Well yesterday I attempted to install the Serendipity blogging software. I’ll have to give it another shot from my desktop, as I was constrained for time and couldn’t get it to import the wordpress database.
It’s been 3 weeks since I began using Ubuntu as my primary desktop OS, and so far I am loving it. I never claimed to be the expert on Linux, and had never really run it for anything other than experimentation before, so this has been quite a learning experience for me.
Obviously the best part is having that fine-grained control over every aspect of the OS and being able to readily access a wealth of software from the open source community with more often than not, a simple apt-get command.
Beryl is another reason I am loving Ubuntu. When I discovered the middle click function on the desktop, I was in awe. It literally throws you into a 3D mode where you can drag the cube around and see layers of windows on each desktop, stacked behind each other in the order they were opened.
I’m going to give another update here in a few weeks and decide whether to continue using it as a primary desktop OS.
Okay so I didn’t quite make it on the once per week promise.
Over the last 9 days I managed to (with the help of friends) troubleshoot and send parts to my Mom so she could have a guy at work fix her computer without me having to fly up there, which just wasn’t going to happen right now given how busy I am. Somehow she shorted the motherboard out.
Linux+ is looming ahead, next week, and I haven’t done a lot of studying. The certification itself is meaningless to me, but it was a command voucher I used in order to take it so I have to keep my end of the deal up. It’s going to have to basically be a weekend cram session in order to prepare for it, because I have my CISSP study group on both Tuesday and Thursday this week.
On the technology front, I am exploring a few options to organize some of the experience and knowledge I and some friends of mine have into something possibly presentable to the general public. Whether this will be some sort of podcast, or new blog, or just a forum has yet to be determined. The key factor is how quickly we can bundle everything together into something a layman can understand, and push it out. I’m really into the whole podcast idea right now, but that might just be because I have only owned an iPod for 6 weeks.
Ironically, I found myself reccomending AOL’s antivirus software yesterday, because it is free and based on Kaspersky’s engine. The only real issue is that of anonymous data collection and privacy, so wear your tinfoil hat if you choose to install it like I did.
Rootkits
Checking up on packetstormsecurity.com today I see confirmation of what has been getting a lot of news lately — rootkits. According to pandasoftware (the vendor of the Panda antivirus/antispyware/etc products) there was a substantial increase in rootkits last year.
I believe we’re going to see that activity peak in the next year or two as techniques become more advanced for implementing them. In our SANS class this week some of us have traded ideas about how to implement and also defeat these things. I’ll probably touch more on this later next week.
CTF
I’m all geared up for our little “Capture the Flag” competition tomorrow. Continue reading
A news item from SANS today. Those of you running Sun Java JRE may want to ensure you are removing old versions upon upgrading, as any Java applet can go ahead and request what version of JRE it wants, making your upgrade effort for naught. The diary entry includes links to install/uninstall instructions.
Also over at SecurityFocus there is an interview with Bill Cheswick, who started the Internet Mapping Project which eventually evolved into software for mapping corporate and government networks. It’s a very good read, touching on firewalling, logging, NIDS, IPS, how to fight DDOS attacks, and the future of BGP/DNS.
I will be upgrading to Wordpress 2.1 sometime Wed or Thurs, as I mentioned in yesterday’s entry.
I bought one of these over the weekend, and it arrived yesterday. Setup was a breeze, didn’t bother using the CD. I now have WPA2-PSK securing my wireless network. Definitely worth the upgrade over my old Gateway router that came with my laptop back in 2004.
I’m going to upgrade the firmware on it that was discussed in this lifehacker article. Hopefully I don’t brick the router.
I was browsing around trying to stay awake and noticed that Lifehacker has a great article up on how to encrypt your e-mail. It primarily covers Thunderbird with PGP, but has good information regardless of whether you use that application or not.
Just remember, even though encryption is a great way to have secure communications, don’t expect your tinfoil hat to keep you safe if you’re actually engaging in illegal activities, such as planning some kind of terrorist attack. Law enforcement can still subpoena the keys from you in order to decrypt your messages should you be arrested in connection for said activity. Naturally you’d still be able to deny them the keys, but you’d just end up in jail for a long time until you did.
Also remember that the NSA can crack most forms of encryption.
I was cleaning up my office, and I came across a piece of paper that had 8 Commandments of Network Security on it. I’m not sure where it came from, but I like the list so here it is:
Thou shalt use strong passwords and change the default passwords that come with any program.
Thou shalt use up-to-date anti-virus software on all computers.
Thou shalt change the default configurations of newly installed operating systems and applications.
Thou shalt not run services that are not required.
Thou shalt install security fixes for operating systems and applications as soon as they become available.
Thou shalt back up your systems early and often.
Thou shalt protect your systems against power surges and loss of power.
Thou shalt know who you are trusting. That goes for trusted network connections as well as personnel.