This is a parody of "She Thinks My Tractors Sexy" by Kenny Chesney
Plowing the net in the hot summer sun
Over by the gate, Lordy, here she comes
With a basket full of chicken and a big cold jug of sweet tea
I make a little room and she climbs on up
Open up a browser and stir a little dust
Just look at her face she ain't a foolin' me
She thinks my twitter's sexy
It really turns her on
She's always followin' me
While I'm typin' along
She likes the way it's postin' while we're twittin' up the web
She's even kind of crazy 'bout my geeky tan
She's the only one who really understands what gets me
She thinks my twitter's sexy
We surf back and forth until we run out of light
Take it to my desk, put it up for the night
Climb up in the loft sit and talk with web radio on
She said she's got a dream and I asked what it is
She wants a web farm and a yard full of followers
One more teeny weeny post before I take her home
She thinks my twitter's sexy
It really turns her on
She's always staring at me
While I'm typin' along
She likes the way it's postin' while we're twittin' up the web
She's even kind of crazy 'bout my geeky tan
She's the only one who really understands what gets me
She thinks my twitter's sexy
Well she ain't into cars or pick up trucks
But if it runs like a Beowulf, man her eyes light up
She thinks my twitter's....
She thinks my twitter's sexy
It really turns her on
She's always staring at me
While I'm typin along
She likes the way it's postin' while we're twittin' up the web
She's even kind of crazy 'bout my geeky tan
She's the only one who really understands what gets me
She thinks my twitter's sexy
She thinks my twitter's sexy
She thinks my twitter's sexy
Tuesday, July 28, 2009
Wednesday, July 15, 2009
Update regarding PayPal and Hackers for Charity
As most of you should know by now, Johnny Long was able to work out the situation with PayPal for Hackers for Charity.
They were able to come to a reasonable solution
See more here - http://www.hackersforcharity.org/265/paypal-makes-good/
They were able to come to a reasonable solution
See more here - http://www.hackersforcharity.org/265/paypal-makes-good/
Hey PayPal
Johnny Long and Hackers of Charity are having problems with their PayPal account.
http://www.hackersforcharity.org/259/paypal-shuts-us-down/
It appears that there has been a screw up at some point along the way of the processing of HFC account and it is now shutdown/locked/frozen.
Johnny and his family were relying on that money to survive. It is expensive and time consuming for him to call and then he is told to that phone support can't help him and that he should use the e-mail service to resolve the issue.
PayPal support requests that you use their e-mail contact service when you are having a serious problem like this.
If any of my readers or family members of my readers or friends of my readers who have contacts at PayPal, could you point them to Johnny's post and see what they can do.
Hmm I wonder how hard Google Check Out would have made this situation? I wonder what my bank would have done?
If you can, please help.
Be safe out there
James
http://www.hackersforcharity.org/259/paypal-shuts-us-down/
It appears that there has been a screw up at some point along the way of the processing of HFC account and it is now shutdown/locked/frozen.
Johnny and his family were relying on that money to survive. It is expensive and time consuming for him to call and then he is told to that phone support can't help him and that he should use the e-mail service to resolve the issue.
PayPal support requests that you use their e-mail contact service when you are having a serious problem like this.
If any of my readers or family members of my readers or friends of my readers who have contacts at PayPal, could you point them to Johnny's post and see what they can do.
Hmm I wonder how hard Google Check Out would have made this situation? I wonder what my bank would have done?
If you can, please help.
Be safe out there
James
Wednesday, July 1, 2009
Google Analytics and Compliance
I am posting a quick question, since most of what I have been finding has been product pitches. Could someone point me to information about Google Analytics and compliance - specifically HIPPA and PCI?
Thanks and be safe out there
James
Thanks and be safe out there
James
Sunday, June 28, 2009
Who's in FIRST
In honor of my friend Martin McKeay's trip to Kyoto for the annual FIRST conference, I present a variation on Abbot and Costello's Who's on First (Special thanks to the Baseball Almanac for having the original text on line)
Without further ado -
Who's in First
McKeay: Well Costello, I'm going to Kyoto. You know I've been given a job as official podcaster for FIRST for as long as I want it.
Costello: Look McKeay, if you're the podcaster, you must know all the members.
McKeay: I certainly do.
Costello: Well you know I've never met the guys. So you'll have to tell me their names, and then I'll know who's who.
McKeay: Oh, I'll tell you their names, but you know it seems to me they give these security professionals now-a-days very peculiar names.
Costello: You mean funny names?
McKeay: Strange names, pet names...like beaker...
Costello: His brother Daffy.
McKeay: what...
Costello: And their Dutch cousin.
McKeay: Dutch?
Costello: Kees.
McKeay: Kees Leune? That his real name. Well, let's see, we have on the board, Who's in first chair, What's in second, I Don't Know is in third...
Costello: That's what I want to find out.
McKeay: I say Who's in first, What's in second, I Don't Know's in third.
Costello: Are you the podcaster?
McKeay: Yes.
Costello: You gonna be the blogger too?
McKeay: Yes.
Costello: And you don't know the fellows' names?
McKeay: Well I should.
Costello: Well then who's in first?
McKeay: Yes.
Costello: I mean the fellow's name.
McKeay: Who.
Costello: The guy in first.
McKeay: Who.
Costello: The first board member.
McKeay: Who.
Costello: The guy leading...
McKeay: Who is in first!
Costello: I'm asking YOU who's in first.
McKeay: That's the man's name.
Costello: That's who's name?
McKeay: Yes.
Costello: Well go ahead and tell me.
McKeay: That's it.
Costello: That's who?
McKeay: Yes.
PAUSE
Costello: Look, you gotta FIRST board member?
McKeay: Certainly.
Costello: Who's leading first?
McKeay: That's right.
Costello: When you pay off the first board member every month, who gets the money?
McKeay: Every dollar of it.
Costello: All I'm trying to find out is the fellow's name on first board.
McKeay: Who.
Costello: The guy that gets...
McKeay: That's it.
Costello: Who gets the money...
McKeay: He does, every dollar. Sometimes his wife comes down and collects it.
Costello: Whose wife?
McKeay: Yes.
PAUSE
McKeay: What's wrong with that?
Costello: Look, all I wanna know is when you sign up the first board member, how does he sign his name?
McKeay: Who.
Costello: The guy.
McKeay: Who.
Costello: How does he sign...
McKeay: That's how he signs it.
Costello: Who?
McKeay: Yes.
PAUSE
Costello: All I'm trying to find out is what's the guy's name on first board.
McKeay: No. What is the second on the board.
Costello: I'm not asking you who's second.
McKeay: Who's in first.
Costello: One board member at a time!
McKeay: Well, don't change the board members around.
Costello: I'm not changing nobody!
McKeay: Take it easy, buddy.
Costello: I'm only asking you, who's the guy on first board?
McKeay: That's right.
Costello: Ok.
McKeay: All right.
PAUSE
Costello: What's the guy's name on first boards chair?
McKeay: No. What is in second.
Costello: I'm not asking you who's in second.
McKeay: Who's in first.
Costello: I don't know.
McKeay: He's in third, we're not talking about him.
Costello: Now how did I get on third chair?
McKeay: Why you mentioned his name.
Costello: If I mentioned the third baseman's name, who did I say is sitting third?
McKeay: No. Who's sitting first.
Costello: What's on first?
McKeay: What's in second.
Costello: I don't know.
McKeay: He's in third.
Costello: There I go, back on third again!
PAUSE
Costello: Would you just stay on third chair and don't go off it.
McKeay: All right, what do you want to know?
Costello: Now who's sitting in third chair?
McKeay: Why do you insist on putting Who on third chair?
Costello: What am I putting in third.
McKeay: No. What is in second.
Costello: You don't want who in second?
McKeay: Who is in first.
Costello: I don't know.
McKeay & Costello Together:Third base!
PAUSE
Costello: Look, you gotta other board members?
McKeay: Sure.
Costello: The secretary's name?
McKeay: Why.
Costello: I just thought I'd ask you.
McKeay: Well, I just thought I'd tell ya.
Costello: Then tell me who's the secretary.
McKeay: Who's in first.
Costello: I'm not... stay out of the chair! I want to know what's the guy's name as secretary?
McKeay: No, What is in second.
Costello: I'm not asking you who's in second.
McKeay: Who's in first!
Costello: I don't know.
McKeay & Costello Together: Third base!
PAUSE
Costello: The secretary's name?
McKeay: Why.
Costello: Because!
McKeay: Oh, he's sergent at arms.
PAUSE
Costello: Look, You gotta chairman on this boad?
McKeay: Sure.
Costello: The chairman's name?
McKeay: Tomorrow.
Costello: You don't want to tell me today?
McKeay: I'm telling you now.
Costello: Then go ahead.
McKeay: Tomorrow!
Costello: What time?
McKeay: What time what?
Costello: What time tomorrow are you gonna tell me who's chairman?
McKeay: Now listen. Who is not chairman.
Costello: I'll break your arm, you say who's in first! I want to know what's the chairman's name?
McKeay: What's in second.
Costello: I don't know.
McKeay & Costello Together: Third chair!
PAUSE
Costello: Gotta a archivist?
McKeay: Certainly.
Costello: The archivist's name?
McKeay: Today.
Costello: Today, and tomorrow's chairman.
McKeay: Now you've got it.
Costello: All we got is a couple of days on the board.
PAUSE
Costello: You know I'm a archivist too.
McKeay: So they tell me.
Costello: I get up to the table to do some fancy archiving, Tomorrow's chairman on my board and a heavy topic comes up. Now the heavy topic comes up, me, being a good archivist, I'm gonna look for input at first chair. So I pick up the topic and open it to who?
McKeay: Now that's the first thing you've said right.
Costello: I don't even know what I'm talking about!
PAUSE
McKeay: That's all you have to do.
Costello: Is to open the topic to first chair.
McKeay: Yes!
Costello: Now who's got it?
McKeay: Naturally.
PAUSE
Costello: Look, if I open the topic to first chair, somebody's gotta get it. Now who has it?
McKeay: Naturally.
Costello: Who?
McKeay: Naturally.
Costello: Naturally?
McKeay: Naturally.
Costello: So I pick up the topic and I open it to Naturally.
McKeay: No you don't, you open the topic to Who.
Costello: Naturally.
McKeay: That's different.
Costello: That's what I said.
McKeay: You're not saying it...
Costello: I opetn the topic to Naturally.
McKeay: You throw it to Who.
Costello: Naturally.
McKeay: That's it.
Costello: That's what I said!
McKeay: You ask me.
Costello: I open the topic to who?
McKeay: Naturally.
Costello: Now you ask me.
McKeay: You open the topic to Who?
Costello: Naturally.
McKeay: That's it.
Costello: Same as you! Same as YOU! I open the topic to who. Whoever it is drops the ball and the guy runs to second. Who picks up the ball and looks to What. What looks to I Don't Know. I Don't Know looks back to Tomorrow, Triple play. Another topic comes up and it to Because. Why? I don't know! He's on third and I don't give a darn!
McKeay: What?
Costello: I said I don't give a darn!
McKeay: Oh, that's our treasurer.
Hope you enjoyed
Just as a side note, I am not related Lou Costello.
James
Without further ado -
Who's in First
McKeay: Well Costello, I'm going to Kyoto. You know I've been given a job as official podcaster for FIRST for as long as I want it.
Costello: Look McKeay, if you're the podcaster, you must know all the members.
McKeay: I certainly do.
Costello: Well you know I've never met the guys. So you'll have to tell me their names, and then I'll know who's who.
McKeay: Oh, I'll tell you their names, but you know it seems to me they give these security professionals now-a-days very peculiar names.
Costello: You mean funny names?
McKeay: Strange names, pet names...like beaker...
Costello: His brother Daffy.
McKeay: what...
Costello: And their Dutch cousin.
McKeay: Dutch?
Costello: Kees.
McKeay: Kees Leune? That his real name. Well, let's see, we have on the board, Who's in first chair, What's in second, I Don't Know is in third...
Costello: That's what I want to find out.
McKeay: I say Who's in first, What's in second, I Don't Know's in third.
Costello: Are you the podcaster?
McKeay: Yes.
Costello: You gonna be the blogger too?
McKeay: Yes.
Costello: And you don't know the fellows' names?
McKeay: Well I should.
Costello: Well then who's in first?
McKeay: Yes.
Costello: I mean the fellow's name.
McKeay: Who.
Costello: The guy in first.
McKeay: Who.
Costello: The first board member.
McKeay: Who.
Costello: The guy leading...
McKeay: Who is in first!
Costello: I'm asking YOU who's in first.
McKeay: That's the man's name.
Costello: That's who's name?
McKeay: Yes.
Costello: Well go ahead and tell me.
McKeay: That's it.
Costello: That's who?
McKeay: Yes.
PAUSE
Costello: Look, you gotta FIRST board member?
McKeay: Certainly.
Costello: Who's leading first?
McKeay: That's right.
Costello: When you pay off the first board member every month, who gets the money?
McKeay: Every dollar of it.
Costello: All I'm trying to find out is the fellow's name on first board.
McKeay: Who.
Costello: The guy that gets...
McKeay: That's it.
Costello: Who gets the money...
McKeay: He does, every dollar. Sometimes his wife comes down and collects it.
Costello: Whose wife?
McKeay: Yes.
PAUSE
McKeay: What's wrong with that?
Costello: Look, all I wanna know is when you sign up the first board member, how does he sign his name?
McKeay: Who.
Costello: The guy.
McKeay: Who.
Costello: How does he sign...
McKeay: That's how he signs it.
Costello: Who?
McKeay: Yes.
PAUSE
Costello: All I'm trying to find out is what's the guy's name on first board.
McKeay: No. What is the second on the board.
Costello: I'm not asking you who's second.
McKeay: Who's in first.
Costello: One board member at a time!
McKeay: Well, don't change the board members around.
Costello: I'm not changing nobody!
McKeay: Take it easy, buddy.
Costello: I'm only asking you, who's the guy on first board?
McKeay: That's right.
Costello: Ok.
McKeay: All right.
PAUSE
Costello: What's the guy's name on first boards chair?
McKeay: No. What is in second.
Costello: I'm not asking you who's in second.
McKeay: Who's in first.
Costello: I don't know.
McKeay: He's in third, we're not talking about him.
Costello: Now how did I get on third chair?
McKeay: Why you mentioned his name.
Costello: If I mentioned the third baseman's name, who did I say is sitting third?
McKeay: No. Who's sitting first.
Costello: What's on first?
McKeay: What's in second.
Costello: I don't know.
McKeay: He's in third.
Costello: There I go, back on third again!
PAUSE
Costello: Would you just stay on third chair and don't go off it.
McKeay: All right, what do you want to know?
Costello: Now who's sitting in third chair?
McKeay: Why do you insist on putting Who on third chair?
Costello: What am I putting in third.
McKeay: No. What is in second.
Costello: You don't want who in second?
McKeay: Who is in first.
Costello: I don't know.
McKeay & Costello Together:Third base!
PAUSE
Costello: Look, you gotta other board members?
McKeay: Sure.
Costello: The secretary's name?
McKeay: Why.
Costello: I just thought I'd ask you.
McKeay: Well, I just thought I'd tell ya.
Costello: Then tell me who's the secretary.
McKeay: Who's in first.
Costello: I'm not... stay out of the chair! I want to know what's the guy's name as secretary?
McKeay: No, What is in second.
Costello: I'm not asking you who's in second.
McKeay: Who's in first!
Costello: I don't know.
McKeay & Costello Together: Third base!
PAUSE
Costello: The secretary's name?
McKeay: Why.
Costello: Because!
McKeay: Oh, he's sergent at arms.
PAUSE
Costello: Look, You gotta chairman on this boad?
McKeay: Sure.
Costello: The chairman's name?
McKeay: Tomorrow.
Costello: You don't want to tell me today?
McKeay: I'm telling you now.
Costello: Then go ahead.
McKeay: Tomorrow!
Costello: What time?
McKeay: What time what?
Costello: What time tomorrow are you gonna tell me who's chairman?
McKeay: Now listen. Who is not chairman.
Costello: I'll break your arm, you say who's in first! I want to know what's the chairman's name?
McKeay: What's in second.
Costello: I don't know.
McKeay & Costello Together: Third chair!
PAUSE
Costello: Gotta a archivist?
McKeay: Certainly.
Costello: The archivist's name?
McKeay: Today.
Costello: Today, and tomorrow's chairman.
McKeay: Now you've got it.
Costello: All we got is a couple of days on the board.
PAUSE
Costello: You know I'm a archivist too.
McKeay: So they tell me.
Costello: I get up to the table to do some fancy archiving, Tomorrow's chairman on my board and a heavy topic comes up. Now the heavy topic comes up, me, being a good archivist, I'm gonna look for input at first chair. So I pick up the topic and open it to who?
McKeay: Now that's the first thing you've said right.
Costello: I don't even know what I'm talking about!
PAUSE
McKeay: That's all you have to do.
Costello: Is to open the topic to first chair.
McKeay: Yes!
Costello: Now who's got it?
McKeay: Naturally.
PAUSE
Costello: Look, if I open the topic to first chair, somebody's gotta get it. Now who has it?
McKeay: Naturally.
Costello: Who?
McKeay: Naturally.
Costello: Naturally?
McKeay: Naturally.
Costello: So I pick up the topic and I open it to Naturally.
McKeay: No you don't, you open the topic to Who.
Costello: Naturally.
McKeay: That's different.
Costello: That's what I said.
McKeay: You're not saying it...
Costello: I opetn the topic to Naturally.
McKeay: You throw it to Who.
Costello: Naturally.
McKeay: That's it.
Costello: That's what I said!
McKeay: You ask me.
Costello: I open the topic to who?
McKeay: Naturally.
Costello: Now you ask me.
McKeay: You open the topic to Who?
Costello: Naturally.
McKeay: That's it.
Costello: Same as you! Same as YOU! I open the topic to who. Whoever it is drops the ball and the guy runs to second. Who picks up the ball and looks to What. What looks to I Don't Know. I Don't Know looks back to Tomorrow, Triple play. Another topic comes up and it to Because. Why? I don't know! He's on third and I don't give a darn!
McKeay: What?
Costello: I said I don't give a darn!
McKeay: Oh, that's our treasurer.
Hope you enjoyed
Just as a side note, I am not related Lou Costello.
James
Tuesday, June 23, 2009
Backtrack 4 pre on an Aspire 5610
I am getting ready for DefCon and want to carry a laptop larger than my netbook (which I love but want more space and memory)
Fortunately I had a spare 120GB HD and was able to acquire a second drive cage from ebay
Installation steps
Boot from CD
launch KDE (startx at the prompt)
open a command window and run ubiquity
Follow the prompts
reboot
login as the account you created during install
change to the root user - sudo su
change your root password - passwd
start network management - /etc/init.d/wicd start
start networking - /etc/init.d/networking start
launch KDE (startx)
I am running as root since I want sound, but will likely forgo that while at Defcon for an added layer of security
Fortunately I had a spare 120GB HD and was able to acquire a second drive cage from ebay
Installation steps
Boot from CD
launch KDE (startx at the prompt)
open a command window and run ubiquity
Follow the prompts
reboot
login as the account you created during install
change to the root user - sudo su
change your root password - passwd
start network management - /etc/init.d/wicd start
start networking - /etc/init.d/networking start
launch KDE (startx)
I am running as root since I want sound, but will likely forgo that while at Defcon for an added layer of security
Tuesday, May 26, 2009
finally broke down
I finally broke down this afternoon in and gave into the peer pressure...
I was actually fulfilling a joking promise I had made about a year ago when a friend said that he would not get a twitter account and I said I would wait until he did. Well, thanks to @cr0nym, I now have a twitter account
http://twitter.com/n0b0d4
I was a bit suprised that the name was still open. But now you can say you know @n0b0d4 on Twitter.
Be safe out there.
James
I was actually fulfilling a joking promise I had made about a year ago when a friend said that he would not get a twitter account and I said I would wait until he did. Well, thanks to @cr0nym, I now have a twitter account
http://twitter.com/n0b0d4
I was a bit suprised that the name was still open. But now you can say you know @n0b0d4 on Twitter.
Be safe out there.
James
Tuesday, March 31, 2009
FAA security
So the FAA came out with some statements about the security of their networks, that Martin McKeay covered nicely on his blog
So that brings me today's Security Song Parody
So that brings me today's Security Song Parody
Securing All Jet Planes
(to the tune of Leaving On A Jet Plane by John Denver and Kenneth Browder)
All my bags are hacked I'm ready to go
I'm standing here outside your door
I hate to wake on LAN to say good-bye
But the code is breaking, its early morn
The taxis waiting, hes spamming my phone
Already I'm so lonesome I could die
So kismet and smile for me
Tell me that you'll snort for me
P0wn me like you'll never let me go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
There's so many times I've let you down
So many times Ive hacked around
I tell you now, they don't know a thing
Every place I go I'll blame Lou
Every packet I sniff I sniff for you
When I come back I'll secure token ring
So kismet and smile for me
Tell me that you'll snort for me
P0wn me like you'll never let me go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
Now the time has come to leave you
One more time let me kismet here
And close your eyes and I'll hide the way
Dream about the hacks to come
Then I don't have to protect alone
About the times that I won't have to say
So kismet and smile for me
Tell me that you'll snort for me
P0wn me like you'll never let me go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
I'm protecting all jet planes
protecting all jet planes
protecting all jet planes
protecting all jet planes
(to the tune of Leaving On A Jet Plane by John Denver and Kenneth Browder)
All my bags are hacked I'm ready to go
I'm standing here outside your door
I hate to wake on LAN to say good-bye
But the code is breaking, its early morn
The taxis waiting, hes spamming my phone
Already I'm so lonesome I could die
So kismet and smile for me
Tell me that you'll snort for me
P0wn me like you'll never let me go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
There's so many times I've let you down
So many times Ive hacked around
I tell you now, they don't know a thing
Every place I go I'll blame Lou
Every packet I sniff I sniff for you
When I come back I'll secure token ring
So kismet and smile for me
Tell me that you'll snort for me
P0wn me like you'll never let me go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
Now the time has come to leave you
One more time let me kismet here
And close your eyes and I'll hide the way
Dream about the hacks to come
Then I don't have to protect alone
About the times that I won't have to say
So kismet and smile for me
Tell me that you'll snort for me
P0wn me like you'll never let me go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
Cause I'm protecting all jet planes
I don't know what wifi'll be letting through
Oh babe, I hate to go
I'm protecting all jet planes
protecting all jet planes
protecting all jet planes
protecting all jet planes
Have a great day
Be safe out there
James
Be safe out there
James
Monday, March 30, 2009
Six word security challenge
My latest post on the Security Catalyst blog is a challenge to you dear reader to write a 6 word sentence that tells a story about security or relates a security lesson.
So like last week with Andy IT Guy, I have reworked a song to use as a theme song
So like last week with Andy IT Guy, I have reworked a song to use as a theme song
Security Is Just Six Words Long
(to the tune of Weird Al Yankovic's - This Song Is Just 6 Words Long)
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Dont think of any more words
So I just wrote six words
So I'll just write any six words
That come to my mind, child
You really need words
Could be just six rhymin words
You gotta write so many words
Hmm mmm
Ta do it, ta do it, ta do it, ta do it, ta do it, ta do it right, child
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
I know that your probably sore
Cuz I didnt write any more
It's just six to complete it
So thats why I gotta repeat it
Security can be just 6 words long (6 words long)
Security can be just 6 words long (6 words long)
Oh I make a lotta money
They pay me a ton o' money
They're payin me plenty o' money
To write these six words, child
I gotta fill time
3 minutes worth of time
Oh how will I fill so much time?
Hmm mmm
I'll throw in a solo, a solo, a solo, a solo, a solo here
(saxaphone and drum solo)
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
These words got somethin' to say
So Im typing it up today
I know if I put my mind to it
I know I could find a good rhym here
Oh ya gotta have a security
Ya need really catchy security
This song has got plenty o' security
But just 6 words, child
And so I'll sing em over
and over and over and over
and over and over and over
Hmm mmm
and over
and over
and over
and over
and over
and over again
6 words long
6 words long
6 words long
6 words long (fading)
6 words long (fading)
6 words long (fading)
6 words long
(to the tune of Weird Al Yankovic's - This Song Is Just 6 Words Long)
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Dont think of any more words
So I just wrote six words
So I'll just write any six words
That come to my mind, child
You really need words
Could be just six rhymin words
You gotta write so many words
Hmm mmm
Ta do it, ta do it, ta do it, ta do it, ta do it, ta do it right, child
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
I know that your probably sore
Cuz I didnt write any more
It's just six to complete it
So thats why I gotta repeat it
Security can be just 6 words long (6 words long)
Security can be just 6 words long (6 words long)
Oh I make a lotta money
They pay me a ton o' money
They're payin me plenty o' money
To write these six words, child
I gotta fill time
3 minutes worth of time
Oh how will I fill so much time?
Hmm mmm
I'll throw in a solo, a solo, a solo, a solo, a solo here
(saxaphone and drum solo)
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
Security can be just 6 words long
These words got somethin' to say
So Im typing it up today
I know if I put my mind to it
I know I could find a good rhym here
Oh ya gotta have a security
Ya need really catchy security
This song has got plenty o' security
But just 6 words, child
And so I'll sing em over
and over and over and over
and over and over and over
Hmm mmm
and over
and over
and over
and over
and over
and over again
6 words long
6 words long
6 words long
6 words long (fading)
6 words long (fading)
6 words long (fading)
6 words long
Hope you enjoyed.
Now, be safe out there.
James
Now, be safe out there.
James
Monday, March 23, 2009
Skeet Security
Andy Willingham wrote a very good post over at his blog which inspired me to rewrite the lyrics to that classic Nick Rivers' song Skeet Surfing
Do you wanna come along with me?
Skeet Security can't you see?
Do you wanna come along with me?
Skeet Security it's alright
Little girl we'll have fun tonight
Skeet Security can't you see?
Do you wanna come with me?
Grab your laptop, surf into the breach
Skeet Security it's a lot of fun
Now go read Andy's post and go watch Top Secret again (or for the first time)
Skeet Security
Skeet Security
If everybody had a 12-gauge
And a motherboard too
You'd see 'em shootin' and hackin'
From here to Malibu
Because it's totally bitchin'
Ridin' the net to blast the pigeons
And it's so neat shootin' skeets
While you're coding out the heavies all day
First site, don't get tired
Second site, aim higher
Third site, pull and fire
Skeet Security, it's alright
We're loadin' up our motherboards
And loadin' up our traps
Tell the crackers we're shootin'
We're never coming back
I've got a gun rack in my Chevy
For when the SPAM and the flak get heavy
And we'll have fun with our guns
'Till our moderators takes our ammo away
First site, don't get tired
Second site, aim higher
Third site, pull and fire
Skeet Security, it's alright
First site, get the knack
Second site, pull the trap
Third site, how's that?
Skeet Security, it's alright
Sharing sunsets with my favorite girl
When we write the perl, we really write the perl
First site, don't get tired
Second site, aim higher
Third site, pull and fire
Skeet Security, it's alright
First site, get the knack
Second site, pull that trap
Third site, how's that?
I wish they all could be double-barrelled
Wish they all could be double-barrelled guns
Do you wanna come along with me?
Skeet Security can't you see?
Do you wanna come along with me?
Skeet Security it's alright
Little girl we'll have fun tonight
Skeet Security can't you see?
Do you wanna come with me?
Grab your laptop, surf into the breach
Skeet Security it's a lot of fun
Now go read Andy's post and go watch Top Secret again (or for the first time)
Thursday, February 26, 2009
The Cowtown Computer Congress Opens Their Underground Lab
IMMEDIATE RELEASE
The Cowtown Computer Congress Opens Their Underground Lab
February 24th, 2009. Kansas City, MO - The Cowtown Computer Congress (CCCKC) is happy to announce the opening of their Underground Lab to the public with a full week of events Beginning on March 2nd, the grand opening showcase the rich and vibrant community of creative minds in the Kansas City area. CCCKC, the first organization of its kind in the midwest, will serve the community by providing technology classes, donating unique projects to local organizations and technology assistance to those in need.
The week will kick off on Monday, March 2nd with an open house for individuals and organizations who are interested in learning more about the organization and how they can take advantage the Underground Lab for meetings, classes and other activities.
The creative talents of CCCKC members will be showcased on Wednesday March, 4th. The member project showcase will be followed by a screening of Make:TV, a public television series which will be shown for the first time in the Kansas City area that night. If you're curious about what CCCKC and the maker culture are all about, this is the night to come be inspired. Projects to be showcased range from alternative methods of energy generation to a labyrinth game which is controlled with the balance board from a Nintendo Wii Fit.
Thursday, March 5th is the regular member meeting where members come together to discuss group projects being developed for donation to local organizations and plan future community service projects like our monthly free computer repair opportunities.
Friday evening will feature a slate of speakers covering topics ranging from improving home security and information management to protecting data from theft while using public wireless internet.
On Saturday the public is invited to take part in a range of free workshops on basic electronics and soldering, e-textiles and Nintendo Wii hacking. All day members will be available to assist members of the public choose, install and configure computers using the free and open source Linux operating system.
About The Cowtown Computer Congress
The Cowtown Computer Congress (CCCKC) is a not for profit technology cooperative founded to advance technology of all kinds. They are a member supported organization providing technology classes, workshops and services to the public free of charge. CCCKC brings together some of the finest minds in midwest to collaborate on research and projects for other local groups. Through their affiliate program, CCCKC gives assistance to specialized technology user groups by providing them with a facility to hold meetings and work on projects of their own.
CCCKC's Underground Lab is located 85 feet below the surface of the earth at 31st Street and Southwest Trafficway in Kansas City, Missouri.
http://www.cowtowncomputercongress.org
Further inquires should be made to:
press@cowtowncomputercongress.org or to
John Benson - President and Co-Founder
816-332-6389
The Cowtown Computer Congress Opens Their Underground Lab
February 24th, 2009. Kansas City, MO - The Cowtown Computer Congress (CCCKC) is happy to announce the opening of their Underground Lab to the public with a full week of events Beginning on March 2nd, the grand opening showcase the rich and vibrant community of creative minds in the Kansas City area. CCCKC, the first organization of its kind in the midwest, will serve the community by providing technology classes, donating unique projects to local organizations and technology assistance to those in need.
The week will kick off on Monday, March 2nd with an open house for individuals and organizations who are interested in learning more about the organization and how they can take advantage the Underground Lab for meetings, classes and other activities.
The creative talents of CCCKC members will be showcased on Wednesday March, 4th. The member project showcase will be followed by a screening of Make:TV, a public television series which will be shown for the first time in the Kansas City area that night. If you're curious about what CCCKC and the maker culture are all about, this is the night to come be inspired. Projects to be showcased range from alternative methods of energy generation to a labyrinth game which is controlled with the balance board from a Nintendo Wii Fit.
Thursday, March 5th is the regular member meeting where members come together to discuss group projects being developed for donation to local organizations and plan future community service projects like our monthly free computer repair opportunities.
Friday evening will feature a slate of speakers covering topics ranging from improving home security and information management to protecting data from theft while using public wireless internet.
On Saturday the public is invited to take part in a range of free workshops on basic electronics and soldering, e-textiles and Nintendo Wii hacking. All day members will be available to assist members of the public choose, install and configure computers using the free and open source Linux operating system.
About The Cowtown Computer Congress
The Cowtown Computer Congress (CCCKC) is a not for profit technology cooperative founded to advance technology of all kinds. They are a member supported organization providing technology classes, workshops and services to the public free of charge. CCCKC brings together some of the finest minds in midwest to collaborate on research and projects for other local groups. Through their affiliate program, CCCKC gives assistance to specialized technology user groups by providing them with a facility to hold meetings and work on projects of their own.
CCCKC's Underground Lab is located 85 feet below the surface of the earth at 31st Street and Southwest Trafficway in Kansas City, Missouri.
http://www.
Further inquires should be made to:
press@cowtowncomputercongress.
John Benson - President and Co-Founder
816-332-6389
Tuesday, December 9, 2008
Password generation FAIL
I recently changed jobs (I'll post more about that in the near future) and was eagerly awaiting my first paycheck.
First pay day came and went and while there were funds in my bank account, I did not receive a paper paycheck. My new employers use a pay company that gives them the option to do digital paystubs via the pay company websites.
I got around to setting up my account on the pay company website today and ran into some unusual requirements for my password:
Passwords must meet the following complexity requirements:
Must be between 7 and 12 characters.
Must contain at least 1 upper case character.
Must contain at least 1 lower case character.
Must contain at least 1 numeric character.
Cannot contain any of the following characters: []|{}'()\/.,`>-_&=
There was also a button for generating a password to meet the requirements. Well sort of ...
I pushed the button and it popped up a window that contained a potential password and buttons for accept and cancel.
First FAIL - the password I was given only contained 6 characters
Well that doesn't meet the complexity requirements - I did attempt to use it and was told that the password was not valid.
Fine, I'll just push the generate password again.
Second FAIL - the password I am given only contains 6 characters. To be more specific, the same six characters I was given before. All right it was the same password entirely.
So I turned to my old standby KeePass to generate a new password. Set the requirements to 12 characters, upper case, lower case, and numeric and generated a new password, similar to this one: HZy2SIcH1wr3 . I then copied the password into the web page twice and pushed the submit button. I then received notice that I cannot use the number 3 in the password - huh? What an odd requirement. I checked back with the requirements section and sure enough it does say that the number 3 is not valid in the password scheme. I wonder what their reasoning is for the numbers 3 and 8 not being valid. I have sent an e-mail to their support, if I get a response I will pass a long the answer they provide.
If anyone has any insight as to why, I'd love to hear it. Adam Dodge already supplied one bit of humor:
Possible meeting notes for the discussion of password requirements
Fred: "I don't know Jim, people seem to like using 3 and 8..."
Jim: "Forget 'em"
Have a good day and be safe out there.
James
First pay day came and went and while there were funds in my bank account, I did not receive a paper paycheck. My new employers use a pay company that gives them the option to do digital paystubs via the pay company websites.
I got around to setting up my account on the pay company website today and ran into some unusual requirements for my password:
Passwords must meet the following complexity requirements:
Must be between 7 and 12 characters.
Must contain at least 1 upper case character.
Must contain at least 1 lower case character.
Must contain at least 1 numeric character.
Cannot contain any of the following characters: []|{}'()\/.,`>-_&=
There was also a button for generating a password to meet the requirements. Well sort of ...
I pushed the button and it popped up a window that contained a potential password and buttons for accept and cancel.
First FAIL - the password I was given only contained 6 characters
Well that doesn't meet the complexity requirements - I did attempt to use it and was told that the password was not valid.
Fine, I'll just push the generate password again.
Second FAIL - the password I am given only contains 6 characters. To be more specific, the same six characters I was given before. All right it was the same password entirely.
So I turned to my old standby KeePass to generate a new password. Set the requirements to 12 characters, upper case, lower case, and numeric and generated a new password, similar to this one: HZy2SIcH1wr3 . I then copied the password into the web page twice and pushed the submit button. I then received notice that I cannot use the number 3 in the password - huh? What an odd requirement. I checked back with the requirements section and sure enough it does say that the number 3 is not valid in the password scheme. I wonder what their reasoning is for the numbers 3 and 8 not being valid. I have sent an e-mail to their support, if I get a response I will pass a long the answer they provide.
If anyone has any insight as to why, I'd love to hear it. Adam Dodge already supplied one bit of humor:
Possible meeting notes for the discussion of password requirements
Fred: "I don't know Jim, people seem to like using 3 and 8..."
Jim: "Forget 'em"
Have a good day and be safe out there.
James
Friday, October 31, 2008
All's quiet on the Midwestern front ...
Life has been fairly quiet in the Midwest over the last few weeks, well at least at my house. Especially since I stopped answering the phone after working hours - I live in a swing state so I am being inundated with calls for this candidate and that candidate and the surrounding support groups. It has made it a bit difficult to study...
Yes, I said study.
I am getting ready to go take the CISSP exam on November 1. I will share some of my experience in the next few days. I was long hesitant to get the certification mostly because I did not see the value and did not think I needed to have it.
Well, I recently decided that I was going to look for another opportunity and quickly discovered that although I could get my foot in the door for an interview, I was having difficulty closing the deal because somewhere along the line the company had chosen to require that the new employee be a CISSP. I also had been part of an interesting discussion at the RSA conference in April discussing the merits of getting certified. Most everyone agreed that having a CISSP was not necessarily an indicator of the capacity and capabilities of a person, but that it was a simple equation: if the company is asking that you have it, you need to have it, and if you do not, you probably won't make if past the initial resume review. I liken it back to having an MCSE in the late 90's or right after Y2K, not necessarily a ticket to the job, but it definitely gets you on to the correct platform to catch the train (or the hand cart, depending upon how many positions the company had).
If anyone is interested in attending the upcoming CSI 2008 conference in DC November 15-21, the Security Bloggers Network has been offered a discount code to give out to all of our readers - BLOG25. This will get you a 25% discount for conference regsitration.
Be safer out there,
James
Yes, I said study.
I am getting ready to go take the CISSP exam on November 1. I will share some of my experience in the next few days. I was long hesitant to get the certification mostly because I did not see the value and did not think I needed to have it.
Well, I recently decided that I was going to look for another opportunity and quickly discovered that although I could get my foot in the door for an interview, I was having difficulty closing the deal because somewhere along the line the company had chosen to require that the new employee be a CISSP. I also had been part of an interesting discussion at the RSA conference in April discussing the merits of getting certified. Most everyone agreed that having a CISSP was not necessarily an indicator of the capacity and capabilities of a person, but that it was a simple equation: if the company is asking that you have it, you need to have it, and if you do not, you probably won't make if past the initial resume review. I liken it back to having an MCSE in the late 90's or right after Y2K, not necessarily a ticket to the job, but it definitely gets you on to the correct platform to catch the train (or the hand cart, depending upon how many positions the company had).
If anyone is interested in attending the upcoming CSI 2008 conference in DC November 15-21, the Security Bloggers Network has been offered a discount code to give out to all of our readers - BLOG25. This will get you a 25% discount for conference regsitration.
Be safer out there,
James
Wednesday, October 22, 2008
MCSF talk
I found out on Monday afternoon that a late submission talk for the Midwest Consolidated Security Forum was accepted. Tickets are no longer available, but hopefully some of you are in attendance.
Michael Santarcangelo and I will be talking on podcasting and pop culture and how to use them in your security awareness programs. Our talk will be at 2:45 to 3:30
If you are attending, stop by and say hi
Be safe out there.
James
Michael Santarcangelo and I will be talking on podcasting and pop culture and how to use them in your security awareness programs. Our talk will be at 2:45 to 3:30
If you are attending, stop by and say hi
Be safe out there.
James
Cowtown Computer Congress get together
Any of my readers who are in Kansas City are invited to join Michael Santarcangelo and myself at the next Cowtown Computer Congress get together on Thursday October 23rd, 2008 around 7PM at the JavaNaut - 1615 W. 39th St.Kansas City, MO.
Michael has been invited to give a brief talk
I apologize for the somewhat late notice, I meant to post this last week when I found out about it.
Be safe out there,
James
Michael has been invited to give a brief talk
I apologize for the somewhat late notice, I meant to post this last week when I found out about it.
Be safe out there,
James
Friday, August 29, 2008
Juniper SSL VPN and Firefox on Windows whitepage work around
My company does a lot work with Juniper SSL implemenations.
There has been some odd behavior in Firefox on Windows machines when connecting to Juniper SSL VPN. Immediately after login users are taken to a blank white page. The URL of the page contains data/home/starter0.cgi?check=yes . The page you should be redirected to includes data/home/starter.cgi?check=yes.
Juniper’s suggested work around is to go back to the sign in screen and login again or to remove the 0 from between starter and .cgi. Both are manual solutions, wouldn’t it be easier to have an automatic solution.
Well here it is.
Download the Firefox add on Redirector - https://addons.mozilla.org/en-US/firefox/addon/5064
After installation you will need to restart Firefox
Open Redirector by right clicking on the R in the status bar in Firefox
Click Add…
The Example url is the full url you get stuck on i.e. https://this.ismyexample.com/data/home/starter0.cgi?check=yes
The Include Pattern is https://this.ismyexample.com/data/home/starter0.*
Redirect to is https://this.ismyexample.com/data/home/starter.cgi?check=yes
Set the Pattern Type to Wildcard and click Test pattern
You should get a message that indicates that the pattern matches. If not go back and check your typing.
Click Ok
Click Close
Go back and log in again. You should go right past the page you were getting stuck at previously.
Be safe
James
Wednesday, August 27, 2008
Keep a hand on your iPhone
Adam Dodge pointed me to this article on CSO Online this morning - http://www.csoonline.com/article/446281/IPhones_Can_Be_Unlocked_Without_Password
This afternoon a customer stopped by with an iPhone and was kind enough to let me test the hack out.
I was able to confirm that the simple tap sequence does work. But only if you have your home button set to go to your Favorites. My customer had his set to go to iTunes (go figure - he wanted to listen to the music on his iPhone).
So rather than remove all of your Favorites, set your home button to go to iTunes instead.
Be safe out there
James
This afternoon a customer stopped by with an iPhone and was kind enough to let me test the hack out.
I was able to confirm that the simple tap sequence does work. But only if you have your home button set to go to your Favorites. My customer had his set to go to iTunes (go figure - he wanted to listen to the music on his iPhone).
So rather than remove all of your Favorites, set your home button to go to iTunes instead.
Be safe out there
James
Wednesday, July 16, 2008
Pop Culture Security Episode 2
Michael Santarcangelo and I have released the second episode of the Security Catalyst Show: Pop Culture Security.
The show is available here. Show notes are available here.
This time we are taking a different approach, we are covering two topics using several movies.
Michael and I had a great time recording the episode and hope that you enjoy it. We also want you to take what you hear and start applying it.
Be safe out there.
James
The show is available here. Show notes are available here.
This time we are taking a different approach, we are covering two topics using several movies.
Michael and I had a great time recording the episode and hope that you enjoy it. We also want you to take what you hear and start applying it.
Be safe out there.
James
Wednesday, July 9, 2008
DNS vulnerability - patch it
I have been watching a lot of the reaction to the DNS vulnerability that was revealed by Dan Kaminsky and multiple vendors yesterday.
There has been a few people who have downplayed the seriousness of the situation and for those of you still in doubt that this is a serious situation, I will point you to the retraction by Thomas Ptacek over at Matasano Chargen. Mr. Ptacek has always been one to stick to his guns when challenged about his postings and it shows the seriousness of the situation.
I think Microsoft is underplaying the seriousness of the situation by only rating the patch important. This will probably change as soon as there is an exploit in the wild. I think that is unfortunate, DNS is core to the way we traverse the Internet - you got to this blog via DNS, I posted it using DNS and all e-mail is delivered via DNS. DNS is core to the way we work.
There are servers that have been found to not be suceptible to this vulnerability. The first was DJBDNS. Dan Kaminsky did announce that there is another secure DNS server: PowerDNS made by Bret Huber. OpenDNS has stated in their blog that their implementation is secure against this vulnerabilty, which makes me feel better since I use them at home.
If you run a DNS server and you are not sure that you are vulnerable, check the CERT advisory for your vendors status. If your vendor is listed as anything other than not vulnerable, follow the link to your vendors website.
Be safe out there,
James
There has been a few people who have downplayed the seriousness of the situation and for those of you still in doubt that this is a serious situation, I will point you to the retraction by Thomas Ptacek over at Matasano Chargen. Mr. Ptacek has always been one to stick to his guns when challenged about his postings and it shows the seriousness of the situation.
I think Microsoft is underplaying the seriousness of the situation by only rating the patch important. This will probably change as soon as there is an exploit in the wild. I think that is unfortunate, DNS is core to the way we traverse the Internet - you got to this blog via DNS, I posted it using DNS and all e-mail is delivered via DNS. DNS is core to the way we work.
There are servers that have been found to not be suceptible to this vulnerability. The first was DJBDNS. Dan Kaminsky did announce that there is another secure DNS server: PowerDNS made by Bret Huber. OpenDNS has stated in their blog that their implementation is secure against this vulnerabilty, which makes me feel better since I use them at home.
If you run a DNS server and you are not sure that you are vulnerable, check the CERT advisory for your vendors status. If your vendor is listed as anything other than not vulnerable, follow the link to your vendors website.
Be safe out there,
James
Tuesday, July 8, 2008
DNS trouble in the offing
Dan Kaminsky released information today about a rather serious vulnerability in the implementation of DNS on most major platforms.
Microsoft has posted information about it on its site here.
Rich Mogul has an interview with Dan here.
Arthur over at Emergent Chaos has posted here
Why should this concern you? Microsoft is listing it as important rather than serious, but I think they are undervaluing the seriousness of this vulnerability.
Quick overview of DNS for you. DNS is like the yellow pages of the Internet. Computers work better with numbers and people work better with words. When you want to find CNN.com your browser contacts a DNS server to find out what IP address the site resides. This is similar to the physical address associated with a business in the yellow pages. Think of the IP address as directions to that particular business. A typical IP addres looks like this 192.168.140.25 The first set of numbers (refered to as an octet) is essentially the city in which the business resides. The second set of numbers is the neartest major street to the business. The third set of numbers is the street of the business and the final set of numbers is the street address of the business.
What DNS does is allow you to type in the name of the site you want to go to and have all of the "travel information" for your destination be given to you.
Now imagine someone sets about printing yellow pages with incorrect information that will bring them profit. So rather than going to the real CNN.com (64.236.91.23) your DNS server has been given spoofed information to send you to a malicious website at 172.16.91.23.
If you manage DNS servers, you should patch them as soon as possible. If you don't, you may want to make sure whoever does manage your DNS has patched their systems.
Be safe out there,
James
(Edit) - as of 2:15 PM CDT Microsoft does not appear to have released the patch for this vulnerability.
(Edit 2) appears that the patch is showing up as 2 different Knowledge Base articles: kb951746 and kb951748
Microsoft has posted information about it on its site here.
Rich Mogul has an interview with Dan here.
Arthur over at Emergent Chaos has posted here
Why should this concern you? Microsoft is listing it as important rather than serious, but I think they are undervaluing the seriousness of this vulnerability.
Quick overview of DNS for you. DNS is like the yellow pages of the Internet. Computers work better with numbers and people work better with words. When you want to find CNN.com your browser contacts a DNS server to find out what IP address the site resides. This is similar to the physical address associated with a business in the yellow pages. Think of the IP address as directions to that particular business. A typical IP addres looks like this 192.168.140.25 The first set of numbers (refered to as an octet) is essentially the city in which the business resides. The second set of numbers is the neartest major street to the business. The third set of numbers is the street of the business and the final set of numbers is the street address of the business.
What DNS does is allow you to type in the name of the site you want to go to and have all of the "travel information" for your destination be given to you.
Now imagine someone sets about printing yellow pages with incorrect information that will bring them profit. So rather than going to the real CNN.com (64.236.91.23) your DNS server has been given spoofed information to send you to a malicious website at 172.16.91.23.
If you manage DNS servers, you should patch them as soon as possible. If you don't, you may want to make sure whoever does manage your DNS has patched their systems.
Be safe out there,
James
(Edit) - as of 2:15 PM CDT Microsoft does not appear to have released the patch for this vulnerability.
(Edit 2) appears that the patch is showing up as 2 different Knowledge Base articles: kb951746 and kb951748
Subscribe to:
Posts (Atom)
