Digital Choke Daynotes

"Daynotes" are popularized by a Internet Web site called the "Daynotes Gang" (http://www.daynotes.com or http://www.daynotes.org), a collection of the daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals. You can send your comments to us by clicking on any mailbox icon.

Reports

Email: not absolutely positively delivered

Anti-Spam Server

What I Did On My Summer Vacation (July 2003)

It's been a busy weekend. Not as interesting as John Dominik's, though (visitors, lost kids, runaway dogs, new job), but I did manage to keep busy.

I started Saturday with a visit to the local Lowe's for some drip system parts and some "Greased Lightning" cleaner (good stuff, by the way, really works well on assorted crud). At the front of the store they has a lot of 4 inch "mums" on sale for 99 cents. They looked healthy and colorful, so I picked up a dozen -- some burgundy, yellow, and red. I also grabbed a new set of garden trowel tools and a foam kneeling pad. This house has some nice landscaping front and back, but not enough colorful stuff for my preferences. So I spent the morning putting in a few extra drip sprinklers and planting the flowers. I also fixed two of the drip sprinklers I put in a few weeks ago by rearranging their connections. (It seems that one 1/4 inch line won't support more than two of the drip sprinklers.) And the knee pad was quite helpful on my old knees.

So my Saturday morning was spent with a bit of gardening. That is somewhat of a new experience for me; I didn't really do a whole lot of gardening at the previous house. Most of my Saturdays were spent with a two to three hour ride on the lawnmower and other chores. Now I am in a newer house, the landscaping is all done, a guy comes by once a week for an hour to mow the lawn, so I find my Saturdays much less busy than before.

After cleaning up from my gardening stint (hosing off the patio, cleaning off the garden tools, putting away the various parts), I had lunch, and then Pam came home from work. We both relaxed a bit, then my oldest daughter came by with her family. We babysat both grandkids while they had a nice (and quiet) dinner. We went to the neighborhood park for a while, then Liam (1 3/4 yrs) went home with his parents while we kept Joelle (3 1/2 yrs), who got to spend the night at "Poppa's house". We watched the new "Sleeping Beauty" DVD before she trundled off to bed.

Sunday morning, and Pam fixed pancakes for breakfast. By special request of Joelle, they were purple. It was a pleasant morning, so we had breakfast on the back porch. After cleaning up the breakfast dishes, we sat down for an encore showing of "Sleeping Beauty". Actually, Joelle watched, Pam rested between working on some homemade rolls for dinner, and I worked on my church lesson. We all trooped off to church at noon, then returned for a second encore of the movie.

Then the usual gang showed up for dinner (prime rib from Sam's, actually quite tasty and very easy to fix since it is pre-cooked). A bit of football watching for the guys after dinner, while the kids and ladies went over to the park. Everyone was gone by about 8:30, so Pam and I relaxed in front of the TV -- Pam in her usual position (head in my lap, head rubs to relax her). Pam was a bit tired, so she went off to bed, so here I am, doing a bit of web surfing, updating these pages, and winding down. And now you are as up to date as I am.

Another Monday. You wake up at the usual time, but it is still too early. Do the usual morning stuff, then get out the door. The traffic is not too bad, so you get to work without too much hassle. Stumble into the office, turn on the desk lights and the computer. Grab a fresh water refill (I don't do coffee). While the computer is booting up, read the morning newspaper. Log onto the network, check the morning email, delete the spam that made it through the spam filter. Check the calendar, notice you have only two meetings today, the first one at 8am.

Get ready for the first meeting by gathering your pad of paper so you can build the day's task list. During the meeting, take notes, which are really the things that you need to do this week. Prioritize the list with A-B-C codes. Don't forget to look up now and then so that people think you are paying attention. And make sure the guy next to you can't see what you are doing. By the end of the meeting, you have put in your two cent's worth, and your task list is ready.

Back to the office (after stopping by the boss' office to say hello). Start on the first priority of your list, which is to update the project list and schedule for your late morning meeting with the boss. Check on the status of the patch installation by running a few scans. Answer email as it comes in, update the security web pages, finalize some reports, draft some more, and check the web for some security news.

After lunch, take some time to wander over to the new mail server systems and install some software, tweak some settings. Tomorrow we'll take a final configuration look at the system to make sure that it is all working together properly. If all is well, let the network services guys look at it (it's a Windows 2003 server, which is new to our network) to let them 'bless' it. Then we can do the change order thing to get it into production.

Two in a row. One major project, the teleworking policy, is ready to go to the executive team. We had a meeting today with representatives from the major departments, looking through the new policy for any concerns. There were some minor ones, but no show-stoppers. So the policy goes to the executive team for their approval.

I worked a bit on a slide show for user education on security. This will be part of the security road show that will go to the various departments to educate the users on information security issues. Sort of a security outreach program.

Another project that is ready for the executive team is the 'what to do when an employee leaves or transfers' policy. That includes all the procedures for personnel issues, removing network access, gathering up issued equipment, etc. A company-wide team has been working on it for a couple of months, and now it's ready to get the executive buy-in.

Other than those two major things, just the normal stuff. We found a couple more computers that still have the Nachi worm by monitoring Internet access. That particular worm likes to go to some sites in Japan, so we just have the web filtering software look for browsing to those sites. When we find one, we run the Microsoft patch scanning tool to see if the patches have been installed.

Last Friday, I mentioned that we were getting inconsistent results from the vulnerability scanning tools we were using. The Foundstone RPCScan tool looks at systems for the RPC-DCOM vulnerability, which tells us whether the patches are installed. But version 1 and 2.0 didn't work right, returning inconsistent results. Over the weekend, Foundstone released version 2.01, with no indication of what was fixed. That version doesn't seem to work quite right. The only scanning tool that provides consistent and correct results is the scanning tool from Microsoft. It doesn't have a fancy interface, just runs from the command line. But it will tell you if the scanned system has the two patches.

For dinner tonight, we did the barbequed chicken breast salad, with some homemade low-fat muffins. Quite tasty and filling. Then I did some minor straightening of the garage, put out the garbage cans to the curb, and did a bit of reading homework. Quite an exciting life, don't you think?

Some major happenings in the security world the past few days, both of them relating to software vulnerabilities.

One is the additional Microsoft vulnerability related to the Blaster/Nachi worm exploit. Microsoft announced the problem, and provided a patch file to fix it. System administrators should have installed that patch by now. Home users should be setting up their computers for automatic updates so they can get the patch. There were indications today that an exploit has been written and distributed by the "black hat" guys, but I haven't seen reports of any attacks.

The other happening is the disclosure that there is a serious vulnerability in the Linux world with the Sendmail program. This is a program that is very commonly used as a mail server on lots of systems everywhere. The Sendmail folks announced the problem and the patch/update program. So there are Sendmail administrators everywhere applying the patch (one would hope).

The thing that I find interesting is the response to these two problems. Here's what happens with a Windows problem.

I don't see any difference in the two problems. Both operating systems have security problems that crop up. I see a lot of security mailing lists that detail vulnerabilities in the operating system and applications. There are just as many in the open source world as there are in the Windows world...sometimes there are more in the open source world. But you can bet money that the open source folks will be very vocal in their complaints about bugs in Windows....and very quiet about problems with open source.

For instance, one of the places I regularly visits was complaining (ranting) about Microsoft patches. And then he says:

Hmmm. He's saying that his LInux box needs regular updates, and so he updates his boxes. Exactly the same thing that I do with my Windows boxes. No worries, no cost, and no time eaten.

Because everyone else is talking about the weather today, let's continue our rant from yesterday.

From the SANS Security Alert Consensus (subscribe here, recommended), The item numbers relate to the entries in the BugTraq database.

And here is this weeks list of new vulnerabilities they included in today's notice.

After the tracking number is the operating system for the program. "Win" means Windows, of course -- a program that runs under WIndows. The "Cross" usually mean Linux-based programs.

The point is not the number of vulnerabilities for any particular operating systems. It's that there are vulnerabilities for all operating systems. And I don't think that any particular OS is fixed faster than others. I do think that the Windows operating system attracts more attacking attempts, because it is a larger target. But there are attacks against non-WIndows operating systems, like the Sendmail and Open SSH problems. Those programs are pretty widespread, and an attack against them could also be damaging.

So, updates/patches are important. Automatic updates are better. Of course with some servers, you may need to do a bit of testing of patches. And a layered defense against attacks is also part of good operating practice.

But enough of that ranting. Tomorrow is Friday; only one more day of our IT department retreat. Not as much 'touchy-feely' as previous ones. It looks like we'll actually do some real planning. We shall see.

Virus updates are also important, as are good email practices. The "Swen" worm has some clever social engineering techniques, which makes it a real risk for home users. Technical details are here (among other places), and here is the Sophos and Information Week story. As always, continual vigilance and updates are in order. It seems that this one is spreading quite a bit, but I am not sure if it is Blaster-like in it's traffic generation. But, as they used to say on "Hill Street Blues", "Let's be careful out there!".

After work, Pam and I had dinner at In-n-Out, then off to the "Matchstick Man" movie. It was a good movie, quite enjoyable, and we both enjoyed it. Recommended as a good 'date night' movie.

Tomorrow I head up to the in-laws cabin in the mountains. We need to do a bit of firewood cutting and splitting to clean it up a bit. I suspect that I will return home with some sore muscles.

I met my son-in-law and we went up to the cabin in Strawberry, which is up Highway 50 about halfway between Placerville ("Old Hangtown", about an hour east of Sacramento) and Lake Tahoe, CA/NV (it's a border town). The elevation is about 6000 feet, and the cabin is right on the river. Although the cabin is near the highway, the noise of the river masks most of the traffic noise, so it is a very pleasant place to spend a day or weekend.

But our task was to cut firewood. The land there is leased from the US Forest Service, and they keep a pretty tight rein on how you keep up the place. It's like having a home with a neighborhood association with strict rules. You have to keep the ground clear around the cabin, paint with certain colors, use certain types of exterior materials, etc. The other thing you have to do is to cut down the dead trees that they designate. Some of the trees are quite old and tall. It is quite impressive when you cut them down; they hit the ground with a big 'whomp'.

A couple of years ago, a large tree had to be cut down. This tree was between two cabins, so you had to be really careful where it landed. We called in a professional for that one, and it was interesting how he did it. He carefully cut out the notch, then the final cut, and the tree fell down right between the cabins, within a couple of feet where he wanted it to be.

Anyhow, we had to cut down a couple of big trees this year, so today's job was to cut and split the tree into firewood. We cut about 20-18 inch sections of the tree, and that was only half of the tree. Jared and I traded off cutting, and I was able to improve my technique to get one done in about a minute and a half. During one of my breaks, I counted the rings of the tree to see how old it was. That tree was about 85 years old. At the base, it was about 30 inches across. Then we used the hydraulic log splitter (that was actually more work than the cutting with the chainsaw). And then we tossed it into the truck (full size Chevy), and that filled up three-quarters of the truck up to the bed height.

I got home about 5:00pm, and relaxed a bit before Pam got home and we barbequed a couple of steaks to have with a baked potato and corn on the cob. We were both tired (Pam did a Heart Walk today, then went shopping with Christine and the kids), so we just relaxed in front of the TV.

Daynotes	a daily journal of our activity	Send us email
Digital Choke	an action that is sometimes needed for your computer; also a short techno-story available here.	Send us email