Friday, September 26, 2008

Label Clarrification

I have two labels that are similar and I wanted to make a distinction.

I'll use the Information Assurance label when referring to the profession or industry.

I'll use the Information Assurance Engineer label when referring to specific tasks, etc.

Uninstalling Nero 7 on Vista and burning ISOs

In order to burn the Gold Disks, we download the .iso files. Great. However, on this version of Vista, I couldn't find a method to burn the .isos to CD. I could burn files (or, I guess music too) to CDs; but not .iso images. So, while at home, I found an old Nero cdrom that had come with a drive I had bough a while ago; and I installed it on Vista. I'm scheduled to go testing next week, so I thought I would burn a couple of copies of the Gold Disks to take with me. Lo and behold, Nero 7 doesn't work properly with Vista. It doesn't recognize the burner in the laptop. Great. However, a little Googling found a great post on a free Vista iso burner.

I downloaded it, and it works like a charm. I whole heartedly reccommend it.

So, I went to uninstall Nero 7. That didn't work. It appears that there's an error in the middle of the uninstall, and it stops the process. A little more Googling found another great post on how to uninstall Nero 7. A couple of things to point out:
  • The article mentions downloading Nero 7 Ultimate Edition. When I went to perform this task, and follow the links, there was only a Nero 8.
  • Download Nero 8 and install that.
  • Keep following the directions and download and run the Nero Removal Tool
  • Then, uninstall Nero 8.
Worked like a charm. Yes, there were a couple of reboots. But, I'm glad it's all worked out.

Monday, September 22, 2008

The General Public's Security Posture

I'm feeling like I made the right decision to take the full-time job and place my own company on the back burner. While I've marketed the heck out of the company, I haven't had a steady stream of clients coming in. I've tried print marketing, joining the Better Business Bureau, online marketing, brochures; all geared towards the target potential client. I've even gone so far as to teach a workshop on securing home pcs using free software (and general security safeguards.) So far, two of the classes have been canceled. And I suspect the third, scheduled for Saturday, will be as well.

I get clients, and most of them are word of mouth. The feeling I get is that people just don't care. People (and smaller businesses) don't want to worry about something that they don't think will happen to them. Or, they are above having an issue.

Sometimes, an acquaintance will say "I just got a new computer, how can I best protect myself?" And, after talking it over with them, discussing the vulnerabilities and threats, I might recommend X, Y, and Z. Or, try this, and this. I'll get a quick thanks. Then, three months later, I'll get a frantic call, "Ohmygosh, nothingworks, themachine'snotright, youhavetocomequickandhelpmeout!!!!!!" Of course, I go, and I ask "what happened with X, Y, and Z?" And the answer is invarirably, "I didn't have time," or "I didn't think it was that important."

And I think that's the beginning of the problem. People just don't care. So, I'm glad I've taken this full-time gig. The clients that pay us HAVE to meet a security baseline. They may not like our answers, but all they are doing is shooting the messanger.

Possible web security question solution

I've been suggesting this to my friends for a while. And, until a better solution comes along, I think it is a good start. I'm sure you can be pretty creative.

Thursday, September 18, 2008

SANS What Works: Incident Response & Forensic Solutions

Here's a conference I would love to go to. SANS, as part of their Summit Series, What Works: Incident Response and Forensic Solutions. Unfortunately, I won't be able to attend due to work, but there's a veritable who's who in the field that's going to be there. And, I believe Richard Bejtlich from TaoSecurity is giving one of the keynotes.

Rob Lee, Drew Fahey, Bryan Sartin, Harlan Carvey, Cory Altheide, Wendi Rafferty & Ken Bradley, Ovie Carroll, Aaron Walters, Eoghan Casey, and Mike Poor & Tom Liston are secheduled to speak.

This is absolutely an event I would love to attend, and I really wish there was a DVD I could purchase of the weekend's talks.

Netstumbler doesn't work on Vista? No problem.

As I believe I've mentioned before, the laptop I'm using for work runs Vista; the Enterprise edition to be precise. I downloaded Netstumbler the other day, and found out that it doesn't work on Vista. (Of course, someone could have gotten it to work, but I haven't found any posts or pages on it.) In looking around, I found a good replacement. Vistsumbler. And, just in using it today, I've gotten great results.

Vista has a native command line version of Netstumbler. Sort of. I found out about in a SANS webcast. Ed Skoudis was talking about the activities at DefCon. At the end of the broadcast, he talked about some interesting projects he'd been working on, and he mentioned using Vista to natively war-drive. (Ed taught the SANS 504 class that I took. Highly, highly recommended.) A quick Google search turned up the following command:
netsh wlan show networks mode=bssid
I put that in a shortcut file and it worked great. I believe Viststumbler sits on top of that command and provides a graphical interface. Viststumbler also has GPS capabilities, but I haven't explored it. Running Viststumbler at home showed me a bunch more networks than I initially thought were around.

So, if you're looking for a good wireless discovery tool like Netstumbler for Vista, I recommend Vistumbler.

Sara Palin's email exploited

Catchy title, I know. It is all over the blogosphere, at least in the security circles. And those links I listed were just to the stories I read. I know there's more.

I'm not going to comment on the event as others have done a great job.

My thoughts are this: What has been Yahoo's response been to the relative ease with the ability for someone else to reset the password? I'm a Yahoo client, so to speak. One of my main email addresses is with Yahoo. I haven't received any PR from Yahoo, like they are going to change their reset strategy or something of the like. I'm really starting to think of using something else for my personal mail, and just let the junk, website registrations and confirmation emails go to Yahoo.

Security+....Not just yet

Well, I took the exam this morning. And I didn't pass. I'm still a little bent, as I've gone back and looked up some answers I'm pretty sure I got wrong. I didn't miss by much; and I learned a lot. First, I learned that I shouldn't rush this; I did not need to pass by a certain date. I was hoping to get a jump though, especially before I get real busy with work and travel. (And, I'm going to have to travel in two weeks, and I have some training next week. So, it won't be until the beginning of October that I try again.) Secondly, I'm getting a more up-to-date book. The book I used was excellent at filling in some of the gaps with information I was missing. However, there were questions on subjects more current than were in my book. I'm pretty sure that I got a lot of those questions right, but there were some I was not familiar with at all.

I really debated putting this post up. But, failure motivates me. And, I'll learn from it and move on.

Tuesday, September 16, 2008

On to the first assignment...

That didn't take long. It looks like I have my first testing trip coming up at the end of the month. In the meantime, I need to be brought up to speed on the actual processes for off-site testing. Who the contacts are. How to book flights/cars/hotels, etc. Procedures for on-site. Etc.

Yeah, I'm excited (and I'll be more-so after I pass Security+.) But, in the same vein, I'm a little nervous. It's the first assignment. And, I'll be by myself.

Almost out of the doldrums

I see the light at the end of the tunnel, I just hope it's not an oncoming train. I have my interim security clearance, and I finally got my CAC the other day. So now I can DO stuff. I've discovered that it is the end of the fiscal year, so a whole bunch of projects have started to come in, and, it's only a matter of time before I get out in the field and actually do anything.

At some point I need to start working with the tools that I'll be using in the field. I've used a bunch of the tools independently, but I need to learn the process for fieldwork. Over the last month, I've gotten a little acclimated to the documentation that needs to be produced; but not to the point where I can independently produce it.

For my level (Tech II,) I'm supposed to have Security+ certification (at a minimum.) Not only that, but my sponsor has a bunch of "Military Security"/information assurance classes I'm supposed to pass. Since I haven't had real "work" to do, I've spent the last two weeks working on my military classes. One of those classes is a Security+ review class. Because I've been so close to it for the past week or so, I decided to schedule an attempt at the Security+ exam for this week. So that's what I'm living, eating, sleeping, and breathing. I'll be glad when it's over.

You may have noticed, I dropped the pseudonym. I think at one time I had designs of reporting on the outrageous security consulting engagements I worked. A pseudonym would allow me to post anonymous details without compromising integrity and personal information. However, since I'm not doing that full time, I figure I'd drop the pseudonym.

Thursday, September 11, 2008

Update on the IA laptop

I need to update a previous post with a couple of points:

1. The laptop has been fixed with regards to the MS updates. Apparently, the computer received the user GPOs, and not the computer GPOs. A call to tech support fixed that.

2. I asked about the Gold Disks and Vista. It seems that testing military computers that run Vista will be a manual process for the near future. As it is, I haven't come across any Vista systems yet.

Back with the Moto Q

Wow, it's been a while since I've published anything. I will try to keep the voids to a minimum.

I've been settling into the new 9-5 position; mostly waiting to get the various clearances. And what a job that is. I was granted Interim Security clearance, had an interview the other day, and found out that I should hear on the full clearance by the end of this month. I haven't been on any assignments yet, I've kept busy with busy-work, and taking the online classes that the Army mandates. Because of those classes, I may take the Security+ earlier than I anticipated.

I've blogged before about using the Moto Q. For a while, I had gotten away from it as I prefer a phone in the clam shell form factor. However, I went back to using the Q as it is much easier to text. I'm finding I still like it, but I'm running into a battery issue. It seems I'm getting less battery time than a couple of months ago.

And I just saw today on Wired's Gadget Lab blog a post on a new Blackberry. I'm not a Blackberry user, but I could become one with the new model.