Author: Ian

[LJ2ME]

Since sean did it. I wanted to abuse my crackberry and try lj2me to see how it works. I have used the web browser on the phone before to post but this looks like it will be quicker. Sarah is being all cute sitting on my lap and wanting to be petted

I now have suse 9.3 running on a computer. mp3 playback is in an optional multimedia package and the C key didn’t work on my keyboard which is really strange. I deleted the .kde files and eveything seem happy now. This is the first time I have ever tried to do an upgrade rather than a fresh install. Seems fairly smooth so far.

Initial thoughts,
eye candy, but I like the graphically background on the console window,
I like amoroK. It might even do somethings better than itunes.
KDE takes a really long time to start up.
If they ever want people to use stuff they need to call things by something that is meaning full, what does KluJe do for example? Oh it a live journal poster. I wonder if I installed that when it was 9.0? or was it 9.1?
Sound seems to works perfectly on my on board sound card. I was having a couple issues with the old install.

What a storm. The first crack of thunder woke me up Ok so it was 10:30am. its now 12:30 and it is still thundering and I have a river running down the alley at the back of the house. I guess direct tv will be out due to all the rain.

Kind of fun when you kick off a deployment to 12,000 machines. This has been the result of about 2 weeks personal testing, 3 weeks pilot testing and some negotiation about deployment. Its all over now over and I get to runs some stats tomorrow about how many items of spyware were detected and deleted.

This all met I was late for the a meeting with people from Baltimorespokes. I thought taking the light rail might be quicker but I forgot it wasn’t running north of pen station. I now know how to get to hampden on a bike so I wont have to do that again.

Another icky virus today. I found a machine that kept downloading W32/Opanki.worm.gen and W32/Kelvir.worm.gen. I ended up finding c:\windows\system32\5la.exe, c:\windows\system32\busyboy.exe, c:\windows\system32\busyboya.exe, c:\windows\system32\manstfu.exe. These turned out to be zero day virus that McAfee wasn’t detecting. I got the extra.dat about 1:50pm from Lysa at avert. I didn’t push out the enterprise since I was only seeing this on one machine, it should be in tomorrows DAT release. I have a nice perl script that loads the data from EPO to snortui. I don’t think the version on source forge has the latest version of the import script. So I can watch in semi real time. EPO only periodically updates to the EPO database so I normally watch the epo sensor with an hours worth or data or more.

If you are running the enterprise version of mcafee virus scan 8 then I recommend that you enable the access protection rules, leave the “block creation of new files in the windows folder” and the “block creation of new files in the system32 folder” enabled but change them to warn. leaving them set in block mode in a large enterprise will cause all sorts of things to fail unless you really have you package installs locked down. When you find something suspicious you can jump over to the access protection log at C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt and view interesting things like application a.exe copied a file called b.exe to the system32 directory.

From tracing back the history I found that the route of all evil was a process called clip-bowl[1].ex. This then created xmconfig.exe (still waiting on an extra.dat that detects this). I saw that lltvr.exe created zkppnsd.exe (still waiting on an extra.dat), 5la.exe created 5b.exe (w32/sdbot.worm.gen.ak, extra.dat available), 5la.exe created nn.exe (detected as W32/Opanki.worm.gen (Virus) no extra.dat needed), 5la.exe created indexx.exe (Downloader-XZ (Trojan) no extra.dat needed), 5la.exe created 5353.exe (W32/Kelvir.worm.gen (Virus) no extra.dat needed),5la.exe created (W32/Opanki.worm.gen (Virus) no extra.dat needed) ,5la.exe created busyboy.exe (w32/kelvir.worm.dw extra.dat available), xmconfig.exe created fhhy.exe (W32/Opanki.worm.gen (Virus) no extra.dat needed). There were probably some other files that I haven’t listed since the virus software caught them

So the conclusion is that this machine was a mess.

I am now Uncle Ian, My sister had a baby girl yesterday, she is Katie Elspeth

According to babymames.com Katie means pure virgin and is Celtic/Gaelic in orgin, Elspeth means Consecrated to God and has Hebrew origins.

I am on the plane flying back to washington DC. I had an interesting trip. I not sure I could live in London in the summer. This is second trip I have in June and both times I have suffered from a running nose and itchy eyes. This time I took some allergy pills which took the edge off the the sore eyes and the sneezing.
I made a minor mistake this morning. I didn’t check the beard trimmer. I started trimming and heard it cutting deeper than normal. It was set at 2 rather than the normal 4. So you just have to keep going. I left the mustache the rest is a fuzzy face.
I am flying British Airways. I got bumped up to club class. which is one set bellow the bed seats. I also got the first row so lots of leg room again. club class means a laptop connector, not that I have the converter cable, wider seats, and foot rest al-la lazy boy style.
I was really disappointed in the meal. If I wasn’t going to be on the flight for 7 hours I wouldn’t have eaten it. The label said spinach risotto which on the surface sounds good but they coated it in the most revolting cheese ever. Food has to be really bad for me to consider not eating it and this was really bad. I will be sticking to the asian veggie meal in the future. For flights Iceland air still beats the rest but they annoyed me last time by charging for sodas.
The gig ethernet card came in and the machine came online. I held my breath a little waiting the 5 or 6 seconds before the screen came to life. The Finisar tap also came in which I was a bit miffed about. I had brought one from the US since they tend to take a long time to show up. I was hoping it wouldn’t show up so I wouldn’t have to take it back to the US.
I really need to get a roller bag. Its funny I when I travel I have a Nike back pack that I have had since I was in secondary school. It survived university and almost 8 years in the US. The other bag I use is a blue soft ralth loran bag that is almost as old as the nike bag. I am always striving to travel lighter but when I pack in a laptop, ipod, camera and a set of smarter clothes suddenly the ways a lot.
I have confirmed my dislike for london heathrow. They didn’t post the gate till about a hour before the flight, then we had to get a bus to the plane. Once on we waited for about an hour before finally leaving. They blamed a combination of 50 missing passengers and some more cargo.
while waiting for the gate to be posted I had a beer with a recruiter. She was looking for someone to do pre-sales consulting for either CA or Nettergity. I gave her my card and promised to send on my resume. I don’t know if it would be something I would consider but I am always curious what is out there.
I caught up with the daily source code and am now listening to some Sarah. I can’t help but feel excited and jealous about what he is doing. I look at the security software market and I don’t get very excited. I haven’t seen anything that make me go woah. We have some IDS, some IPS, Virus software but nothing out they that I think will protect the a company from being hacked.
After dealing with zero day viruses over the last couple months I think there has to be a better way to deal with the problem than signature based solutions. There are things like Cisco’s Okina solution but I am not convinced it will do any better. The reality is as long as users are allowed to download and run untrusted executables no system will be free from threats.
On of my biggest fears is the targeted attacks. this is where someone writes a custom piece of bad software. Lets say we target company A. I know have a dozen email addresses in the company. I email a link to them pretending it is something funny. One user clicks on it. This then installs a search program and maps out company sending back the information. I find something interesting maybe a credit card system or some confidential information. I send in a custom program to collect it. If you have a large enough company what are the chances of this being discovered until it is to late?