Finally, a computer fast enough to play Civ4…

…with a full map and maxed number of Civ is here:

“‘Microsoft and Cray are set to unveil on September 16 the Cray CX1, a compact supercomputer running Windows HPC Server 2008. The pair is expected to tout the new offering as “the most affordable supercomputer Cray has ever offered,” with pricing starting at $25,000.’ Although this would be the lowest cost hardware ever offered by Cray, it would also be the most expensive desktop ever offered by Microsoft.”

Feel free to PayPal me, if you are so inclined, so I may play the greatest computer game ever as it was meant to be played.

Please help fund my addiction

Nifty Weather Tracking Site:

I like it –

It has google-maps like functionality, and Ican track how bad weather is going to hit my remote sites.

Tactical Deployment of a Network Sniffer

SlashDot – “LordApathy” – commenter says:

I’ve got 3 fucking servers in my system room that nobody knows what they hell they are for. The are all running 2.4 kenels so they are as old as the fucking hills. Nobody knows what the passwds are to get into them so I can’t log in and find out what they do. And naturally the previous systems administrator that installed them didn’t document shit.

The only thing that is known about them is they used to do something important just nobody remembers what it was. Management is to afraid that they might still be doing something important and won’t let me yank them out to find out what they do. So while management sits there with their collective heads up their collective asses these three servers sit there taking up space in my racks on my network.

Son, that’s what network sniffers are for. Some are even free.

Here is a lesson for all of you Computer Systems Administrators (or Network Engineers, or Security Engineers or whatevers) that is right out an instructional film. When faced with unusual technical questions don’t fold up: improvise, adapt, and overcome using the tools you do have – including your brain – in interesting and unusual ways.

“The First Help Desk Call”

This was being passed around the office today:

Best E-Mail I got today from a co-worker

“You will be summarily hanged at dawn”


Interesting Network Tool:

… is here at .

I wish it had TWC too.

Los Angeles Fire Department Blog Use

The LAFD uses seems to be making good use of their blog for reporting fire activity, including video, mappings, community advice, flickr photos, language translators, and PR stuff.

Anybody Out There Using PhoneFactor for Two-Factor Authentication? [updated]

PhoneFactor is an interesting Two-Factor Authentication scheme.


  1. Uses an phone number (cell, land, whatever) instead of a token like RSA‘s Securid tokens so it has to be cheaper (RSA tokens are expensive and only last so long).
  2. This second factor is out-of-band so the man-in-the-middle vulnerability is neutralized. [Update: wrong!]

Is anybody out there using it?

Unexpect IT Issue With Hugoland

RSA sent out this alert by email earlier today:

On August 23, 2007, it was reported that Venezuelan clocks were set to a different time zone, Greenwich Mean Time (GMT) minus 4-1/2 hours, compared to the previous GMT minus four hours.

RSA recommends that no server clock adjustments be made until vendor- specific operating system patches are available and tested by RSA to confirm that the time zone changes do not impact RSA Authentication Manager and other RSA products. At this time, no operating system patches are available to support the proposed Venezuelan GMT settings. Adjusting the server clock may result in all RSA SecurID authentications failing and other products ceasing to function properly. In addition, Software Token users should not adjust the clock on their PCs or mobile devices until vendor-specific operating system patches are made available and tested by RSA.

Note For Myself: TCPDUMP

Via Reddit –> TCPdump Reference

Greatest Software Ever?

Here’s Information Week’s list from a few months ago (I am catching up on a stack of trade magazines):

  1. Unix
  2. IBM System R (Source of RDBMS)
  3. Gene-sequencing software at the Institute for Genomic Research
  4. IBM System 360 OS
  5. Java language
  6. Mosaic browser
  7. Sabre system
  8. Macintosh OS
  9. Excel spreadsheet
  10. Apollo guidance system
  11. Google search rank
  12. The Morris worm

I am not so sure about some entries. I would definetly put Unix at the top though.

On MS Project Use (or Non-Use)

From IT Toolbox:

So, I’ve quit ranting about MS Project. I do my Project plans like everyone else, then pay little attention to them during the project. I manage week to week based on a few key dates, an issues list, and progress against key deliverables. I communicate project status in a summary form – key dates, deliverables and issues. Oh, I do occasionally update the MS Project Plan, and I print it out and have it on display in my pile on the conference table during meetings, just to comfort the faint-of-heart.

I don’t like MS Project. I really only use it for the Gantt chart. The complexity of the software, if used fully, turns the project manager into a clerk. Project Managers are not clerks.

Project Management is about about manging relationships and expectations and keeping every focused on moving ahead on the project: leadership.

In the IT world, the Project Manager is unappreciated even though they have a tough job: Getting people with contradictory agendas and competing work commitments to complete something for which the Project Manager has responsibility, but little real authority (can’t fire, can’t effect salary) over the humans involved.

I suggest that Project Managers use Excel or check out the free Gantt Project 2.0.2.

Also, unlike most books on Project Management, Tom PetersThe Project 50 covers the non-clerk aspects.

Better Email Usage? Maybe:

PurpleSlog commentator kusswords hip’d me to a resource on making better use of email:

Here is a Table of Contents of sorts.

I have just started going through it – I have yet to adopt any of their ideas.

Feel free to share any suggestions, links, or comments for making better use of email.

Endpoint Security Risks in Healthcare

From Watch Your End:

The endpoint security risks in healthcare or fairly obvious, however once you start realizing how many people have access to personal records and how easy it is to load this information onto a USB flash drive, CD-ROM, or even a camera or iPod it gets a little scarier. Very few hospitals or health insurance firms for that matter have solid enpdoint security measures in place to protect your data and as more records become digitized in becomes easier to steal. So remember that the next time you go in for your checkup, they’re probably a lot more people viewing your records than just your doctor.

Attention corporate users of endpoint devices like the handy USB thumb drives – your use of them will be ending soon.

The year 2007 will see widespread deployment of Endpoint Security measures. I am in the startup stages of one such project for a financial firm. It will be bittersweet, because I love my 1gig USB thumb drive. Bad guys love them too. :-(

Update: I corrected a mistake with formatting. The second to last paragraph was mine, not that of the linked-to author.

Sed Reference

I had to use Sed last week to tinker with a script. I hadn’t touched Sed in years. I did find this link to be a useful Sed reference.

ISC Handler’s Hints and Reminder On The Importance of Documentation

For reference:

Over the years I found the use of a logbook, either on paper or electronically an essential instrument in managing (security of) devices. They can be useful for more than just managing security but they shine during emergencies. Since most emergencies with devices involve loss of either Confidentiality, Integrity, or Availability, the use of these logbooks is highly related to security.
In some organizations the system or network administrators are the ones who are in the best position to keep them up to date and working properly, sometimes making it hard to coordinate with a different set of security people.

Windows Event Log Encyclopedia Reference (Link Only)

Windows Event Log Encyclopedia Reference

Fun With Anycast (An Oldie But A Goodie)

From Three Practical Ways to Improve Your Network by Kevin Miller.

I never got a chance to try this (specifically the Anycast‘d DNS Services) at my old job at a network service provider.

The network infrastructure lead was kind of an asshole. He didn’t want to do a DNS upgrade project, but he didn’t want me to either.

After three thwarted attempts I gave up.

My understanding is the non-anycast parts of the projects (earlier phases) are taking place now (involving the very cool DNS Management software from Men and Mice). My current employer needs a DNS tuneup, so maybe I will get a second try at this.

Other Links: 1, 2, 3, 4

Lazy Computer System Administrators Rocks

From Approach.Botonomy.Com (ht REDDIT), an article of the philosophy of successful computer systems administrators:

This is also a case of something being good for the team and good for the individual at the same time. For the team, process automation yields greater consistency and predictability. For the individual team member, automated builds, scripted deployments, and the like often mean the difference between going home and watching The Simpsons with dinner at 7PM, or going home and watching it Tivo’ed with your re-heated dinner at 9PM.

Good SysAdmins automate everything. There is nothing fun about repeating mundane tasks every day or week, nor is it fun “fixing” the same thing over and over again.

The Lazy SysAdmin wants to minimize wasted activity – things that add no value, and take time from activities that add value.

Working new projects adds value.

Learning new things and honing existing skills adds value.

Making problems go away for you boss or your organization adds value.

The Lazy SysAdmin is really a Lean Sys Admin.

Uses of Virtualization in Information Security

SecurityZero has a post titled: Security by Virtualization that lays out several categories for applying virtualization technology to Information Security:

  1. Virtualization for Sandboxing
  2. Virtualization for Disaster Recovery and High Availability
  3. Virtualization for Forensic Analysis
  4. Virtualization for Honeypotting

He goes on to speculate on both the near and farther away future on the apply virtulization to security problems.

I’d like to see small Security OS that sits on top the desktop or server hardware. It would handle things like:

  • network settings
  • encryption
  • PKI
  • authentication
  • Remote Management / Investigation
  • Virtual OS Server
  • this machine would have the IP setting, do the authentication, and proxying
  • firewalling
  • anti-virus/Anti-Malware (scanning from all source network, external disk, etc/)
  • IDS sensor

The user OS or Server OS would be run on top of the Security OS and point all of its setting (IP, Proxy, authentication, etc) to the Security OS Layer.

Beyond SMTP

Security Focus has an Article entitled Abandon E-Mail.

The author quickly points out the problems with SMTP:

And e-mail is a terrible mess. It’s dangerous, insecure, unreliable, mostly unwanted, and out-of-control. It’s the starting point for a myriad of criminal activity, banking scams, virus outbreaks, identity theft, extortion, stock promotion scams, and of course, the giant iceberg of spam.

The problem is, e-mail is now integral to the lives of perhaps a billion people, businesses, and critical applications around the world. It’s a victim of its own success. It’s a giant ship on a dangerous collision course. All sorts of brilliant, talented people today put far more work into fixing SMTP in various ways (with anti-virus, anti-phishing technologies, anti-spam, anti-spoofing cumbersome encryption technologies, and much more) than could have ever been foreseen in 1981. But it’s all for naught.


The main reason we will never win the e-mail war against the spammers-phishers-scammers-botnets and their assorted ilk is we’re bound by legal standards that limit the ways we can combat e-mail abuse – unlike in the early days of the Internet. The perpetrators are not bound by the law. Therefore the good guys can’t win. The only solution is to change the rules. We need to abandon our e-mail infrastructure and concede that the spamming-phishing-virus-writing scumbags have won; moving on is only inevitable.

He suggests the outline of what the successor to SMTP should look like:

The only solution is to start from scratch. Develop a new e-mail system and make it secure. Use existing, proven technologies and a few new and novel ideas – starting with the latest encoding mechanisms, a reliable hashing algorithm, fast compression, strong encryption and signatures. Build an electronic identity. Encode, hash, encrypt, compress, sign, and provide a novel way to share keys when needed, for example. I don’t know how this will all turn out, but perhaps yEnc, MD5, AES, H.264, and GPG are some potential technologies that could be used together. A new transport protocol would need to be flexible enough that any of these technologies could be replaced, transparently to the user, as better and stronger options become available. It would need to be seamless for the client – no more messy GPG or other stop-gap solutions that few people actually use. Secure e-mail should be a mandatory “secure bundle” of e-mail that is safe for sending a credit card number to a business or someone I know.

I don’t know what the successor should be. The author of the above has some good thoughts though.

The following could be the US Public Policy approach:

  1. Direct and fund the NSF to create and manage a “Beyond SMTP” contest
  2. Do not limit the submitters to only be US citizens or residents (tap into brain power around the world)
  3. NSF Create a predication market for secondary analysis and discussion
  4. NSF runs a bake-off between consolidated competing and leading ideas
  5. NSF funds further proofs of concepts
  6. Let a victor emerge
  7. Mandate the victor’s scheme be used by the US government in two years and by all US vendors and contractors one year later.
  8. Allow for-profit organizations to expense immediately any transition costs.

IT Sysadmin Activity / Anti Information Technology Infrastructure Warfare For The Gap

Via CircleID:

Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere. This OECD paper outlines what developing economies can do to combat spam on their own, as well as various possible ways in which developed economies can contribute their expertise and resources to help developing economies fight spam.

The article follows with these SysAdmin-heavy suggestions in these categories:

  • Putting in place technical solutions
  • Open Source software solutions
  • Formation of CSIRTs and CERTs
  • Training of ISP personnel in security and spam handling
  • Anti-spam policy setting and enforcement for ISPs
  • International co-operation, and the role of regional organizations
  • International co-operation on an ISP to ISP level
  • International co-operation at an industry and end-user level
  • Legislative and regulatory framework to deal with spam
  • User education

Notes on the Cyber Jihad Against Israel

From a SecurIT blog post:

Today, nearly 750 Israeli websites have been hacked and defaced. This was done by a Moroccan hacking group called Team Evil. We have seen them before.

The article is written from the perspective of…

Internet Terrorism, Internet Wars, Critical Infrastructure defense and me.. previously, I’ve had:
-. The honour to serve in an Information Security capacity with the Israeli Military Intelligence corps.
-. The pleasure of being the chief defender (CISO) of the Israeli Government’s Internet Security Operation, Tehila (the ISP, the incident response, the SOC, the web server farm, DNS for, mail servers, net connectivity, surfing, eGov, eCommerce, etc.).
-. The incredible reality of establishing and running the Israeli Government CERT.
-. The unquestionable fun of coordinating security efforts of Israeli ISP’s with joint incident response.
-. Over a decade of experience in Information Security, while currently employed at Beyond Security.

…and is an interesting read.

The Cyber Islamofascists are practicing a form of 4GW that combines Information Technology Infrastructure Warfare and Reputation Warfare.

Why IT Managers in U.S. Still in No Hurry to Adopt IPv6

CircleID seems baffled that IPv6 is not being roll-out a big way in the US. Their post entitled IT Managers in U.S. Still in No Hurry to Adopt IPv6 says:

Although the foundation of the next-generation Internet, IPv6, is gaining momentum in South Asia and receiving solid support in Windows Vista, enterprise IT managers based in the United States appear to be in little hurry to adopt the standard.

The answer is simple. The non-trivial cost of adopting IPv6 now, dramatically outweighs the current (slight, if any) benefits of IPv6. This is a simple application of economic thinking.


Get every new post delivered to your Inbox.

Join 224 other followers