April 2005 Archives

• 27 Million - Number of F-Series trucks sold to date since the first truck rolled off the line in 1948.
• 939,511 - Number of 2004 F-Series trucks sold in the past year -- A New Record!
• 34 seconds - Time elapsed between each 2004 F-Series sale during the past year
• 28 - years in a row that the F-Series has been ranked the best selling truck in the U.S.
• 258,743 - Number of vehicles by which F-Series outsold its nearest competitor in 2004

--Stats taken from the Winter 2005 issue of myFord magazine.

Meanwhile, MY 2004 F-150 is at the body shop hopefully getting the keying damage repaired.

  According to the May 2005 issue of Men's Health:

Science is getting to the root of Migraines. Recent research from the Albert Einstein college of medicine shows that an herbal extract called butterbur can cut the frequency of migraines in half -- welcome news for the 6 percent of men who experience these crushing headaches. In a study of 202 people, those given a 150 milligram (mg) does of butterbur daily reported a 48 percent reduction in the number of migraines suffered, compared with a 26 percent drop in those popping a placebo. "We don't know exactly how butterbur reduces the frequency of migraines," says lead researcher Richard Lipton M.D., "but perhaps it acts as an anti-inflammatory agent." For the best results, Dr. Lipton recommends buying a supplement made from only the plant's root, such as Petadolex brand (vitaminshoppe.com)

  I bought The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage and it arrived yesterday. I finished it up today. It was an interesting book about the true story of an astronomer who was temporarily placed into a system administrator position when his astronomy grant ran out. There was a 75 cent discrepancy in the accounting program that he was asked to look into. This turned into over a year long project of tracking someone who was hacking into their system and, through their system, into other university, government and military computers.
  This happened in the late 1980's and it's interesting to see how little all of the Government agencies wanted to help with computer security back then. Today, the Government understands the importance of Computer Security. In the 80's, however, they just didn't get it yet. The FBI just kept saying "If it isn't over one million dollars or classified information, we won't touch it."
  While the book can get a little repetitive at times, it is definitely a good read. I recommend it!

  I made it back from San Diego in one piece. It's good to be home. Now I just need a few hours to get through all the mail!

  This was the view from my hotel room in San Diego. Terrible isn't it?? :)

  Today was "UNIX Security" day. The topics were:

• Patching and Software Management


• Minimizing System Services


• Logging and Warning


• User Access Control


• System Configuration


• Backups and Archiving

  Today was "Windows Security" day. The topics were:

• The Windows Security Infrastructure


• Permissions and User Rights


• Security Templates and Group Policy


• Service Packs, Hotfixes, and Backups


• Securing Windows Network Services


• Automation and Auditing

  Today was "Secure Communications" day. The topics were:

• Encryption


• Applying Cryptography


• Steganography


• Wireless Security


• Operations Security

  Day 3 was "Internet Security Technologies" Day. We went over:

• Attack Strategies and Mitigation


• Firewalls and Honeypots


• Vulnerability Scanning


• Network and Host Based Intrusion Detection


• Network and Host Based Intrusion Prevention


• Risk Management and Auditing

  Today was "Defense-In-Depth" day. Unfortunately, it started with policy and procedure. A general view of Defense-In-Depth and some interesting things about worms and viruses to explain the need for it got us started. However, that led right into policy and procedure. At that point in the morning, Policy and Procedure just wanted to put me to sleep. It wasn't engaging my brain too well!
  Access Control and Password Management was next. Basically, passwords are just a BAD authentication method. An interesting note: Doing a brute force attack using a Quad Xeon 400 Mhz machine (400MHZ? Who uses those any more?? Today's machines are about 10 times faster than that) ANY password using just alpha-numeric characters can be broken in 5.5 hours, Alpha-numeric and some symbols in 45 hours and alpha-numeric and all symbols in 480 hours. Strong passwords just takes longer to break.
  We also got into Incident handling and touched on chain of custody for legal purposes. Then we finished went into Information Warfare and finished up the day with "Web Communications and Security".
The night sessions took us through DumpSec, snort, hping2 and we did password cracking using John the Ripper. This was an interesting evening. hping2 can do some cool stuff for crafting packets. Fun Fun Fun!

  As I was heading out of town, I dropped my truck off at the dealer. I asked them to do the scheduled repair and get me an estimate to fix the paint damage from being keyed. The estimate: $1645!!!! OUCH!!

  I spent most of the 2 hour evening sessions fighting with Knoppix. You're supposed to be able to just drop in the CD and boot right into linux. However, it turns out that I had a bad CD. It only took about an hour for me to figure that out and get a new CD that worked just fine. Luckily, I didn't really need the time to play with tcpdump or to boot into windows and run ethereal as I've done both before.

  The morning session was a good review. We went over things like network topologies, the OSI layers and protocols. In the afternoon we got a little more in depth by looking at TCP headers, IP headers, routing and, of course, physical security. While there were a few little things that I picked up (like Windows uses ICMP for traceroute but UNIX uses UDP), it was mostly a really good refresher. That covers 9am to 5pm. I have to be back at 7pm with my laptop where we will do labs until 9pm.

  Well, I have arrived in San Diego. I will be heading down stairs soon to get registered for my SANS course. I'm hoping it's as good as it's supposed to be!

  This would be why I'm not so excited about biometrics. I would really rather they steal my keys and my car WITHOUT cutting off my finger!!

BBC NEWS | Asia-Pacific | Malaysia car thieves steal finger

But having stripped the car, the thieves became frustrated when they
wanted to restart it. They found they again could not bypass the
immobiliser, which needs the owner's fingerprint to disarm it.

  I have now noticed that the keying also goes all the way across the tail gate! ARRRGH! I called Giant to see if they have video surveillance on the parking lot, but they don't. :(

  Some ASSHOLE keyed my truck yesterday at the Giant here in Columbia. We were in the store for a grand total of 10 - 15 minutes just grabbing a few things and when we came out there was a big gouge in my passenger side door. What kind of low life scum does this? I didn't cut anyone off on the way there. I was parked perfectly in my spot (unusual for me in the truck, I know). There was absolutely no reason for it. It definitely succeeded in PISSING ME OFF! As a matter of fact, when I woke up this morning the first thing that went through my mind was "Someone keyed my truck". It's STILL pissing me off! All I got to say is I HOPE KARMA BITES YOU IN THE ASS!!!!

  Well, the getting up at 0430 and running a conference is done. The long days are over and the conference went well. I think this one was the smoothest we've ever had. Now, I have four friends in from out of town. Two are staying with me. They will be flying out on Monday. I will be flying out on Wednesday. I'm going to San Diego for a week to a SANS conference. I'm going to be taking the SEC 401: Security Essentials Boot Camp course. Things are definitely staying busy!