Thursday May 17

Archive for July, 2008

« Older Entries
Newer Entries »
Jul
22/08
Update on the DNS Vulnerability: 0-day
Last Updated on Thursday, 31 July 2008 09:55
Written by JJ
Tuesday, July 22nd, 2008

A quick update on the DNS vulnerability.Based on posts and Twitters last night from Dan and the snippits of information I gleaned from fellow Security Twits and bloggers… I think we are all aware that the DNS vulnerability is now out in the open.

The team that discovered the vulnerability was due to release details of the exploit at BlackHat (in 2 weeks). However, someone has reverse-engineered the vulnerability and released the details. The contents, or portions of the exploit were accidentally posted on a very prominent security blog yesterday then quickly removed. (Don’t ask, that’s a whole ‘nother story).

If your DNS server has not been patched, you are vulnerable now. More info on Dan’s (discoverer’s) site .  You’ll notice his 13 > 0 post... letting us know instead of 13 days you now have 0. 

If you haven’t patched your DNS server(s), please see my previous DNS vulnerability post, follow the links included for more information and instructions. Consider yourself now at risk.

# # #

Tags:   |  Posted under Industry Insider  |  Comments  No Comments
Jul
22/08
Don’t-Miss NAC Events This Week
Last Updated on Saturday, 28 January 2012 06:53
Written by JJ
Tuesday, July 22nd, 2008

FYI, thanks for bearing with me these couple of weeks. I spent a week in a lab with no Internet access at all, which made blogging life (and actually ALL life) very difficult. Upon returning, I’ve been in the process of following up on the DNS vulnerability which has now been accidentally released. And, as I mentioned in an earlier post, I’m smack in the middle of moving this blog to a new, fuller-featured platform.  (more…)

Tags: , , ,   |  Posted under Industry Insider, NAC & 802.1X  |  Comments  No Comments
Jul
10/08
‘The’ DNS Issue of 2008
Last Updated on Thursday, 31 July 2008 09:22
Written by JJ
Thursday, July 10th, 2008

It’s been a day since the public announcement, so by now you’ve probably heard about the DNS issue. The bug was found earlier this year, but the discoverer (Dan Kaminsky) and team worked fervently with leaders of the technology industry to create patches for all platforms before the big announcement. And- kudos to them all for keeping zipped lips until the problem could be contained (despite all the heckling and harassing).

You can find out a little more right now- I’m including some links below for you to read more.

If you don’t know what DNS is or why you care, see the bottom of this post for a little background info.

As for the real deal on disclosure- you’ll have to wait for Black Hat in August. I’ll be there, along with other members of the Security Bloggers Network (a (non-exclusive but highly visible and well-respected) security bloggers channel for Black Hat and RSA). I’m sure you’ll see *plenty* of post-Black Hat blogs, tweets and podcasts recapping the story.

Hear the buzz…

 

What is a DNS Server? DNS are servers throughout the Internet (and inside networks) that resolve domain names (ie www.SecurityUncorked.com) to the IP address of the hosting server. The idea is, if you can trick a DNS server, your request for ESPN.com may just take you to a malicious site where you’ll be immediately infected with a virus, malware or other undesirable creepy Internet-bred monster. They’ve found a bug that could be exploited to do just that.

What do we do? It’s not the end of the world. For now, know that almost all DNS servers need to have a patch installed to protect them from this vulnerability. It’s pretty universal and every manufacturer is on board and offering a patch as of yesterday, July 8th.

# # #

Tags: , ,   |  Posted under Industry Insider, Network Niblets  |  Comments  No Comments
Jul
08/08
Techie Travels- What Do YOU Look for in a Hotel Room?
Last Updated on Tuesday, 12 August 2008 04:54
Written by JJ
Tuesday, July 8th, 2008

I’m on the road… again. After some really great (and a few really crappy) hotel stays in the past few weeks, I started thinking about ‘what makes a good hotel’.

Recently I spent one week at a customer in a hotel where the staff obviously was hosting nightly parties down at my end of the hall- from about 2:00am – 5:30am each (yes- every) night I was there. The hotel I’m in tonight has no elevator. Yeah. @#$! That’s what I said. Twice in the past 10 days or so, I’ve been in really nice resort-hotels, so I’ve had the whole spectrum this month and last.

For me, sometimes it’s the little things… I really like it when hotels have conditioner, instead of just shampoo. I like space- so a nice work area is important to me. Of course a big soft bed and plenty-o-pillows is a key ingredient. A whirlpool or jetted tub (in the room) is icing on the cake. Exercise rooms are good, although half the time I’m too tired when traveling or have work to do (I know- excuses, excuses ;). Convenience is also a biggie- I had a run in Las Vegas where *every* room I had felt like it was a 10-minute walk just to the elevators. When I’m on-site for a customer, I also love the hotels with the do-it-yourself breakfast- I can go when I want and grab something before heading out for the day. I love the little lighted makeup mirrors… and of course a full-length for checking out the wardrobe. Plugs! I love lots of plugs. I like hotels that secure the outer doors early and require a key for access to various parts of the building.

Sometimes it’s the bigger things… Hotels with outside-facing doors make me paranoid, and obviously those in neighborhoods where your rims may disappear is not good either. I hate hotels that MAKE me valet park my car. It’s my car, my keys, I park it and I keep the keys- that’s my rule. (My Dad taught me a little trick of telling the valet boys that it’s a company car and against corporate policy for valet- it works!)

Traveling techies sometimes have unique needs or requests, and many of the ‘good list’ is universal for all traveler types.

So, those are some items from my little list… What about you- what do YOU look for in a good hotel?

# # #

Tags: , , ,   |  Posted under Random-izations, Travel  |  Comments  7 Comments
Jul
08/08
A Better Blog… Coming Up!
Last Updated on Monday, 21 July 2008 11:38
Written by JJ
Tuesday, July 8th, 2008

It’s that time- we need more ‘stuff’!

Once upon a time…
When I first started this blog, I wasn’t quite sure what would happen… where it would go… or even if I could keep finding enough new things to talk about. I haven’t had a problem finding topics, only the time to write them all!

Point being, when I started the blog, I began with a hosted solution – Squarespace. My blog host is not free, but has provided a nice platform for me to get started and easily maintain the site, posts and reporting.

Having been in the web development business for years, I know what’s involved in maintaining a site and really didn’t want to throw myself back into all that. However, the time has come. We need more ‘stuff’ and to get all the fun stuff we want I’m going to need to make some drastic changes in the platform.

What’s getting added…
Soon you’re going to have a better blog site to enjoy. The changes will provide easier and better comment and collaboration systems, more capable search tools and email forms, a blog roll and better methods for linking and trackbacks. The changes will also allow me to modify the domain host records so we can access the site without the “www”, a specific request by some, namely ‘the Wilde’.

Overall, I hope the changes will give you the tools to better use the site, find the content you want and have the ability to make it ‘your’ community and a place for interaction and idea exchange.

When?
I’ll keep you posted through the changes and hope you’ll hang in there. The content is/will/should all be the same and will be transferred in its entirety. It will be a process so you may not see any changes for a bit. It’s important the new site is up and functioning before anything is replaced.

Also, I’ll be looking for your feedback of what you like and don’t like!

I’m excited :)

# # #

Tags: ,   |  Posted under Random-izations  |  Comments  1 Comment
« Older Entries
Newer Entries »

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Topics