inicio mail me! sindicaci;ón

Archive for August, 2006

DoD Security? Is that like pretty ugly?

August 4, 2006 at 8:11 am · Filed under Personal, Techie Stuff

I can’t take you seriously…

I have to say it because it bugs the crap out of me! How can I take the DoD seriously for security matters when I type this into Netscape 7.02? My other option of course was IE 6.0sp1. If I wanted to use a modern, standards based, and secure browser I would need to go home. Let me list below the number of vulnerabilities my approved browser has:

Netscape 7.02 (3 Vulnerabilities):

http://secunia.com/product/85/#advisories

  • A weakness has been discovered in Netscape, which can be exploited by malicious people to bypass certain security restrictions.
  • A weakness has been discovered in Netscape, which can be exploited by malicious people to disclose system information.
  • J. Courcoul has discovered a vulnerability in Netscape, which can be exploited by malicious people to conduct phishing attacks.

To be totally honest this isn’t a bad list. My issue with this list is these are all fixed in the latest builds of Netscape I.E. Firefox and could easily be fixed. At this point the security is simply through obscurity. The browser is so old and outdated that the only people using it are well, some dude named Bob and me. Luckily Bob is a nice guy. If someone offers you a bunker in battle do you stay in your fox hole?

IE 6.0sp1 (31 Vulnerabilities):
Scroll quickly it is a long list :)

http://secunia.com/product/11/#advisories

  • HD Moore has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to compromise a user’s system.
  • Plebo Aesdi Nael has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a user’s system.
  • A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to trick users into disclosing sensitive information.
  • A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to trick users into disclosing sensitive information.
  • cyber flash has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into performing certain actions on local resources.
  • Matthew Murphy has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.
  • Claudio “Sverx” has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs displayed in the status bar.
  • Amit Klein has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to manipulate certain data and conduct HTTP request smuggling attacks.
  • Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious web sites to spoof dialog boxes.
  • bitlance winter has discovered a weakness in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
  • bitlance winter has discovered a weakness in Internet Explorer/Outlook Express, which can be exploited by malicious people to trick users into visiting a malicious web site by obfuscating URLs.
  • Berend-Jan Wever has discovered a weakness in Internet Explorer, which can be exploited by malicious people to detect the presence of local files.
  • Albert Puigsech Galicia has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to conduct FTP command injection attacks.
  • Gregory R. Panakkal has discovered a weakness in Internet Explorer, which can be exploited by malicious people to detect the presence of local files.
  • Secunia Research has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to spoof the content of websites.
  • cyber flash has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to trick users into downloading malicious files.
  • Keigo Yamazaki has reported a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks.
  • cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.
  • Roozbeh Afrasiabi has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs displayed in the status bar.
  • Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer, which can be exploited by malicious sites to detect the presence of local files.
  • Benjamin Tobias Franz has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs.
  • WESTPOINT has reported a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks.
  • Liu Die Yu has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct phishing attacks against a user.
  • Paul has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a user’s system.
  • http-equiv has discovered an issue in Microsoft Internet Explorer, Outlook and Outlook Express, allowing malicious people to obfuscate URLs.
  • http-equiv has discovered a weakness in Internet Explorer, which potentially can be exploited by malicious people to trick users into visiting a malicious website.
  • iDEFENSE has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to bypass certain frame scripting restrictions.
  • Jelmer has discovered a vulnerability in Internet Explorer, allowing malicious sites to detect the presence of local files.
  • A vulnerability has been identified in Internet Explorer allowing malicious HTML documents such as web sites to see which components are installed.
  • A vulnerability has been identified in Internet Explorer (IE), which can be exploited by malicious people to execute arbitrary script code on a user’s system.
  • A vulnerability has been identified in Internet Explorer, which exposes sensitive information to “msn.com” and “alexa.com”.

What is very important about this list is that the last item is from June 2003. 3 years without a patch and yet here I am still told to use this at work. Actually if I login to a new computer this is the default browser.

Having been through the USAF BIP Security training, I know how seriously firewalls and boundary reef are taken. What a joke to lock the door but leave all the windows WIDE OPEN. I can accept that things move slowly on government networks. The question I pose is how long is too long? Upgrading to Vista to fix these things is not what I consider a fix action. The PC I am sitting on right now isn’t Vista capable and will require upgrades, along with the rest of my building. Let us punch some figures:

~ # of PCs = 500
Cost of Vista PC = 650 Dollars
TOTAL: $325,000

This of course doesn’t take into account the server infrastructure required to admin the new systems. Let us go ahead and break down the Firefox solution:

~ # of PCs = 500
Cost of firefox = 0 Dollars
TOTAL: 0

Hmmm…tough choice. You see my dilemma. As I sit on the mailing lists and idle away on IRC, watching the DoD get beat up is much our own fault. The Firefox/IE is just a blatant example of problems facing the DoD. I will say that this is the LARGEST network the world has ever seen. The transformation of software requires many many people. I know there are many great minds working for the DoD that undoubtedly will read this heads nodding in agreement. Well ladies and gentlemen; I am off to perform work on a system so vulnerable a fleet of semis could park in it. I hope next week I can take the DoD seriously.

Comments

J-O-B

August 2, 2006 at 6:51 pm · Filed under Personal

I am so abundantly blessed it is amazing. Off I goto Huntsville Alabama to work for Boeing doing Linux Administration. I leave Biloxi on the 1 year anniversary of Katrina, 29 August. I will be sad to leave the coast and all the amazing friends from past and present. This year post-Katrina has been a time of growing and renewal for me both spiritually and personally. I am teared up thinking of the amazing works God has used my hands for and the people who have held those hands as I trembled in rough waters. Timing is everything they say and moving here most certainly was. With the support of my amazing Parents and Brother, the past year has been one of joy and smiles. I love you guys. Friends and my “Family” at church have truly been the embodiment of Christ as I fell to my knees. I will be packing up the Mini-Dog and Cooper here shortly and getting ready to move. I hope to share a great dinner with everyone before leaving. Thank you so much for all your heartfelt prayers. Please continue! As always my home is yours, so feel free to stop by up North if you need to escape a storm :)

Comments

I am Man hear me Roar!

August 2, 2006 at 6:11 pm · Filed under Personal

Men Are Just Happier People– What do you expect from such simple creatures? Your last name stays put. The garage is all yours. Wedding plans take care of themselves. Chocolate is just another snack. You can be President. You can never be pregnant. You can wear a white T-shirt to a water park. You can wear NO shirt to a water park. Car mechanics tell you the truth. The world is your urinal. You never have to drive to another gas station restroom because this one is just too icky. You don’t have to stop and think of which way to turn a nut on a bolt. Same work, more pay. Wrinkles add character. Wedding dress $5000. Tux rental-$100. People never stare at your chest when you’re talking to them. The occasional well-rendered belch is practically expected. New shoes don’t cut, blister, or mangle your feet. One mood all the time.

Phone conversations are over in 30 seconds flat. You know stuff about tanks. A five-day vacation requires only one suitcase. You can open all your own jars. You get extra credit for the slightest act of thoughtfulness. If someone forgets to invite you, he or she can still be your friend.

Your underwear is $8.95 for a three-pack. Three pairs of shoes are more than enough. You almost never have strap problems in public. You are unable to see wrinkles in your clothes. Everything on your face stays its original color. The same hairstyle lasts for years, maybe decades. You only have to shave your face and neck.

You can play with toys all your life. Your belly usually hides your big hips. One wallet and one pair of shoes — one color for all seasons. You can wear shorts no matter how your legs look. You can “do” your nails with a pocket knife. You have freedom of choice concerning growing a mustache..

You can do Christmas shopping for 25 relatives on December 24 in 25 minutes.

Comments

OTC Plan-B Morning After Abortion

August 2, 2006 at 6:56 am · Filed under Personal

Sick…

Hey here is a pill to correct that boo-boo you made last night. What kills me about this is that no one has any responsibility. I can push aside my Catholic views on this simply to speak of social justices. What does this say to our young women who are having unprotected sex with strangers? “Honey it is okay, now you run along and take this pill.” ***Newsflash*** Pill may kill baby, but not that strain of HIV you just got. I love Wendy Wright of Concerned Women of America - “OTC access to the morning-after pill does not cut the number of pregnancies or abortions,” stated Miss Wright. “Just the opposite. In fact, Scotland made the morning-after pill non-prescription in 1999 and in 2005 the country reported its highest number of abortions since abortion was decriminalized in 1967. Countries that make the morning-after pill easy to access show no drop in pregnancies or abortions, but they do experience skyrocketing rates of sexually transmitted diseases (STD). Common sense and care for women – especially minor girls – requires medical oversight of this drug. The FDA needs to stop playing games with women’s lives.”

Comments

Bought a Mini Cooper

August 1, 2006 at 11:13 am · Filed under Personal

I will post some pictures soon promise!!

So far I love the car…love is a strong word…and that would be the one to fit. Everywhere I go with it people stop and talk to me. Not that I am shooting for a popularity contest but rather I enjoy being able to talk to people. What I have noticed is that when I let the Holy Spirit inside listen instead of me, people feel the desire to talk. For that is very nifty to see smiles and waves. The bad is that there are a few little cosmetic things to fix, nothing big, and the steering column clicks at low speeds in parking lots. Purely cosmetic crap. but still…

I wanted to compile a list of cool little things I am discovering about my 2002 Mini Cooper so here they are:

  • The key recharges its transmitter when it’s in the ignition switch
  • The UNLOCK button when held in will roll down all the windows
  • The glovebox is refrigerated.
  • There is a little toolkit included with the MINI like my motorcycles.
  • The interior lights (or any other accessory) switches off after 15 minutes with the key off to prevent killing the battery.
  • The brake lights don’t work without the key in the ignition.
  • There is an emergency release for the fuel door in the portside storage cubby hole in the boot.
  • If parked with auto wipers ON, they’ll be OFF when you start the car the next time. You must turn them off then back on to use them. (In case the wipers freeze to the glass) <-- Not a problem in Biloxi :)
  • If you lock the doors with the key in the actual lock (i.e. not from a distance) and hold the key in that position, the top and all windows will go up.
  • The factory radio will always restart at a reasonable volume level, regardless of how loud it was when the MINI was turned off.
  • If you press and hold the trip button before turning the key you can acess the on board computer
  • There is a slot just foreward of the dirverside rear wheel that one can hide a key in
  • Automatic headlamp cleaning is done only if: highbeams are on, wipers are on high, and at least 10 seconds have elapsed since the last time.
  • The interval for intermittent wipers is road speed-sensative.
  • If you floor the accelerator for more than 3 seconds, or rev the RPM’s over 6000 rpm’s, the computer automatically shuts down the climate control to reduce drag on the engine.
  • The alarm has a tilt sensor if someone tries to jack up the car.
  • The headunit is speed sensitive volume, meaning the faster you go, the louder the volume to make up for the noise.
  • With your front doors closed, if you shut the hatchback correctly, the tail lights flash at you. If it’s not “catching” the tailights don’t blink at you, BUT only with the front two doors closed.

Comments

« Previous entries