Head on over to http://www.securabit.com to check out episode 2 of our show. It should be quite the riot, and far more entertaining than the first.
Please leave feedback if you have any.
While sitting at Panera bread checking email today I developed a need to change my mac address because Panera has a 30 minute connection limit between 12 and 1pm. A quick google search by Jay revealed this: http://www.nthelp.com/NT6/change_mac_w2k.htm. It takes about 3 seconds to change it and presto, I was back online. Obviously I don’t recommend doing this anywhere where it might matter, but a simple coffee shop probably isn’t going to sue you for getting 60 minutes vice 30 minutes to check your mail.
So the live show was interesting Sat. Thanks for all that tuned in. I need a better way to manage the incoming callers and stuff 
I’m listening to dubstep, an offshoot of my buddy Greg’s freshsets site that has listeners this time around. Really good music. Check em out at http://www.dubterrain.net/
In other news, I won’t be able to go to Defcon this year. So I will likely see all the security types at Shmoocon once again next year.
I’ll be drawing up a diagram either tonight or tomorrow, or when I’m done with the network, but essentially what I am going to do is build a pfSense box out of the old P3 550 box, and run two switches on two separate NICs which will be appropriately designated in the software so there is as little chance as possible of crossover.
If you run a Wordpress blog and haven’t removed the code in footer.php which displays the version of wordpress you’re on, I would suggest doing so. It’s a little security by obscurity-ish, but it’s one more small barrier against common vulnerabilities you may be passed over on if the attacker doesn’t know what version you’re on.
I went awhile without an update. The Ubuntu article before this was actually written about a week ago, but I had not gotten a chance to get on and publish it, and did end up publishing it a little incomplete, which is why I am going to do another update in a few weeks on Ubuntu.
The past two weeks have been pretty busy for me, both professionally and personally. I’ve been studying for Linux+, GCIH, CISSP, and now CEH. The basic plan is to have CEH and GCIH done by the end of next week if I hear back from EC-Council soon enough. I’m also looking at switching to AMU from Strayer because I feel their program will be a better fit for me.
I did a little packet analysis at home the other night for someone in an IRC room I frequent. A sysadmin from a university came in and was having trouble identifying some traffic on his network. A quick check of the pcap file that he sent me revealed it was simply CUPS traffic, whether or not it was authorized was another story since he did not appear to know what CUPS was, but did mention that his network had both Windows and Linux workstations. It was fun in any case.
Among the many projects I have, is a desire to setup another computer dedicated to running some virtualized servers in VMware Server, probably a bunch of Ubuntu LAMP setups from their server cd. The idea would be to go a route similar to how LSO (learnsecurityonline.com) does their capture the flag contests. Perhaps I will email them and ask how they set their boxes up, whether it is in a VM or not.
Yes, I haven’t forgotten, I’m still sticking to the minimum of one post per week.
This week has been mostly work, although I did get my favors in this past Sunday so I can call in some karma later on when I need it. Helping friends move can get pretty interesting sometimes.
Day Two was more about DC than it was Shmoocon. We managed to hit up some of the presentations while also making sure to visit with the various vendors and talk with some real security gurus at the same time.
Unlike the first day, this was more about one presentation for me than any of the others.
I write this now, having slept from approximately 4am to 8:30am, but we’ll get to that in a minute or two
Registration was supposed to start at 1pm according to the guide, but it was more like 1:40ish. In any event Andy and I were all set by 2pm and collected some vendor swag, had an appetizer upstairs at the Pub built into the hotel, and hung out till things kicked off at 3:30pm.
Opening comments were by the Shmoo group staff, I forget the guy’s name now but i’ll get it later. He was decently entertaining, and basically is the founder of this thing, so he drives the flow of everything. I’m going to summarize each speaker:
Rootkits
Checking up on packetstormsecurity.com today I see confirmation of what has been getting a lot of news lately — rootkits. According to pandasoftware (the vendor of the Panda antivirus/antispyware/etc products) there was a substantial increase in rootkits last year.
I believe we’re going to see that activity peak in the next year or two as techniques become more advanced for implementing them. In our SANS class this week some of us have traded ideas about how to implement and also defeat these things. I’ll probably touch more on this later next week.
CTF
I’m all geared up for our little “Capture the Flag” competition tomorrow. Read more »
Yesterday I began the SANS Security 504 course being offered here in Norfolk, at the gracious expense of my employer, Uncle Sam. 2 days in, I can say that this is definitely helping me point myself in the right direction for when I exit the Navy in about 18 months and also opening my eyes to a lot of things I have not been aware of, embarassingly.
Tonight was the local ISSA meeting for the Hampton Roads area (ISSA-HR), and boy did I learn a lot. I plan on becoming a member as soon as their website is functioning again, and also participating in their CISSP Study Group, which runs from March 13th through May 29th. I have plans to take the exam with them in June as I already have a voucher.
Time to rest up and learn some more tomorrow.
