John's Tech Blog

Well, some blog comment spam (or so it appears) proves that this blog is being followed, as well as a genuine comment from a friend (hi, MB!)...but things are still in flux with publishing. Being the barefoot cobbler, I have yet to get around to coding a fix for the system I use to publish this. As such, I can't readily post links to articles that I'm reading online - but for now, I think I'm going to try out Google Reader's "Shared Items" feature. I feel that it's a bit dumbed down, and I'd rather add my own commentary, but probably it's better than nothing. :)

Without further ado, here's the link:Google Reader - John's shared items

Is this actually working? Does anyone read this?

(Technical problems befell this blog for some time, in addition to time limitations.)

Very interesting stuff...

Google Taps Fiber with Manhattan Move: "Steve Bryant writes on Google Watch:

Google's new Manhattan office sites atop one of the biggest fiberoptic facilities in North America.

I've been doing research for a separate project on Google's new offices in Manhattan, which I first reported about here. I can't reveal everything just yet, but I do have more details to report. Turns out 111 8th Avenue is one of the premier 'carrier hotels' in the country, a 2.8-million-square-foot behemoth of a fiber gateway.

What's a carrier hotel? It's a very secure, very expensive location for firms that traffic in large amounts of data. 111 8th Avenue, it turns out, sits right on top of the Hudson Street-Ninth Avenue fiber highway. By moving into its new building, Google is gaining access to a nearly unlimited amount of bandwidth. The only other building in New York that has this kind of power is 60 Hudson Street. Suffice to say, the two are closely connected.

More here."

From: Fergie's Tech Blog

Another fine ISC story that I basically want to bookmark for myself. :-) [It's been sitting in my 'pending' file for some time.]

Notable Tidbits, (Mon, Aug 28th): "Notable updates for today:
http://liveview.sourceforge.net/

'Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to 'boot up' the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk.
The end result is that one need not create extra 'throw away' copies of the disk or image to create the virtual machine.'

Live View is capable of booting

* Full disk raw images
* Bootable partition raw images
* Physical Disks (attached via a USB or Firewire bridge)

Containing the following operating systems

* Windows XP, 2000, 2003, NT, Me, 98
* Linux (limited support)
"

... (see link for more)

Source: SANS ISC

What's that, you say? This blog isn't dead yet? [Really, it's feeling better! ;-)]

Anyway, things have gotten in the way of updating...but I simply couldn't pass up the opportunity to share this gem of Tom Liston's. But don't just follow my links to the ISC - read it daily! It's chockful of educational goodness, and preventative cures.

Quick plug: Netcat in the Hat, (Wed, Sep 6th): "Over the past several months, several of the handlers have written up security-based, 'themed' challenges. This month, I wrote one entitled 'Netcat in the Hat,' a nod to every child's best friend, Dr. Seuss. (And trust me, having written the challenge in rhyme, I have a new-found respect for the good doctor...) You can find it here. Check it out and submit an answer!"

Source: SANS ISC

Quite an amazing tale of physical/electronic security being beat...

Pinch My Ride: "Brad Stone writes on Wired News:

Last summer Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been. The 38-year-old truck driver and former reserve Los Angeles police officer did what anyone would do: He reported the theft to the cops and called his insurance company."

From: Fergie's Tech Blog

Yes, I have a handful of stories piling up, but I wanted to let this one through first. I don't think I need to make any cynical remarks about PHP and security...it's all about the apps, and to date, I've not seen a lot of well coded PHP apps out there. Here's yet another PHP app that allowed a system to be compromised...

Attacks against Joomla com_peoplebook, (Sun, Jul 30th): "As reported in a couple of previous diaries (http://isc.sans.org/diary.php?storyid=1483 & 1480 ), less than adequate input validation resulted in a fair few attacks against Joomla and Mambo components. Joomla is a powerful open-source Content Management System written in php. Yesterday we received word of another attack, this time against com_peoplebook.
Here are a few of the httpd log entries that we were provided, suitably sanitized at the hosting provider's request. Note the timelag between log entries - there was a living human at the other end of the wire manually manipulating this server.
[...]"

Source: ISC SANS

I'm quite pleased to say this works for me! I've been wanting this feature for some time now.

Tip #1283 - How to edit tips in mozilla using vim - mozex: "Hi,

This is very similar to vimtip#581. In fact, I'm just trying to shamelessly drag your attention to http://mozex.mozdev.org again. I adopted mozex plugin and I'm continuing it's development. All the installation (and de-installation) issues for any mozilla based browser should be fixed. And there's much more new things (start external editor by hotkey, nice configuration dialog, utf-8 editing and more). Just be sure to install latest development version.

Any comments are welcome.

Hope this helps
--
Vladimir"

Source: tips : vim online