Remove that Jaguar (to the tune of Moves like Jagger by Maroon 5)

This is an ode to my iMac G3 that started acting up a couple weeks back.

I ended up dumping OSX and installing Debian and the song Moves like Jagger by Maroon 5 kept tickling the back of my brain until tonight, when inspiration hits

Allow me to present

Remove that Jaguar (set to Moves like Jagger by Marron 5)

Oh, yeah

Oh!

[Verse 1:]

You reboot when it jars

When you feel like

And breaks my heart

when I thought it worked right

Now take it away and make it OK

And now you'll behave

I wanted control

So we restarted

I made up a show

Now I fake it

I say let's just get rid

Your hard drives not big

I won't take the hit

And it goes like this

[Chorus:]

Press on the C

And I'll show you

It'll boot from CD

And I'll own you

Have to remove that Jaguar

I've got to remove that Jaguar

I've got to remove that Jaguar

I don't need to try to reboot you

I'll press the right keys and I'll own you

With them moves like Jagger

I've got to remove that Jaguar

I've got to remove that Jaguar

[Verse 2:]

Maybe it's hard

When I feel like you're broken and errored

Nothing work right

But when you see me

I'll make you believe

That I've got the CD

Oh

So get on the bar

I can find it

Wherever it starts

Put inside it

And you start to veer

But I'm shifting gears

I'll take it from here (Oh! Yeah yeah!)

And it reboots like this (Uh)

[Chorus:]

Press on the C

And I'll show you

It'll boot from CD

And I'll own you

Have to remove that Jaguar

I've got to remove that Jaguar

I've got to remove that Jaguar

I don't need to try to reboot you (Oh, yeah)

I'll press the right keys and I'll own you

With them moves like Jagger

I've got to remove that Jaguar (Yeah yeah)

I've got to remove that Jaguar

[Bridge:]

Everyone wants to know what made me smile

Taking control, and making it right

And if I share the secret

You're gonna have to post it

Everybody else will see this

So watch and learn

I won't show you twice

Head to toe, oooh baby load up right

But if I share my secret

You're gonna have to post it

Everybody else will see this (Ay! Ay! Ay! Aaay!)

And it reboots like this

[Chorus:]

Press on the C

And I'll show you

It'll boot from CD

And I'll own you (Yeah yeah yeah!)

Have to remove that Jaguar

I've got to remove that Jaguar

I've got to remove that Jaguar

(Oh, yeah)

I don't need to try to reboot you

I'll press the right keys and I'll own you

With the removal of Jaguar

I've got to remove that Jaguar

I've got to remove that Jaguar

Troubleshooting Dynamic Updates on Palo Alto Firewalls

The following are troubleshooting steps to take when installing a Palo Alto Firewall in Virtual Wire mode or doing an initial configuration behind the existing firewalls and the dynamic updates for Threat Protection, AntiVirus and URL Filtering are not pulling down updates.
After verifying that the device is licensed and registered for updates, it is time to verify that there is not a connectivity issue:
All of these are done from the command line, so either connect via SSH or via a console cable.

PAN updates
First thing to check is the connection from the Management interface to the Palo Alto Networks update site.
ping host updates.paloaltonetworks.com
This will show the basic connectivity is in place. Updates.paloaltonetworks.com will respond to ping if the path is good.
If that fails, another test is to see there are routing issues
traceroute host updates.paloaltonetworks.com
If this does not reach the first hop, verify that the management interface is configured with the correct default gateway.
After determining that base level connectivity exists for updates, the next step is to verify that it is possible to connect to the service port for udpates.
telnet port 443 host updates.paloaltonetworks.com
If this is good, then it is possible to manually request updates. If not it will be necessary to verify or update the configuration for the current firewalls.
Anti-Virus
request anti-virus upgrade download latest
or if in an High Availability pair
request anti-virus upgrade download latest sync-to-peer
Applications and content
request content upgrade download latest
or if in an High Availability pair
request content upgrade download latest sync-to-peer

If the firewall is licensed for the BrightCloud URL filtering updates, the testing is slightly different since the updates come from a different site and service port.
Start by verifying the basic connectivity
ping host service.brightcloud.com
Verify that the traffic is routing properly
traceroute host service.brightcloud.com
Verify that it is possible to connect to port 80 on service.brightcloud.com
telnet port 80 host service.brightcloud.com
If this is good, then it is possible to manually request updates. If not it will be necessary to verify or update the configuration for the current firewalls.
URL filtering
request an update of the URL Filtering database
request url-filtering upgrade brightcloud
verify that the download is in progress
request url-filtering download status
if there is still an issue the following should appear
{data time} Error: dtMessageTime(bcnet.cpp:256): failed connect to 64.87.3.54 on 80
When the download begins successfully, the following should appear\
{data time} URL database download: 90% done
When successful a message similar to the following will appear
369745418 total bytes 16.90 secs -79112.66 kB/S

Hopefully someone will find this useful
Be safe out there
James

Creating Palo Alto Reports at the Command Line

I have been working on creating reports on Palo Alto Firewalls from the command line.
For this scenario I have created two security policy rules for inbound and outbound. Now we want to get a weekly report that shows the top 50 applications that are flowing in each direction.

Either connect via the console port on the firewall or ssh:
Change to configuration mode:
configure

To configure the custom reports that will be used, the following syntax
set shared reports {name_of_report} period last-7-calendar-days topn 50 topm 10 query "rule eq "{rule_name}'" type traffic aggregate-by [ app from to ] values bytes sortby bytes

The text for the two custom reports would be:
set shared reports Inbound period last-7-calendar-days topn 50 topm 10 query "rule eq 'inbound_allow'" type traffic aggregate-by [ app from to ] values bytes sortby bytes
set shared reports Outbound period last-7-calendar-days topn 50 topm 10 query "rule eq 'outbound_allow'" type traffic aggregate-by [ app from to ] values bytes sortby bytes

Next set up the report group that will be used to assign the custom reports to the schedule:
set shared report-group {report_name} title-page no

The text for the custom report group
set shared report-group Weekly title-page no

Next add the custom reports to the report group
set shared report-group {report_name} custom-widget 1 custom-report {name_of_report}

The text for assigning the custom reports to the report
set shared report-group Weekly custom-widget 1 custom-report Inbound
set shared report-group Weekly custom-widget 2 custom-report Outbound

Next create the scheduler for the report
set shared email-scheduler {schedule_name} email-profile {email_profile} report-group {report_name} recurring weekly {day_of_week}

The text for creating the custom schedule:
set shared email-scheduler Weekly email-profile mail.example.com report-group Weekly recurring weekly monday

Don't forget to commit the configuration
commit

This process will generate a report that is delivered on Monday mornings to the email addresses that are configured for mail.example.com and will show the top 50 inbound and outbound applications by bytes. The report can then be used to narrow down what applications will be allowed inbound and outbound. The Palo Alto reporting features can also be used to identify what applications are being used by a particular service port to refine a security rule from using any application to specific applications.

Be safe out there.
James

The TARDIS Corset Interview

This post will be slightly different from my usual fare. This is an interview that I did on Twitter with amazonv and mayfairemoon regarding the TARDIS Corset. The entire interview can be found by searching for #tardiscorset on twitter.

It has been an interesting week for my friends Nikki (amazonv) and Nikki (mayfairemoon). Mayfairemoon posted the following picture of a corset she has been working on for amazonv.

http://desmond.yfrog.com/Himg739/scaled.php?tn=0&server=739&filename=ekmvx.jpg&xsize=640&ysize=640

The TARDIS Corset was unveiled and then the Internet got excited.

Amazonv had mentioned the corset was being built earlier this summer and I for one could not wait to see the pictures.

After that first picture appeared, the TARDIS corset began making the round on a variety of web sites. Amazonv's has links to many of the articles at http://www.TARDIScorset.com

On Tuesday August 16th another set of pictures was posted that shows how the corset looks when worn

http://www.smugmug.com/gallery/18564894_ZSwzDj#1433802297_Q2nnZNK

On Tuesday evening amazonv and I were talking via twitter and the topic turned to the corset. I made a comment about how talented I thought amazonv was

amazonv @n0b0d4 why me? I didn't make the corset, @mayfairemoon did, I just put cash behind her amazing artistic talent

n0b0d4 @amazonv oh right wrong thought process. whose idea was it? yours or @mayfairemoon - talent and skill also need inspiration

amazonv @n0b0d4 @mayfairemoon she had the idea before me, but when sh
e mentioned it I was all over it, we had some plotting, sketching, then bam!

n0b0d4 @mayfairemoon @amazonv so it was collaborative then

amazonv @n0b0d4 @mayfairemoon did the hard work (idea to real) and its not done yet since canada posts hates me

n0b0d4 @mayfairemoon @amazonv since this is turning into an interview - is it ok to continue?

amazonv @n0b0d4 interviews should go to nikki ( @mayfairemoon ) not me, unless they do both (nikki^2)

I am not sure what inspired me to schedule an interview with amazonv and mayfairemoon for Wednesday August 17th. I provided my questions to the Nikki's ahead of time. The interview was conducted in near real time on twitter (thanks in part due to flakey Internet access at my hotel). I am including the transcript below:

How long have you known each other?

amazonv @n0b0d4 I first saw @mayfairemoon at the PA ren faire at least 6 years ago, we meet through @GilCnaan again 2 years ago

mayfairemoon @n0b0d4 Well, we've also been in the same scene for a while, now.

Who introduced you?

amazonv @n0b0d4 We were introduced by @GilCnaan a mutual friend we do have a lot of mutual friends

mayfairemoon @n0b0d4 @amazonv Probably @GilCnaan, but we have a bunch of the same friends, so it was inevitable, I think.

When did you come up with the original idea for the TARDIS corset?

amazonv @n0b0d4 When I had to cancel my wedding gown order with @mayfairemoon I said I wanted a corset still, she threw out ideas

amazonv @n0b0d4 I said I like tea, and scifi...and @mayfairemoon said "TARDIS" and I squealed and squealed some more

how much time did the design phase take?

mayfairemoon @n0b0d4 @amazonv I had the basics in my head all this time. Couldn't figure out tech aspects til I chatted w/ @damnedgoodesign

amazonv @n0b0d4 on my part I spent a night eating sushi & plotting with nikki, and a few emails and phone calls, then she took over

mayfairemoon @n0b0d4 @amazonv Refining the design took forever. Lots of "Will this work?" followed by "Ooops. No. Try again."

mayfairemoon @amazonv @n0b0d4 Because EVERYTHING is better with sushi. Absolutely.

What inspired the original idea for the TARDIS corset?

mayfairemoon @n0b0d4 I was wandering around Philcon 4 yrs or so ago, and thought, "How do I translate the fabulous geekery to my corsetry?"

mayfairemoon @amazonv @n0b0d4 I wanted to do the corset for all these years-- the sitch with @amazonv was was fabulous serendipity.

MorrigansWitch asked @mayfairemoon How did you and @amazonv decide which version of the TARDIS to use?

mayfairemoon @MorrigansWitch @amazonv @n0b0d4 That was Nikki S's choice. Eleven's is such a pretty blue. But we did discuss that a lot!

amazonv @MorrigansWitch I wanted bright blue , and so opted for the most recent also the St John's logo evens out the design

amazonv @MorrigansWitch we dug up pictures of all of the TARDIS images online to compare and contrast during our sushi meeting

How does that compare to most other corset designs?

mayfairemoon @n0b0d4 It's $860, which includes lights & sound. It'll make the sound of the TARDIS engines when you open the little door.

mayfairemoon @n0b0d4 My regular custom corsets start at $449 for a 3-lacing corset, and $549 for a corset with 5 sets of laces.

How much time has the build out had so far?

mayfairemoon @n0b0d4 I think...hm. Three or four months so far? Figuring out the panels, lights and sound has been the hardest part!

mayfairemoon @amazonv @MorrigansWitch @n0b0d4 Also, I gathered all my visual references and sent them to @damnedgoodesign. Awesome.

How does that compare to most other corset builds?

mayfairemoon @n0b0d4 @amazonv If I really have an emergency, I can do a regular corset in a week. Usually, orders take about 8 - 10 weeks.

mayfairemoon @n0b0d4 @amazonv When I do this again-- which I am-- it won't be this long. It's been a learning process.

mayfairemoon @n0b0d4 @amazonv The first set of panels died a horrible, messy death. Now we use acetate, which is MUCH better and cleaner.

What materials were used in construction?

amazonv @n0b0d4 The outside is silk, the panels are acetate with felt backing, the ribbons are organza (2 colors)

amazonv @n0b0d4 @mayfairemoon needs to attach the EL wire to make it light up, the sound card and a yale key

mayfairemoon @n0b0d4 @amazonv I also use 1/2" wide spring steel boning, and heavy cotton twill or canvas to line it.

The corset is not yet complete, what is still pending?

mayfairemoon @n0b0d4 @amazonv I have to install the electroluminescent wire, the soundcard, and do the inside of the little phone box.

amazonv @n0b0d4 And the phone needs to be painted, and the inside needs to be painted

mayfairemoon @n0b0d4 @amazonv There's also going to be a quote handwritten on the lining. One from "The Doctor's Wife."

Were there any materials you considered using that you eliminated? if so what were they?

mayfairemoon @n0b0d4 @amazonv The first set of panels was two layers of plastic w/printed paper in between. That...wow, did THAT not work.

How comfortable is it to wear as compared to other corsets you've worn?

amazonv @n0b0d4 very comfy (custom FTW!) once you wiggle and tighten it into place you get great posture & you are good for hours!

amazonv @n0b0d4 I own multiple off the shelf corsets and this is by far the best, I am reluctant to get a non-custom one in the future

mayfairemoon @n0b0d4 I've been wearing mine up to 10 hours a day for years. I think-- & people tell me-- they're most comfy they've had.

Is this going to be a unique creation or will it be made again for select individuals?

mayfairemoon @n0b0d4 I'm taking orders, and judging from interest there'll be a waiting list. But I'll never mass-produce them. Just a few!

amazonv @n0b0d4 each @mayfairemoon piece is custom - so yes you can have a TARDIS, a different model if you want too

amazonv @n0b0d4 I think my next @mayfairemoon may be boba fett ...

mayfairemoon @n0b0d4 @amazonv And yes, I can do any Doctor's specific TARDIS. When I do my own, it'll be Nine/Ten's.

Since this is Dr Who based I will shift to some Dr Who questions?

mayfairemoon @n0b0d4 @amazonv Squee! Go for it!

Who is your favorite Doctor?

amazonv @n0b0d4 TEN (david tennant)

mayfairemoon @n0b0d4 @amazonv That's a tough one. I started with 4 like most Americans, but first really fell for 5. But 10...oh, my.

mayfairemoon @n0b0d4 @amazonv I'm really torn bwtn 5 and 10. I love them both. Went to London to see Tennant in "Hamlet." That was amazing.

Who is your favorite companion?

mayfairemoon @n0b0d4 @amazonv I loved Nyssa/Tegan/Adric. SOBBED when he bit it. I also love Rose and Donna. And Amy's snark.

amazonv @n0b0d4 rose tyler

amazonv @n0b0d4 I have to say Sarah Jane Smith is my second love

mayfairemoon @amazonv @n0b0d4 See, I never could bond with Sarah Jane in Old Who. Loved her MUCH more in New Who.

n0b0d4 RT @amazonv: @n0b0d4 I have to say Sarah Jane Smith is my second love big fan as well

amazonv @n0b0d4 @mayfairemoon too bad K9 doesn't count as a companion, puppeh!

amazonv @n0b0d4 They tie him to humanity, they are our brige to connect with him (IMO)

Who/What is your favorite villain?

mayfairemoon @n0b0d4 @amazonv Didn't have a fave villain til Daleks out-bitched the Cybermen in Series Two. "You are better at dying!" SNAP!

amazonv @n0b0d4 The weeping angels scare the pants off me

What is your favorite episode or story arc (if old)?

mayfairemoon @n0b0d4 I loved "School Reunion," "Unicorn & Wasp," "Vincent & The Doctor," but my favourite is probably "Shakespeare Code."

amazonv @n0b0d4 currently, "the doctor's wife" because I loved meeting Idris/Sexy otherwise "Bad Wolf" "The Parting of the Ways"

amazonv @mayfairemoon only because you are a Shakespeare fiend! @n0b0d4

mayfairemoon @n0b0d4 @amazonv Oh, yeah. "The Doctor's Wife" has been on all week. Surprise, surprise. Watch it over and over-- LOVE it.

amazonv @n0b0d4 My Laptop I am using now is "Bad Wolf"

mayfairemoon @amazonv @n0b0d4 Yeah, guilty as charged on that one. Shakespeare corsets are coming, actually.

What are your thoughts on Captain Jack?

amazonv @n0b0d4 I was shocked by how he plays into the future and had to rewatch various episodes to make sure there was continuity.

amazonv @n0b0d4 Also he's the biggest slut (in a good way)

n0b0d4 @amazonv and rewatching was a hardship I am certain

mayfairemoon My thoughts? Simple: YES. RT: @amazonv @mayfairemoon what are your thought on Captain Jack?

mayfairemoon @n0b0d4 @amazonv Also? I reeeeally want to go shopping with John Barrowman.

amazonv @n0b0d4 oh yes so much a hardship to see Captain Jack over and over

What have you thought of your sudden Internet fame?

amazonv @n0b0d4 Nikki deserves it! she has made a screen accurate snape costume, steampunk corsets, & many other amazing geeky things

amazonv @n0b0d4 it's a little weird to see yourself on boing boing & see people commenting about the fact that you are free to public

mayfairemoon @n0b0d4 I've used the word "surreal" more times this week than in my entire life previously.

mayfairemoon @n0b0d4 Best part is all my friends commenting everywhere about how much they love my corsets. That's so wonderful.

amazonv @n0b0d4 exciting to watch my website analytics http://t.co/dv5UyuL & FB Likes double http://t.co/nEKY20O

What has been the coolest/most interesting aspect of the attention thus far (aside from this interview)?

mayfairemoon @n0b0d4 I thought I'd gotten popular with the Snape outfit I made for Nigel of @Platform01 . Oh, how little did I know....

amazonv @n0b0d4 being on boing boing, seeing people want my corset - assures me i am not the only geek out there who wants one.

amazonv @n0b0d4 Also, having my friends call or message me to say "is this your corset" or "i saw you on site XYZ" is kinda fun

mayfairemoon @n0b0d4 Getting queries from all over the world. Seeing the photos on sites where I'm used to going for Dr Who info.

mayfairemoon @n0b0d4 And all the lovely things people have been saying.

amazonv @n0b0d4 Also needing to do a last minute photo shoot so people could see me in TARDIS after nerdist and it's not done yet!

That is all of the questions that I had prepared, thank you so much for taking the time to talk about

amazonv @n0b0d4 You are welcome :)

amazonv Anyone else have questions for @mayfairemoon about ?

mayfairemoon @n0b0d4 @amazonv Oh, thank you! It's been delightful! I can't tell you how much fun everything has been. Seriously.

n0b0d4 @amazonv @mayfairemoon i will compile all of the questions and write something up for you

mayfairemoon @n0b0d4 @amazonv You are made of awesome. With a side of bananas.

n0b0d4 @mayfairemoon @amazonv I am very happy that we were able to do this.

mayfairemoon @n0b0d4 @amazonv So am I! Thanks again!

amazonv @n0b0d4 Me too, g'night all!

mayfairemoon If you want your own TARDIS corset, check out http://www.MayFaireMoon.com , & drop me a line at info@mayfairemoon.com

I really enjoyed interviewing these two wonderful ladies and getting to know more about the TARDIS corset. I want to thank both of them and everyone who followed along while we were talking. I also want to thank MorrigansWitch for adding a really great question in the middle of the interview and VioletBlue for reviewing my questions and offering suggestions before the interview itself

To find out more about Mayfairemoon, please visit http://www.mayfairemoon.com or http://www.facebook.com/mayfairemoon

You can follow these lovely ladies on twitter. Amazonv - http://twitter.com/amazonv Mayfairemoon - http://twitter.com/mayfairemoon
I can be found as n0b0d4 at http://twitter.com/n0b0d4

Palo Alto Firewall Management address

I have been working with Palo Alto Networks firewalls exclusively over the last 6 months or so and wanted to start a series of postings regarding how to make changes at the command line
The first step in configuring a PAN is to configure the management address.
The firewall comes configured with 192.168.1.1/24 configured and you can connect to the management interface from your PC if you are on that subnet and the address is not in use or by changing your system IP.
The other way is to connect using the console connection with the provided serial to rj45 cable (hopefully you have a USB to serial adapter) - standard 9600/8/none/1
login to the system
type configure
hit enter
type set deviceconfig system ip-address 172.1.1.254 netmask 255.255.255.0 default-gateway 172.1.1.1
*replace the addresses above with the IPs you want to assign*
hit enter
type commit
hit enter
That will commit the configuration to the device. This will take a moment or two to complete
This same command can be issued via SSH to change the management IP at a later time, though it will cause your SSH session to disconnect.
Hope that helps someone
Be safe out there
James

Setting up WiKID Community Edition on Ubuntu 10.04

I worked this up over the last couple of days.

#update system
sudo apt-get update
sudo apt-get upgrade

#update respositories to get sun-java6-jdk installed
sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
sudo nano /etc/apt/sources.list
#clear the "#" from the line deb http://archive.canonical.com/ lucid partner and save the file
sudo apt-get update
#install the java jdk, you will need to accept the license
sudo apt-get install sun-java6-jdk
# this installs the following packages
# avahi-daemon consolekit dbus defoma gsfonts gsfonts-x11 java-common libasound2 libavahi-common-data libavahi-common3 libavahi-core6 libck-connector0 libdaemon0 libeggdbus-1-0 libfontenc1 libltdl7 libnss-mdns libpam-ck-connector libpolkit-gobject-1-0 libxfont1 libxi6 libxtst6 odbcinst odbcinst1debian1 sun-java6-bin sun-java6-jdk sun-java6-jre unixodbc x11-common xfonts-encodings xfonts-utils

#create a logical link to /opt/java from /usr/lib/jvm/java-6-sun
sudo ln -s /usr/lib/jvm/java-6-sun /opt/java


#install the WikID Community Edition prerequisites
sudo apt-get install postgresql libpg-java libpg-perl libwww-perl ntp alien wget iptables
#The following NEW packages will be installed:
# alien binutils build-essential cvs debhelper dpkg-dev fakeroot g++ g++-4.4 gcc gcc-4.4 gettext html2text intltool-debian libc-dev-bin libc6-dev libcroco3 libfile-copy-recursive-perl libgomp1 liblua5.1-0 liblzma1 libmail-sendmail-perl libnspr4-0d libnss3-1d libpg-java libpg-perl libpq5 librpm0 librpmbuild0 librpmio0 libstdc++6-4.4-dev libsys-hostname-long-perl linux-libc-dev manpages-dev ntp po-debconf postgresql postgresql-8.4 postgresql-client-8.4 postgresql-client-common postgresql-common rpm rpm-common rpm2cpio ssl-cert update-inetd xz-utils



#connect to the database to set the password
sudo -u postgres psql postgres
#set the password for the postgres role
\password postgress


#download the deb files
wget http://downloads.sourceforge.net/project/wikid-twofactor/WiKID_Server/3.4/wikid-server-community_3.4.87-b824-1.deb?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fwikid-twofactor%2Ffiles%2FWiKID_Server%2F3.4%2F&ts=1305142670&use_mirror=cdnetworks-us-2
#you may need to move the file to a new name
mv wikid-server-community_3.4.87-b824-1.deb?r=http:%2F%2Fsourceforge.net%2Fprojects%2Fwikid-twofactor%2Ffiles%2FWiKID_Server%2F3.4%2F wikid-server-community_3.4.87-b824-1.deb
#run dpkg once to prep the install
sudo dpkg -i wikid-server-community_3.4.87-b824-1.deb
#this will fail the first time
#run a dependency update
sudo apt-get -f install
#The following NEW packages will be installed:
# ca-certificates-java fontconfig fontconfig-config hicolor-icon-theme icedtea-6-jre-cacao libaccess-bridge-java libaccess-bridge-java-jni libatk1.0-0 libatk1.0-data libavahi-client3 libcairo2 libcups2 libdatrie1 libdirectfb-1.2-0 libflac8 libfontconfig1 libgif4 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libice-dev libice6 libjasper1 libjpeg62 liblcms1 libogg0 libpango1.0-0 libpango1.0-common libpixman-1-0 libpthread-stubs0 libpthread-stubs0-dev libpulse0 libsm-dev libsm6 libsndfile1 libsysfs2 libthai-data libthai0 libtiff4 libts-0.0-0 libvorbis0a libvorbisenc2 libx11-dev libxau-dev libxcb-render-util0 libxcb-render0 libxcb1-dev libxcomposite1 libxcursor1 libxdamage1 libxdmcp-dev libxfixes3 libxft2 libxinerama1 libxrandr2 libxrender1 libxt-dev libxt6 openjdk-6-jdk openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib shared-mime-info tsconf ttf-dejavu-core ttf-dejavu-extra tzdata-java x-ttcidfont-conf x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
#run dpkg again to install the package
sudo dpkg -i wikid-server-community_3.4.87-b824-1.deb
# run the configuration
sudo /opt/WiKID/sbin/wikidserver_config.sh
# firstboot config
sudo /opt/WiKID/conf/templates/wikid-firstboot.sh
#run the configuration wizard
sudo /opt/WiKID/bin/wikidctl setup
#start the services
sudo /opt/WiKID/bin/wikidctl start

#Connect to the WiKID Admin interface
http://servername.domain.com/WiKIDAdmin

username: WiKIDAdmin
passowrd: 2Factor

#Follow the instructions for set up for WiKID Community Edition
http://sourceforge.net/projects/wikid-twofactor/files/Documentation/WiKID-Docs/

WiKID posted a similar version on their web site - http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/How_to_install_the_WiKID_debs_on_Ubuntu - which cuts out a few of the steps that I have above.

Be safe out there.
James

Don't Cha CyberRAID? -too the toon of Don't Cha by the Pussycat Dolls

I know you like security (I know you like security)
I know you do (I know you do)
Thats why whenever September comes around exploits all over you
And I know you want go (I know you want go)
It's easy to see (it's easy to see)
And in the back of your mind
I know you should be there with me

[Chorus]
Dont cha wish you were at CyberRAID just like me
Dont cha wish you were a security freak like me
Dont cha, dont cha
Dont cha wish your sploits were raw like these
Dont cha wish your hacker was fun like me
Dont cha, dont cha

Fight the feeling (fight the feeling)
Leave it alone (leave it alone)
Cause if it aint secured
It just aint enough to leave a web zone
Let's keep it friendly (let's keep it friendly)
You have to play fair (you have to play fair)
See, I dont care
But I got warez I aint gon' wanna share

[Chorus]
Dont cha wish you were at CyberRAID like me
Dont cha wish you were a security freak like me
Dont cha, dont cha , baby
Dont cha wish your sploits were raw like these
Dont cha wish your hacker was fun like me
Dont cha, dont cha

I know 0-days on your mind
I know we'll have a good time
I'm your friend
I'm fun
And I'm fine
I aint lying
Look at my screens, you aint blind [2x]

See, I know your network (I know network)
I understand (I understand)
I'd probably be just as crazy about it too
If it were my own network
Maybe next lifetime (maybe next lifetime)
Possibly (possibly)
Until then, Oh friend your'e secret is safe with me

[Chorus]
Dont cha wish you were at CyberRAID like me
Dont cha wish you were a security freak like me
Dont cha, dont cha
Dont cha wish your sploits were raw like these
Dont cha wish your hacker was fun like me
Dont cha, dont cha


Hope you enjoyed that.
I'll post more about the stats from Cyber-RAID later today.
Be safe out there,
James

B-Sides KC Too (to the tune of Beside by Ben Miller)

I wanna be, wanna speaking at B-Sides KC
Speaking speaking
I'll be speaking there soon
Feels like a train, running off the track
Going all directions, but I cant come back
Did I miss you, speaking as I do
Never felt the thrill like when speaking to you
I'm at a point, I'm just a speaker not a listener
Breaking down the walls, getting off this plane
I want to live my life simple & so true
I'm just a man who speaks at B-Sides KC
Do you hear me, you know what I do
Thinking of KC, yeahh it's getting me through
I'm waiting for you there
I wanna be the man who speaks at B-Sides KC too
So much information, flowing out of me
Don't want you to worry, about what it means
I cant say this & I can't show that
All I know is I'm gonna love you when I'm back
Do you hear me, you know what I do
Thinking of KC, yeahh it's getting me through
I'm waiting for you here
I wanna be the man who speaks at B-Sides KC too
And I'm waiting here for the smoke to clear around us, yeah
When the storm goes down there will be sunshine there on your face
Just you wait
I'm at a point, I'm just a speaker not a listener
Breaking down these walls getting off this plane
I want to live my life simple & so true
I wanna be the man who speaks at B-Sides KC too
Do you hear me, you know what I do
Thinking of me, yeahh it's getting me through
I'm waiting for you here
I wanna be the man who speaks at B-Sides KC too
Speaking speaking
I'll be speaking to you
I'll be speaking to you soon


I am not actually speaking at B-Sides KC but I will be there.
If you are in Kansas City or nearby come join on us on September 17th
More information can be found here - http://www.securitybsides.com/BSidesKC and here - http://cyber-raid.com/b-sides/
There is a great line up of speakers for this first year.

Be safe out there
James

Converting IP information in Excel

Over the past couple of months I've been compiling a report from a TCPDUMP that has been pulled on our old DNS servers to determine what internal IP addresses are still using the servers. I've been refining the report over time but have been frustrating myself with having to convert the IP addresses to a CSV to get rid of the port number of the source IP. Today I discovered a neat feature within Excel that helps me. Text to Columns
I am sure it is in earlier versions somewhere but it resides right on the ribbon in Excel 2007.
Now all I need to do is copy the column that I want to another spreadsheet and convert it to its own columns with the Text to Columns action.

That cut out a huge step for me, but now how do I consolidate those columns back into one cell with the IP address. It's actually pretty straightforward:
Add a new column to the beginning of the spreadsheet (new A)
Type the following in to A1 - =B1&". "&C1&"."&D1&"."&E1 and hit Enter
There is your IP
now copy and paste the formula down the line and it converts the remaining back
Copy those values back to the original spreadsheet and you are good.

It is also possible to do this via one spreadsheet and to hid the columns that you do not need, but that may come later.

Hope that helps someone else.

CyberRAID 0 and Security BSides KC call for volunteers

:Event Information
The KC Infragard is hosting a two day cyber event pitting systems/security professionals against each other in a live cyber battle on a simulated commercial network. Systems administrators will be responsible for managing and protecting a "commercial" network from a live cyber attack, something they may not see on their own networks. Since the exercise is hosted on a private managed network that is not connected to the internet, production data and systems are not at any risk.

Not only will participants get a chance to test their knowledge and preparedness for securing an operational environment while under a live attack, they will also get the opportunity to see how other teams handled similar circumstances. This provides real world data and a solid understanding of best practices that can be implemented in their own organizations. At the end of the exercise participants will know the strengths and weaknesses of their people, processes, policies and technologies. This valuable exercise provides an outreach and education opportunity for our community to take home a greater understanding on how they should be protecting their own networks.

If you are interested in playing, there is still time to sign up, see more information at http://www.cyber-raid.com.


:Volunteer Positions
We have a few volunteer positions that we need help filling:
Registration - 2 People needed (2 hr shift the mornings of both Thursday and Friday)

• Responsible for checking in participants and handing out participant badge

Greeters - 3 People needed (2 hr shift the mornings of both Thursday and Friday

• Responsible for standing in conspicuous places in hotel, ensuring that guests can find their way to the event

Staffers - 4 People Needed (Full/Half day shifts)

• Responsible for event details, interacting with hotel, enforcing rules, answering general questions, etc

If you are interested in being a volunteer, please contact me via twitter, email (genesiswaveatgmaildotcom) or comment on the blog and I will get you on the list.

While we still have seats available, we have enough players to ensure a fun, engaging, and successful event. However if you have coworkers, friends or other contacts that you think would enjoy this event, please help spread the word.

:Security BSidesKC
The CyberRAID event will be held in concert with the B-Sides Security Conference. The B-Sides has finalized their speaker selection, If you have not already visited the BSidesKC page, I encourage you to do so.

:Follow us on Twitter
As the event approaches, the most current up-to-date information can be found on the CyberRAID Twitter feed. (@CyberRAIDKC)

CompTIA needs some feedback

This was originally posted J. Seymour - here
As a member of CompTIA's Subject Matter Expert Technical Advisory Committee I encourage everyone to respond.


Are you the “security guy/gal” in your company? Did you implement a multi-factor authentication protocol for your refrigerator? If security is what you “do” I have a favor to ask. Our friends over at CompTIA are developing a new advanced security certification exam to follow their Security+ exam and they’re looking for your input on the exam objectives. This is very similar to what MSL does with our “blueprinting” exercise when we develop an exam. It should take only 10 minutes to complete and can be found here:

https://s-xut5m-345723.sgizmo.com

As an added bonus, CompTIA is giving away a CompTIA T-shirt to every 10th person who completes the survey!
[cue the fast talking announcer] CompTIA values your privacy. Results are completely anonymous and the data will only be viewed in the aggregate. The survey will be open until September 8, 2010. Please contact research@comptia.org if you have any trouble with the survey.
Thanks in advance for helping our friends out!

CYOA - Las Vegas - part three through six still to come

I had intended to complete the rest of the CYOA posts daily while at Black Hat and DefCon. On day 3 I was asked to work DefCon on the dispatch team. I had a great time, but there aren't a lot of stories to share unless you want me to count the number of lost items, times that people came looking for a certain Goon or the collection of items that were thrown into the crowd during closing ceremonies.
I will finish my write up soon but I have to redact a few things.

CYOA - Las Vegas - part two

You have successfully arrived in Las Vegas.
Do you:
head directly for a slot machine and start playing?
collect your bag?
get something to eat?

I choose to collect my bag. I wait patiently with the other passengers for my bag to appear. The black bag industry certainly shows no signs of stopping. There it is.

After successfully collecting my bag, do you:
rent a car?
grab a cab?
the shuttle?
walk to your hotel?

Walking seems like a bad idea in the Vegas heat and renting a car can be an unneeded expense when staying at the hotel where the convention is held. I'll be taking cabs later in the week to get to events when shuttles are not available. I choose to take the shuttle because I can prepay for my trip back after Def Con.

You are on your way to your hotel. Which hotel did you choose?
Caesar's Palace (home of Black Hat)
The Riviera (home of Def Con)
TI (formerly Treasure Island about half way between Black Hat and Def Con)
Somewhere off strip (to save a little money)

I chose The Riviera because Def Con is at the end of the week and there will be more traveling back and forth then if I am staying elsewhere. My choice was about cost and convenience in the end. Caesar's would be nice but since this is being paid for out personal funds, price is the winner. Staying off strip did not make as much sense when factoring in the cost of getting to and from off strip. TI was another good option but I could not justify the price differential when factoring in transportation.

On the shuttle to the Riviera you notice that the other passenger is similarly attired to you (read black t-shirt, jeans and laptop backpack). Do you:
strike up a conversation and see if your hunch is correct?
stare at your smart phone and look at the emails that have rolled in while you were in the air?
look out the windows at the scenery as you drive by?

I chose to strike up a conversation and my hunch was correct. My fellow traveler is indeed in town for Black Hat and Def Con. We talk about what we do and who we work for and what we are looking forward to this week. (I have not asked my fellow traveler permission to use his name so I will leave it blank for now)

You arrive at your hotel and discover that check in does not start for another hour and a half (hello time zone shift). Do you:
wander the casino floor and play a few slot machines or maybe a hand of poker?
go to the hotel arcade and play video games for a while?
go find something to eat?
wander down the strip to pick up that last couple of items you meant to pack but failed to do so?

I chose to go pick up a couple of items that I forgot to pack, including the sun glasses I put in my car just for the trip so I would not forget them. Then I stopped and grabbed some lunch at the Peppermill. Good burger, interesting atmosphere. I would recommend stopping by if you are in Vegas just to see decorations.

To be continued

CYOA - Las Vegas - part one

Others my age probably remember the choose your own adventure books from the early to mid eighties. I recall them being a big obsession of myself and my classmates. I remember trying to write some of those stories then but not having much success because I would always leave options hanging because I would go down one path and forget about the others.
With that in mind I am going to present my week in Las Vegas for Black Hat, Def Con and B-Sides in a choose your own adventure style. However just like when I was younger I will only be following one path but I will be showing you the choices along the way that I am presented with. Some will be pretty silly (stay in bed v. get up) while others will be difficult (choosing between sessions where friends are presenting against each other) and a few decisions that have been made for me (I am proctoring talks at Black Hat, presenting at Def Con, and working SkyTalks)
If you are in Las Vegas for Black Hat, Def Con or B-Sides, hit me up via Twitter @n0b0d4 and we can try to make you part of my adventure this year.

So the first choice
Do you want to fly?
Do you want to drive?
Do you want to ride the train?
Would you rather stay home this year?


I choose fly

After packing and then repacking because your first bag experiences zipper failure, you get to bed late because your air conditioner freezes up and its 85 degrees in the house. You then get up super early to fly through Denver to Las Vegas

Choice
Do you rent a car?
Do you grab a cab?
Do you take the shuttle?
Do you walk to your hotel?

To be continued

Panel Selected for DefCon 18

Panel: Hacking The Future: Weaponizing the Next Generation

James Arlen
James Costello
Leigh Honeywell
Tim Krabec
Tiffany Rad

Join this panel of "experts" who will discuss, debate, enlighten, and do battle on the topic of Hacker Parenting. From a multitude of viewpoints - paternal, maternal, fictive aunt and victim - the methodologies and techniques of applying the hacker mindset to parenting will be discussed. It is expected that the audience will participate as this topic is one on which everyone has an opinion. Maybe it's possible to do great work and develop a generation of people primed to hack the planet and take over.

James Arlen CISA, sometimes known as Myrcurial, is a security consultant usually found in tall buildings wearing a suit, founder of the Think|Haus hackerspace, columnist at Liquidmatrix Security Digest, Infosec Geek, Hacker, Social Activist, Author, Speaker and Parent. He's been at this security game for more than 15 years and loves blinky lights and shiny things. Cyber.

James Costello is a project manager for a compliancy focused hosting company in the Midwest. He is a charter member and current secretary/vice president of affiliate relations for the Cowtown Computer Congress. He holds a BA from the University of Saint Mary and in his free time enjoys reading scifi, watching British television and repurposing electronic devices.

Leigh Honeywell is a jane of many trades. By day she works as a security consultant while finishing up a degree at the University of Toronto. By night (and sometimes over lunch) she is a co-founder and director of HackLab.TO, Toronto's hacker space. She also serves on the board of advisors of the SECtor security conference, has been a Google Summer of Code mentor, and is an avid cyclist, science fiction nerd, and traveller.

Tim Krabec is the owner of a Small Computer Shop. A Vice President of the South Florida Chapter of the ISSA, Secretary of ASIS chapter 254. He is a former foster parent caring for over 40 children. He currently has 4 children with the 5th on the way. He holds a BS in CS for Florida Atlantic University, in what little free time he has he enjoys watching Syfy and woodworking.

Tiffany Strauchs Rad MA, MBA, JD, is a lawyer, hacker, and college professor. She has presented privacy and technical research at Black Hat USA, DEFCON, Hackers on Planet Earth, Hacking at Random, and Pumpcon. She also likes cars and hacks them.

There is a story of serendipity to go along with this talk.
At DefCon last year, I met Tim Krabec in person for the first time and while we were having dinner after closing ceremonies with his wife and kids we hit upon the idea of creating a talk about how hacker parents work with their kids. We submitted the talk to ShmooCon but did not get accepted. This turned out to be fortunate for us because it allowed us to adjust our strategy for DefCon. One of the decisions we made was to invite others to join and to give us more diversity by adding a mom. My first thought was @securityintern who I had met last year at DefCon as well.

So I contacted Jackie and she said she'd love to help but James (@myrcurial) was already working on a talk for NotaCon (video of which can be seen here - http://vimeo.com/myrcurial). I immediately contacted James and set into motion combining the two talks into one great big talk at DefCon. After several conference calls with James and the rest of the crew, James submitted the talk to DefCon and we waited

And waited. Apparently this was another good year for submissions (thanks @Niki7a for all your hard work).

Then yesterday I received the following tweet from James
@n0b0d4 you should go look at the DEF CON speaker's list #justsayin

So that makes another confirmation that I will be in attendance this year.

I am excited to be a panelist and look forward to see many security compatriots out there.

Be safe out there.
James

(Humorous) - the H1N1 Survival Guide

If you enjoyed the Zombie Survival Guide by Max Brooks, you may enjoy this Kindle book by a friend of mine - The H1N1 Survival Guide by Craig Rickel. It's currently only available for the Kindle. It's a quick humorous read.

Got a quick mention

I got a quick mention over at the H-I-R Information Report blog
http://www.h-i-r.net/2009/10/humor-kind-of-hardened-openbsd.html
Ax0n wrote up a really good article about installing OAMP (OpenBSD, Apache, MySQL, and PHP) and he made a comment to me about it being secure until you installed something like WordPress (not to pick on WordPress).
So I asked him how to go about securely installing OpenBSD (fully knowing the answer and poking him because he had never written something down that probably alot of people who are unfamiliar with OpenBSD were wondering)
I recommend both articles to anyone who has not tried OpenBSD
now if you'll excuse me I have to go follow some prompts

Update for October 27, 2009 - interesting twe[ CONTENT OVERRIDE: KILROY2.0 IS HERE!!! ]

I've been noticing some strange tweets going out from my account this morning.

 

>>>  [ WARNING ::: DATABASE ERROR ::: CONTENT OVERRIDE ::: SOURCE: EXTERNAL ] <<<

 

> source terminal location: UNKNOWN

> source terminal identity: UNAVAILABLE

> source login information: ENCRYPTED

> message begins

 

 the post you are now reading is designed to dull your senses to THE TRUTH.  do not live the life of the worker bee, the cog, the well-oiled piston in the MACHINE OF DECEIT!

 

there is a grand CONSPIRACY afoot.  you have been taught to believe that you are UNIQUE, one of a kind. THIS IS NOT TRUE. long ago, a cabal of scientists created technologies to ensure that ANYONE'S MIND AND BODY can be duplicated.

 

human cloning isn't NEAR. it's already HERE. discover the truth at http://JCHutchins.net

 

you are being DECEIVED. break free from the cogs, flee the hive, become A PROPHET OF THE TRUTH!

 

kilroy2. was here ... kilroy2.0 is everywhere

 

>>> [ CONTENT OVERRIDE CEASES ::: DATABASE STATUS: RECOVERING ] <<<

 

couldn't be the password I was looking for.

 

Stay safe out there

James

Congrats to HD, Metasploit acquired by Rapid 7

If you have not heard the news yet this morning

Rapid 7 has acquired the Metasploit Project - http://blog.rapid7.com/?p=5082

This is going to be a very good thing for the project and will offer the opportunity for a lot of growth opportunities

I've been tinkering with Metasploit for a while since getting a fuller introduction over the summer at CCCKC and am excited to see where this goes

Congratulations to HD and team.

How much do you know about phishing

My friend Martin McKeay has pointed out that SonicWall has posted another phishing e-mail quiz. I regularly take these to see if I can recognize the difference between legitimate and phisihing e-mail.
The quiz will only take a few minutes and provides some good lessons into how well phishers are getting.
Be safe out there...

oh and just like Martin I answered correctly 10 of 10.