Watch out Microsoft....Apple. (maybe)

Think that windowed desktops are too much of a clutter or a pain in the butt to sort through? A company by the name of 10/GUI is working on a new Operating System called Continuum. It is a touch screen based OS that uses a multi-point touch pad in place of the keyboard and mouse. Check them out here: (http://10gui.com/video)

Personally, I don't believe that we will be going away from windowed desktops anytime soon. I also feel like the continuum desktop is a bit clumsy, but I'd definitely love to see more or even try it out. Hopefully they release somewhere and I can try a demo! In the end, Microsoft will end up buying them out and incorporating the technology into it's collective...

Creepy, yet interesting

Here is an excerpt (a particularly disturbing one) from Bill Joy's, "Why the future doesn't need us." article written for WIRED in 2000. Enjoy!!

http://www.wired.com/wired/archive/8.04/joy.html

Why the future doesn't need us.

Our most powerful 21st-century technologies - robotics, genetic engineering, and nanotech - are threatening to make humans an endangered species.

By Bill Joy

THE NEW LUDDITE CHALLENGE

First let us postulate that the computer scientists succeed in developing intelligent machines that can do all things better than human beings can do them. In that case presumably all work will be done by vast, highly organized systems of machines and no human effort will be necessary. Either of two cases might occur. The machines might be permitted to make all of their own decisions without human oversight, or else human control over the machines might be retained.

If the machines are permitted to make all their own decisions, we can't make any conjectures as to the results, because it is impossible to guess how such machines might behave. We only point out that the fate of the human race would be at the mercy of the machines. It might be argued that the human race would never be foolish enough to hand over all the power to the machines. But we are suggesting neither that the human race would voluntarily turn power over to the machines nor that the machines would willfully seize power. What we do suggest is that the human race might easily permit itself to drift into a position of such dependence on the machines that it would have no practical choice but to accept all of the machines' decisions. As society and the problems that face it become more and more complex and machines become more and more intelligent, people will let machines make more of their decisions for them, simply because machine-made decisions will bring better results than man-made ones. Eventually a stage may be reached at which the decisions necessary to keep the system running will be so complex that human beings will be incapable of making them intelligently. At that stage the machines will be in effective control. People won't be able to just turn the machines off, because they will be so dependent on them that turning them off would amount to suicide.

On the other hand it is possible that human control over the machines may be retained. In that case the average man may have control over certain private machines of his own, such as his car or his personal computer, but control over large systems of machines will be in the hands of a tiny elite - just as it is today, but with two differences. Due to improved techniques the elite will have greater control over the masses; and because human work will no longer be necessary the masses will be superfluous, a useless burden on the system. If the elite is ruthless they may simply decide to exterminate the mass of humanity. If they are humane they may use propaganda or other psychological or biological techniques to reduce the birth rate until the mass of humanity becomes extinct, leaving the world to the elite. Or, if the elite consists of soft-hearted liberals, they may decide to play the role of good shepherds to the rest of the human race. They will see to it that everyone's physical needs are satisfied, that all children are raised under psychologically hygienic conditions, that everyone has a wholesome hobby to keep him busy, and that anyone who may become dissatisfied undergoes "treatment" to cure his "problem." Of course, life will be so purposeless that people will have to be biologically or psychologically engineered either to remove their need for the power process or make them "sublimate" their drive for power into some harmless hobby. These engineered human beings may be happy in such a society, but they will most certainly not be free. They will have been reduced to the status of domestic animals.

In the book, you don't discover until you turn the page that the author of this passage is Theodore Kaczynski - the Unabomber. I am no apologist for Kaczynski. His bombs killed three people during a 17-year terror campaign and wounded many others. One of his bombs gravely injured my friend David Gelernter, one of the most brilliant and visionary computer scientists of our time. Like many of my colleagues, I felt that I could easily have been the Unabomber's next target.Kaczynski's dystopian vision describes unintended consequences, a well-known problem with the design and use of technology, and one that is clearly related to Murphy's law - "Anything that can go wrong, will." (Actually, this is Finagle's law, which in itself shows that Finagle was right.) Our overuse of antibiotics has led to what may be the biggest such problem so far: the emergence of antibiotic-resistant and much more dangerous bacteria. Similar things happened when attempts to eliminate malarial mosquitoes using DDT caused them to acquire DDT resistance; malarial parasites likewise acquired multi-drug-resistant genes.


Check out the rest of the Article. It's very interesting.

Et tu, Mario? (Then fall ...Luigi?)

"Murder, looting, pizza theft, and other hazards of cooperative video-gaming"

Here is an excerpt from an article I read on slate.com today. Check out the full article here!

"Multiplayer video games operate along two dimensions. There are fighting games like the Tekken and Street Fighter franchises that give players a single option: defeat each other in glorious battle or turn off the console and bake cookies together. On the other end are games like the popular Facebook application FarmVille in which players must help each other by fertilizing one another's crops and exchanging gifts... Most cooperative games lie in a vast middle ground, however, a no man's land between altruism and gaming Darwinism that offers up a host of ways to misbehave."

It's a fairly funny article and it also brings back some great memories of growing up. My first system was an Atari 2600 that I purchased at a church garage sale...Without my parents knowledge... My mother wanted to throw it in the trash, but my father, a kid at heart, was as excited, if not more, than I was. We hooked it up to our glorious, 14ish", wood-paperedTV, and started out playing Moonraker. Other games we had were Pitfall, Joust, some space game and a myriad of others. So, the reason this brings back memories?? I can't exactly put a finger on which one, but ONE of my sisters absolutely loved playing Joust with me and spending all of her time finding some way to get me killed.

After moving away from Colorado and settling in Jacksonville, FL, my dad purchased us a Playstation...the original fat greyish box. One of my favorite games was Tekken 2. Anna, Jo, and I played it all the time. Jo had a favorite cheap move with Heihachi Mishima that we dubbed the 'Noogie' and Anna had her favorite character 'Nina' with which I'm sure she had some cheap move as well. I admit, I had a favorite character too, and after memorizing all of his moves, I found the cheapest and most affective. Marshall Law, I assume who's based loosely on Bruce Lee, had this famous spinning backflip kick thing that was a sure hit just about anytime I mashed those special buttons. We eventually purchased Tekken3 and Tekken Tag for Ps2 and wore those characters out as well. Now, I own a PS3 (I'm very, very loyal) and I'm playing games like CoD Modern Warfare 2, Uncharted 2, and various other games. I haven't experienced too much unfair or down-right dirty multiplay online yet, but I'm sure it will hit soon enough. However, I do play the Lego games (Star Wars, Indiana Jones, Batman) with my girlfriend, and I can't even count the hours we've spent simply running around chasing one another with a lightsaber or thermodetonator trying to kill eachother. She has gotten quite good at it and usually can destroy my character pretty quick.

Well, check out the article! I'm sure that if you've played games at all, it will give you a laugh. Oh, while I was in STL, Renee, Ellen's mom, showed us a tv show about people who simply hoard stuff... It was very gross! I do wonder though, is there a person out there who simply hoards video games?? If so, I'd love to see what their house looks like. I don't even think I'd be disgusted by that!

The Speed of Life

Life has once again picked up the pace. Between Lifecycle of my stores, switch replacements, vacation to STL and finals, I [once again] have pushed off posting on blogger. Well, I'm back! So, for my first post back, take a look at this video.<-click the word 'video.' It's not directly Technology specific, but hey, the world is changing and this is interesting and important. Enjoy!

A Phish Full of Dollars

"CARLISLE, Pa., Oct. 14 (UPI) --
Authorities say computer hackers drained more than $479,000 from a Pennsylvania county redevelopment agency's bank account.
Cumberland County officials told reporters Wednesday that the intruders transferred funds from the agency's account to their own accounts at 11 different financial institutions last month.
"We were all shocked when we heard this," said Cumberland County Redevelopment Authority Executive Director Chris Gulotta.
The Carlise (Penn.) Sentinel said that less than $110,000 has been recovered thus far and the county is negotiating with two other institutions.
The hackers apparently gained access to the redevelopment authority account through a virus that records keystrokes and was able to swipe a pass code. The virus was contained in a phony Web page that said the bank's real site was down for maintenance."


This is why you always know what your banking site looks like. If it says that it's down for maintenance, call your local branch to make sure that it really is! Who knows, it could save you your entire life savings. Other Tips for avoiding Phishing are:

1) Check for a lot of misspelled words. This is a common indicator that the site is a phishing site because they are usually hastily made.
2) Look at the URL (the http://...... part). If it looks different from what you usually type in, it may be a sign of a phishing attempt.
3) If you usually see the little "lock" symbol to the left of HTTP://, or your site uses HTTPS://, make sure it's there.
4) Finally, just plain avoid those sites that make you sign up to win something or receive a free gift. On the Internet, if it looks to good to be true, it usually is. In a study done, 90% of people gave up their userID or Password for a free item, usually something small like a pen or a calculator. 70% of people gave both away for a larger prize like a DVD.

Techsmith

Techsmith offers a lot of unique and high quality software for people to use in everyday life, whether it's for work or play. Some of the software packages they offer are:

1) Snagit- Capture anything you see on the screen. Edit and combine those captures. Share them via your favorite applications. Organize and find them again later. Don't waste time cropping your captures. Snag exactly what you need with just a click.

Find a free trial Here

Snagit is simple and user friendly and it also offers a lot of unique tools to help make your screen captures look beautiful. Give the trial a shot and see if you like it! You'll be surprised at what you can use it for.

2) Camtasia Studio- People don’t want a long, drawn-out explanation. They want to see what you’re talking about. With Camtasia Studio, you can record your PC screen and create professional-looking videos that clearly demonstrate a process, a product, or an idea. Some call Camtasia Studio the world's smartest screen recording software. Why? Because it adapts to your workflow, not the other way around. Here's how it works:
-Record whatever you want, right now, at any size. Decide how to use it later
-Edit and Enhance to clarify and amplify your message
-Share your creation anywhere, in multiple formats
Find a free trial download Here

I use Camtasia at work to create training videos. It records the screen beautifully and let's you record sound during video capture or place it into the file afterwards. It also has a smart zoom feature that will zoom in on a location in the video if you are typing something...this can be turned off and edited to fit your needs. A great little program and I definitely recommend the 30 day trial.

Todays Threat Level

Today's Internet Threat Level: GREEN

Handler on Duty: David Goldsmith




Top Three Ports Reported:
Port 1433 : MS-SQL-Server : Reports 18989
Port 445 : MS-DS : Reports 18424
Port 51413 : BitTorrent Upload Port : Reports 7025

Today

I spent all of today on the road for work and now I have to do my school work. Unfortunately this means that I don't have much time to post, so here are some good Geek photos for you to copy and save to your computer!! If they are hard to read, just click them or right click and open in new window. Enjoy!!

The Wonderful World of ATF-Cleaner

ATF-Cleaner is a wonderful little temp file cleaner created by Atribune, located here. This is a fairly straight forward application and once you've downloaded it, it can be run quickly and efficiently. I use ATF Cleaner all the time, at home and at work, and it's never messed up my computer. However, it is shareware, so use it at your own risk! Here is a brief tutorial on how to use it:

1) Right click the link and go to "open link in a new window" and wait for the page to load

2) Locate the red letters that read, "ATF Cleaner", which are about halfway down the page. This is the link to the download.


3) Click the red letters and save it to your computer. I would suggest your 'My Documents' folder, but feel free to save it anywhere that you'll remember where it's at.

4) After the program downloads, browse to it's saved location and double click on the icon. The icon is a blue garbage can.


5) After locating the icon, double click it. Microsoft will most likely pop-up a warning like the following:


6) Click Run and the following window will open:


7) For the first time running this, click the 'Select All' option and then deselect the 'All User Temp' item:


8) Next, click the 'Empty Selected' button and let it sit. This is a lot faster cleaner than the Windows Disk Cleanup, but it will still take a bit of time...especially if you don't delete your cookies and temp files very often. I clean mine every other day, so it goes pretty quick. However, the first time I ran it, it took a while, but it cleaned over 2Gbs of data. It may look like it's frozen, but it will eventually pop up a screen like the following:


9) Click OK on the box and then run ATF again, but this time check the 'Select All' item and leave everything selected. The reason why we didn't do this first is because it has a tendency to take hours to clean if you select everything. I'm not sure why, but it does.

10) click OK again and close ATF Cleaner. You should restart your computer after this, but you don't have to do it right away. I would recommend restarting it sometime within the next day though.

If you have questions, please feel free to post them!

Today's Threat Level

Today's Internet Threat Level: GREEN

Handler on Duty: Mark Hofman




Top Three Ports Reported:
Port 445 : MS-DS : Reports 939015
Port 1433 : MS-SQL-Server : Reports 694904
Port 135 : DCE endpoint : Reports 323584

Today's Threat Level

Today's Internet Threat Level: GREEN

Handler on Duty: Scott Fendley







Top Three Ports Reported:

Port 445 : MS-DS : Reports 939015
Port 1433 : MS-SQL-Server : Reports 694904
Port 135 : DCE endpoint : Reports 323584

Hacking for UFO's

Computer hacker Gary McKinnon has been refused permission to appeal to the UK Supreme Court against his extradition to the US.
The High Court ruled the case was not of "general public importance" to go to the UK's highest court.
Glasgow-born Mr McKinnon, 43, of Wood Green, London, is accused of breaking into the US's military computer system. Mr Mickinnon, who has Asperger's syndrome, insists he was just seeking evidence of UFOs.
Janis Sharp told BBC Radio 5 live that the ordeal had "broken" her son".
(http://news.bbc.co.uk/2/hi/uk/8298924.stm)

McKinnon's craziness manifested itself in obsessive hacking. With a joint in the ashtray and a can of Foster's next to the mousepad, he hacked Nasa, the Pentagon, and every US military installation he could get into. It was, he says, incredibly easy. He wrote a script that searched for network administrators who'd been too lazy to change their user names from "user name" and their passwords from "password". And when he found one he was in.

His testimony offers a compelling argument against conspiracy theories. He spent between five and seven years roaming the corridors of power like the Invisible Man, wandering into Pentagon offices, rifling through files, and he found no particular smoking gun about anything. He unearthed nothing to suggest a US involvement in 9/11, nothing to suggest a UFO cover-up. Nothing, he told me, except two things.
"I found a list of officers' names," he said during our first meeting in 2003, "under the heading "Non-Terrestrial Officers". I looked it up and it's nowhere. I don't think it means little green men. What I think it means is not Earth-based. What I saw made me believe that they have some kind of spaceship, off planet."
"Some kind of other Mir that nobody knows about?" I asked.
"I guess so," said McKinnon. "But I was smoking a lot of dope at the time. Not good for the intellect.
(http://www.guardian.co.uk/world/2009/aug/01/gary-mckinnon-extradition-nightmare)

OK. So should the British Government Extradite this man? I think so. He has been caught for breaking into multiple U.S. Government sites and the kicker is that he has admitted it! He claims to be searching for information on UFO's, but does it really matter? Either way he compromised a government system and he needs to be tried for it and sentenced.

"For the past seven years, in bedsits in Crouch End and Bounds Green, north London, the Pentagon hacker and UFO buff Gary McKinnon has – according to his family and friends – been suffering one long anxiety attack. He's prone to regular fits of fainting and thoughts of suicide. He's written that he can't look himself in his eyes when he's shaving in case the sight of himself sets the spiral off. He jumps out of his skin if someone touches him by surprise. I've met him sporadically during these years and can vouch that he's a chainsmoking, terrified shell.
"I'm walking down the road and I find I can't control my own legs," he has told me. "And I'm sitting up all night thinking about jail. About male rape. An American jail. I'm only a little nerd … My life is like walking through a world you know is probably going to end."

Is this guy fit to stand trial? Most likely not. He seems like he's a bit out there. I think one major issue with this guy is that he didn't/doesn't realize the consequences of his actions. Did he really think that if he hacked into anything, and was caught, that nothing would happen to him? He says, "...And I'm sitting up all night thinking about jail. About male rape. An American jail. I'm only a little nerd …" OK, well yes, shit happens in jail that isn't good, but really, you should have thought about that before you started doing illegal stuff. The news claims that he was one of the first to start messing around on the Internet and that he was testing it's boundaries. If that's the case, he should have stopped hacking after Mitnick was arrested and tried. In the end, I hope that he is extradited and that he stands trial. He deserves to go to jail, even if it is for a short term.

The Internet Storm Center

http://www.dshield.org/indexd.html



I was looking at the dshield website today and found this interesting diary entry from yesterday.

"The Internet Storm Center is focusing on IP ports for the month of October. I am going to continue the theme, but with a bit of a twist. I am going to talk about a few of the ports that are usually not desirable to appear in a traffic analysis. There are many more than I could list, the majority associated with malware. But not all of them.
Here we go:
1214 - Limewire/Kazaa (A Peer-to-Peer application. Not by definition malware, but not something desirable in an enterprise)

2773 - SubSeven (Trojan)

5631 - pcAnywhere (A commercial remote control application)


1863 - Numerous Microsoft applicationsI want to emphasize that these listed are not necessarily bad.

The point here is awareness. Knowledge, and management, of the ports required and permitted in the enterprise, and at home, will lead to an overall improvement of the security posture of a network. This is where syslogs, traffic analysis, and documentation will tie everything together." (tony d0t carothers @ isc d0t sans d0t org)


Also, to help promote Internet security and awareness, I'm going to start posting the Internet Security Threat Level and 'On-Duty' Handler for the Internet Storm Center(ISC). If you get time, check out their site at http://www.dshield.org/. This site has a lot of interesting information including the amount of malware that is being distributed and reported. Check out the image below:

Adobe Zero Day Flaw

"Adobe has alerted users to a zero day flaw in its PDF and Reader formats and has said it is already being exploited by malware writers.
The company has issued an alert and said it will release a patch for the flaw on Tuesday. In the meantime users are advised to disable JavaScript, although Adobe warned this may not be a complete solution."

“Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.”

So, it should be common sense to keep your antivirus up to date, but it is surprising how often I talk with people who say that they don't. As an IT guy, I really can't stress how important it is to keep your Antivirus current. In a later post I will be describing the differences between an Antivirus suite and an Internet Security Suite. Most people believe that they are perfectly protected and safe with just Antivirus. However, they really need to understand the added benefits of a firewall. Well, like I said, that will come later.

As for this flaw, I'm glad that Adobe is aware of it and making it's users aware. "Security through Obscurity is Never the Answer." This is a very important thing for companies to realize. Obscuring security flaws leads to a false sense of security for the company and for the end users.

Yay Microsoft! Oh wait....

More than 10,000 usernames and passwords for Windows Live Hotmail accounts were leaked online late last week, according to a report by Neowin.net , which claimed that they were posted by an anonymous user on pastebin.com last Thursday.


Well, that just isn't good! I know that just about every company is going to have some type of security breach during it's operations, but it really isn't good for Microsoft to have something like this happen to them. Already, they have bad PR due to their last OS and with the release of Windows 7 around the bend, it just plain 'ol doesn't look good. Hopefully they can get the issue sorted out and catch the guy who leaked the info/hacked the live accounts.


http://www.reuters.com/article/sarahPalin/idUS33422544820091005

Solitaire as a Key Generator

Here is a link to a great website dealing with security and technology: http://www.schneier.com/.

On Bruce Schneier's site, he has a very interesting encryption algorithm simply called 'Solitaire', and it is what it sounds like. The algorithm uses a deck of cards and the game solitaire to create an encryption cipher that can be used to encrypt/decrypt a message. For those of you who have read the book 'Cryptonomicon', by Neil Stephenson, this is the cryptosystem used by Enoch Root and Randy Waterhouse. Check this out:

"Solitaire gets its security from the inherent randomness in a shuffled deck of cards. By manipulating this deck, a communicant can create a string of "random" letters that he then combines with his message. Of course Solitaire can be simulated on a computer, but it is designed to be implemented by hand. Solitaire may be low-tech, but its security is intended to be high-tech. I designed Solitaire to be secure even against the most well-funded military adversaries with the biggest computers and the smartest cryptanalysts. Of course, there is no guarantee that someone won't find a clever attack against Solitaire (watch this space for updates), but the algorithm is certainly better than any other pencil-and-paper cipher I've ever seen. It's not fast, though. It can take an evening to encrypt or decrypt a reasonably long message. In David Kahn's book Kahn on Codes, he describes a real pencil-and-paper cipher used by a Soviet spy. Both the Soviet algorithm and Solitaire take about the same amount of time to encrypt a message: most of an evening.

Encrypting with Solitaire is an output-feedback mode stream cipher. Sometimes this is called key-generator (KG in U.S. military speak). The basic idea is that Solitaire generates a stream, often called a ``keystream,'' of numbers between 1 and 26. To encrypt, generate the same number of keystream letters as plaintext letters. Then add them modulo 26 to plaintext letters, one at a time, to create the ciphertext. To decrypt, generate the same keystream and subtract, modulo 26 from the ciphertext to recover the plaintext."

It's a very interesting algorithm Schneier goes through very easy to understand steps. A few practice runs and you'll be good to go!! Remember, it takes time to get it set up and executed, but it offers a great thrill once you've completed one successfully! For all of you out there who are programming nuts, he offers a multitude of premade scripts that you can use to turn this into a program. http://www.schneier.com/solitaire.html

Have fun!

Bypassing the Antivirus Software

Hey all,

I'm learning a bit more about malware, and I came across a video by Chris Hurley, who is a pentester, and he shows how it's possible to alter a viruses signature using a hex editor. Hex editors can be downloaded for free, just google search 'hex editor download,' and find one that you like. This has been known for quite a long time, but I thought that I'd post it here for those of you, like me, who didn't know that you could do this. Go to http://www.uat.edu/tv/ and then find the 'Tech Forum Fall 2008' section and then Chris Hurley. I encourage you to watch the whole video, it isn't too long. Also, check out the other videos that they have on there. All of them are fairly interesting.
Enjoy!!

Wow...So That's How it Works?!

As a disclaimer, I am not showing you this so that you can go and maliciously target a system. This is educational only... Now, with that out of the way:

In a post yesterday I said how I was writing a paper for my final. In the research process, I stumbled upon this nifty little video. The video walks through how to perform a Buffer Overflow attack on a target using Fast-track, which is apart of the BackTrack disto. Fast-track trully lives up to it's name and statement of, "Where it's ok to finish in under 3 minutes..." As you can see by the video, the attacker is able to perform the buffer overflow attack on the target system and get a command prompt in 30 seconds. You know that he has obtained access to the target because he is running Linux and the starting prompt is ' root@... ' and when he successfully attacks the system his prompt changes to C:\windows. He is then able to run the 'whoami' command and gets the response of 'nt authority\system.'

The Power of Python

I've decided that I'm going to learn how to program. Now, I've started this process countless times before and always seem to get distracted or discouraged after a few days. Not this time though! I found some instructional videos on youtube that have made the learning process fun and fairly easy. Check out this site, http://www.youtube.com/watch?v=4Mf0h3HphEA, and give it a shot! The instructor is easy to understand, fun, and proceeds at just the right pace. This is very helpful if you are a visual learner, like me, and need some one there to actually show you how it's done. Bucky, the instructor, jumps right on into the programming with how and where to download the software from, and I believe that you even create your first program in the first tutorial. Python is nice because it's a lot more straight forward than java. The simplest java program is as follows:

class HelloWorldApp {
public static void main(String[] args) {
System.out.println("Hello World!"); // Display the string.
}
}

Where as the simplest python program is:

print "Hello, World!"

You can simply type that in and press enter and you've created yourself a program. I've completed the first 20 lessons and I'm enjoying it thoroughly. Plus, the tutorials are between 2 and 10 minutes a piece, so you don't have to commit a ton of time to each one.

Use Your Mind

At University of Advancing Technology, they are going to be implementing a new piece of hardware. When I first read about this on the site page, I was highly doubtful it would actually work. The new technology uses 'brain-waves' to control a gaming universe. Go here http://www.neurosky.com/ and check it out. They offer a couple videos demonstrating their technology. One of their competitors, Emotiv, http://www.emotiv.com/, uses similar technology but on a wider scale and incorporating head tracking into their device. I haven't had an opportunity to purchase or use one of these yet, but believe me, as soon as I get the funds to buy one, I will.

This technology opens up endless possibilities for being incorporated into games, software, programming, etc. In one demo from Emotive, an individual uses the device to control an electric wheelchair. Emotive also claims that their device can be used in any game available today. An example would be using it in the Harry Potter games or The Elder scrolls IV: Oblivion, to cast spells or shoot an arrow, open doors, etc. If anyone has had an opportunity to try this out, please post your thoughts!

my school project

I'm currently enrolled at UAT for Computer Forensics, and I'm in the final week of my second course, Security Essentials. Our final project for the week was to write a paper on some topic dealing with security. I decided to do a brief overview of some of the tools hackers use to attack and maintain control of a system. When I'm done with the paper, I might just post it here, but for now, go check out www.remote-exploit.org. This site is home to the BackTrack Linux distro and it's filled with great security tools. For a list of tools, go here-> https://wiki.remote-exploit.org/backtrack/wiki/Category. I've been using it at home a bit, just playing around and what not, and it's interesting what all you can do with this nice bootable DVD. The .ISO can be found on their site and I believe that they are up to BackTrack4 now. I use BT3 since at the time it was the latest stable image. Enjoy!

oops!

Hey all,

Been a long time since the last post. A lot's been going on recently. Works been crazy busy, My girlfriend and I are trying to see eachother as much as possible (lives 6ish hours away), I have a sister getting married next weekend and I need to lose weight to fit into the tux (20lbs down, 5ish more to go), and I'm studying for my Ethical Hacking Cert. All in all, april 14th, my last post, through today have flown by so fast that I didn't realize it had been so long...

Fun little thingy: I've been playing with Ubuntu lately. Any one interested in Linux, aka. those who hate microsoft and aren't made out of money, go and get the 'Linux Starter Pack.' It's a magazine you can find in Barnes & Noble or Borders, etc. It comes with a 'how to' for us new linux users, and an Ubuntu start up disk (free OS). It's pretty nifty. Show's you most of the stuff you need to get going. I would still recommend getting some reading material a bit more in-depth later on, but it's a good starting place.

That's all for now! I'm working through Tuesday and then have the rest off, so maybe I'll get another post out this week. We'll see...Busy Busy Busy!

AHHHHH!

Sorry all! I've been super busy this last week or so. Between spending the weekend with my Girlfriend in St. Louis, moving, covering for a coworker in Nebraska, and just all out hecticness, I haven't had any time to write! I've started about 4 different rants/posts but haven't finished any of them yet! I'll do my best to get something new up over the next day or so. But for now I have to go and find my air mattress so I can start sleeping in my new apt....not the most comfortable thing in the world, but it will get me through til the weekend when I have help to move my huge bed.

Weird and Funny

Go here. Look through this. It's funny. : )



http://www.thetoyzone.com/25-inspiring-my-little-pony-mods/

Rant of the Day

So I'm currently in Lincoln, Nebraska. I stayed in Omaha, NE last night, and the night before I was sleeping in a hotel in Des Moines, IA. I've noticed a recurring theme the last few nights and it's starting to bother me. The hotels I've been staying at are all decorated in Brown! Ick.... And not the warm, hearty brown either. It's the 'too many pork and beans' poop brown. Since when is a brown couch, a brown bed skirt, a brown chair and desk, etc. etc., been the preferd decorating scheme?? I'm no fashion expert or interior design guru, but brown? Seriously! It's kind of depressing sitting in a room that looks like dirts all over the place. That, and with the brown curtains and a cigarrette burn in the 'Non-Smoking' room's comforter, I feel like I need a shower. Unfortunately the whole bathroom is decorated in brown and I'm concerned the water may be brown too. ;) Atleast the walls are beige! oh wait, isn't that a form of brown? Also, I guess I could just try a different chain of hotel. Maybe I'll branch out and hit a Ramada or Comfort Inn next. We'll See.

Things Your IT Guy Wishes You Knew

Now, I didn't create this. I was sent this a while back in an email so if anyone knows who created this, please let me know so I can give them recognition.



1. If you ask me technical questions please don’t argue with me because you don’t like my answer. If you think you know more about the topic, why ask? And if I’m arguing with you…it’s because I am positive that I am correct, otherwise I’d just say “I don’t know” or give you some tips on where to look it up, I don’t have the time to just argue for the sake of it.

2. Starting a conversation by insulting yourself (i.e. “I’m such an idiot”) will not make me laugh, or feel sorry for you; all it will do is remind me that yes, you are an idiot and that I am going to hate having to talk to you. Trust me; you don’t want to start a call that way.

3. I am ok with you making mistakes, fixing them is my job. I am not ok with you lying to me about a mistake you made. It makes it much harder to resolve and thus makes my job more difficult. Be honest and we can get the problem resolved and continue on with our business.

4. There is no magic “Fix it” button. Everything takes some amount of work to fix, and not everything is worth fixing or even possible to fix. If I say that you just need to re-do a document that you accidentally deleted 2 months ago, please don’t get mad at me. I’m not ignoring your problem, and it’s not that I don’t like you, I just cant always fix everything.

5. Not everything you ask me to do is “urgent”. In fact, by marking things as “urgent” every time, you almost ensure that I treat none of it as a priority.

6. You are not the only one who needs help, and you usually don’t have the most urgent issue. Give me some time to get to your problem, it will get fixed.

7. Emailing me several times about the same issue in the same day is not only unnecessary, it’s highly annoying. Emails will stay until I delete them, I won’t delete them until I’m done with them. I will typically respond as soon as I have a useful update. If it is an urgent issue, let me know (see number 5).

8. Yes, I prefer email over telephone calls. It has nothing to do with being friendly, it’s about efficiency. It is much faster and easier for me to list out a set of questions that I need you to answer than it is for me to call and ask you them one by one. You can find the answers at your leisure and while I’m waiting I can work on other problems.

9. Yes, I seem blunt and rude. It’s not that I mean to, I just don’t have the time to sugar coat things for you. I assume we are both adults and can handle the reality of a problem. If you did something wrong, I will tell you. I don’t care that it was a mistake, because it really makes no difference to me. Don’t take it personal, I just don’t want it to happen again.

10. And finally, yes, I can read your email, I can see what web pages you look at while you are at work, yes, I can access every file on your work computer, and I can tell if you are chatting with people on an instant messenger or chat room (and can also read what you are typing). But no, I don’t do it. It’s unethical, I’m busy, and in all reality you aren’t all that interesting. So unless I am instructed to specifically monitor or investigate your actions, I don’t. There really are much more interesting things on the internet than you.

Cybercrime.gov (people getting 'Pwnd')

For those of you who have never checked this site out, please take a minute and go there (http://www.cybercrime.gov/). Here is a site that tells you all about those who decide to break the law via computers and technology. Everything from Hackers to Copyright infringement. Don't think it can happen to you? It can. All the government needs is for you to accrue $15,000 in damages so that they can put you on trial. Think that's a lot of money? Did you know that with one song download they can reach that $15,000 mark? Believe it!! According to them you have affected the band, the record company, the people who make the CDs, etc, and then they bring in Lawyer fees, court fees, cost of putting you away and so on and so forth. They can reach that $15,000 mark very, very quickly. So, check out the site. There's a lot of interesting stuff on there. Here's a couple articles I found very interesting: (http://www.cybercrime.gov/thomasPlea.pdf) (http://www.cybercrime.gov/martinezSent2.pdf)
(http://www.cybercrime.gov/kunselmanIndict.pdf)

Have fun all!

Danger Will Robinson, Danger!

Well well well. It looks like some hacker has done it again! There is a new variation of the Conficker worm out there called Conficker C. This little worm is tricky to get rid of and even trickier for the IT gods to stop! Yahoo! Tech posted an article today about the new version and how on April 1st it will go active (http://tech.yahoo.com/blogs/null/128643/beware-conficker-worm-come-april-1/). No one really knows what it'll do, but it has the potential to be a big nightmare...obviously so if Microsoft is offering a $250,000 bounty to whoever turns the hacker in! That'd be a nice little gift. :) You would, however, be the target of every hacker out there for the rest of your life though. I guess that you could spend that large pay check on a highly sophisticated firewall, or you could just unplug your computer from the internet. Anyway, the point is, keep your antivirus up to date, download and install Microsofts patches and always be aware of what you are downloading and installing from third parties. Microsoft is currently offering a free scan from one-care here: http://onecare.live.com/site/en-us/default.htm. Be ware though, if you have an illegal copy of Windows or any other software, don't run this. It will let Microsoft know and then you'll be in a load of trouble. ;)

Lego Video Games = Geniusness! ;)

So, I've been playing the Lego video games for PS3 with my GF lately. We've completed a literal 99% of Lego Star Wars: The Complete Saga, and are now working on Lego Indiana Jones. I'm no hard core gamer, but I do spend quite a bit of time behind the dual joysticks of my PS3 control and the keyboard of my Desktop. I love everything from Crash Bandicoot, to God of War, to Command and Conquer. I've been playing around with F.E.A.R 2 and I'm a somewhat regular to Metal Gear Online and Call of Duty: World at War online. These games are awesome! The graphics of both are superb and I believe they, at times, rival PIXAR Animation. My girlfriend will argue that point till we are both blue in the face, but I stand by my MGS animators. : ) However much as I love these two games for their excellent story line and animation, neither compare to Lego Star Wars and Indiana Jones for level of simple entertainment. When I say ‘simple’ I don’t mean that any old Joe could play with one hand behind the back and one eye stapled shut. These two games have offered a nice challenge while still remaining interesting and fun! They can be a bit tedious when being chased by something, such as the boulder from the beginning of, “Raiders of the Lost Ark,” but they are never the less fun. The light hearted comedy produced by no voice acting and well… playing with Lego characters, is pure genius! They are definitely worth picking up at some point and time. We will hopefully complete the Indiana Jones game and move onto Lego Batman. By the time we finish that, hopefully there will be a Lego Harry Potter. Hint Hint. ;)

The danger of not having Antivirus and Internet Security tools

I fully agree with the thought that if every single computer in the world had an up to date security software package, and every single user of that computer had knowledge of how to protect their information, viruses would become things of the past. However, that will most likely never be realistic. Virus', Malware, Spyware, Botnets, Rootkits... They are some of the biggest pains you will ever face on a computer system. They can steal data, ruin the Operating System and destroy your life. Yahoo! Tech posted an article a few days ago regarding a server farm that had been housing stolen data. They pretty much summed it up when they said, "Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves." The article can be found here: http://tech.yahoo.com/news/ap/20090315/ap_on_hi_te/tec_inside_a_botnet
and I suggest that you read it if you have a few minutes.

I have tried quite a few different antivirus and Internet Security software packages over the last 3 years. Everything from AVG, DefenderPro, Kaspersky, McAfee and many many others. So far, my favorite would be Kaskpersky but it is a lot of work to initially set up. I've owned it for about 4 months now and I haven't had any issues with it letting malicious content in. It's a bit pricey though and can frustrate users who don't have patience or time to devote to getting it set up. McAfee has been pretty helpful as well and is a little less expensive. I had a few issues where it wasn't pulling updates down from the server but I got that resolved by calling the tech support. AVG is probably the next on my list of ones to trust. It worked, but I didn't care for the user interface. And finally, DefenderPro. The 15in1 package was awesome the 10in1 is good but the 5in1 is too basic. Most people wouldn't use half of the stuff on the 15in1, but it gets the job done for a fairly decent price. I did have a few issues where I upgraded from a previous version and it didn't install correctly. This had a very negative effect on my computer. It made the alg.exe process start for every file that it scanned on my computer. I would start scanning and would have 300 processes running in no time that I couldn't kill! Not the most pleasant experience. :-P Other than that, all of them kept the malware at bay. I don’t routinely surf dangerous web sites that are know to have malware though. I did test them out by infecting my system with the Antivirus 2009 and Police Antivirus 2009 viruses. All of them were able to remove these with no problem. The only virus that I did have a problem with fully removing was a couple of Vundo variants. I will post about them some other time though. They can be nasty buggers to get rid of!!

Well, that’s all for now. I will try and post something tonight, but as I’m living out of a hotel I may not have enough free time.

First Post: YAY!

Hello,


It's my first post. This may be deleted later, but I figured that I needed something on here. I will be working on getting a new/better background up tonight and this weekend. This is my very first blog ever so I'm still getting use to the idea of posting junk. I do follow www.picture-bliss.blogspot.com and it's actually the reason why I started this blog. Plus, she's my Girlfriend so I figured I better mention her. ;) This site will hopefully contain technical help, a daily 'rant' about IT or something, and place for questions. If I have an answer for the question you ask, and your permission, I will post it to the site. There will also be the occasional funny picture posted or funny story about every day things. For example:


I recently moved back up to Iowa for my job. It is a good move for me because I have a smaller footprint to cover. In Missouri it was about 71 Retail locations and in Iowa it's about 20. : ) I had lived in Iowa while I went to high school and college, and outside my parents front yard was a very large Corn/soy bean field. It is common knowledge to most individuals that Iowa raises Corn, Soy beans and Pigs. The occasional cow can be found grazing as well, but they are usually few and far between.


I moved a couple weeks ago and after getting settled at my temporary location in a medium sized farming town I decided that my shaggy head of hair needed to go. I drove over to one of the local hair cutting places and signed in. About 15 minutes later I was happily seated and getting my head buzzed. The sweet lady, about 45 years in age, who was cutting my hair tried making small talk with me. She asked questions about my job, where I lived, if I was married, so on and so forth. I told her that I was taken but not married and that I had recently moved back here from Missouri. She says, "Wow! Do you like it back here?" I answered with a, "yup," and tried to move the conversation along. Figuring that it would be polite to continue chatting, I asked her if she was from the area originally. She replied with a yes and started blow drying the hair off my neck. She then stopped, put down the dryer, looked at me and said, "Well, you're all finished. And by the way, welcome back to the land of Potatoes." I sat there dumbfounded. "Land of Potatoes..." I thought. She couldn't be serious! What, did she think that Potatoes grow on Stalks?? I was completely lost for words and got out of my chair to go pay. After leaving I sat in my pickup for a bit and wondered if the lady was really serious....potatoes....how does some one from Iowa think they are in Idaho?