Category: Just Saying …

A nice week off last week, the usual trip down to Oceanside. Good timing: the weather in the Central CA valley was in the 100’s, and the temps in Oceanside stayed around 70-75. Lots of relaxation; reading books on the balcony overlooking the pool and ocean beach. The usual surfing the ‘net (don’t do ocean surfing).

Oceanside is just outside the US Marine camp at Camp Pendleton. There is also a Navy base there. On Saturday, there was a “Navy Appreciation Day”. We were awakened at about 7am with a loud noise that sounded like an army of leaf blowers. It was a big Navy hovercraft that landed on the beach right next to the Oceanside Pier. Quite impressive (and loud).

But mostly a quiet time for relaxation. A bit of reflection on the events of the past year.

And a return to work, with some interesting remote computer forensics tasks and processes. But looking forward to a three-day weekend.

Friday is here! (Yay!) Today’s project list includes proving to another department that their firewall is blocking all their email we send them, and the problem is not our mail servers. Some more testing on McAfee AntiVirus installation and policy changes.

And another erosion of privacy rights by the US Customs and Border Protection guys. More info on my Security Dawg site www.securitydawg.com .

Weekend plans? More cleanup at the mother-in-law’s house, a minor almost-clog in the shower drain, and a nap or two.

I usually just delete these types of emails. But this made me chuckle (and since my wife sent it to me, I couldn’t just delete it):

Men Are Just Happier People — What do you expect from such simple creatures?

• Your last name stays put.
• The garage is all yours.
• Wedding plans take care of themselves.
• Chocolate is just another snack.
• You can be President.
• You can never be pregnant.
• You can wear a white T-shirt to a water park. You can wear NO shirt to a water park.
• Car mechanics tell you the truth
• The world is your urinal.
• You never have to drive to another gas station rest room because this one is just too icky.
• You don’t have to stop and think of which way to turn a nut on a bolt.
• Same work, more pay.
• Wrinkles add character.
• Wedding dress $5000. Tux rental-$100.
• People never stare at your chest when you’re talking to them.
• New shoes don’t cut, blister, or mangle your feet
• One mood all the time.
  Phone conversations are over in 30 seconds flat.
• You know stuff about tanks.
• A five-day vacation requires only one suitcase.
• You can open all your own jars.
• You get extra credit for the slightest act of thoughtfulness.
• If someone forgets to invite you, he or she can still be your friend.
• Your underwear is $8.95 for a three-pack.
• Three pairs of shoes are more than enough. You almost never have strap problems in public. You are unable to see wrinkles in your clothes.
• Everything on your face stays its original color.
• The same hairstyle lasts for years, maybe decades.
• You only have to shave your face and neck.
  You can play with toys all your life.
• One wallet and one color for all seasons.
• You can wear shorts no matter how your legs look.
• You can ‘do’ your nails with a pocket knife.
• You have freedom of choice concerning growing a mustache.
• You can do Christmas shopping for 25 relatives on December 24 in 25 minutes.

No wonder men are happier.

A big SQL injection attack against hundreds of thousands of web sites. Many government and commercial sites have been infected with code that will try to install a password stealing program just by visiting a web page.

It’s not clear if anti-virus programs will catch this one yet.

You can see the extent by doing a web search for “nihaorr1”. DO NOT VISIT ANY OF THOSE LINKS! Google search may be filtering the bad sites; they returned only about 48K. Yahoo search returned over 251K entries. Some are discussions about this vuln, but many are sites that have been infected with the malicious javascript.

This one is widespread. Internet Storm Center has info here: http://isc.sans.org/diary.html?storyid=4331 . “They have hit city websites, commercial sites and even government websites. This type of injection pretty much null and voids the concept of “trusted website”. or “safe sites”‘

Corporate types should be watching for traffic to that site. I found a few users at the office that may have been affected (and possibly infected).

Be careful out there!

(Note: an older post that never got posted.)

CNN has a new revenue source: t-shirts with CNN headlines. You can create your own with a URL like this:

http://www.cnn.com/tshirt/?headline=Information%20Security%20knows%20where%20you%20go!&date;=1208742566000&hash;=e6019d52c9d91cc8eb4e077d85751edc&return;_uri=http://www.cnn.com/video/%23/video/world/2008/04/20/thatcher.prince.william.chopper.itn

Just replace the text between the “headline=” and “&date;”. Space characters are the “%20” values. There seems to be a limit to the number of characters. And it doesn’t work without the return_uri value. I never have liked creating links with parameter values in them. Too easy to hack the values.

Like in this story, where the Oklahoma state database of criminals can be easily hacked to add the name of your choosing to their database. I believe it’s been fixed, but one of the stories is here from the guy that found it http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx .

As for the CNN T-Shirt page, I don’t think it would be too difficult for someone to create thier own form page that would have an input field for the T-shirt text, then creates the URL for the CNN t-shirt. Don’t know if you could actually order said T-shirt.

Some progress in the email wars, where large messages were killing my mail servers. It seems that the large files were being stored in a temp folder which was not excluded from real-time virus scanning. No indication in the SurfControl (Websense) docs that this was happening. But it was causing much intermittent consternation as mail would get backlogged. When you process over 600,000 messages a day, you can get a pretty impressive six-figure backlog in short order.

So, I have applied their recommended workaround. Some more testing to see if that fixes that particular problem. It took about a week’s worth of daily tech support phone calls (each call over an hour), and lots of file transfers to determine this one.

And my rant on their user forums did get the attention of the support manager. Although they are discontinuing the forums to concentrate on email and phone support only. No sharing of information (or complaints) by end users in a message forum.

Not out of the woods yet, though. Several other major problems with the SurfControl (now Websense) products that are making it difficult to stay with that product. Those problems still need to be resolved.

For a bit of fun, head over to my other place www.securitydawg.com . You’ll find that I am easily amused.

Mail filtering software still takes much of my time. Two of the mail servers yesterday got ‘stuck’ in the same manner as before. It appeared to happen Sunday morning, and I wasn’t able to get to it until that evening. That irriated a few people, but our company doesn’t have 24/7 support (even though the IT dept has asked for funding for that). Most people assume that email is instantaneous, and get irritated when email doesn’t get delivered this very minute.

The interesting thing is that I left a comment about the apparent reduced support at the vendor’s site. And then I got a call from the support department’s boss. After introducing himself, he did the standard ‘break the ice’ greeting of ‘how are you today?”.

To which I answered “irritated”.

I think that was a bit unexpected.

The upshot is that he has assigned my four open cases (one from February, two are several weeks old, and the new one that I mentioned today) to his ‘third-level’ support guy. He (or she) is supposed to call tomorrow. We’ll see if there is any progress.

In the meantime, I am investigating alternatives.