Kamis, 27 Januari 2011

Get Great Free Music at 8bitcollective - 8bc.org

8bitcollective is an online chiptune media sharing site. What is is chiptune you ask? Basically, it is Nintendo or gaming console music (Wikipedia has a more in-depth explanation). It is old school greatness! Who doesn't love listening to some Super Mario Bros every once in a while? Yes. This is music for geeks.

8bit collective is a site dedicated to people who are still creating this music and sharing it with one another. The site has thousands and thousands of free songs. Most of them are not that great, but every once in a while you will come across a song that is amazing. I suggest going to the site about once a month and checking out the "most liked" music on the right side of the home page.

Check out some of my favorite songs from the site:

8 Bit Collective

How to do HDR photography with a single image


HDR photography is done using 3 or more bracketed images. There are some instances though where taking three bracketed photos is not possible; for instance, action shots. In this tutorial I will show you what you can do if you only have one photo to work with.

Read article »

Selasa, 25 Januari 2011

Gimp Resynthesizer Explained - Texture Transfer and Input and Output

Note:
As was mentioned in a comment on this post, Resynthesizer no longer does what this blog suggests; if you want the functions shown in this blog, please use Filters > Enhance > Heal selection Click here for the tutorial.

In a previous post I talked a bit about the Gimp plugin Resynthesizer. Someone posted a comment asking for a bit more explanation; more specifically, what the elements of the plugin mean. This actually is not easy to find out. The Resynthesizer website shows what the program can do, but does not really say how. It took me a while to figure it out, but I finally did and will be showing all of the ins and outs of the Resynthesizer plugin.




Read article »

Minggu, 23 Januari 2011

Get-WinEvent, EventLogs, ETL, Providers on Win7


'Get-WinEvent' in Powerhsell 2 when combined with ETL on Windows 7 allows exceptional event log queries. This function allows the administrator to create an array of all Event Logs and sort by 'time created' all those records created in the last (1) day:



function global:LatestLogEntries
{
   [CmdletBinding()]
   Param(
       [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
       [int32] $param1,
       [string] $ErrorActionPreference="silentlycontinue"
            )


$LogNames=(Get-Winevent -listlog  * )
$goback = (get-date) - (new-timespan -days $param1 )
$LogNames | % {get-winevent -FilterHashTable  @{LogName=$_.LogName;StartTime=$goback}}
}



 LatestLogEntries 1 | sort -descending -property TimeCreated | ft -auto TimeCreated,LogName,ProviderName,RecordID,Message | more



There are over six hundred providers shipped with Windows 7. This function chooses all those providers nominally relevant to Network,Security, and IP and allows the administrator to sort by 'time created' the maximum amount of entries specified:

function global:NetSecIP_Entries
{
   [CmdletBinding()]
   Param(
       [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
       [int32] $param1,
       [string] $ErrorActionPreference="silentlycontinue"
            )
$Providers=Get-WinEvent -ListProviders *
$NetworkSecIP_Providers= $Providers | % {$_.Name} | findstr "Network Sec IP"
foreach ($provider_message in $NetworkSecIP_Providers) {get-winevent -max $param1 -provider $provider_message}
}

 NetSecIP_Entries 20 | sort -descending -property TimeCreated | ft -auto TimeCreated,LogName,ProviderName,RecordID,Message | more


Kamis, 20 Januari 2011

Tip of The Day - Subscribing to RSS Feeds

If you use the Internet for more than 1 minute a year, then chances are, you have seen an icon that says "RSS" or "Feed." These pretty icons are intended to make our lives easier. Most of us have websites or news that we like to read every day. We may go to many many different websites every day to stay updated on what is going on. Wouldn't it be easier if we could do that with a single page? There is! That is what the pretty RSS button is for. If you have never used it, you should. I will show you how.

Read article »

Rabu, 19 Januari 2011

Tip of The Day - Removing labels or glue with WD-40


For this tip of the day I am going to talk about two of my favorite things in the universe. WD-40 and hydrogen peroxide. They both have about a million uses and they are pretty cheap. I will be showing why WD-40 is amazing for removing glue or labels.

Read article »

Wanted: Incident Handler in Michigan

Do you know how to detect and respond to intruders in a multinational organization? Do you want to join a team with that mission? Are you an experienced information security professional who is looking for a challenge? If your answer to these three questions is yes, please consider applying for the last open Incident Handler role in GE-CIRT. In this role you will mentor intermediate and junior CIRT members and work with some of the best detection and response staff in the world.

The role is located at our Advanced Manufacturing & Software Technology Center in located at Visteon Village, Van Buren Township, Michigan. By the end of the month, 19 of my team (about half of GE-CIRT) will be located there. (I have 2 new hires arriving within the next two weeks.) In addition to normal operations there, our extended team meets at the AMSTC facility regularly for training and planning sessions.

If you would like more information on the role, apply for job 1259804 and I will review your resume. Please read the qualifications carefully -- I'm looking for an experienced person for this role. Thank you.

Selasa, 18 Januari 2011

Create a grunge business card using the Gimp


A while back I did a tutorial for making a business card using Inkscape. This will be basically the same, but use the Gimp instead.

A business card is a great way to represent yourself and your talent level (especially if you are a designer and you designed your own card). Creating a business card in the Gimp is fairly fast and easy.

Read article »

Sabtu, 15 Januari 2011

Tip of The Day - Buy things for the lowest possible price

People in general are alway trying to find the greatest deal possible.  Here are some tips for how you can do just that effectively.

For our purposes, we are going to be looking for a Canon DSLR camera; let's see how cheap we can go.

We will be using Google Product Search for this, but the principles apply the same for eBay.com or other similar services.

1. Do a Google search for Canon DSLR
2. Press the "shopping" link above the search results.
3. On the right, press the link "Sort by Price: Low to High"

(At this point, you are probably thinking that this is what you do already...  you are not learning anything new.  These next steps are the more important ones.)

4.  Most of what pops up is going to be cheap accessories that we are not interested in. Put a minus sign (-) in front of that to make it so it does not show up. For example "canon dslr -flash -kit -remote -screen -cap -sd -strap -ring -hood -battery." When you do this, it is not going to show flashes, sd cards, straps etc.  This method works great for some things, but not so great for others. If this is the case (as it is for the dslr canon) then try the next steps below:
5. Try being more specific. "canon dslr camera" creates much better search results (but it also can decrease your chance of finding the cheapest item).
6. Reverse search. Sort by price from high to low, then try finding the page that transitions between actual cameras and camera accessories.  When I do a search for "canon dslr" and sort price high to low, page 30 is about the transition I am looking for.  I already found a camera cheaper this way than doing a search for "canon dslr camera."

Search: canon dslr camera - Search results are clean and easy. Cheapest camera is $448
Search: canon dslr - More search results to look through. Cheapest camera is $399

Spend an extra minute or so and save yourself $50

Selasa, 11 Januari 2011

How to create a winter landscape scene using the Gimp



This week I went skiing with my family and took a picture I thought would make a nice winter scene. I will show you how to do it in the Gimp.

Read article »

How to clean your vehicle's headlights - Use toothpaste



Before

After

For the longest time I have thought that my headlights looked very dim and that I could probably clean my headlight covers to remedy this. Yesterday I decided to do something about it.


There are many products you can buy to do this. I am cheap and lazy so I decided to do it another way.

This is actually super easy and relatively quick to do. Searching on Google, I found people using toothpaste doing the same thing here and here and here and here and here and here. So I figured it would be worth a shot.


Read article »

Senin, 10 Januari 2011

Seven Cool Open Source Projects for Defenders

Long-time blog readers should know that I don't rely on tools to defend my enterprise. I rely on people first, followed by tools, then processes. However, today I took a moment to consider the myriad of really cool work happening (mainly) in the open source tool community. When I started counting, I found about seven projects that are likely to help you defend your enterprise.

Most of these require some commitment of brainpower and willingness to learn, but I am nevertheless very pleased to see this much innovation on the defensive side. Collectively these projects do not "solve" any problems (nor should they), but I am certain they can help address one or more problems you may encounter -- especially regarding visibility. In other words, these are the sorts of tools (with one or two exceptions) that will help you detect and respond to intruders.

These are numbered for reference and not for priority.

  1. Charles Smutz recently announced his Ruminate IDS, whose goal is to "demonstrate the feasibility and value of flexible and scalable analysis of objects transferred through the network." Charles is also author of the Vortex prohect, a "a near real time IDS and network surveillance engine for TCP stream data."

  2. Doug Burks just released a new version of SecurityOnion, an Ubuntu-based live CD to facilitate network security monitoring. You'll find many of the tools on this list in SO and I expect those missing will be included at some point!

  3. Over at Berkeley, development of the Bro IDS project is kicking into high gear with Seth Hall's new role as a full-time developer. We miss you Seth!

  4. OISF just released a new version of their Suricata IDS. If you're going to RSA next month, see the OISF team at their next Brainstorming Session. I plan to stop by.

  5. Dustin Webber and new team member Jason Meller just released a new version of Snorby, a Web 2.0 interface for Snort alerts. I hope to see Snorby packaged in SO soon.

  6. Edward Bjarte Fjellskål continues to release cool new code, from the packet capture system OpenFPC with Leon Ward to Polman for managing IDS rules.

  7. Sourcefire's Razorback framework seems to be making some progress again, and the relaunch of new Snort, VRT, and ClamAV blogs under new community manager Joel Esler is a welcome move.


Check these out if you have some time!

Sabtu, 08 Januari 2011

More on Chinese Stealth Fighter and APT

Since my 27 December post Courtesy of APT, featuring the new Chinese stealth fighter, Aviation Week writer Bill Sweetman wrote more about the development of this aircraft and the support from APT:

One question that may go unanswered for a long time concerns the degree to which cyberespionage has aided the development of the J-20. U.S. defense industry cybersecurity experts have cited 2006—close to the date when the J-20 program would have started—as the point at which they became aware of what was later named the advanced persistent threat (APT), a campaign of cyberintrusion aimed primarily at military and defense industries and characterized by sophisticated infiltration and exfiltration techniques.

Dale Meyerrose, information security vice president for the Harris Corp. and former chief information officer for the director of national intelligence, told an Aviation Week cybersecurity conference in April 2010 that the APT had been little discussed outside the classified realm, up to that point, because “the vast majority of APT attacks are believed to come from a single country.”

Between 2009 and early 2010, Lockheed Martin found that “six to eight companies” among its subcontractors “had been totally compromised—e-mails, their networks, everything,” according to Chief Information Security Officer Anne Mullins.


Note the 2006 date is consistent with my APT history article for Information Security magazine. However, before being officially named "APT" by the US Air Force in 2006, APT was active against cleared defense contractors in 2003, and probably earlier.

Bill makes an interesting point about the availability of photographs of this aircraft:

The way in which the J-20 was unveiled also reflects China’s use and control of information technology to support national interests. The test airfield is located in the city of Chengdu and is not secure, with many public viewing points. Photography is technically forbidden, but reports suggest that patrols have been permitting the use of cell phone cameras. From Dec. 25‑29, these images were placed on Chinese Internet discussion boards, and after an early intervention by censors—which served to draw attention to the activity—they appeared with steadily increasing quality. Substantial international attention was thereby achieved without any official disclosures.

In other words, consistent with their information warfare doctrine, China is presenting this aircraft as a deterrent to Western, and specifically American, interference in their region, through psychological operations.

Happy 8th Birthday TaoSecurity Blog

Today, 8 January 2011, is the 8th birthday of TaoSecurity Blog. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2739 posts (averaging 342 per year) later, I am still blogging.

I don't have any changes planned here. I plan to continue blogging, especially with respect to network security monitoring, incident detection and response, network forensics, threat-centric security, and FreeBSD when appropriate. I especially enjoy reading your comments and engaging in informed dialogues. Thanks for joining me these 8 years -- I hope to have a ten year post in 2013!

Don't forget -- today is Elvis Presley's birthday. Coincidence? You decide.

The image shows Elvis training with Ed Parker, founder of American Kenpo. As I like to tell my students, Elvis' stance is so wide it would take him a week to react to an attack. Then again, he's Elvis.

I studied Kenpo in San Antonio, TX and would like to return to practicing, along with ice hockey, if my shoulders cooperate!

Rabu, 05 Januari 2011

The "IT as a Business" Train Wreck

I just read this year-old article by InfoWorld's Bob Lewis titled Run IT as a business -- why that's a train wreck waiting to happen. It reminded me of comments on a CIO article I posted in 2008 as The Limits of Running IT Like a Business. Here I would like to emphasize a few of Bob's points via excerpts from the 2010 article.

When IT is a business, selling to its internal customers, its principal product is software that "meets requirements." This all but ensures a less-than-optimal solution, lack of business ownership, and poor acceptance of the results...

Tim Hegwood, CIO of MRI Companies, is trying to steer his company's mindset away from a focus on software delivery. "We're still struggling to institute the concept that 'there are no IT projects -- only projects designed to solve business problems,'" he reports...

Larry Sadler, IT service manager at ONFC, experiences similar difficulties. "The 'customer' concept is deeply embedded in the departmental silos here," he says. "This results in an attitude of 'I want this or that aspect done, and without any interruption.'"

According to [Bassam Fawaz, CIO of a large global logistics company], "IT should relinquish its increasing stance as an order taker, and earn and advance its intended role as the qualified engineer of what makes a business hum..."

Another unintended consequence of running IT as a business with internal customers, while less tangible, might be even more important: Defining IT's role this way creates an arm's-length relationship between IT and the rest of the business...

When IT acts as a separate, stand-alone business, the rest of the enterprise will treat it as a vendor. Other than in dysfunctional, highly political environments, business executives don't trust vendors to the extent they trust each other...

Businesses that take running IT as a business seriously have to bill IT's internal customers for services rendered. That means instituting chargebacks, also known by the more impressive-sounding synonym "transfer pricing," but more accurately described as "full employment for accountants..."

When the only incentive managers have to promote efficiency is the impact of chargebacks on their departmental budgets, chargebacks are just a Band-Aid. They won't fix the real problem: that nobody cares about the success of the business, only their own fiefdom.

Anita Cassidy, president of IT Directions and coauthor of "A Practical Guide to Reducing IT Costs..." [says] "I watched one company make several poor strategic decisions for the enterprise as a whole," she adds. "Because of its chargeback system, its managers were more concerned about reducing their individual costs than doing what was best for the enterprise. I watched another significantly increase shadow costs and inefficiencies within the business.

Chargebacks had a chilling effect on using the central IT services."

Chargebacks are an attempt to use market forces to regulate the supply and demand for IT services. If that's the best a business can do, it means the business has no strategy, no plans, and no intentional way to turn ideas into action...

The alternatives begin with a radically different model of the relationship between IT and the rest of the business -- that IT must be integrated into the heart of the enterprise, and everyone in IT must collaborate as a peer with those in the business who need what they do.

Nobody in IT should ever say, "You're my customer and my job is to make sure you're satisfied," or ask, "What do you want me to do?"

Instead, they should say, "My job is to help you and the company succeed," followed by "Show me how you do things now," and "Let's figure out a better way of getting this done."


Cassidy sees proper governance as the superior alternative to using chargebacks to set IT's priorities. The company's leaders have to collaborate to determine how funds are spent, or the company won't be able to set and implement a strategic direction...

When IT is integrated into the heart of the enterprise, its priorities aren't defined by who has the budget to spend (by chargebacks). Rather, they're defined by a company leadership team whose members have a shared purpose, who understand what the company must do to achieve that purpose, and who understand the role new technology will play...

Companies that have integrated IT and no internal customers define success differently.

IT's job is to recommend better ways to operate, using technical capabilities business managers might not even know are possible.

These enlightened companies don't have IT projects -- they have business change projects that aren't done until the planned business change has been accomplished...

Where did the standard model [i.e., "IT as a business] come from in the first place? The answer is both ironic and deeply suspicious: It came from the IT outsourcing industry, which has a vested interest in encouraging internal IT to eliminate everything that makes it more attractive than outside service providers...

Take it all away and start acting like a separate business, and what do you have? A separate business, but without a marketing department, sales force, or possibility of turning a profit.

My advice? Don't act like a separate business. Do the opposite -- be the most internal of internal departments. Become so integrated into the enterprise that nobody would dream of working with anyone else.


This article makes so many great points. I strongly recommend reading the whole story if you have time. At the very least, consider what I've emphasized here the next time you interact with IT or the rest of your company.

To Those Who Want Tim Thomas Books

I continue to be bombarded by questions from readers looking to buy the books by Timothy L Thomas, mentioned in my posts Review of Dragon Bytes Posted, Review of Decoding the Virtual Dragon Posted, and Review of The Dragon's Quantum Leap Posted. As you can see at Amazon.com, they are not available.

I hope that the spotlight I'm shining on these books helps Mr Thomas either 1) reprint the books or 2) secure a different publisher who will reprint them.

If you want to show your interest in buying these books, I recommend adding a Comment to each my reviews at Amazon.com saying you want to buy the books, but can't find them. I think that is the most direct and visible way to express interest.

Selasa, 04 Januari 2011

TaoSecurity Lab

In a recent blog comment one of you asked about TaoSecurity lab. This is a collection of my own gear -- nothing associated with my corporate employer. I decided to post the diagram at left in case someone found it useful.

To summarize the color scheme: 1) blue (and the blue squiggle) means "wireless access," regardless of the nature of the device (phone, appliance, laptop, etc.); 2) green means Cisco; 3) gray means "appliance"; 4) peach (?) means server; and 5) orange means no IP address (e.g., two dumb taps). The two small purple arrows represent lines running to a sensor for monitoring purposes.

As you can see, there are two main segments. The blue devices all connect via wireless to the main network. You could consider the blue devices (and the supported WAP, iTap, and gateway) to be "production." The other devices are all wired, and they are more for "research." In other words, if the Cisco 2651xm router or anything else connected to it dies, no one but me will likely care!

A few aspects of this lab stand out to me:

  • The number of wired devices is roughly equal to the number of wireless devices. A few years ago I had a couple dozen white box systems that took nearly all the shelf space in my wire racks. Now wireless devices generate most of the interesting traffic.

  • I've replaced most hardware systems with virtual systems. The 2950iii is an ESXi server with 10 NICs. With so many NICs I can simulate systems on multiple VLANs on real hardware switches.

  • I like having three Cisco switches and a router. They aren't really necessary but a real layer 3 switch plus two real layer 2 switches is fun for working with IOS.

  • I need a real computer rack. All the rackmount gear is sitting on wire shelving. I'd rather not show any photos until it looks more professional!


So there it is. I didn't show a few more systems which I consider retired, or at least "shut down unless I really need them." For example, I have a PPC Mac Mini and a HP Visualize PA-RISC, plus two Shuttle SFFs and a portable Hacom device. Right now I can't think of a reason to keep them running since I can always spin up a new VM if I need to test anything.

Senin, 03 Januari 2011

VizSec 2011 Call for Papers Open

The call for papers for VizSec 2011 is open. VizSec2011 will be held on the campus of Carnegie Mellon University, on 20 July. Full paper submissions are due 1 April and panel abstract submissions are due 15 April. This is the conference to attend if you're interested in graphical depiction and analysis of security data! I was pleased to provide the keynote last year, but I will not be able to attend this year.

Starting the New Year Right

Today's a company holiday (odd, but ok), so I figured what better way to start the New Year than to see if my Commodore 64 still works? I bought it in mid-1986, so it's almost 25 years old, and it's been over seven years since I posted My C-64 Rides Again. Since then the monitor I used with my C-64 died, but my dad shipped me his old RBG monitor.

Would everything work? Could I access the Internet with it? The answer: YES. As you can see above, I have a C-64c, with a 1541c disk drive. I even have a 1351 mouse, but I decided not to use it. I found the Contiki OS 5 1/4 floppy that shipped with the NIC I bought for the C-64 in 2003. I was able to LOAD "*",8,1 and get Contiki OS running.

At right you can see a visit to the Bejtlich.net Web site using the Contiki OS Web browser. Remember this is a 25 year old computer running a 7 year old Web browser.

I'd like to try to get a copy of the newest Contiki OS on 5 1/4 floppy to see what improvements have happened in the last 7 years. For example, the Web browser didn't render Google at all. I also couldn't get the Telnet client to run. For all I know that part of the disk could be bad. The Web browser sort of worked, but it was very fragile (unlike the modern Contiki OS version, which is Internet-facing).

This was a fun test of this old gear. I've got my original 1200 baud modem (upgrade from a 300 baud) as well, and it still works. I'm not sure it's going to like the Verizon land line in my lab. I also need terminal software for it. That would be another fun trip down memory lane to get the C-64 working with the old modem.

At left is a screen shot of the Web server in action, but I think even accessing this page killed it.

I consider it ironic that I took these photos with a 2+ year old Blackberry, which has hundreds of times the computing power and capabilities of this setup in probably 1/100th the volume.

Happy New Year!

2010 Review - 11 Best tutorials for learning Gimp



This list is not necessarily the best Gimp tutorials per se, but this is a list that will help someone become an expert using the Gimp. If you are a beginner just starting to use the Gimp, completing these tutorials will help you understand a great variety of the tools that the Gimp has to offer.

Read article »