Monday, December 27, 2010

Gawker Breach and Strong Passwords

I used Lifehacker and Gizmodo, of course I was a member before the war between Nick/Adrian and 4Chan, before the dark times. What can we learn from this incident, well several things!

1. The first is that strong password security is a must. 
It's not just a good idea that some person in a classroom somewhere mandates. It should be good policy for every person connected to the internet. I downloaded the files from gnosis, the group claiming responsibility for the Gawker breach. They has access to those systems for a long time (weeks if not months). Long enough to crack good, strong passwords. I was surprised to see how many people use children names, their own names, colleges, and the word "password" as their password.

People, these are not strong. No word easily found in any dictionary is "strong"!!!

I typically use strong passwords. Even after 48 hours of brute force against my own passwords which were in the list obtained from gnosis, I went through every site which I felt had security issues, and changed passwords ahead of my 90-120 day schedule. Yes, you should change your passwords at least every 90 days. This is no laughing matter. I spent most of the weekend changing my passwords.

This is my forumla for making strong passwords: Letters + Numbers + Capitals and for grins throw in a !@#$%& character or two. Make it more than 8 characters.

This is an example of a strong password: !iWng24Cea@39
Note the use of capitals, print characters (!@#$%&*), and numbers. The password is also longer than 8 characters. 

DO NOT REUSE PASSWORDS ON MULTIPLE SITES, EACH SITE NEEDS A SPECIFIC PASSWORD.  This is what ultimately lead to the massive amount of personal information on the gawker media employees to be leaked and posted. 

2. Pay attention to emails and news regarding the sites we use on a daily or weekly basis. 
Keeping apprised of a situation is no small feat, but we do this in so many ways already. You would certainly notice if the front door to your home was open all day long. I am not saying that everyone should learn intrusion detection, but be aware of the sites and services you use, and be aware of any issues they have.

3. Site designers, make password changing/entry friendly to strong passwords.
In the process of changing the passwords to sites this weekend, I noticed a disturbing trend. Many sites do not allow the storing of what I consider strong characters, mainly the !@#$%* characters. This is a serious issue to me. I realize that storing these types of characters is more difficult in the short term, but in the long term this adds the longevity of the cracking attempt. Do not limit me on password length either. Making a limit of 12 characters is silly and outdated. If I am capable of remembering a 32 character string then let me have 32 characters.

Sticking to these tips will help you in the long run maintain some measure of safety. Remember that security is not a matter of stopping someone cold, but making it as difficult as possible to breach the measures taken. No security is full proof, but do not make it easy for anyone to breach your data.

Friday, November 05, 2010

Fall Personal Project: Update 4 PHP/MySQL Install

So we have discussed the need to watch the install order. I have found that when installing things which require LAMP, inevitably you will need to make a change to the database at some point.

Since BASE, the software which stores and provides segmented analysis of the snort traffic, uses a MySQL backend (you can use postgres), it is a good idea to install an interface to the database if you are unfamiliar with the command line. This is even more useful if you are like me and have forgotten almost everything about the open source database systems (although MySQL isn't really open anymore). I prefer the phpmyadmin GUI. Of course there is a specific order to getting things installed here too, if you want it to work programmatically.

Step 1: PHP5
The current PHP core is 5, so make sure that is fully installed first. A full install of PHP will usually cover the database dependencies for MySQL, postgres and Apache2. Here are useful commands:
sudo apt-get install php5
sudo apt-get install php5-mysql
sudo apt-get install libapache2-mod-php5

Once you have this install completed. Run the phpinfo.php script we discussed in the last post. Verify. I know I have said the instructions for this before, but 20 seconds of verification can save you time later.

Step 2: MySQL 
The MySQL install is just as simple. Since you have already run the installer for the PHP libraries, this will just consist of the DBMS itself. The current version of MySQL DBMS is 5.1.x.
sudo apt-get install mysql-server

That's it. Seriously that is all it takes. Verify in the command line that the DBMS is working by typing mysql or sudo mysql depending on the user level. If you get "MYSQL>" it is working.

Step 3: phpmyadmin
The next step for easier DBMS manipulation is to install phpmyadmin located here: This will allow you to have a web front end to the DBMS and it makes the lives of visual people a lot nicer. Installing this uses (yes you guessed it) apt-get
sudo apt-get install phpmyadmin

I will not go into the configuration of it because this is well documented here on the Ubuntu Server Forums.

Follow that guide for the configuration and you will be ready to configure snort having your DB backend ready, your dependencies ready, and a front end to all of it. The next (and last installment) will cover the actual snort installation as well as the configuration guide and the resources I used to get it all working.

Friday, October 29, 2010

Fall Personal Project: Update 3

As promised today's post will be about some of the things I learned during the installation of Snort on my Ubuntu box. The things I learned are more about the process of the setup more than anything else and the correct order in which to run the installs. You have to love dependencies right? Let's get started.

Acquired Knowledge Bit #1: Client install over Server install
The client install went a little better for me on the Zino for one reason only, I have to install a second NIC. On the Zino that is an issue because of it's form factor and the lack of a second ethernet port. I used the Cisco 300M USB to RJ45 adapter. This functions as a second NIC. Although all the documentation I read said that this would work hands down on the server install, I could only get it to work easily in the client install of ubuntu. This is not to say it will not work, just that I could not get it to work in a reasonable amount of time. On the client install the process was simple. I plugged it in, scanned for new hardware, and let the updater download and install the drivers. This was my primary reason for sticking with the client install over the server install. Installation on the Zino was nice, fast, and easy.

Acquired Knowledge Bit #2: LAMP, Package Manager, and apt-get
The nice thing about a server install for the ubuntu distro is that it comes ready to install LAMP. In fact it's a toggle option during package selection. For those of you who do not know LAMP is an acronym for Linux Apache MySQL PhP. The four basic packages which will accomplish most anything. On the client this is not an option but the installation of the necessary components can be run after the OS is running. If you want a decent install guide, there's an app...un site for that...head over to to get some guidance. Now here is what I learned in my post install LAMP, nothing works quite right unless you learn to love the apt-get command. Learn to use this over the package manager in the GUI. The command is faster, easier to script and chain, and leaves nothing to question. I found that the feedback from the terminal session was more informative than that of the GUI. Stick to apt-get install, you will be thankful.

Acquired Knowledge Bit #3: LAPM 
LAMP should really be called LAPM. The order matters. I like to make sure things are working. Apache 2.0 first. Be sure to check the browser first to make sure the host is responding on that port and that you can see the default index.html page in your browser. PHP is second. This is critical in my opinion. Installing PHP next will allow you to make sure that it is working and that you can install the necessary tools you will need to maintain your MySQLDB, mainly phpmyadmin. Even if you are missing some dependencies, you will want to follow Apache with PHP. Next you will want to create the phpinfo.php page with the following code:

This will show you all the php configurations you have running. A great tool to use when trying to install LAMP (LAPM).  Call this page (phpinfo.php or whatever you called it) in your browser. This will verify that Apache and PHP are talking and that you have PHP installed correctly.

MySQL deserves it's own time, so I will talk about that in the next installment as well as setting the snort.conf file and some of the pitfalls I learned there as well. So in the meantime have a great one!

Friday, October 22, 2010

Fall Personal Project: Update 2

And working!....The Snort home project is a success. At least the setup and configuration of the project is a success. I have not tried to mess with the rules yet, but I will get there. I'm sidetracked at the moment by a layoff, contract work, classes, and job hunting. Honestly I'm surprised I got any of it done at all.

All said and done this is pretty sweet, and I would like to thank the guys at the snort forums and on the snort mailing list for all the help. I would also like to thank the guide writer for the in depth guide. 

Here is a list of the equipment I used: 
1. Dell Zino (aka Inspirion 400)
2. 1 Router (any type with a built in switch)
3. 1 unmanaged hub or a switch which you can set as a repeater (I used a Netgear DS108)
3. 1 Cisco USB to Ethernet dongle (USB 300M)
4. Ubuntu 10.4 or higher
5. UTP patch cables
6. 1 UPS for the networking equipment.

I will go through the configuration in an upcoming post, but needless to say it does work. There are some tricks I learned outside of the guide which will help along the way.

Here some photos of the setup all completed:

I have cleared the DB several times and started traffic over and it is working like a charm. The next post will cover the guide, software installs, and getting LAMP running.

Wednesday, September 15, 2010

Why I use SSID

This is going to be a long one. It comes from a debate I had on irc a few days ago. I've heard this time and time again, to increase security, disable SSID broadcast. It's true, if you want to be absolute in your wifi network security, you should disable SSID broadcast. Now let me tell you why I don't.

I like things to work: Yes, in a nutshell this is my primary reason. I like it when I know my Wii can see my wifi network. I like it when my mother brings her iPod over and it works seamlessly. There is something to be said about technology doing what it was designed to do, making my life easier and improving the quality of it. I dislike having to stop what I am doing to troubleshoot a wifi connection, if the device can see the SSID, then I know the hardware is at least functioning somewhat properly. It saves time and effort, something geeks like to do.

How do I secure my wifi network? Simple steps will always work:

1. Change the default password on your router. 
 This should be the first thing you do. All it takes is determining the router type and someone can lookup the factory username and password. Once they get into your router, find your connected IP, turn off your SPI firewall, and lock you out, well, it's game over. Seriously speaking this keeps so much from happening. Usually you cannot change the default username, but make your password strong. Letters + Numbers + Capitals and for grins throw in a !@#$%& character or two. Make it more than 8 characters too.

2. Change the SSID broadcast name.
Do this as soon as you have changed the default password.

3. Set the radio encryption level to high.
It boils down to this, a wifi network still uses plain old fashioned radio waves for communication (which is why you have channels on your router). Just like regular radio waves they can be intercepted by anyone with the basic knowledge and equipment. Encryption of the radio signal is crucial! When you set the encryption of a router you are encrypting the radio transmission and reception, the information floating (waving) through the air is encrypted. This protects against interception. The current standard for high encryption is WPA2, go as high as you can. This will not stop a determined person, but it will make it extremely difficult, which is the basics of security.

4. Use MAC Filters.
Here is where I depart from the "standard". Each and every device which connects to a network uses a media access control address (MAC). Most modern routers allow a person to setup a list of MACs which will be allowed on the network. If the MAC isn't on the list, it is not allowed on. Now here is the problem with MACs, they can be spoofed, easily spoofed. Here is the counter argument. Most will not take the time to try and discover the connected MACs, they will move on to another target. Spoofing a MAC requires someone to take the time and effort to capture radio traffic, find the correct MAC, and spoof it. Remember if you have done the previous steps, this is just another road block in the way of a intruder. It is better to have it than to not have it. It should not be implemented on its own as a security plan, rather it should be implemented as a part of a security methodology.

5. Check your logs/activity.
So many people do not take the time to review their router. I do mine about once a month, but I take security very seriously. At least check it every few months. There are ways to set routers to email you when certain activity happens. Do so! Just like you check your windows and door by looking at them, do the same for your network.

Monday, September 13, 2010

Fall Personal Project: Update 1

So the fall home NIDS project is going well. I have removed the old router and replaced it with a newer Netgear b/g/n router. I also took the opportunity to do some cable management.

There is one feature I wish manufacturers would add to the routers and that is to export the machine address ACL to a file. It would have been really nice. As it s I just copied the table from the html, but still, since I use MAC ACL filters, it would make things easier.

So the 10/100 hub is on the way, I will order my dell zino this week after I finish some papers which are due. I would really like to thank all the folks over at the snort forums for their assistance and guidance in this project. They really know what they are doing.

I spent some time this weekend looking up the literature in some major journals on snort usage. I'm almost positive that my final dissertation will somehow involve the use of snort, but I'm not sure how yet.

More updates as the equipment comes to me. I will post a topology diagram later on the next update once I make sure everything is running.

Tuesday, September 07, 2010

Fall Personal Project

So this fall's personal project will be to install a personal IDS at my home, then try like crazy to penetrate it. Snort snort snort. After writing several papers on the software I have come to respect it even more.

I often check the basics of a site or of a home network setup by using the "shields up" but I know that my router kills the majority of the traffic which the service tests for in a vulnerability test. I am looking to setup a fully functioning DMZ with a snort based NIDS and then slam it until I can break it (without cheating of course). I have ordered a new router simply because I have been a little lapse on keeping my encryption as strong as I can and it's time to do so. I also reall like some of the new functions in netgear's newer routers which allows the creation of a DMZ out of the box.

Also, I will probably use Ubuntu and some sort of small form factor like a mac mini or a dell zino since I need power to be a consideration. I would love to keep it in the ubuntu family line though, I need to beef up my skills in administrating one since it has been almost a year since I set a box up with ubuntu.

We will see how it goes. I will post to a page here or keep it updated in the blog.

Thursday, August 12, 2010

Weebly: Simple and Easy Sites

 As you can tell, my site has gone through yet another revision. The long and short of it is that I am reducing the number of servers I run entirely. I am shutting down my primary portal site and converting everything to Weebly accounts, both for my clients and myself. 

What is Weebly? I'm so glad you asked. Weebly is ridiculously simple web hosting. Now if you want to run a php application or something in the .NET framework, Weebly is not for you. If you want a simple site, clean, efficient, and gets the job done with very little issues, Weebly is right up your alley.

What Weebly does is allow people, with very little coding experience, to create rich and easy to maintain content driven sites. It includes integration to the paypal shopping cart engine, easy to set meta tags for SEO purposes, and a module based layout similar to most CMS features, allowing more flexibility for those that want to do special things, like my twitter feed on the front page.

Easy part, it's free with a point and click interface. I highly recommend this for anyone wanting a quick and painless site.

Monday, June 07, 2010

Chrome Extension: Incredible Startpage

I am finding that for search and daily tasks, Google Chrome is rapidly replacing Firefox as my default browser. I'm still amazed at how this transition has happened. I still use Firefox for download management, debugging, and the like, but my main browser now is Chrome.

This leaves some slight functionality issues with Chrome. All in all I have managed to find what I need to complete my tasks and make things seamless. Then I find this little jewel of an extension. The company is Visibo, the extension is the "Incredible Startpage". This little add-on grew rapidly on me. I find the native and default startpage on Chrome spacious to a fault. I cannot really reorder my list, and the thumbnails of web lages are unnecessary for me. The bookmarks bar is limited to the length of the window, so things are not as elegant as they could be in my humble opinion. Incredible Startpage fixes most of my issues.

First the bookmark frame, this allows me to keep a double column list of my most commonly used bookmarks on a new tab. This is nice. It keeps the fav icon as a reference and offers more than what the bookmarks bar offers in terms of space (I like a fixed width window).

The next is the columns for closed tabs and a longer bookmarks list, which I can use to add and remove bookmarks to my bookmark frame. Lovely!

The next cool feature is the post-it. This allows me to write in small things and then post them as an email or calendar item to Gmail or Google Calendar, both services I use extensively.

Add to this the fully customize CSS and background images which allow you to tailor your new tab page as you like, and I feel right at home (of course I've totally geeked it out with Dr. Who wall papers). By default the extension has an array of images, but you can also direct link to any image out on the net, the downside is no local image support, but that's fine by me.

All in all this is a great extension for my daily operations (email, web, search, school). I love the arrangement and layout as well as the personal touch. Great Job Visibo!

Thursday, June 03, 2010

Wardriving (whitehat of course)

Wednesday night, I thought I would kill two birds so to speak. I needed to pick up my lovely wife from the airport and at the same time, complete an assignment for my networking class regarding wardriving. Let me preface this by stating I know the difference between scanning for a network and connecting to it. I have done this many times in the past and I am not about to break the law now. So I fire up VIStumbler on my laptop, jump in my nifty car and drive 26.1 miles to DFW international airport. The results were more than interesting.

I found what I expected getting out of my neighborhood, lots of unsecured open wireless networks. On the drive to the highway I found plenty of businesses which would offer WiFi to their customers; McDonalds, Starbucks, Hyatt, even a KFC. Then I get some more than interesting hits; Bank of America, Wells Fargo, a local doctor's office. These were just a few of the businesses which I would think would at least encrypt their network. Leaving it open for access is one thing, it makes it easy for customers to connect, but traffic encryption should be a no quarter point of interest.

Having spent lots of time as a network and system admin, I would find it very unnerving to have an open and unsecured WiFi network for a doctor's office, bank, or any retail operation which accepts credit cards (and stores them locally). I understand that many businesses simply offer internet service to their customers, the local coffee shop for example. I have personally seen local businesses though, connect their POS system to their WiFi network. Here is where things can get tricky.

Here are some reasons why. For all those doctor's offices out there, HIPPA is no laughing matter. If the network inadvertently transmits HIPPA related patient information on an unsecured network and that transmission is intercepted...well good night Sally. This is a major issue. For businesses which accept credit cards, you must follow PCI-DSS standards for card data security set by VISA, MasterCard, Discover, and American Express (The PCI council). The fines you could receive for a breach could literally put the business down for the count.

Do not take WiFi security lightly. Set up encryption, use it, access points and wireless routers have it built in for a reason. Set up authentication when you can, again these access points come with this ability out of the box. For you data paranoid types (like me), use good encryption and authentication with a IDS setup on the inside of the network. None of this may stop a determined intruder, but it can slow them down and make them move on to a more viable target, which is what security is all about.

Tuesday, May 04, 2010

Google Bibliography?

No, Google Bibliography is not a real product. I really wish it was though. I am currently starting to collect documents for my doctoral dissertation proposal and I keep running into the same issue over and over again, redundancy. I am absolutely fearful that my EndNote library is going to get squashed by any number of possible deaths. Call me paranoid, but when it comes to data, well...ok I guess I'm paranoid.
Large journal sources such as ACM already have a system for exporting to any number of citation storage packages, including the ever popular EndNote, here is the issue I have though, EndNote does a great job of keeping my references together, but does so in such an inelegant way. After 3 years of Gmail, 3 years of Google Docs, and access to a lot of these services on the fly via mobile, I came to rely on elegance of Google software, even more than that elegance, I rely on the cloud to store the most critical information as a backup device. The culmination of my academic career is more than "critical" to me.

What to do? I could just continue to use EndNote X3 which my university makes available to me for free. I then have the issue of storing my library, and all pdf articles associated with it in a central repository and "syncing" them. I use multiple computers for this process, so now I am almost tied to those little flash drives for my sync. Ug. I suppose I could "upload" my library files to Google Docs as a backup, but that again seems "inelegant". Why could I not have a solution where I can store, modify, read, relate, tag, and organize my citations in the cloud, as an integrated service with the apps I already rely on from Google?
What I want: I want a service which ties in to a document storage package like Google docs, can easily be updated like Google Bookmarks for Scholar searches, easily tagged (like all Google products). I want a Google citation database! In the cloud, massive storage, tags, easily searchable (search through the pdf uploads too), and linked to Google Talk for collaboration. I think this need fits right in the middle between Google Docs and Google Apps.

Please don't make me carry all my research and literature on a flash drive...please?

Friday, April 30, 2010

Goodbye Lala, You were good to me

My Friend Tivo25 introduced me to a few months ago. I am always looking for new music and even spins on old music. Lala is great, it offers a queue for sampling music, social networking to find people with interests and get introduced to music and share it with other networks (facebook), and most of all a great way to easily and comfortably purchase music on a tier.

Chairman Steve at Apple thinks it's good too. Apple recently purchased Like myself, many users had hoped this site would become an extension of iTunes or simply just left alone. goes down May 31st. Thank you Apple, you cheeky B&^@6@!(&%#s. This is something I expected from the likes of Microsoft, not Apple. The iTunes store has many merits, and I am loyal fan, but social networking really leads to music discovery, something Apple has yet to grasp in it's push to appease the big labels, which I hope die in a fiery, brimstone laden, smelly, smoky ball of financial ruin. Sorry, lost it there for a second. Nothing stifles new music faster than shutting down avenues of discovery. Not everyone can go to SxSW every year and we rely on services like lala to produce new music for us.

Today, another avenue was roadblocked, and unfortunately it looks like music lovers on the web will ultimately suffer the consequences. Had it not been for lala and a local radio station (PBS funded 91.7 in Dallas-FortWorth), I would have never discovered St. Vincent, Passion Pit, Little Dragon, Aqualung, Fanfarlo, Efterklang, Shiney Toy Guns, or Ok Go. This leaves Pandora and perhaps I will be showing my support for Pandora now with a paid subscription and will create an account on probably this weekend.

Bye Lala, I hope to see you on the other side. :(

Thursday, March 25, 2010


This last weekend I was working on some ANOV problems for my class. I found that I was having problems looking at my handheld calculator (only purchased for my proctored exams) and the standard calculator on windows was lacking a square root function.Now I know I can get around it by giving a power of .5 to whatever number to which I'm trying to find the root, but I find this silly. It's literally more work. This is why software was created.

This annoyance put me on a 30 minute chase on the web to find a software calculator which is not connection dependent. I wanted to find one which was available on the web for both windows and OS X. Someone read my mind.

I found eCalc. Web based, OS X dashboard ready, runs in windows. I found it nice, easy, and intuitive. This is great software! It does the following effortlessly:

Scientific Functions (Algebra, Trigonometry, Engineering)
RPN or Algebraic Operating Modes
Interactive Unit Converter
Linear and Root Equation Solver
Complex Number Math with Polar and Rectangular Formats
Drop-Down Stack with History
Interactive Decimal to Fraction Converter
Free Online Calculator
Windows Desktop Version (Win98,ME,NT4,2k,XP,Vista) (Also works in Win 7-64b)
Mac OS X Dashboard Version

Plus: A square root button...I'm so easily entertained.

$14.95. Done. Sold. My handheld crappy TI-blah-blah cost me $9 at target. I have to admit I do like well designed software and I have a tendency to purchase based on functionality and design and this calculator won my devotion on both fronts. There is even an iPhone app ready and available.

Wednesday, March 24, 2010

Benford's Law

A friend of mine recently introduced me to Benford's law, also known as first digit law a few days ago. I had never heard of it until then, granted I'm not up on the majority of statistical probability laws, but I found it fascinating.

It made me wonder. I have a wonderful book, "Tables of Integrals and Other Mathematical Data" by Dwight Herbert (1961 ed). I used this book heavily in college and still hit it for reference every so often. Is there anything like it for statistical models specifically?

Thanks to Don for the Benford's Law intro too!

Wednesday, February 10, 2010

Google Buzz, bright idea but why?

Maybe I'm just not getting it. Maybe I never will. I read the information, watched the video, and have been "buzzing" with my friend TiVO25 for nearly 20 min now. What does Buzz accomplish?

Let me share with you a few things it does do well first. The application does share and start conversations well. I can follow the conversation with absolute ease and the user interface is easy and clean. Everything is within Gmail so I'm not really having to learn anything new. Very intuitive and fast. The response time is quick and I'm not left wondering it buzz is working. There are features which I would expect to see like email this and reply commenting as well. Yep, that's about it.

Now here are the things I do not like. As Buzz is rolled out to people, they are automatically added to my followers. I never manually added anyone to my followers or to be followed, it was automatic. By default all conversations are public and are stored on the web along with a profile page. Here is mine as an example ( I never asked for the profile page, and all my conversations in buzz to be auto added to a page, which can now be crawled and added to the search cache. Oops when I added the other sites to Buzz it auto posted my last tweet and blog entry, thanks for asking first! I auto spammed my gmail friends with materials. There is a link in my mailbox side nav for buzz, so why am I also getting it in my mail inbox? My blackberry is having seizures trying to keep up with Gmail mobile because I'm having a buzz conversation? No thanks.

My biggest concern is that this only takes information from other sites, it doesn't send it out. It would have been better if this was like (where I am writing this now as we speak). I want ease of use. It is easy for me to login to mail and send an update to all my syndicated sites (facebook, twitter, blogger, etc). What does it accomplish to have my buzz updated from these sites, where my friends, family, and followers already exist? Who is reading my buzz then? Is it to try and convert more people to Gmail? Why would I do that? Email is a personal choice. Do I believe Gmail is better? Yes! Am I going to say that buzz is a reason to migrate over to gmail as a mail platform? No.

All in all buzz looks great, works fast, and does what exactly? My already used, flexible, and well established services are not enhanced by this product, neither am I for that matter.

Tuesday, February 09, 2010

Program of Study

Well after some reworking and decisions on my part I have decided on my program of study direction at DSU. I will be specializing in Information Assurance and Computer Security (yay!). Now to work through all the fun stuff.

Of course I will need to complete the smaller coursework which everyone has to take along the way, but at least I can start preparing my literature review now though. I am learning EndNote however I really wish there were a solution in the cloud for this. EndNote does a fantastic job and I love the fact that I can download trees of citations from the library and post them directly into the application, I just feel that there is a better way to accomplish this goal.

There is going to be a proposal defense sometime this week and I love sitting in on these. The proposal will be on "Virtual Teams: Towards Improving Work Effectiveness through Collaboration Process Structure Training”. This sounds so interesting. I wish Dawn all the best on the defense.