Super Sunday. Super Bore. As usual, all the hype had nothing to do with the game. Some of the commercials were interesting, though. Which were your favorites? And if you are an international reader, was your Sunday more interesting?

We did a bit of house hunting today, just a short 1 1/2 hour drive around a couple of neighborhoods. Found some interesting ideas, but we're still waiting to get an offer on our place before we look in earnest.

Did a bit of research on the SANS 2003 Security Conference. The big boss said I could attend (it's in San Diego, CA, US) this year. Quite a few interesting classes there. It is rather expensive, though. Registration for a week-long classes is over $3K (US). And the conference hotel is about $170 (US) per night. But I think it will be worth it. I've talked to others who have attended past conferences, and there is lots of knowledge to be gained there. Should be an intersting time.

Also worked on a FAQ for work about our new email de-spammer. I'll be spending a bit of time tomorrow looking and analyzing the statistics for the 5-day period it's been running. Based upon what we 'caught', I plan on tweaking what we want to catch.

I also sent out a mild nastygram to the other network admins in the company about keeping servers patched and secured. Network adminstration is somewhat decentralized, and a bit too independant and unfocused. Most are working on fighting fires, rather than preventing them. Prevention is a much better focus of your time. Sure, you still get to fight fires, but overall there should be less of them, and they should be less of an inferno. We'll see what the feedback is on that message when they read it tomorrow morning.

I forgot to post this last night...it was short, but don't want to have an empty day. Just some highlights, though.

The "Slammer" worm was more destructive than previously thought. You'll see more about it in the news, since it makes a good story (and "sweeps week" is coming up in the US, so you can expect a bit of overkill on this and other 'sensational' stories) Our company wasn't hit, because of good firewall blocking. But it would seem that the Internet infrastructure is not as robust as we all think. (And that's the basis of the "Digital Choke" story.) I have some info from a couple of readers about their experiences, which I will post tonight. If you have any you want to add, send an email. Let me know if you want to remain anonymous (you can use the secret identities of "Ted" and "Wanda" if you want). Here's one story from the Washington Post about that.

Have been playing a bit with the GFI Languard Network Security Scanner program. Looks pretty good, there is some good information in there. The 30-day evaluation is a good thing to try out if you are interested in how secure your network (or even your own personal system) is. Be aware that running a scan from outside into your network may cause the Intrusion Detection System alarms to go off. That irritates the network security guys, and may cause problems with your continued employment.

Our anti-spam server is working well. Out of about 250000 message in less than 5 days, over 88,000 were sensed as spam messages. We're still letting them through for now, as I try some variations on the rules..

Sapphire/SQL Slammer also took out the directory assistance and Enhanced 911 services for TELUS, the incumbent phone company in British Columbia and Alberta, Canada. Regarding Microsoft's patch, apparently some of their subsequent rollup patches actually removed the security fix. That still doesn't excuse anyone for leaving their ports open and vulnerable of course...

Spent most of the day today doing a bit more vulnerability scanning. I got the pricing for the Retina program figured out. They set their prices based on the number of IP addresses you can scan. A 16-pack costs about $800, and it goes up from there. The pricing seems very restrictive; you need to have a pretty static network, or you'll keep on having to buy additional 'IP packs'. They do have a Class C or Class B license package, the Class C costs about $9K. That's a bit more than the budget will allow.

So I spent some more time working with the GFI Languard Network Security Scanner program. This one costs only $795 for an unlimited number of scans. As I got deeper into the program, it looked like it could do what I need. It doesn't have the fancy narrative reports like Retina, but the pricing is more in line with our current budget. It also seems to be versatile enough that it will give me the information I need for reports. So, a quick memo to the boss, who asked the big boss, and she agreed that the GFI program could be funded out of some discretionary funds. I think it will be a good tool.

As I made the rounds of several sites, I found some interesting information. I'd mentioned the big fires in Australia. It seems that one of them destroyed a bit observatory. But they had a good disaster plan, and didn't lose all of their data, which they had properly backed up and stored off-site. Here's the story from ZDNet, as reported by the CERT Advisory mailing list (susbscribe here, it contains much good information), the comments are from one of their editors.:

Valuable data collected by the Mt. Stromlo Observatory in Canberra, Australia were not lost in a firestorm that destroyed the facility thanks to a "comprehensive data recovery plan." Data from the telescopes had been being sent to a StorageTek 9310 Powderhorn library at the Canberra campus of the Australian National University (ANU); administrative and research data had been being backed up regularly and stored at two separate remote locations.(Story Link here)

[Editor's Note (Shpantzer): I love hearing success stories like this. It's not all cyberterrorism and hackers. Plan for natural disasters with remote storage and test the restoration process. Business continuity is not as glamorous as some of the cool technologies out there, but it is essential for the long term existence of the organization.

So, how's your business continuity plan? Or your personal continuity plan? Have you got copies of important data that's on your computer at home? Here's a suggestion: rearrange the data files a bit into a single base folder structure. Then use that CD/RW drive to make a backup copy of those data files. Take the CD to another location for safekeeping: take the home data to your work office, or vice versa. And then keep on updating the backups. And if your company (large or small) doesn't have a data backup plan, you might want to encourage them a bit. Or, keep your resume up to date.

Another intesting note: identity theft is becoming more visible, and more prevalent. I got this from the same source as above:

A Federal Trade Commission (FTC) report says that complaints about identity theft have increased 73% since last year and account for 43% of all the complaints they received in 2002. Problems with Internet auctions generated 13% of complaints.
http://zdnet.com.com/2100-1105-981489.html
FTC website with information about identity theft:
http://www.consumer.gov/idtheft/

The FTC site has some good information and tips.

And I was at a relative-in-law's house. He has DSL and a wireless network. I asked him if he had done some basic security on either, and there was sort of a blank look on his face. Like many home users, it's not something that they really think about. I told him about ZoneAlarm's free software firewall, and some things that he should do about his wireless stuff. How many of you have good protection of your home computer? And have you read the story about how the HP wireless keyboard can travel to your neighbor's wireless keyboard? (It's true!)

Where to go for some security tips? Try Microsoft (no, really! -- they are trying), or ZDNET. Or, you can ask me. I'm getting a bit better at this.

Couple of interesting things in the news.

There's a report (here) that scientists have discovered that lightening strikes "produce intense bursts of radiation believed to be X-rays. Many theorists had long thought such emissions from lightning impossible".

The way they do it is quite interesting. They attach a spool of wire to a small (three-four foot) rocket, then wait around for a lightening storm. When they think that there is an imminent lightening strike, they launch the rocket. (Don't try this at home.) The rocket goes up about 2000 feet (610 meters), trailing the metal wire behind it. That provides a path for the lightening strike, which they record on film and other instruments. One of the instruments senses the x-ray-like emissions. There's a great picture of the lightening strike in the above story.

The whole experiment, and the conclusion, is quite interesting, but not really new. For years, all the cartoons I've seen of lightening strikes always show the character's skeleton, just like in an x-ray. So, it is not entirely a new theory. You can see it on just about all the classic cartoons.

The same process happens with house electricity. I've seen it on "Tom and Jerry" and other cartoons. Nothing new here.

That brings to mind the alternative theory of electricity generation. It turns out that electricity is not generated to create light, but that darkness is sucked out of the area and stored in lots of different places. For instance, most people think that a light bulb gives off light. Nope, not true. If you have ever looked closely at a burned out light bulb, you will see the residue of darkness that was sucked out of the room. Same thing with flashlight batteries -- ever looked inside one? It's full of 'dark'.

You might think that I am kidding here. Of course not. It's been scientifically proven. Look here at this site. And if you don't believe that, just 'Google' with these search terms: "dark sucker theory electricity". You will find lots of proof, by no less than "Bell Labs", who wrote a research on it. It's true! I read it on the Internet!

On a more serious note, you've probably heard a lot about the growing problem of identify theft. For instance, Brian C up in Canada sent me this note:

Story today in the news up here in Canada: The Cooperators Insurance Company in Manitoba has sent warning letters off to a number of its clients warning them of the possibility of identity theft, after a hard drive (or possibly drives) containing client data (names, addresses, credit card numbers, mother's maiden name, etc) went missing from a repair facility.

Now, there are a couple things about this story that are important to think about. It's possible that someone just stole the hard drive without regard for the information on it. But it also shows that you need to be careful with any computers or computer parts that you get rid of. Just erasing the files doesn't get rid of the information. You need to run a program that actually overwrites the data. And it also is important to be careful about where you send your computers for repair. And, what information would you lose if your hard drive went away without your permission?

As for identify theft, there are lots of things you can do to protect yourself. The US Better Business Bureau has some good tips. This is a really good place to start; there are some good tips in there, and some good links to other information. It's worth the time to look at that information, and perhaps act upon it.

And, on a housekeeping note, I've changed the email link to go to a form that you fill out. This is actually good web design (IMHO). I've removed the actual email address from this site, and the form is used to mail me the message through (in this case) a PHP script file. It's also a way to make sure that anyone can mail a message, without worrying about their email program set up. And, if needed, the mailed information can be entirely anonymous. In fact, we use a similar process to provide an anonymous 'suggestion box' on one of our intranets. Without the actual email address on this site, that reduces the chance of email address harvesting by the spammers.

There are some other techniques that you can use. You can split up the parts of the email address in the page's source code, assigning the parts to variables that you put together in the actual mail command. All of this can help hide an email address. An interesting technique.