like I'm going to sit for the test before I head up to Vancouver. Damn him.

Geek Dinner(s)

Robert Scoble decided to throw a geek dinner in Dana's honor(?) while he was down for SecureWorld Expo.  I decided to crash the party too, since Dana had been to numerous geek dinners, and I hadn't been to a single one.  Even though I live 5 miles from where they are, and he lives 300 miles away. We actually had “four-sies”, as I think the hobbits call it, over at an after-SecureWorld VIP party being thrown by my friend Tom Gobielle at local networking/security consultancy NCA.  He invited me and Dana over to rub elbows with some folks, and the Foundstone people...

Dana Epp Drops In

Dana Epp decided to come down to SecureWorld Expo this past week, from his refuge outside of Vancouver BC.  While he and I had traded emails and such, this was my first chance to meet him in person.  We hooked up for some brews on Monday night, prior to the conference, and pretty much spent the next 2 days following each other around at the show.  He's been through a lot, Dana has, and he's got some fun stories to tell as a result. The most rewarding aspect of being in the information security field has been by far the quality...

SecureWorld Expo Debrief

I spent 2 days at SecureWorld Expo this week, as it visited my home town of Seattle.  Here's a brief recap of the goings-on: Keynotes: Whit Diffie, CSO of Sun Microsystems:  Whit Diffie is a legend in the computer world, probably best known for the invention of public key cryptography way back in the mid 70's.  He's the 'Diffie' half of Diffie-Hellman, one of the most popular public key exchange algorithms.  He's a charismatic speaker, and the whole crowd was on the edge of their seats while he went through an hour-long overview of the history of information security.  Unfortunately, he seemed to...

Alumni Update

Man have I been negligent in my BSQUARE Alumni Page upkeep.  Here's a long overdue update: Added: Doug Girling Katie Munoz Katrina Carpenter Martin Susser Updated: Henry Todd

MBSA is Driving Me Insane

I spent the better part of yesterday poring over our most recent MBSA scan and distilling down the results so I could communicate them out to the rest of the team. There's gotta be a better way to display the results of these scans.  Hell, they are just a collection of XML files. I think I've found my next coding project.  Stay tuned.

Cyber Nightmare

Last month Forbes ran a story called Cyber-nightmare, about how Al Qaeda and other terrorist organizations are increasingly using the Internet to further their purposes. Interesting stuff.

Legal Notice Bug When Using 2003-generated GPO on Win2k

I have a rather long legal notice being displayed prior to login on all my data center systems.  Actually the new kids refer to them as “Logon Banners”, but I'm old school dammit!  Back in my day, we didn't have GPOs, and we had to hack the registry to get a legal notice to show up.  And it was uphill both ways, too. Anyway, here's the legal notice we use: This system is for explicitly authorized users only.  Individual use of this computer system and/or network without authority, or in excess of your authority, is strictly prohibited.  Monitoring of transmissions or transactional...

Patch Day

It's that time of the month again. This month's batch of Microsoft patches is a doozy.  9 10 patches in all, most of them rated Critical on the severity scale. Patch details can be found here. If you haven't run Windows Update on your home computers, do it now.

MBSA Scans Rebooting Your Server?

I've had an intermittent problem with the machine I use for scanning my Data Center with MBSA:  The machine sometimes will reboot itself in the middle of the scan. It finally got annoying enough for me to look into it today, and I discovered Microsoft knows about the problem, and has produced a patch.  Apparently the bug is with Services.exe, and only occurs on Windows 2000 servers.  The problem appears to happen more frequently on servers that are also domain controllers, but member servers are also susceptible. You can read KB 823644 for details of the problem, and instructions on getting the...

Bruce Schneier is Blogging

I meant to note this last week, when Dana mentioned it on his blog, but I forgot: Bruce Schneier, considered by many to be the foremost expert on modern cryptography, and certainly one of the most respected and sought-after voices in the information security realm, recently started a blog.

A Climate of Fear

The National Review Online ran a story today about the soaring problem of campaign violence in America.  They put much more energy into the issue than I did. While I don't believe Republicans are entirely innocent, I do find it hilarious that you can now buy a T-Shirt that says “A person of tolerance and diversity keyed my car.”

Schedule Set for WCSF 2004

Dana dropped me an email today to let me know the schedule has been set for the upcoming West Coast Security Forum in Vancouver BC. Wow, Erik Birkholz, Tim Mullen, and Phil Zimmerman packed into a single conference, for $295 Canadian?  You can't pass that up folks. Registration should be open today.

Mount St Helens... *yawn*

I'm not sure what my problem is, but I am totally bored with Mount St Helens' recent machinations.  I saw the news (even the local stations) do their freak-out routine, and I was like “What?  It's just a volcano.“  I guess that does seem a little bizarre, in retrospect.  Surely only a small percentage of the population live near a volcano, much less get to see one actually erupt. I mean, volcanos are on my radar, don't get my wrong.  Not a day goes by that I don't see Mt Rainier looming over the city like the time bomb it is, and...

Upcoming Security Conferences

I will be attending SecureWorld Expo in Seattle (Bellevue, actually) on Oct 26th and 27th, as well as West Coast Security Forum in Vancouver (BC!) on November 22nd. If you will be at either of those events, drop me a line.  I'll treat you to a Fat Tire. By the way, I traded emails with Dana about registration for WCSF, and he said it should be open “Any Day Now”.  So just keep checking.

Morning Radio in Seattle

(This started out as a short commentary on morning radio, inspired by Steve's recent admission that he's a Stern listener, FAN even.  But it got away from me.  Deal.) I am not a morning person, I freely admit this.  I also don't drink coffee, which probably doesn't help. And maybe that explains my frustration with morning radio, as a whole.  Why is it that radio stations that are completely satisfied with playing music 20 hours out of the day, feel compelled to throw some unfunny jackass (or crew of jackasses, in many cases) at their listeners in the mornings, abandoning entirely their music format?  If...

Marconi gets fired

Earlier today I noticed a spike of referrer hits to my post a while back about the craptacular state of Morning Radio in Seattle.  I didn't really think anything of it until I saw this news headline on Fox: Shock Jocks Fired For Joking About Berg's Death.  I thought to myself: “Oh, I bet that was that Portland assclown Marconi”. Sure enough, it was.  I guess the no-talent moron scraped the absolute bottom of the barrel and played the audio portion of Berg's execution during his radio show.  And then made jokes about it.  The management of the radio station fired him before the...

New Artist: Mountain Con

One of the great benefits of living in Seattle is that this town is a magnet for great musical acts.  And my favorite radio station, 107.7 The End, has a passion for bringing new talent to the radio waves as frequently as possible.  For example, every Tuesday the morning phenom NoName takes 20-30 minutes during his prime time show and brings in a guest (usually one of the folks from Sonic Boom) to talk about the new CDs coming out during the week, and play some tracks from them.  It's great radio, and a refreshing change from the sewage that I normally find...

Halliburton Redux

The post I wrote last February entitled Halliburton's “Sweetheart” Deals in Iraq is getting a lot of hits this morning as a result of last night's debate.  Seems it was a surprise for many to learn that it was former president Clinton who had a penchant for granting work to Halliburton outside the scope of LOGCAP.