Tuesday 15 December 2009

AirView2 Spectrum Analyzer

Recently I had some serious problems with wi-fi at home - especially one of the laptops was dropping off and couldn't come back. Quick survey using Kismet and other tools to scan what's flying around has proven that my network is in less populated part of the spectrum (at least here) but still, problems are getting worse and worse.

I was fully aware of Wi-Spy by Metageek, seen it in action previously but never had a chance to buy one. Part of the decision was the price back then, maybe now it would be another game, but anyway - I got myself another device, made by well known wi-fi vendor Ubiquiti and it's called AirView2.


What's so special about this one? Why it's better than Wi-Spy?

First of all I didn't say it's better. It's different, woks with Linux, Mac OS X and Windows, has a nice price tag and does pretty much the same as Wi-Spy. Let's have a closer look then, shall we?


It's different

Well, obviously it is... it comes from different vendor... and this post is not a sales pitch - it's just what I've experienced myself. On a bit more serious note, it's smaller than all the Wi-Spy models I've seen so far. Smaller is good, right? Yes - takes up less space, No - easier to loose (looks almost like USB stick).

Works with Linux, Mac and Windows

Yes, it does... better or worse but it does and it's not a matter of hardware or bundled software, but clearly it depends on the host OS and Java. You got it right - Java!
Software is written in Java to be really cross platform, but those that are not Java developers but use it a bit know quite well what a pain in the rear Java can be. Same is here - Ubiquiti warns about compatibility issues, there are long posts on the forums why this particular version of AirView software doesn't work (mostly on Mac OS X) and how to fix it, etc.

Windows - OK, even inside VM with USB passed through to the guest VM (tested VirtualBox, VMWare Workstation and Fusion - all with Windows 7 and latest Java). It was all very slow, loosing connection with the device and re-initializing it all the time, but worked. In native mode with Windows 7 on bare metal box worked like a charm (tested on a netbook PC).

Linux - didn't try, not enough time - sorry.

Mac OS X
- yeah... that sucked! If you have the latest patches installed most likely the software will hang on detecting the device. Of course the reason is Java + OS X (I'm on 10.6.2 as of now with Java 1.6.0_17 in 64-bit mode).

java.lang.UnsatisfiedLinkError: /Library/Java/Extensions/librxtxSerial.jnilib:  no suitable image found.  Did find:  /Library/Java/Extensions/librxtxSerial.jnilib: no matching architecture in universal wrapper thrown while loading gnu.io.RXTXCommDriver

Exception in thread "AirViewer-Initializer" java.lang.UnsatisfiedLinkError: /Library/Java/Extensions/librxtxSerial.jnilib:  no suitable image found.  Did find:  /Library/Java/Extensions/librxtxSerial.jnilib: no matching architecture in universal wrapper
WTF?! File not found... but found? Never mind - luckily the solution is very simple - AirView comes with it's own version of librxtxSerial.jnilib so the one that came with OS X needs to be disabled temporarily and problem will go away. That can be done very easily with one command in the terminal:

mv /Library/Java/Extensions/librxtxSerial.jnilib{,-disabled}
That's it, now it works :-)

Price tag

This argument is obviously quite important. Is it that much cheaper? I'm not so sure... of course you can get the basic Wi-Spy for about £65+VAT so even if AirView2 would be equal to it in hardware terms, it would cost a bit more - £69+VAT... There is one catch to it though - AirView2 comes in several versions. I bought the AirView2-EXT for £64+VAT and this one has MMCX connector for external antenna (because it doesn't have a built-in one) and with clip-on omnidirectional antenna (~3-5dBi I guess) in the package. To buy Wi-Spy with RP-SMA connector you would have to spend at least £120+VAT which is almost double the price of AirView2-EXT.

HINT: Wi-Spy with RP-SMA is 2nd generation - faster with better scan resolution than the first generation of the device. So far I didn't have enough time to grab the full spec for AirView2 and compare them side by side - that would be very interesting (it's already on my TODO list).

Does it do the same stuff?

I would say YES based on what I can see, but as most of those devices are SDRs (Software Defined Radio), they can do all the software allows them to do and I didn't have a chance to compare recent version of Wi-Spy software to the AirView one, so please take my words here with a grain of salt and look for other sources to confirm that.

Conclusions

The device worked for me like a charm - it turned out that the signal from my AP was attenuated by temporary objects that came in the way (books - whole piles of them) and as the amount of networks around at least doubled in the last 12 months, somebody put up some very messy device that is transmitting all the time with a very wide signal, exactly in the area of channel I was on - so here come the interference!
Quick look at the graphs and it was clear, that simple channel change should cut down on the interference and moving books a bit will improve signal strength in a place where this unlucky laptop is used most of the time - it worked very well, no more problems!

Looking at the bottom line, for me that's a money very well spent! I was asking myself a question 'how often I will use this thing' and now I really appreciate the power of seeing something that Kismet and similar tools won't see.

Using spectrum analyzer like AirView or Wi-Spy (doesn't really matter which one - pick one that suits your needs) is like reading between the lines - there is a lot of valuable information out there... if only you can see it!

Saturday 5 December 2009

The Hex Factor at SANS London 2009

The competition is now officially over and I have to say it was AWESOME!

Those that made it to BruCON had a chance to play it, those that came to SANS London 2009 also had their fun, all the rest of you - bad luck :-/ maybe next time.

The Hex Factor was run for four evenings/nights at The Fox Bar and Restaurant located literally next to the Excel center where SANS courses were hosted. What can be better than beer, hacking and a spirit of competition?!

Tasks set by the authors were varied in difficulty and topics they covered. One category was about history and culture of hacking with a bit of general teaser tasks and was called Once Upon A Time, like finding a name of candy shop at <street name>, so that was a soft introduction.

My favorite category was Out Of The Box category (also known as Pure Leetness), where questions were really 'out of the box' and solving them was the best fun I had for a long time! First 100 points for finding a number 'hidden' in the message was really simple and here's how I did it:



I didn't have time to do the one for 200 points, but finally after some time I managed to solve the 300 points one - finding a secret number hidden in the PDF file - hats off to Didier Stevens for this task - it was amazing! Didier's blog was a great guide and help in the process.


Third category was Pwned and consisted of physical box with
sensors you had to trigger in the right order to get the code and two
systems to be penetrated. As I said, the difficulty was varied and so
were the nominal point values for each task, from 100 to 300, but you
could also get the partial points if you did only part of the task
properly. Of course during competition like this one you are never alone... Hello brotha!


Anyway, it was all very very friendly competition - beer infused with brains hurting after the classes (typical for 'SANS Fire Hose Syndrome').

Third category of tasks was Binary fu where you had to work your way through programs delivered as .exe files and get the secret codes out of them. First one was easy, but again I had no time to go through the remaining two. That is the reason why our team (I was working with Chris Riley, better known as @ChrisJohnRiley) was called Drunk and going home.

At the end we were #4 at the leader board but as it turned out, two teams of the first three were the same people, so kind of we are #3, so here we are - two of three winning teams, already in The Hex Factor t-shirts!


I'd like to say THANK YOU to all the people behind The Hex Factor - it was really awesome experience and great fun, so I hope it's not the last time we see The Hex Factor. See you next time!

Saturday 28 November 2009

CONFidence09.02 - post mortem

Well... my plan to blog live from the CONFidence was good but still remained to be more of a plan than a reality. Twitting went much better (possibly because you can twitt between chats with people, drinks, etc) so I'll wrap up what happened and how it went.

The conference was great - I really liked the lectures (those I actually made to), loved the chat with speakers and it was awesome to meet some old friends and make some new contacts. Overall, if you didn't come to Warsaw for CONFidence09.02 you missed quite a lot.

Day 1 summary
There was very nice presentation by Felix "FX" Lindner on how 'awesome' Cisco IOS is, Claudio Criscone (@paradoxengine) talked about security in virtualization environments, Frank Breedijk renamed hist AutoNessus to Seccubus (new twitter feed at @seccubus), Leonardo NVE Egea showed us how you can use the satellites to work as your downlink (and it seemed much easier than actually you would think), Pavol Luptak pretty much owned the RFID there (yes, the basic cloning kit is just €30), Elisa dropped the pressure a bit with Power Point Karaoke where Felix "FX" Lindner was presenting about detecting unknown alcohols, Raoul Chiesa gave great presentation about knitting (yes, knitting) and I was rolled into a presentation about IT slang/acronyms and there was something about insulting someone :-) and that was just the first day.

Day 2 summary
For those that survived the 'afterparty' on the evening/night/morning you had a chance to see nice explanation of the cold boot attack given by Nadia Heninger, Nick DePetrillo discussed 'what could go wrong' with intelligent power grids and believe me... there's a lot! Jacob Applebaum (@ioerror) gave us some TOR love and a lot of TOR laptop stickers. Alessio "mayhem" Penasilico (@mayhemspp) and Raoul Chiesa gave nice presentation on history of hacking telcos - there was some good info there... just before Raoul killed it all with final presentation dissecting the underground economy (with some slides show just after the cameras and other recording equipment was turned off). That was a really good one...

Finishing off, Frank has posted a bunch of posts about presentations we saw in Warsaw. They are:

That's it for now - just make sure you get there next time :P


Thursday 19 November 2009

Claudio Criscione - Virtualization security

Claudio gave today brilliant presentation about virtualization security... Just a few bullet points from the presentation.

  • It turned out that VMWare hypervisor is running Tomcat to give you the admin interface - oldie (shall I read it 'unpatched') but goldie, right?
  • You can do MiTM against VMWare VI Client... and as presented at the demo, that works like a charm, plus...
  • ... if you can MiTM you can pwn the box - clients.xml that is served by the server contains a URL of the client .exe to be executed - boom, you can change that!
Just to give you the idea - during live demo Claudio forced the admin PC (the one running VI Client) to format drive C: and there was no option to stop it, it pretty much kicked off right away.

There was much more than that - also Xen and Ubuntu got their share here but the practical demo was based on VMWare.

Lessons learned?
Treat VM hosts and their apps just as another computer, another system and make sure you secure them the same way as any other system. Think of patch management and what happens when you revert to a snapshot (it may be old and unpatched so you bring back unpatched or already compromised system), think of separation of duties and access (physical and logical).


CONFidence09.02 - day 1 kicked off

Almost half of the day at CONFidence09.02 has already passed. Some interesting stuff of course...

Starting with Dragorn's and RenderMan's "Wireless threats; They're not dead yet!" we've heard once again how bad and how dead WEP really is. Good refresher for some people I guess. Best part was discussing client side attacks via wifi - airpwn style but without goats this time, using malicious JS with such a nice feature like browser side caching, defeating SSL, hiding all of that in plain sight with call-home feature that will be very hard to notice in most of environments.

Then I skipped several presentations - I really needed a reboot :-)

Next one I made to was Felix "FX"Lindner talking about how sweet hacking Cisco IOS can be. Frank (@autonessus) has already blogged about this one so I'll just put a few notes here.
  • Cisco's HTTP admin interface runs off their understanding of HTTP and not Apache.
  • IOS doesn't have recovery procedure for software crashes due to it's monolithic structure - the only remedy is to reboot the whole box (quite easy to spot even by untrained admin - the networkz are down!) which takes time (even several minutes).
  • Cisco has added TCL scripting in some versions of IOS :-)

More to follow... and yes, we use #confidence0902 as hashtag.


Tuesday 27 October 2009

Twitter, SPAM and zombie hookers


twitspim.png Came out of a blue - no context, nothing... BTW - we've got new URL shortening service.
All would be almost 'fine' but WTF is that? Not that I wouldn't guess but I'm just curious how owned you can get :-)

As a matter of fact, you can get owned pretty bad and what I've seen I would expect to be just a starter... the main course is coming soon!


WARNING: All the information provided in this post is available on the Internet. Links presented on screen shots should be considered malicious - do not visit them unless you really know what you are doing. You have been warned.



Just as your mother told you...

The best way IMHO to check stuff like that is the old school way...


Looks broken, right... redirect ok - that's what I've expected, but then... hold on - Client-Peer IP is not mine in any way... so who owns this one?


Isn't that just sweet? You go to a website and the traffic goes via proxy somewhere in China. Well - that's not all in fact. Let's grab a clean VM, make snapshot just in case, connect - let's see what a sexy girl has to offer, right?

NSFW

Don't to that at work or you may get strange looks from people around (at best) ;-)

The Bait

Page loads and looks like a blog - that's what the URL would suggest, but if you look in the source... I said THE SOURCE, not the boobs on the page!

Right... in the source you find the gems. First of all the page is using GeoIP JavaScript include from Maxmind - we all know it works well - to give the reader more personalized experience when you read the story (don't even tell me you are still looking at the photos - lol). As an effect the page resolves that I connect from IP address in London and that the poor girl comes from 'a small town near London , H9' and has to work as a stripper to pay her college fees...

London, H9... hold on - London doesn't have H9 post code (although on the page it looks like it was a part of address). GeoIP information is used in several places and looks quite... convincing... as long as you focus on the boobies... oh and forget about the fact that the bottom of the page says 'She is single boys!!!! She lives in my hometown of London' - right, somebody doesn't even have a spell check :-]

The Shot

Let's look at the gems on the top shelf... I don't have a lot of time to look at it properly, so just quick bullet points:

  1. We have a JavaScript that contains two functions 'encoding' their input. Well kind of encoding because it uses ord() to do it and it seems the author is not very skilled, but anyway - he/she managed to produce working code
  2. Call to encode function with referrer URL given as parameter - why someone is trying to steal my referrer info?
  3. JavaScript print out an IFRAME linking to HTML file and passes encoded string as a parameter. The file came back empty, but GET string is left in their logs :-)
Getting the referrer string doesn't look that bad... right? Anyway, why do they want to know where am I coming from? Is that like SEO and affiliate tracking for malware? Interesting!

Post Mortem

Not much of it... As I said I don't have time to play with it properly and see if for example I actually get something from this 'empty' html file. It would be trivial to provide further payload if the victim provides properly encoded referrer string that is of attacker's interest.
How effective it would be if the bad guys used this just to check via which channel the victim came to them (they can also find out which channels are the most successful - it's just like marketing campaigns)? The next logical step would be to provide customized exploit - if victim came from Twitter do bad stuff to a Twitter user, Facebook - get them owned on Facebook, etc.

Surely the guys are learning and their intentions are not good. Keep an eye out and don't get yourself fooled!

Friday 23 October 2009

Windows 7 Haz Cheezburgerz!

Simply AWESOME!

Came via e-mail from one of 'marketing' guys so I don't know the real origin (except obvious one) but the sender's comment was spot on!


Look at the monster burger. It's five inches tall and of course is made with seven beef patties in honor of Windows 7. What's the message here? Eat this burger to feel as slow and bloated as Windows? I don't get it.

... and neither do I but as a poster it's a nice one for laugh. In fact Windows 7 is so much faster than Vista that there is nothing to compare ;-) so Burger King should be selling V-shaped burgers some time ago when Vista came out. Well - never mind... but thanks for this e-mail and a good laugh :-)

BTW. If there is a person that would understand what the advert is all about (and I don't mean translating the text) or can see the 'hidden message', please enlighten me :-)


Thursday 22 October 2009

RSA Security Bloggers Meet Up 2009 London

It's already a matter of past but still - the first official RSA Security Bloggers Meet Up 2009 in London was held in Fountains Abbey at 19:30 on 20 October 2009. It was a great evening - meeting people that live and share every bit of security related information they can - to educate and entertain :-)

I just want to say thank you to Dale Pearson of Security Active for getting all of it prepared and to all the sponsors - IronKey, ISACA, Qualys, RSA and others - for helping Dale and sponsoring the meet up. Dale has posted a summary and photos from the meet up at Security Active's blog. If I've missed anybody in above, please forgive me.

For me this meeting was a chance to see some people I've already met earlier (like @stefant and several others) and some I was trying to almost 'hunt down' in London for quite some time (@xme is perfect example here) so for me the meet up was a real success :-)

Thanks again and see you all next time!


Saturday 17 October 2009

UI mockups - nice and easy

I write code. Sometimes it will be a short script, sometimes a web app, next day it can be something with more
traditional user interface but designing user interfaces is my worst nightmare. I can plan the whole app, write and test the code, but when it comes to UI design I just want to run away - it is simply not my game.

Usually when everything is
finally ready (or so I think) somebody comes and says 'Oh! By the way - if you moved this part here, it would be better - easier to use' and quite often they
are right, so I've started asking my potential users how they want it done before I actually create it at all, but for that I need simple drawings that would explain my idea - something they can look at and say if they like it or not. Preparing several sketches takes time, modifying them takes even more... but there is a tool that helps.

A humble screen shot is worth more than a thousand words...


As simple as that - prototype of simple blog layout in less than 10 minutes using Balsamiq Mockups for Desktop (demo version). Simple, nice to use, very effective!

Normally I wouldn't write about 'software' (especially commercial), but there is something special about this one....



First of all the main use of this program is to do mockups of user interfaces - be it web apps (which for me is yet another form of UI), iPhone apps, dialog windows or anything else. Sometimes all you really need is simple wire frame to show what will be where - rough cut to present the idea - and using pen and paper is simply too... boring and ineffective, especially when you want to discuss your ideas, then possibly change it a bit and discuss again. Here comes in Balsamiq Mockups for Desktop.

Mockups for Desktop runs as Adobe Air application so it's cross-platform. The interface is very intuitive and easy to work with, so you can't get it wrong. You can get first mockups ready literally in minutes after you start the application for the first time ever - modeling my other blog layout idea took me just 3 minutes. It is very simple - just drag the element from the UI library to the main drawing area and put it in the right place. Editing objects comes as natural thing - I guess even a child could do it :-)

I won't be telling you how to use it - go figure it out yourself and have fun as I did :-) Wow! I think that was the first time ever I had a smile on my face when trying to work on the user interface side of things. I think it's a really good piece of software and honest 'well done' to the guys at Balsamiq.

BTW. Irek, thanks for bringing it to my attention ;-)

Sunday 6 September 2009

wykop.pl owned - data stolen

The news of the day in Poland is that wykop.pl - polish site doing the same stuff as digg.com - got owned in a pretty bad way - database with user's login credentials and e-mail addresses was stolen. This post is a result of gathering info from public sites (in Polish - mostly off Dziennik Internautow which gave nice coverage) so all of it is already in public domain - otherwise I wouldn't quote any fragments or call on any information given here.

Info about breach goes public

Following what Dziennik Internautow wrote in their post, on 5 Sep 2009 a person using nickname Gimbus1xD has informed administrators of wykop.pl about the breach (no link - original post taken down) and about the fact, that some of the information stolen was already used to compromise account held with other websites, including allegro.pl (auction system like eBay). To prove his revelations, Gimbus1xD posted also screen shots of compromised Allegro account with transactions that happened two days earlier and another one with PHPMyAdmin browsing 'users' table.

The scary part here is that as Gimbus1xD wrote, about 40% of those passwords have been broken (despite being hashed) with simple dictionary and brute-force attacks because passwords were up to 7 characters long.

Allegedly the database is in the hands of vichan.net admins, which again allegedly shared 'unhashed' database with their moderators - including Gimbus1xD, who broke the news. So far it's not clear what made Gimbus1xD change his mind and make this information public.

That's not yet the end...

Thursday 27 August 2009

How mobile a mobile broadband may be?

Quite recently I had a chance to travel by train from London towards Manchester and back. The journey was not bad in fact - first class on Virgin Trains does the trick... even more when you have free wi-fi included and power sockets for almost all seats.

So does it work at all? Well - quite frankly yes, it does. Even at the cruise speed it's quite stable, but don't expect broadband speeds! I was wondering how it's done, because the hot-spot is provided by
T-Mobile, so most likely something like 3G broadband type deal, shared among all passengers. Let's see where we are...

Wednesday 26 August 2009

Microsoft's EPIC FAIL

Probably everyone has seen it already... It hit reddit.com yesterday getting to the top of the front page, BBC wrote about it, it was all over Twitter, and got even it's own video clip/mockup, etc. Simply the best FAIL!

BBC did a great job in capturing it (see BBC link above for full article) - I was too slow to do a screen shot this time :-/ I have removed the image from here - don't want to upset BBC by copying their content without permission (although probably I might call it on fair use policy - anyway just see the links above and that's it).

Funny enough link on reddit.com that points to dropbox.com is no longer valid (404 win!) and Microsoft has replaced the image to be as the original one (oops - forgot to resize orange bar below the text - that happens if you have rocket a up your ****), but no worries, you have faithful users on the Internet :-D

Sunday 7 June 2009

Are TFL top-up machines secure?

Another day, another FAIL.This becomes my daily routine it seems, but that's another story.
This time TFL - operating London's public transport network that covers undergound, overground, DLR, buses and whatever else comes.



During one of the Security Now! podcasts (#193 was about Conficker so it was somewhere between #194 and #196) one of the main discussion topics was (to no surprise) why Windows shouldn't be used in places like ATMs, hospital equipment (MRI scanners, heart monitors, etc) and most of other control
systems we have and use today.

In fact it's really hard not to agree with that. The arguments were very clear and sound:
  • Most if not all of those systems are "consumer grade", not any kind of "industry type" things
  • They are connected to the network
  • They are not patched in general (it works so don't touch it)
  • Most don't run any antivirus/firewall (not related to business function?)
  • Many were not planned to be put on-line in any way (but we know they are)
The machine above takes cash or card - can we trust it then? Does it run anti-virus software and firewall (it's networked - it should)? How can I be sure it won't do what some ATMs in eastern Europe did? We can't be sure of anything if they end up like above, so feel free to add those to a 'Windows no-go list' if you wish and do top-ups on-line at the TFL website - I think it will be safer than at those machines - in general they don't reinforce any trust I might have had for them some time ago.

T-Mobile (U.S.) got owned?

Few minutes ago I came across a full disclosure post saying no more no less than

Like Checkpoint Tmobile has been owned for some time. We have
everything, their databases, confidental documents, scripts and
programs from their servers,
financial documents up to 2009.
If that's true... Ouch!

Just few hours ago I was thinking "what a nice and quiet weekend evening", hmmmm... seems it was just a quiet time before the storm hits. I guess that news coming from the world may be very interesting, so let's wait and see what happens.


Saturday 6 June 2009

EC-Council courses certified by NSA

Chris Riley brought up a good post on his blog...something I totally missed in the news :-o

Following (literally) the press release from EC-Council we read "EC-Council Courseware certified to have met the CNSS Standards by the
United States National Security Agency (NSA) and the Committee on
National Security Systems (CNSS)
". Shocked? I am!

What does it change or prove?
From my point of view it says that EC-Council knows how to do marketing, which obviously they do a lot. My impression when meeting EC-Council people at different expos and conferences were like, uhmmm... security? WTF? Business is business, most important part is to keep it going. Create a business model (hey - I don't blame you for that, good you succeeded!), build brand, loyal user base, make some media stir and here you go. It's simple - if I see someone talking about security with $$$ signs in his eyes, that's a sign for me to back off and go elsewhere. That's my personal impression regarding EC-Council as an organization - full stop.

My thoughts on standards and compliance
Chris has raised in his post some really good points about material quality. I would add, that conforming to standards and requirements (be it well known old friend ISO 9001 or any other ISO-based, PCI-DSS, etc - you name it) is just a matter of proper wording in the marketing materials and in some internal paperwork. I used to work in this area for some time (ie. standards, certification, implementation, paperwork - I've been on both sides of the process, from the bottom to quite high in the chain) and I can tell you that there are two ways to achieve so called "compliance" with any "standard" I came across so far - make damn sure you do what you say you do and do it very well and that conforms to requirements... or make sure auditors don't bother reading :-) and "OK" what they got. First impression method, social engineering, etc - great place to apply those!

Paper will accept anything you want, but this doesn't change in a bit what people know, what they do, how they work, use their knowledge (how much are they worth), etc.

Nothing has changed... exactly nothing!


Thursday 30 April 2009

The good, the bad and the ugly - Infosecurity Europe

Quick summary of Infosecurity Europe 2009, based on a bit more than a day I've spent there...

THE GOOD

There is always some good stuff at the conferences like Infosecurity. This one is no exception!

  • EDR was more than happy to show us how their data destruction really works

... and after that you are left with a disk... almost like new :-) Thanks for the demo!


This would be all good so far... so let's move on...

Wednesday 1 April 2009

DIY cloud computing - it is easier than you may think!

It seems that the weather forecast for the Internet is a bit "cloudy" nowadays and it will stay this way at least for some time. The "clouds" are a very hot topic right now and more and more companies try to get on the bandwagon as soon as possible - some just run tests while others go into production. You can run "your own" cloud environment for peanuts, the costs are so marginal that it made me laugh when I got my last bill from Amazon AWS, but nevertheless it doesn't always calculate to run your stuff on commercial cloud, especially if you have hardware at hand. The DIY approach is easier than it seems to be. Here is how I've built my own, small "cloud" to solve a problem I was facing at work. It's not a rocket science, it's not full blown management system with hundreds of machines... it works for me and I believe anyone can build similar system - hopefully much better than I did with mine.

Staying away from terminology like HPC/cluster/cloud/grid and meanings of those I use the term "cloud" because I think it's the closest to what I've got now in my prototype - it's still work in progress and it gets even more "cloudy" or change shape otherwise. There won't be any code this time - maybe when I finish it properly and have some proper performance stats - so far it's just a running and usable PoC I describe here :-)

Wednesday 25 February 2009

Is that me or is the Internet down? Ahhh... Google Mail is!

As we all know Google had a rough day yesterday - massive "outage" on one of their products... actually a key product - Google Mail. Both, Gmail and Google Apps users (including paid ones) had problems accessing their mail via web interface, but ONLY via web interface. SMTP/POP/IMAP all seemed to work - at least for me - alongside calendars, docs, etc.

Leaving the media hype surrounding this situation (and people saying that google is evil) there is a few things to keep in mind... The situation that happened yesterday leaves no doubt that even the best brains and the best people money can buy, they DO MAKE MISTAKES - as we all do. It happened to Google this time, it may happen to your company tomorrow (or has already happened but you don't want to talk about it).
Yes - I got my part of 'grief and complaints' from my own users, it's perfectly normal situation I would say, so I wasn't even annoyed. I've called Google Support Team, got connected immediately to a very nice guy that confirmed that they have a wide-spread problem running for about 20 minutes now... and that all engineers are already on it (sounds like 'all hands on deck') and offered a callback when it is sorted. As a matter of fact, about 30-45 minutes later webmail access was quite slow but was working again.

Now let's wrap it up:
  1. they had a problem - big deal, who hasn't?
  2. they admitted it - there was no fooling around
  3. they got really good response time and fixed the problem
  4. ... and I would say they will have no problems keeping up to their SLAs (only one access channel was down - webmail, IMAP/POP/SMTP worked for me all the time), so can we say that Google Mail was down? Not really!
So if you are crying/moaning about the situation yesterday, then think again and get over it - it could be much worse! To get you in a better mood - think about calling one of those big telecoms and speaking to 5+ consultants before they put you through to the right department, where you will hear it's a problem on your side, not theirs. How does that sound? Did I hear "8 phone calls, hours wasted on the phone and then 2 weeks to get it fixed"?


Saturday 24 January 2009

SANS Security 504 - 19 Feb - 23 Apr, Mentor Session, London, UK

December has just passed by and left very nice memories of SANS London 2008 conference - very extensive training, new friends and more than anything else - great fun all week long!

To stay in the good mood - I have the pleasure to announce, that I will be mentoring Security 504: Hacker Techniques, Exploits and Incident Handling during Mentor Sessions in London, UK. We will start on Thursday, 23 Feb 2009 and will meet weekly, every Thursday evening, till 23 Apr 2009. We will of course finish with Capture the Flag game (wohooo - that will be fun!) at the end of the course. If you would be interested in participating in the course, please contact me or SANS Institute directly.

You can find more information about my mentor SEC 504 session, it's content and requirements at the SANS website.