Monday, August 31, 2009

Ugh... I made a mistake.

I made a mistake.

I've got a lot of work related books to read, and the list is getting longer all the time. Over the weekend I picked up a book on speed reading. 2 actually, at the local library. 1 is a 10 day program, the other I'm not sure about.

Anyway... The NEW 3rd edition of Hacking for Dummies (something recommended at the Ethical Hacker Forums) is coming out soon. The other week, I asked if I should get 2nd ed for 15.00 via Amazon, or wait until December. They said if I could get it now, and read it now, I'd learn more by practicing now, than waiting for the new edition in December. Since I have so much to read, I figured I'd wait. Focus on things that need to get done at work. (Things like setting the networking graphs up (got the ones I needed done), setting up the server monitoring tools (large book), fixing the broken servers (waiting on parts) ).

For some reason between last week, and this week I started looking at the online 2nd edition of HfD on Safari. They won't let me download the whole book, I'm assuming because the new one is coming out. But other than speed reading, that's all I read today (book wise). I finished the preface, the introduction and the first 2 chapters (printed the chapters off for a car pool that did not happen). I've been using some of the tricks I'm picking up in the speed reading book.

Although my reading speed is still between 265 and 300 wpm, with a comp between 70 to 90 % right now.

I'm enjoying Hacking for Dummies, I can't wait to read chapter 3... but I really really should finish Firewalls and Internet Security. I'm about 2/3 of the way done with it so far. The furthest I ever made it. I'm still torn between buying 2nd or 3rd edition of HfD too. I have a feeling I'll end up buying both.

Lastly I should really, really, really be studying for a certification exam (and trying to find a way to pay for it (CCNA, LPI, wouldn't mind Sec+ but I have the books for the other ones)), or writing the essay that's due tomorrow for my 1st gup test in Tang Soo Do.

Lots to do at work too... I'd say I need a time management book, but I've already read Time Management for the System Administrator 2x, and how I'm finding time to do everything I need. I've got a block of time (ie lunch tomorrow) for the essay questions (note they're designed for kids).

Of course, the biggest question at this point is where do I want my career to go?

Saturday, August 29, 2009

Four lies and one martial arts fact

Jesse at The Martial Explorer has tagged me in a silly internet blogger chain-meme-thingie. (copying and pasting with minor edits the first 2 paragraphs and the question at the end). I don't have any regular Martial Arts readers that I can think of, so if you do Martial Arts, and read this, consider yourself tagged. I also don't normally do these (friends comment about me not doing them when they tag me elsewhere), but it could be fun.

The meme works as follows. You post five things about yourself. Four are untrue. One is true. All are so outlandish, implausible or ridiculous that no one would be inclined to believe that any of them are true. And despite the pleas from your readers, you never divulge which is true and which are fabrications. You then tag five other people (four seriously and one person you are pretty sure would never participate).

1) I threw up on my Grand Master at the club Christmas Dinner when I was a kid.

2) I broke my foot doing a kidnapping drill in the Kid's class.

3) I threw my partner through the judging table on my 4th gup test.

4) I once did 200 punishment push-ups.

5) I had my 2nd gup test canceled in the middle of it, so I could be rushed to the ER after having my hand cut open during the knife and club defense part.



Do you know which one is the truth?

Sunday, August 23, 2009

How I spent my Saturday Night...

I'm a geek. I know it. Being broke doesn't help matters much.

For fun tonight I played with the Network Forensics Puzzle that was on ISC.SANS.ORG earlier this week.

I'm no expert, some stuff was beyond my skills tonight before I started. In fact I only started playing, not doing the contest, because someone in a forum posted what tool to use to extract the data. Here is a quick walk through of what I did, without giving to much away I hope.

Downloaded the pcap file and checked the md5sum
They matched so I moved on.

I knew how to load a pcap file into 2 different programs, so I ran it in both, filtering on just the ip address I needed (the user's ip address).

I then looked through the data, using what I knew of layout to get the username of who the spy was talking too.

Then I found the first comment. Using the same method (reading), I found the name of the file being transferred.

Then I extracted the data that was transferred from the stream. If I knew the magic number, the only part I wasn't able to find, it might have been easier. I used tcpxtract for that bit of magic.

At fist I was thinking what was extracted was more like rar files you can find online. Where you unrar the first file, and the rest are used to build the first. While I was eating I realized that might not be the case, and there may have been 37 different files that were actually transferred. It was a case of having just learned to use tcpxtract.

Once I realized that, I found the files that would open with Ark, and which ones didn't. The ones that didn't I ignored. I then tried to extract the others. Only 2 extracted. Again the others I ignored. One was a manifest file, the other the file I wanted. I looked up the document in the file and got the recipe.

Then after bashing my head around some, I figured out, based on comments others had made and how the file is really stored, to change the un-extracted file's name to the right name, and tried opening it with Open Office. it worked. Grabbed the md5sum off that.

Out of the 6.5 requests in the challenge, I did 5 of them. I never found the magic number. :( and I didn't bother to try to script it (computer program) to do the work for me. Because I never found the magic number, and I don't think my programing skills are sharp enough. Although, I didn't think my computer forensics skills were sharp enough at the beginning either.

Tuesday, August 18, 2009

Another Open Letter to AT&T

Dear AT&T:

On occasion to support my position at work I have to use my home system. One of the things I do is run Nmap (network mapper) on work's Net-Block. I use it to find out what ports are open, and make sure that only the ones that should be are open. I usually do this via an SSH connection from work.

Each time, coming home. I've had problems using my home PC. Trying to access anything on the internet, anything that wasn't an active session when AT&T / 2WIRE did their magic, brings up a page an error page. Other things, like my mail monitoring tool don't have that problem and when I opened my web email, it worked. However going to other sites from there brings back up the error page, and sets off ABE (application boundaries enforcer).

The error page says it's detected "a router behind a router". Which isn't the case. To "FIX / Resolve" the issue, places my home system INTO A NON-PROTECTED DMZ is not an acceptable solution. While I don't have a lot of ports open, I'd still prefer if people didn't have easy access to them. Here is section saying that everything is open.

"Allow all applications (DMZplus mode) – Set the selected computer in DMZplus mode. All inbound traffic, except traffic which has been specifically assigned to another computer using the “Allow individual applications” feature, will automatically be directed to this computer. The DMZplus-enabled computer is less secure because all unassigned firewall ports are opened for that computer."

STOP PUTTING MY EQUIPMENT AT RISK TO BLACK HATS AT&T. FIX YOUR SYSTEM.

Monday, August 17, 2009

centos install

So I'm rebuilding my RedHat 4es based DNS boxes at work with CentOS 5.3. Partly because I don't have RH support anymore, partly to get the latest security fixes, and lastly because I've been wanting to rebuild them for a while.

CentOS had been giving me problems with installing since Saturday Night (note these are production systems and I had to create 2 new ones to cover the load, which went with no problem last week). Now I'm sure I could have stayed and got it working in an hour or so Saturday night, but 1) I was sick. 2) I didn't have any blank discs and the DVD I was using was scratched up pretty bad.

The load on this one server, kept getting to the point where it would try to install the drivers for the usb-storage. I'm assuming that means the CD-rom drive. And I'll explain why.

Looking around wasn't much use, I was looking for something along the lines of the knoppix cheat sheet. Something that told me all my boot options. But even googling the problem I was having wasn't much use. Until I used linux.google.com.

Someone else had a similar problem with their box, and turning off USB worked for them. However when I did that, my blade no longer saw my cd-rom drive. (The cd-rom drive is connected via ILO, and I've never had this problem before). Re-enable, and tell it to start without the storage driver worked. (linux nousbstorage). However, I was then left with having to do a net based install.

I had to do those for my virtual boxes last week, so no great problem there.

Once again I wonder why I'm doing CentOS installs, but meh. Personally I'd rather do Debian or Gentoo, but this is what the business told me to run.

My soap box on a public option

Word in the blogosphere tonight is saying the public option is dead.

Where to even start on this one. We need a public option.

Fear has been spread of Death Panels. The truth is, we already have them. On a regular basis people with "Insurance" are denied coverage for trumpet up reasons. You could say I'm being a Left wing nut job on this one, but when you have people testify to Congress that they're job was to find reasons to deny coverage (Public Record, go look it up) what else can you call it but a Death Panel? Maybe a Greed Panel is a better term for them. After all, they're not so much about killing the patient, as saving the company money. The patient dying is just a side-effect of protecting the bottom line. In other words they're saying a person's life is just part of doing business.

Between when I was hit by a car (2003) and my brother's recently broken knee (2009), I've seen it myself how the insurance companies stand between the Doctors and the patients.

I was hit by car while working, so workman's comp picked up "the bills" (just not all of them). The problems started before I even left the accident scene. Do I get life flighted or raced in the back of the ambulance? Life Flight was more expensive than the ambulance. The choice was the ambulance because they thought it would be better for me to die in that than in the air, and it'd free up the chopper for someone that might actually make it to the hospital. (I've always been stubborn, so I made it via ambulance).

While I was still in Surgical ICU the insurance company complained about the time I was spending in the hospital. After I was released, it continued to go down hill. Every time I saw a doctor, an insurance company nurse (an LPN if I remember right) was in the room. Her whole reason to be there was agree or disagree with the doctor on what treatments I needed. I HAD TO FIGHT FOR A PSYCH EVALUATION, because the personality shift I had wasn't worth them worrying about. Only reason I even got one was because I went and set it up myself. Then it became a race to see the doctor I selected vs their corporate whore / shrill of "Doctor". Then they refused to pay for it, even though they sent me to 2 of their whores (the first one agreed with the doctor I chose). I never got any of the counseling 2 of the 3 Doctors said I needed. Not once did I receive any physical therapy, and the cane I walked with for months, was paid for out of my own pocket. The PNMR guy was more interested in sucking up to the insurance company than treating the patient. Physical damage included my brain, my neck and my hip. (I had to learn to walk again, on my own).

My brother is Mental Handicapped, because of that he's on SSI (with medicare). I got him to take Tang Soo Do with me. The school I study at has a history with teaching the mentally handicapped. My brother is 5'9" and about 95lbs. When he was in jr high (in the 90s), he joined the wrestling team, and some how managed to break his knee. He had a healthier weight back then. In April or so this year (2009), he was working a kick drill, but not shifting his weight right. As a result, the knee that had the scar tissue and the like broke again. At first we thought it was a sprain, so I took him home, and our mom iced it. The next day, it was 2x the size. So I took him to the ER (he's afraid of hospitals). We had problems with one Doctor, but were able to get a second opinion. He got free crutches and a free brace for his knee (things my mom could not afford), physical therapy, x-rays at each follow up visit, and lots of great advice. Not once did someone from Medicare or the Government show up to tell the doctors what they could and could not do.

A health care co-op won't work. They won't have the power that the big companies have. They'll look good, but won't last. Not when Big Insurance can reward and punish the peasants.

During Open Enrollment last year at work, the Blue Cross rep they sent out, said we'll be punished for using our Insurance (not the exact wording but the gist of it). How? Our premiums will go up. We'll have to pay even more than we are now. But if we grit our teeth and bare it, our premium will go down, and we'll be rewarded for being good little peasants who don't upset their golden apple cart.

The "Tea-baggers" have been saying that they'd lose their current health care if there was a public option. Sadly they're probably right. Not because the United States Government would mandate it, but because Companies would see it would be cheaper to force their employees into it. The company saves money, and has a better bottom line. You think they'd pass the money on the employees? Please the employees are slaves. Most of the people with jobs are doing more work with less pay.

Most employees don't realize that though. They think that the company screwing them is in the employee's best interest. From a conversation with a guy from FedEx last week. Nutshell version "Yeah, FedEx cut my pay, I have more work to do, but I still have a job". Talking about Unions and UPS. He said UPS had better benefits and pay. But because of UPS being a union shop, UPS let people go instead of doing pay cuts. (Or so the FedEx guy claimed).

Glen Beck lately has been talking about how great the American Health Care system is. Go look up his news stories from January 2008. He said on the air (at cnn I believe) that the American Health system was crap. He didn't say it just once either. He said it in a video from home when he was recovering. He said it on the air multiple times.

Now he's saying that the US has the best Health Care in the world. If that's the case, why did Remote Area Medical start opening up around the country? Remote Area Medical is supposed to be for 3rd world countries to help the people there to have a fighting chance. Has the United States become a 3rd world country?

We, The People of the United States, need change. We need to stop having a 3rd world level health care system and actually start pretending to be an industrial country again. Why is it other countries, countries we're told we're better than, have free health care? If we're so much better why don't we have a health care system they want instead of one they criticize (go look up the news papers coming out of England this week, we're being laughed at. The Daily Mirror called the U.S. The "Land of the Fee").

Thursday, August 13, 2009

ugh this week

I've felt like crap this week. I've been popping Tums. If you know me, 1 roll will last me 3 years easy... They usually go bad before I can get through about 1/4 a roll. However I have 2 open rolls right now. one at work and one at home.

Only think I can think is different, is I'm eating more mixed nuts.

My weight went from 232 Sunday, to 238 Wednesday, and 235 today.

In the good news though. My diet and exercise goal worked. Even if I didn't make all 6 weeks like I had wanted to. The goal was to fit into a size 5 toe balk. The reason is because I have 2 or 3, with the club patches on it. Maybe someday I'll get a decent flag and put on it (have to find the right one first). Either a world citizen logo flag, a UN flag, or a black flag. That's a political discussion for another day.

Anyway, I wore a size five tonight. It was a little tight. Couldn't get my knees as high as usual in chamber, the top was a little tight around the stomach and sides.

I'm actually pretty geeked about it really.

Saturday, August 8, 2009

Fun with grep

I got a copy of the Grep Pocket Reference back in early July via PDF format (from O'Reilly's Safari Bookshelf). I read through it but didn't really learn that much.

Last week the hard copy version arrived (2 weeks after I ordered it from Amazon). I've been reading it the last week. The parts I'm going through right now talks about Regular Expressions (regex). I've read about regex more times than I can count, in classes, in shell scripting books, on the web. This time it made sense.

My firewall log parsing for ip addresses has really improved. For example. I'd usually do "grep '< my ip address >' /external/logs/firewall1". The problem my address at work is .18, but it would pull .181 - .189 also. The first thing I did was back slash the . (dots) in the ip address. It cleaned up some stuff from the logs but not much. It's nicer to know that's not looking for any character and only matching what I want it too.

Which was a problem I was having when I wrote failed a few years ago.

Yesterday I read about word boundaries. I tested it this morning with my work IP address, and no longer am I getting the .181 - .189 addresses. Which is fun. It'll make looking for some things easier in the logs at work.

-------

Just for fun, here is what the finished version of Failed looked like (modified slightly):

#! /bin/sh
# checks for /var/log/auth.log for login failures.
# version 0.2
# < my email address removed >

# prints failed invalid users
echo "Failed Invalid User Attempts"
sudo grep "Failed" /var/log/auth.log | grep -i 'invalid' | grep -v '< work login id removed >' | awk '{print $1,$2,$3,$13,$11}' | sort -u

echo ' '
#prints failed vailid users, except for me.
echo "Failed Valid User Attempts"
sudo grep "Failed" /var/log/auth.log | grep -vi 'invalid' | grep -v '< work login id removed >' | grep -v '< home login id removed >' | awk '{print $1,$2,$3,$11,$9}' | sort -u
echo ' '

------

I sudo the 2 lines, because I need to be root to access that log file. I didn't want to setuid the script to run, nor did I want to be root when I ran it. It also requires me to type my password to run it, since sudo only remembers my password for 5 minutes.

To make this work on Redhat based systems, change auth.log to secure.log

Thursday, August 6, 2009

One thing I'd like to see..

There is one thing I'd like to see die out during this recession (besides the robber barons who own the banks and our government).

The hundreds of IT Contract firms.

I'll look at my daily email from Dice.com, and I'll see the same job posted 4 or 5 times for by different contract places. It's just as bad when a large company posts a job opening. I'll get emailed and called by about 5 to 10 (been closer to 5 lately which is a good thing in my book) head hunters who all want me to apply for the same position. Half the time, the position isn't where they were told it would be.

I had one Contract firm in the past tell me if I applied through them, I was only allowed to use them. I don't see them around much, nor did they ever have many positions listed. When the contact point I was "working with left" I got an email from the person who picked up her "assets". She asked what the person was working on with me. I said I hadn't heard from the person in over a year. I never heard back from her either.

The other thing that irked me. I had just passed the first part of the LPI level 1 exam (this was back when there were only 2 levels), and I had to take their test to prove I was "qualified" for a Linux admin position. Their test was easier than the LPI exam, and I know I did good on it, but I was told I failed it. But the first contact point never said by how bad, or gave me a % or told me were my weak areas were. Thinking about it now, I wonder why her replacement asked how I did on the exam, instead of looking it up herself.

Companies use the contract firms because it's cheaper (especially in MI where there is a new employee tax). Hopefully like out sourcing to India, I hope they realize this is a bad thing and start doing direct hires again. Because seriously with as high as the current unemployment rate is (15.2% according to my latest google search (for June 2009)), the contract firms aren't giving a good indicator of recovery by having the same job posted multiple times.

Wednesday, August 5, 2009

used to be better.

69 push ups today.

week 1, day 2 of the 100 push-ups.
31 in the last round.

blood and burpees

Tang Soo Do last night was strange. I was told that the kids' class was off the hook. Must have been a full moon or something.

I walked into the adult class at 7:20. Class starts at 7pm, and I'm usually there for the kids class, but was stuck at work trying to get a server to build. (Still having problems with the server today).

First thing that happens, as soon as I set my water bottles down, one of the white belts turns and hits the another one. These are the new problem children we have. Spoiled if you ask me. They don't tend to listen very well, and will try to argue with the instructors, including the Master.

They were supposed to be in formation waiting to start forms, as Master Tom was telling Bran (3rd gup) what to go over( and they both came over to say hi, you're late). They were left in Chun Be, knowing that forms were coming, the one decided to show off that he knew how the form started. Doing so, caused him to hit the other white belt, who was holding his stance. Which lead the other white belt to using an open hand strike to the first one's arm. Smacked pretty loud.

I watched it happen. First words out of my mouth, were "down for push-ups" not the first time I've given push-ups before even having time to change (although this was the first time I got blank looks from the students, although Bran dropped quickly). When I said down, the one that started it dropped to the ground grabbed his arm and started crying. This was about 30 seconds after being hit. The Master took the crying kid out of the class, and talked to him. The other one started to do push-ups with us, and then stopped and stood back up. I held the 7th and 9th gups in a high plank (Bran was doing them with us too). I lost count telling the 10th gup we were waiting on him. So we started over. We did 20 more. (Bran said it worked out to 30+).

Then the Master took the other kid out into the hall and had a talk with him. Then I talked with the master, before running to the locker room to change.

Came back in training clothes (toe balk and belt), and Bran came over said they've been that way the whole night. The kids class got about a 10 minute talking to before being dismissed at the end.

The adult class got to work Bo form. I was told I'm testing for 1st gup on September 1st, and it's ok if I don't know bo, knife, or chilson E ru, I'll get those down before my 1st Dan test later (about 3 months after 1st gup). Just a little excited. Of course Saturday, the Master said he keeps thinking I'm a 1st gup already.

We spared some at the end of class. I got a little too predictable in fighting Jay (3rd gup). He's rather tall, so has reach. In the fights he'll back off and catch his breath. I've gotten into the habit of shuffling in to make my attacks against him. He backed off, and we both started moving towards each other at the same time. Me with a shuffle to jam, him with a back fist. His back fist got past my guard and nailed my nose. It felt like it was running but there was nothing coming out of it. Tested it a few times during the match. My eyes were watering. I was more mad at him stopping the fight than I was being hit.

I can understand wanting to stop and make sure I'm ok. He kept apologizing about it, but it happens, and I wasn't bothered by it. See Jay used to be one of the clubs better tournament fighters, so he'll get a couple hits in, maybe score a point and then backs off. He says he does that on the street too, and wants to break that habit. So after being hit, I checked my nose, and came right back at him. Teared up eyes and all. I try to base my fighting more on what I think the street style is, don't stop until someone can't get back up.

After the sparring was over, I checked my nose again, and it was bleeding quite well. Blood on the front of my Toe Balk, and both sleeves. The Master saw it, asked who was bleeding. I said it was mine (used the non-blood sleeve to prove it).

Then we got to do tradition. In class on or after your Birthday (rarely the day before), we do push-ups. 1 for every year. When Master P's bday comes around we all hate it, since the numbers are in the 70s. This year, to mix it up some. We did burpees, my request. My original goal was to do all 32 with out stopping at a slower pace for everyone to keep up. However with the bleeding nose (I figured I'd worry about it after class), it was a little hard to breath. So we did sets of 10, 10 and 12. Bran and I were the only 2 to do all 32, and he got done before me.

After the first step, I went to the sink and spit up the blood that ran down the back of my nose, while trying to breath) and found some paper towel to blow into. Repeat the blow after the second set. bowed out after the 3rd set to go home. While we were supposed to be meditating and getting comments on class from the master (the after class speech), I held my nose to get the bleeding to stop.

Last night was so much fun.

Monday, August 3, 2009

let's try this again.

push ups. week 1, day 1...

10
12
8 (should have been 7 but hit a groove).
7
20

Hard and out of breath. I'm just not used to it any more. It has been 3 weeks since I hurt my elbow. It still hurts to touch it, if the arm is out straight, bent doens't matter. At least it doesn't just hurt all the time anymore.

But taking 3 weeks off, and eating badly last week didn't help matters (fast food everyday for lunch).

body fat check

233.5 lbs (I've got the number right this time).

41 waist (at navel)
43 hips
13 forearm
8 wrist

You have 19.4% body fat.

You have 45.2 Pounds of fat and 187.8 Pounds of lean (muscle, bone, body water).

according to the body fat check site I've been using, anyway.

I weighed less a few weeks ago. Probably should have done it then. Still in the 2 months it's been since my last check, I'm 7 lbs lighter, with 1 inch gone from the wait and hips.

Saturday, August 1, 2009

I'm jumping on the band wagon...

...I'm just late that's all.

So I'm thinking about passwords lately. With Black Hat and Defcon this week, the report that some big name Infosec people had their accounts broke into, a friend's tweet on getting 400 followers, and me having to change my FB password today, I thought I'd share how I come up with passwords.

Now for fun the other night, driving back from Tang Soo Do on a long and lonesome highway east of Omaha... I came up with about 15 or so passwords based off a tv show I liked. They were between 8 to 10 characters each.

So there are a few ways I do it. There are 2 examples in each.

Method One:
I'll take a phrase, the longer the better, and modify it.
The quick red fox jumps over the lazy brown dog (a well known pangram , ie uses all the characters in the English language) or I'm here to chew bubble gum and kick arse and I'm all out of bubble gum (mainly because I'm fond of quotes).
I'll take the phrase, and use camel case (mixed case), with numbers, special characters (anything over the number keys), and letters. I'll then mix them up like below:

Th3Qu!ckBrownF0xJump3s_Over_the_L2zy_red_dog

I'm_h3r3_2ch3w_BubbleGum&kick@rse.&I'm@ll0ut_ofBubbleGum

I can mix them other ways too. For example, I swapped brown and red, just to make it a little different.

Method Two:
I'll take a song lyric or a line from a movie, tv show, or whatever and I'll modify it by using just the first letter of each word, and the some of the other steps above. Examples I'll uses are Seger's Turn the Page, and a line from Cool Hand Luke.

"On an long and lonesome highway east of Omaha" becomes:

0@L&lh3oO!

"What we've got here is... failure to communicate. Some men you just can't reach. So you get what we had here last week, which is the way he wants it... well, he gets it"

Wwgh!F2c.SmUjcr=SugWwhHlw,W!twhWi_whg!! (to be honest, I'd modify it a little more, and weighing in around 30 characters, I'd use that for a pass phrase for my encrypted hard drive).

There are some other rules I use, if you notice, I have 2 characters side by side, 1 will be cap, 1 will not be. I tend to use the 2 interchangeably at home and at work, so we have phrase on some boxes, and the vegitable soup on others.

Lastly Method 3, which I only use on rare occasions is:
pwgen (password generator) from the linux command line. I'll add options like at least 1 special character, 1 upper case, 1 number and set it to be 10 to 12 characters long.

and finally...
I tend to use password safes, with things divided in them. Keepass and Password Safe.

I have had a few users complain when I give them a 10 to 12 character password based on something they said in the conversation. 1 about being long, and 2 about being so random, but when I tell them I use 24 to 26 character passwords regularly they tend to think it's not that bad and they seem to remember what they got fairly well.

There are other ways to make passwords too, and if you google them, I suggest googling site:lifehacker.com

Have fun, be safe online and for extra credit, figure out why I think this is a bad password. BwDn$b! (there are 2 reasons I don't like it).