Nov 19 2009 1:59PM GMT
Posted by: Troy Tate
robots,
technology,
playwright,
Shakespeare,
investigation,
forensics
In that realm of odd and unusual news stories, a recent story on Wired tells about a Texas A&M production of Shakespeare’s A Midsummer Night’s Dream using robot flying fairies alongside the rest of the carbon based cast. So, it seems like the classics are just that, the themes and stories also work well in today’s world. Isn’t that the definition of a classic, that it speaks to us today as effectively as it did to others in the past?
This story just made me wonder what technologies of today Shakespeare would have used in his plays.
In Hamlet, would Shakespeare have used the techniques and tools that the Ghost Hunters on Syfy use for detecting the ghost of Hamlet’s father?
In Macbeth, would the three witches have met using Cisco’s Telepresence?
Would CSI have been called in to investigate all of the deaths of King Lear’s daughters?
What technology elements or themes do you think Shakespeare would have used if he had available then what is available today?
Thanks for reading & let’s continue to be good network citizens!
Nov 5 2009 4:50PM GMT
Posted by: Troy Tate
tls,
SSL,
certificates,
web services,
authentication,
IIS,
apache,
vulnerability,
information security,
risk,
risk management
As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL vulnerability has been announced. What you need to know about this vulnerability is that it most affects TLS (transport layer security) sessions using client authentication certificates. This is a vulnerability at the protocol level which makes it very difficult to fix where a recent previous SSL vulnerability had to do with certificate formats and content.
For specific details from the original researchers, visit the ExtendedSubset.com website. The summary of the announcement is shown below:
Renegotiating_TLS.pdf
Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf
Packet captures: renegotiating_tls_20091104_pub.zip
This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.
Oct 15 2009 6:44PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 - 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.
Some things you will learn in this webinar:
- Using the Default Capture and Display Filters
- Creating a Few Hot Capture Filters
- Filtering Tips and Tricks for Troubleshooting
- Filtering Tips and Tricks for Security
Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.
Thanks for reading and let’s continue to be good network citizens!
Oct 15 2009 12:51PM GMT
Posted by: Troy Tate
Google,
cloud services,
saas,
antispam,
antivirus,
service outage,
service level,
incident report,
root cause analysis,
corrective actions
I recently posted about Google’s Postini - cloud email security service - delivery issues. This is a follow-on post about the incident root cause analysis and corrective actions. Maybe there’s some lessons learned here that you can use in your organization’s service delivery.
The impact on customer email services lasted more than 24 hours while Postini engineers worked to resolve the issues. So, this was not an insignificant event. During this period, messages were delayed and users were not able to get to their quarantines to release messages trapped by filters. Administrators were also unable to access the administration console. The Postini support portal was unreachable at times due to the high volume of users trying to get updates on the event. The support phone line queues were very long and it took a long time to reach a support agent. Nothing like this has happened before in all of the years we have been a Postini customer.
I just received the incident report about the service disruption and wanted to share some of the information with IT Trenches readers. Continued »
Oct 13 2009 7:59PM GMT
Posted by: Troy Tate
Google,
cloud services,
saas,
antispam,
antivirus,
service outage,
service level
Since very early today, US Eastern Daylight Time, Google’s Postini services have been experiencing some service issues. It is unknown as of this writing as to the cause or full scope of the issue. However, when logging into the Postini support portal, an administrator is given the following status indicators:
Postini system status on October 13, 2009
We have been Postini customers over 4 years now and this is the first time an outage like this has happened. It’s not a full outage as messages are still coming in although at a trickling rate rather than normal expected volumes. This outage is so bad that my ability to login to the support portal is impacted. I receive either an internal 500 server error or “Too many connectionsCould Not Select DB”. A recent update notification said that a secondary Postini secondary data center has been enabled.
The recent GMAIL outage raised some concerns about cloud computing. I wonder if today’s Google Postini outage is a symptom of some deeper Google service delivery problem.
Thanks for reading & let’s continue to be good network citizens! Hopefully you are not trying to send me any messages, who knows how long it might take for the message to reach me today. Otherwise, let me know what you think here in the comments.
Oct 7 2009 6:38PM GMT
Posted by: Troy Tate
IT,
information technology,
professional,
career,
network analysis,
service level,
support,
information security,
infosec,
trojan,
bot,
botnet,
Security
In America, October is the time when haunting, evil spirits and curses come to mind. Earlier today I posted a blog entry titled Can IT education bring an end to the recession? I used a quote that is attributed to a series of Chinese curses that go in ascending order of severity. After I used it, I pondered on the other two curses and their applicability to IT services.
According to Wikipedia, the three curses are:
- May you live in interesting times.
- May you come to the attention of those in authority (sometimes rendered May the government be aware of you)
- May you find what you are looking for
Continued »
Sep 30 2009 1:36PM GMT
Posted by: Troy Tate
case study,
WAN,
frame relay,
mpls,
vpn,
network management,
industry award,
ipsec,
SSL,
ssl vpn,
information security,
remote access,
Security,
security management
Have you ever wondered if vendor case studies are actually solutions to real life issues or if they are stories about compensated organizations using a particular vendor solution? Well, I am here to tell you that I know of at least one case study that is about an organization addressing real-life issues that was featured in an award winning vendor case study. The organization is the company I work for and the case study is about the challenges we faced with replacing an under-performing legacy Frame Relay network with a more efficient and flexible global solution that delivers high availability, remote access, and integrated security. For the record, no compensation was given for being the subject of this vendor case study.
The case study won the 2009 Best Deployment Scenario - VPN/IPSec/SSL and was featured in the Info Security Products Guide. The winning case study and announcement can be found at Manufacturing Company Achieves Security and Performance Goals with Virtela’s Remote Access Services from the Cloud.
See all 2009 Best Deployment Scenarios and Case Studies. This would be a good time to look at these and see if any of the solutions may meet some of the information security needs of your organization. Consider putting the solutions in your 2010 budgets.
Feel free to leave comments here or contact me through ITKE if you would like more information. Thanks for reading & let’s continue to be good network citizens.
Sep 16 2009 6:41PM GMT
Posted by: Troy Tate
malware,
Google,
search results,
malicious software,
drive-by attack,
browser security,
information security,
software security,
software
Well, that may not be news to you. However, there is a recent trend in malware propagation that uses Google as the portal to deliver payloads to visitors. Unsuspecting users go to Google and search for topics such as Patrick Swayze’s death or the controversy about Serena Williams cursing at the line judge in her recent US Open tennis match. When a user selects one of the Google search results and visits the page, malware is downloaded to the client computer since the referrer is Google. However, if someone were to just visit the page on their own or through another search engine, the website does not serve up malicious software.
For more information see this Register.com article Swayze death exploited to serve up fake anti-virus - I’ve had the crime of my life. Seems like malware is bombarding us from all directions now. You can’t even trust ads on the NY Times these days.
Thanks for reading & let’s continue to be good network citizens!
Sep 16 2009 6:31PM GMT
Posted by: Troy Tate
malware,
malicious software,
ad revenue,
computer network,
network access,
PC,
hardware,
software,
social engineering,
licensing,
permit,
Security,
information security,
browser security,
information security management,
user education
Yesterday Fierce CIO reported that New York Times falls victim to rogue ad. This is a trend that seems to be happening more frequently. Rogue malware ads are appearing in a lot of places these days in areas most people would trust as authoritative and reliable sources of information. It is unknown how much the rogue malware “seller” may have gotten by putting the ad on the NY Times website but they likely made something from unsuspecting users. The NY Times did suffer some amount of loss since they disabled all third party ads until the rogue ad was removed. What would you do if an ad popped up on a trusted website saying your computer was infected? Most IT professionals would disregard the message as their systems SHOULD already be protected. However, how much of the general population is not an IT professional (at least outside of their own home 
)?
What can and should the security industry do to educate users about these social engineering tactics? Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like - based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?
Thinking out loud here folks - offer some suggestions. Your input is welcome and appreciated.
Thanks for reading and let’s continue to be good network citizens!
=========================
20090918 Update:
E-Week reports that there is a surge in click fraud. According to the article this is similar to the NY Times advertisement malware threat discussed above. I fear this trend will only get worse. What is a legitimate advertiser or web services organization to do?
