GreyHat Cyber Defense Workshop

I attended a recent network mapping workshop hosted by the University of Washington Grey Hat Group at the Tacoma campus. Although the nmap exercise was review for me, I found out about a couple new tools and an upcoming event that are worth sharing.

BackTrack is a sweet Linux distro that bundles some great security tools. Although Nessus is notably missing, apparently because of their new proprietary license for version 3, the distro appears much more up-to-date than Knoppix STD and Nubuntu.

DVL (Damn Vulnerable Linux), a play on Damn Small Linux, is neat little distro that you can use as a test target of your scanning and pen testing skills.

Finally, there is a cyber-security competition coming up in April 2008, to be hosted at a large Redmond software company. This is not a vendor specific event; it was held last year at a military base near Tacoma. Here's the rub: this appears to be the same weekend as LinuxFest NW, so I'm undecided on how I'll spend my weekend. LinuxFest is a lot of fun, and makes for a good family outing. My son enjoys it too; we both like the presentations, salmon bake, and world-famous raffle.

More decent blogs

It's not like everyone isn't already suffering from information overload, but just in case someone missed the boat, here's another great RSS feed.

The Burton Group provides high-quality business analysis as a paid service. However, they also offer free RSS feeds to a handful of their blogs. The info is timely and deals with all manner of tech happenings. If you're looking for a new feed, plug burtongroup.com into your RSS reader. The Application Platform Strategies blog is pretty interesting and not as intimidating as it sounds. Recent posts deal with intellectual property and Google's new Android OS.

And if you happen to not be reading this on an RSS reader or aggregator, here's a primer on readers. I've used Bloglines in the past and am currently pretty happy with the Google Reader.

Block ads, tracking, and browser hi-jacks

I've found a very useful tool to block ads, cookie trackers, and known browser hi-jacks. I've been using it successfully for several years, and it significantly reduced the spyware on the machines I manage. It works by sending unwanted communication attempts to known servers back to the loopback address (127.0.0.1) where, of course, that server doesn't exist. It works on Mac, Linux, and Windows by replacing the hosts file.

Simply download MVPS's custom hosts file, remove the .txt suffix, and place it in either /etc (Linux/Mac) or C:\windows\system32\drivers\etc (Windows), overwriting the file that's there. For a warm fuzzy, save a copy of the old hosts file first. For Windows, you should then either do a reboot or a dnsflush to help your network software recognize the new file entries.

Aside from the security benefits, it will speed up your internet connection, since you don't have to download ad graphics. It will display a red 'X' for those graphics in your browser.

You'll notice that the Google search results that point to ads don't work anymore. If you need to see certain ad servers, simply edit the file and comment out those entries. Warning: don't curiously plug any of the host entries into your browser; some of them are very nasty and/or malicious (that's why you want to block them in the first place!).

Do you know about Google alerts?

You can set up alerts in Google to automatically notify you when news stories (or other content) appear on the internet. This is great if you want to stay on top of specific topics but don't want to manually look for the stuff every day. If nothing new is available, you won't be notified. Otherwise you'll receive an e-mail with links to the appropriate news stories.

I have alerts set up for certain tech developments I want to stay on top of, in addition to news on certain companies. I love getting daily updates on stories in which I am interested.

The Shadow IT Department

This fantastic article entitled "Users Who Know Too Much and the CIOs Who Fear Them" really struck a chord in me. It talks about how your users will engineer around you to get their jobs done.

I think the folks in both the engineering and security fields should give this a read. Although we don't take an obvious financial hit by not innovating, we are affected. We need to be aware that when we say "no," we are encouraging (forcing?) users to go around us, potentially affecting productivity and probably affecting security. An interesting question to ask oneself when considering a user request is "how could they engineer around us if we say no?" Read "I, A User" for an example.

The capability of your IT needs to be on par with what's available outside your organization. Two of the biggies that stuck out for me: collaboration and mobility. Both availability and usability have to be up to snuff, or users will go elsewhere.

Sidebar: Tools for Managing Shadow IT
More on Shadow IT

What happens if Google goes down?

As I listened to the Net At Nite podcast hosts discuss Page Flakes this morning, I was thinking about personalised home pages and online presence. I realized that, like hosts Leo and Amber, I'll try a service for a while, then let it trickle off.

Right now, I seem to have many of my eggs in Google's basket. Blogs, homepage, rss, etc. I started to wonder, "what would happen to my stuff if Google went down?" Not as crazy as it might seem, as Google recently shut down it's pay video service and the corresponding DRM server, effectively disabling all videos purchased by customers over the past few years. Although they later extended the shutdown notice, users will still lose the ability to play their videos six months after final shutdown.

So, when I went to look at the Fake Steve Jobs blog a bit later, I was rather ironically shocked to discover that blogspot was down. "Server error. Try again in 30 seconds." I tried my blog. Same thing.

As you can see, it's up now, but this situation gives one pause in storing stuff online. At the very least, I think I'll be backing up my posts monthly, even if it's to something as simple as an html file.

(BTW, Page Flakes is very cool.)