infrastructure29 May 2013 06:33 am

I’ve had my Macbook for a few years now, and after upgrading the OS the mac has seemed to become a bit pokey. On occasion I get a spinning globe.

Since i had to take my sons macbook to the genius bar because of a tragic monitor accident I brought my mac in so they could run their proprietary diagnostic on my Macbook. It found no problems. I asked if they could upgrade the memory or replace the drive with an SSD and they said nope, they only do like kind replacements. I suppose that makes sense for Apple from an integration testing perspective. So I ordered some memory from Newegg. BUT, when I received it, I found that it was 1333 mhz memory, with the current memory being 1066 mhz. And strangely when I replaced the 2 2GB DIMMS with the 2 4GB DIMMS, they did not work. I thought that faster memory would work on a slower computer, but, that was not the case.

SO, I got an RMA for the faster memory and ordered the 8GB memory at 1066 mhz. Lets hope this works.

development and infrastructure29 Jan 2013 03:47 pm

I have been playing with an HP 1U server for the last few days, installing CentOS 6.3 on the server, and getting it ready to be staged in the Data Center as part of the Data Loss Prevention (DLP) system QA environment.

I always recommend that when setting up any type of computer system for a company you first build out a full sized QA environment. That way you can always test upgrades or troubleshoot problems in the QA environment without impacting your production system.

Its interesting that some companies don’t want to expend the extra cost of putting in a QA system, but, now a days I insist on having a full QA environment. Without having one, nothing good will come of it.

A best practice that I learned from the company I work at is very interesting. NOBODY goes into the data center during daytime business hours. And, after hours, the only people that can access the data center are people that work for the Data Center operations team. If you need access to the server, you can to use the Lights Out access program.

This best practice reminds me of a funny story for a company I was working for MANY years ago. My cube was outside of their main data center. One afternoon, there were two guys working on the electrical panel outside of the data center that had the main cut off switch for all power in the data center and the building. These two guys had a ladder, and took off the front door of the electrical panel, and for what seemed like a good idea at the time, they hung this door above the panel.

So there I was sitting in my cube, and all of a sudden, I hear a POP sound, there is PITCH BLACKNESS in the room, followed by a few clangs and all of the power goes out. My computer, the lights, everything in the building. And then, a few seconds later, emergency lighting goes on.

The panel they they perched above the main cutoff switch fell from its perch, and hit the breaker, causing all power to be cut to the data center. And because that switch was thrown, the transfer switch did not transfer power to the batteries and generator and all power in the data center to all of their computers was shut off, causing their mainframe to shut down hard, which disrupted the order entry system for all of their 375 locations around the country.

After a hard shutdown, it took them 45 minutes to bring the mainframe back up after they two electrical works debated for a few minutes about flipping the breaker back restoring power to the facility. So I can understand first hand why NOBODY goes into the data center during business hours, and after hours, only the data center operations team.

Which brings me to the part of the blog entry I wanted to blog about. Using HP Lights Out, from my desk, I can access my server as if I am sitting in front of it. I needed to do this today, because when setting up the network for the server, I must have fat fingered the default network route so I was unable to SSH into the server until I fixed the default route today.

I was telling my son yesterday that we are very fortunate today to have Google at our fingertips with manuals and instructions for virtually everything available, including how to restart your network in CentOS when you change your default route. In the old days, you had to memorize all of the useless trivia facts and esoteric UNIX commands instead of being able to look them up on the fly.

So, my CentOS server is now installed in the data center, and security patched using YUM, and is ready to have the DLP component installed on it later today and added to the DLP QA environment. Another fun day.

IT Security15 Jan 2013 10:50 am
I’ve been doing a lot of thinking about the Internet Wunderkind Aaron Swartz case and his unfortunate suicide.  My day job is on a Global Information Security team for an amazing company as an expert in Data Loss Prevention protecting a companies Sensitive Information, Personally Identifiable Information including HR data, and Intellectual Property including Source Code.  I have also spent years as a Computer Forensics expert. So given my background I am typically never on the side of somebody who would be accused of hacking. But, was that really what was going on here? I’m not so sure

 

There are a few facts associated with the criminal case against Aaron.  He did access an unlocked wiring closet in the basement of the MIT campus, connect a laptop to the MIT wireless network, and download 4 million scholarly documents from the JSTOR repository.   When accessing the JSTOR database from the MIT registered IP Internet address block, unlimited access to the data was allowed.

 

Then we have a couple of facts that have not been reported as widely.  The wiring closet at MIT was unlocked.  In addition to computer wiring, a homeless person was using the room to store his or her stuff.  So there was not really a breaking and entering in my mind.   When I was in Boston last summer my boys and I walked through the MIT and Harvard campuses and buildings, to elicit interest and excitement for my boys in higher education. Its not like the campus was locked down. And, I believe that Aarons father worked for MIT. So was leaving a laptop in an unlocked room at the University really a crime?
 
The MIT wireless computer network had no authentication requested or required prior to receiving an IP address on the MIT wireless network.  You attempt to connect and you get an IP address.  There was NO authentication or security requested or required.  So where is the crime in accessing the computer network if the MIT computer network did not instruct you that access to the network was restricted. I believe in the past the court system has struck down implicit consent to terms of service without proper acknowledgment.
 

 

When I stay at a hotel, or attempt to use Internet access at a  restaurant like Panera, when I connect to the wireless network, I get directed to a web page that explains the terms of use when using the Internet access provided.  MIT had no such landing screen when connecting to the MIT computer network.  Without such warning or agreement on the part of the user, was there really a crime com committed?  I think that there would have been a very good chance that the charges would have been dismissed if the case ever went to trial.
 

 

There have been a couple of very good blog entries from people who knew Aaron and assisted him with the case.  One from a Harvard Fellow Lawrence Lessing, who characterized the US Prosecutors supposition that the Information that Aaron downloaded was worth tens of thousands to millions of dollars.  He characterized anybody who said that as “idiots and liars”.  Was the act of downloading scholarly journal information really a crime when access through the paywall was acceptable from the MIT network? And the MIT computer network had no authentication required and no warnings that using the MIT computer network was restricted? I’m not sure about it.

 

The entire article from Lawrence Lessing can be found here ;

 

 

There was also a very good article by one of the Forensic examiners who was working on the case. He said that if he was asked at the trial if Aaron’s actions were wrong, he would not characterize them as wrong, but rather, inconsiderate.

Now did Aaron have some accountability in the mess with the federal government and the US prosector that he found himself in?  Absolutely.  There are some damming pictures from the case circulating around the Internet that show Aaron being captured on a hidden camera in the wiring closet wearing a mask to hide his face when he returned to retrieve the laptop.  This documents that Aaron was well aware that his actions could be perceived as being against the law.  And to that end, he should have been held accountable.  And suffer a consequence for actions that he appears to know are illegal.

 

 

So lets talk about accountability.  JSTOR, the not for profit that stores and allows access to the information declined to press charges against Aaron, and settled with him in June 2011 when Aaron returned the laptop with the information, and agree not to publish the information.  JSTOR instructed the US Attorney they DID NOT want charges against Aaron for accessing the data, and would not participate further in the case. Kudos to JSTOR for recognizing the case for what it was. Much ado about nothing.

MIT the university DID NOT decline to press charges.  Because of this the US Attorney was empowered to bring 13 federal charges against Aaron that could have resulted in a sentence of 35 years in prison and a $1.5 million dollar fine.  I find this to be a ludicrous potential outcome for actions that I have not personally come to terms with even being considered a crime given where and how the activities occurred.

I think that MIT should take full accountability for the lunacy of NOT instructing the US Attorney that MIT did not want the case to move forward, would not participate in the case, and wanted the case dismissed. I mean what was the information being captured? Scholarly information? There was NEVER any proof that Aaron intended to publish the information online outside of the JSTOR paywall. Accessing JSTOR from the MIT network was not illegal. And accessing an open computer network at MIT that did not require authentication does not strike me as illegal. And, given the benefit of the doubt, maybe Aaron was an idiot savant who wanted to personally read the 4 million scholarly documents that he downloaded? I still fail to see illegality in Aaron’s actions. But, alas, MIT, to their shame, did nothing to stop the prosecution of by all accounts of a very talented technologist.

 

 

Over the course of the last two years, Aaron’s attorneys attempted to negotiate a plea bargain.  In my opinion, the charges should have been reduced to a misdemeanor and Aaron given probation and told to never do this again.  MIT, as an institution that’s sole mission is to empower our best and brightest technologists failed Aaron miserably.    The very lack of compassion by the leaders of MIT is mind boggling considering in the MIT museum they have a section devoted to MIT hackers.   Those at MIT  in the museum who have been honored in the hacker section are they because they chose to think outside the box.   Its interesting to note also that Steve Jobs and Steve Wozniak, the founders of Apple, dabbled in “hacking” back in the day creating BLUE BOXES that enabled a personal to illegally make long distance calls at no cost.    Its inconceivable that we would have NO Apple computers, iPhones, or consumer electronics, if the US Attorney put both Jobs and Wozniak in jail for 35 years for building Blue Boxes.  As it turned out, John Draper, AKA Captain Crunch got 2 months in prison for building and using BLUE BOXes during which time he wrote one of the worlds first word processing software programs.

 

 
In addition to the failure of MIT to protect a brilliant and naïve technologist it was an utter and complete failure of the US Attorney to pursue the scorched earth prosecutorial approach against Aaron for his crime.  While allowing the likes of HSBC to skate away virtually free and not accountable for providing money laundering services as the drug cartels laundered billions of dollars in illegal drug money, they chose to treat Aaron harsher then murders and the 9/11 terrorists.  I think that Eric Holder needs to initiate a through review of how this case proceeded through the justice department, and quite possibly request the resignation of the US Attorney who propagated this case through the court system.

.

With the entire weight and force of the United States government behind it, and all of the resources and funding that comes to bear with it, the US Attorney’s office must take a measured approach that truly and impartially reviews the causes and actions that they are taking. It makes no sense whatsoever in any measured view that downloading scholarly journals to a laptop computer would illicit 13 counts federal indictment, a potential of 35 years in prison and a $1.5 million dollar fine.

And now, its too late for Aaron.  I think that there were many reasons beyond the case that were bubbling through the mind of this young troubled and unstable brilliant technologist to lead him down the path he chose.  Depression can be a terrible thing.  If anything positive can come out of this sorry affair, maybe it would be a spotlight on depression and the treatment of it, and a review of the prosecutorial indiscretion demonstrated through this episode of folly with some checkpoints being put in so that this can never happen again.

 

 
God Speed Aaron Swartz
development and home and infrastructure28 Dec 2012 07:31 am

Time sure flies in the blogsphere as I noticed that I have not blogged about anything in about a year.  Not to say that the conversation is not occurring.  It occurs in real time through Facebook and Twitter, with thoughts or ideas that internet me getting a status on Facebook or a tweet on twitter and then, my friends and colleagues interactively discussing the topic with me.

My home office PC was having all sorts of strange problems ever since I had a power failure at my house that took out one phase of our three phase power.  Even though the computer was connected to a UPS and we have a whole house generator, the one phase being down did not cause the transfer switch to move us off grid power, and the brown out went right through my UPS, and my quad core PC started frying.  I replaced the power supply, and the video card, but, that computer was still completely screwed up.  The behavior is very strange.  At no particular interval, processes freeze on the computer. In the task manager, they are listed as “not responding”.  I reinstalled the operating system twice and it didn’t solve the issue.  So I decided to get the iMac 27.   This was one of the best computer decisions I have made in my professional career.  Its remarkable that a new computer can fill an lifetime IT guy with Glee.  After I made the decision about 6 months ago to get the new iMac, I decided to wait until Apple released the refreshed next generation iMac.  And that was also a fine decision.

The computer itself by its very design is far and beyond that of a typical Windows based PC.  While you can get these options for a Windows PC, by default you get a small wireless keyboard that has an excellent feel, a trackpad to use as a mouse and all of the technology built into the 27 inch display.

The setup process was a breeze, getting the machine on my home wireless network, and connected to the physical network.  The access point in my home office is older so its not using the latest and greatest wireless protocol so the speed is better on the wired network.  Unlike the new access point i installed downstairs near where the boys Xboxes are located.  THEY are enjoying 56MB connectivity from both of their Xboxes.

My home office computer really has only two major functions at this point.  One is using the Microsoft Office suite of software and the other quickbooks.  Microsoft Office 2011 for the MAC is great.,  And Quickbooks Mac is also an excellent release.

When I got my MacBook a few years back the genius at the Apple store recommended Parallels VM software for the mac.  It has worked out great, letting me run Windows XP so I could use Windows Media Player to watch the hundreds of movies and such I have collected over the years.  I also set up a Windows 8 VM to check it out, and I still think that the new Windows look and feel is strange.  They tip their hat to the surface tablet a bit too much for my taste for a desktop operating system.   This again smacks of Apple really understanding what a end user wants and needs to do with their computer.

And, I’m in the process of downloading the latest CentOS Linux operating systems which I’m going to slap into a new VM on my iMac.  I need to set up that operating system on a 1U server for the project I am working on at work.  I was using a shared Linux server for my QA environment for the project I am working on and was kindly asked to get off the machine since they needed it for something else.  When I requested a new Linux VM to the UNIX team, they told me that the request would cost me a charge back of $11,000 for the VM, but, if I wanted a physical 1U box, I could have that for free.   $11,000 versus free.  The free wins out.   Thats another reason why my vast experience in all aspects of IT pays off again, as I can install the operating system and stage the computer myself at my client instead of having to engage other people to help get the computer set up.

And having thew ability to throw down a Linux VM on this iMac is cool because I can test the install before going into the data center lab to put the OS on the 1U server.

So I am completely pleased with the new iMac. And will be continuing to copy over pictures and other media from my old quadcore to the 3TB hard disk on this iMac.  I was also going to look for a NAS for the house that has a RAID 1 hard disk that we can all use to back up our files at the house.

Merry Christmas and Happy New Year to All!  Hopefully it will not be another year before i blog again!

Uncategorized16 Jan 2012 03:19 pm

I have switched my laptops from Windows to MAC and I love my Mac Book Pro.  It works perfectly, and is really fast. But, I have always had a windows PC in my home office.  A few years back, I got a Quad Core Dell PC, which for a long time ran smoking fast.  But, for quite some time my home office PC has been acting quirky.  Applications would lock up.  Internet surfing to web sites would freeze up for a few moments, which was very noticible and annoying. 

I ran Dell diagnostics on the PC, and no problems were detected.  Except when the test go the video card, the test froze up for a while finally ocming back to life, but, no problems were detected.

So I started thinking about getting a new PC for the home office.

After looking for a new computer I went to the back of the computer to check the video connections on the back of my video card.  I unplugged both to find DVI connections.  After reconnecting the first monitor would not come back to life, so I went to the back and really worked on the connection.

BINGO.  I rebooted the machine and its running REALLY fast again.

I believe thsat the monitor is PLUG and PLAY and there was a problem with the connection that caused the PC to quirk out and lock up.

This has to be one of the strangest computer problems I’ve seen.  And my home office PC is back up to FULL SPEED!

Uncategorized09 Jul 2011 02:43 pm

I suppose I am a child of the Nasa Space Shuttle program.  I can still think back to the wonder and awe of watching the first space shuttle lunch when I was a youngster over 30 years ago.  And, to this day, even with my current schedule, I still found the time to watch the last 15 minutes of the countdown and the shuttle zoom into orbit.  With the internet today, and Nasa TV, watching the shuttle launches live has gotten easier and I still took the time to watch almost every launch.

My favorite parts of watching the space shuttle were listening to the flight director pole the fight operations teams to get a go / no go decision for the launch, and finally, at T-10 seconds, the sparklers ignighting under the main engines to start them and bring them up to full thrust at T-5 fore the launch at T- zero when the solid rocket boosters were lite and away we went into the heavens.

I typically try to be a positive guy, and have a positive look at things, but, I was sad knowing that the United States and Nasa will probably not have an American Launch vehical ready for another 20 years.

With all of the bizaree entitlement programs and foreign wars not in our countries strategic interests that we have paid for over the years, it is completely ludicrous that Nasa did not have the vision or funding for a replacement for the space shuttle.

Over the last 30 years, the parade of Nasa Adminstrators has been asleep at the wheel, and should at least be identified as being wildly incompetent for not driving forward a replacement vehical for the space shuttle. 

The space shuttle was wholely unique in the history of space flight.  The hugh payload bay is amazing.  The abililty to launch the shuttle like a rocket, and land it like an airplane is amazing!   I believe that the space shuttle is one of the most amazing inventions ever in the history of the world.

But, the program also shows what is completely inane in our country and our ability to piss away money.  We spent hundreds of billions of dollars on the space station, and now, have no way for the united states to send repacement parts, supplies or astronauts to the space station.  I predict that in 5 years, we will dump the international space station out of space and into the ocean because we can’t repair a critical component required to keep the space station in space.

And there is the hubble space telescope which has expanded our view into the cosmos.  With the space shuttle, we flew 3 or 4 repair missions where we launched the hubble, and went back to fix key components to keep the hubble alive.  Nasa has already said that on the next catestropic failure on the hubble, they will send it crashing into the ocean, and another chapter of billion dollar scienticific exploration will come to an expensive end.

Nasa should have started designing a new space shuttle 20 years ago, and had the vechical ready to go with the retirement of the space shuttle program.  Imagine apple coming out with the iPad 1, and never designing the next generation technology.  That is unheard of business, but, at Nasa, thats exactly what has happened and we allowed it.

And the cost of human capital in florida is also another tragedy of the shuttle program shutdown.  10,000 or so people will lose their high technololgy jobs associated with United Space Alliance and the Kennedy Space Center.  And what about all of the people who live in the towns surrounding KSC who have businesses that will no longer be frequented during the thrice a year shuttle lunches that bring hundreds of thousands of people to Florida?

I hope that Nasa comes back to its senses and once again dreams of soaring into space.  I certainly hope that they do and can 0nce again “boldly go where no man or women as gone before”.

Final Spsace Shuttle Launch of Atlantis

IT Security12 Jun 2011 03:47 pm

Being an IT security guy, I have always protected my business and personal email addresses.  I have a webmail account I use to register for things online, so my objectsoft.com email address has less of a chance of getting into a SPAMMERS database.  And up until recently, that worked out very well.  Unfortunately, my primary email address did get into a SPAM database, but, so far it has been manageable.

But, this is interesting.  We refreshed the Objectsoft.com web site a few weeks back, and added a contact us form.  The web site in this current incarnation is new, and the contact form is new, but, in the last few days, I have received a handful of SPAM contact form posts.  Thats right.  SPAM on the contact form with a link to other web sites in the comment field.

That seems to me to be a lot of work.  Write a web crawler that searches the Internet for contact forms, reads the HTML, fills in the fields, like name, email address, telephone number and then, places a link in the comment field.

Rest assured that I am not going to click on the link I received, but, the depths to which these spammers will go to get a person to click on a link and visit a web site is pretty amazing.

Security Land Lives!

Uncategorized25 May 2011 08:08 am

I have been thinking about the Sony security breaches where hackers entered their environment and grabbed customer data.

A good network behavioral anomaly detection system could have detected the information leaving the Sony network for a new location, but, there is a chance they it could have missed the incursion.

But, if Sony had invested in DLP technology, they could have created an exact fingerprint of the sensitive customer information stored in their databases, and then, using DLP Data in Motion monitoring technology, they would have been notified when the sensitive information was detected traversing outbound from their database server to the Internet. 

If you think about it logically, customer name and credit card information should not be moving from any database at Sony out towards the Internet in clear txt format. Credit card numbers leaving for the internet clear txt is a violation of PCI compliance standands and could result in Sony being restricted from accepting credit cards.  Or if there was some type of clear txt credit authorization process for one credit card, create a rule that monitors for the movement of 10 or more customer names and credit card numbers across the DLP network monitoring sensor and alert on that movement.

With Sony now reporting a $3.2 billion dollar loss for the year, clearly the price point of implementing a complete DLP system would pale in comparision to the cost of the disclosure events now facing the company.

If you would like to dialog about implementing DLP at your company, contact me today!

LG @ objectsoft.com – remove the spaces

And visit us online: http://www.objectsoft.com

Uncategorized24 May 2011 12:55 pm

As an IT security professional and somebody who has lived in the IT security space for many years, I am facinated that a large company like Sony did not have the temerity or forward vision to have their web site checked for application security issues.

Visiting black hat and defcon each year, and seeing the triving hacker community at its finest from Security researchers to hackers sitting cross legged on the floor in the middle of the main hall, you have to believe that hacking for profit is alive and well, and a marque company like Sony getting hacked has to be on the radar screen.

While no web site is complete foolproof, and protected, I am confident that Sony could hire an application security penetration testing firm to review their web site, close the gapping holes, which 8 successfull hacks in the last two weeks appears to indiciate, and get Sony off the Hacker wall of shame and back to making money instead of losing 3.2 billion dollars last year according to published reports.

If Sony is really desperate, the can hire us to perform an application security audit and pentest to help them close the most gapping security holes on their web site.

Visit us online:

http://www.objectsoft.com

Uncategorized28 Mar 2011 10:50 am

I have used RSA Secure ID for many years.  I think almost every major company I have had the privledge of working for uses RSA Secure ID.  I think the RSA two factor authentication products have been the bell weather of authentication security.

There have been a number of companies that I have worked at where my IT security friends who still work there have been emailing me laughing about the misery at RSA.

The RSA press releases and conference calls have been vague at best.  The concept of an advanced persistent threat digging itself deep into the infrastucture of one of the major security technology vendors in the IT space is a mind boggling concept to digest.

Even if RSA had coded an NSA back door into the secure ID product, requiring the user asking for authentication to proivde a valid LAN ID and password would still protect the company from unauthorized access to the company network if the RSA Secure ID is used for VPN authentication.

I think the issue that will affect RSA is ultimately going forward is a companies trust in RSA and their security technology.

How does a malicious virus get installed on an RSA PC in the first place?   Lets go through a list of questions I would ask.

Did RSA have a content aware Firewall on company Internet access to look for malicious code coming down?

Did the RSA PC not have a white list of software that could be installed on the PC?

Did the RSA PC have split tunnelling enabled when not connected to the company VPN?

Even with negative answers to the questions, did RSA have network anomoly detection hardware installed on their network to detect a PC gaining access to the family jewels of security information from RSA?

If the PC infected with a malware virus bot was a develop with access to the source code AND serial number and seed database, why was that information not protected better.  Does a software developer with access to the code need access to the production seed and serial number database?  Again, if there was normal network traffic to either the source or the master database, there would have been a network anomonly detected accessing the other.

How did the malware connect to the command and control center on the Internet?  There are many content aware firewalls that have a black list of known black listed IP addresses and IRC networks.

The scope of the breach looks like RSA will be doing some serious soul searching and security architecture redesign.

And, we will see shortly if there was an RSA NSA back door coded into Secure ID if an exploit is released shortly.

The question is, what can RSA do to regain the trust of the companies who have selected RSA to protect company infrastructure and security.

« Previous PageNext Page »