General discussion

  • Creator
    Topic
  • #2184290

    Welcome To My Pad

    Locked

    by octopuseize ·

    blog root

All Comments

  • Author
    Replies
    • #3195697

      My Result on “IT Managers: How Well Do You Communicate?”

      by octopuseize ·

      In reply to Welcome To My Pad

      Look it is the tool that did affirmative response. Below is the result I got from the “IT Managers: How well do you communicate?” posted by TechRepublic.

      “Interpreting your Communication Score.
      If your score is 32 – 23:

      You
      are an excellent communicator. You have a ?listening presence?. People
      feel heard when communicating with you. You ?fill up a room?, even when
      you are doing more listening than talking. This is a top leadership
      skill to further build upon and leverage. Take advantage of
      opportunities to develop this talent, including seeking out high-level
      speaking engagements, meeting facilitation and cross-departmental and
      global communication challenges. Share your knowledge: In addition to
      modeling what it means to be a great communicator, actively coach and
      mentor direct reports with specific, practical feedback and strategies
      for becoming more skilled in their interchanges with those on their
      team and across departments.”

      Try it yourself and find out how
      well do you handle your organizations IT department. If you are just
      above the rank and file and handling supervisory position, this may
      also help. Excellent! It did reveals the real me.

    • #3186186

      Cisco IOS is Windows XP of the Internet?

      by octopuseize ·

      In reply to Welcome To My Pad

      ISS researcher quits job to detail Cisco flaws
      ‘IOS is the Windows XP of the Internet,’ says ISS research analyst Michael Lynn

      Internet Security Systems Inc.
      (ISS) research analyst Michael Lynn quit his job to provide information
      on a serious Cisco Systems Inc. router vulnerability at this week’s
      Black Hat USA conference, after his company decided not to give a
      presentation on the flaw.

      Lynn felt compelled to quit his job Wednesday morning so that he
      could give the talk, because the Cisco security issues are of vital
      importance to the Internet’s health. “This is the right thing to do,”
      he said, speaking to Black Hat attendees, who punctuated his talk with
      applause. “When you attack the router, you gain control of the
      network.”

      Original message here.

      • #3050940

        Cisco IOS is Windows XP of the Internet?

        by skooboy ·

        In reply to Cisco IOS is Windows XP of the Internet?

        Mr. Lynn is to be commended for his bravery in exposing this flaw.  I thank him very much for stirring the pot, exposing the flaw, and for revealing Cisco’s imperfections and mistakes. On a daily basis, we sysadmins are inundated with ads for products, conferences, demos, services and papers that irresponsibly and loosely promise reliability, scalability, ease of use, blah, blah, blah.  We read about companies that defend their need to replace us with foreigners, who they want us to believe are the “best and the brightest”, and the sewage continues unabated, day in and day out.

        Well, it seems that Cisco is not so “best & bright” after all.  I have a suggestion for Cisco: park your traveling VOIP demo trucks in some yard for a year, and work on fixing this router vulnerability.  Stop telling me about your security products, and start making your products secure.  Don’t direct retribution at this brave soul who revealed your mistakes, and instead thank him kindly, lower your head, accept your humility, and FIX THE PROBLEM!

    • #3182384

      The Widespread Danger of Internet Infrastructure

      by octopuseize ·

      In reply to Welcome To My Pad

      It was all started at BlackHat Conference. Michael Lynn has really been
      audacious to reveal the truth behind the devices that powers up the
      Internet backbone. Government, corporations, IT industries and
      professionals that depends on the Internet might be loosing many
      things, importants are profits, communications, transactions and jobs.

      That flaws would have been fixed right then to prevent possible huge
      disruption of interconnected computing devices.

      Attackers or cyber terrorists might have been playing around those
      vulnerable devices since after Lynn’s presentation. Might be even
      before the presentation. He claims he just got some of his research
      from the chinese hackers site.

      If Cisco has a monopoly of devices over the Internet then they have
      been doing their very best to thwart possible attacks, of course, with
      the help of one of their share holders. It is ISS work though, they
      monitor cyber criminals and attacks to the Internet backbone but to
      their limited jurisdiction only, not all over the world’s network of
      computers.

      The best crack of this issue is that neither ISS nor Cisco should not
      be an undercover of their own products. Dissemination and prompt
      solution is the best answer not conniving one party to another.

    • #3195002

      Hackers Handle, Real and Fake Images Used Over The Internet

      by octopuseize ·

      In reply to Welcome To My Pad

      These are hackers favorite images, the real picture of them when
      transacting legal business that needs their own true identity and the
      anime fake is what they usually use in all security or hacker forums.
      Regularly use it everywhere on the net. Reason? Nothing! Neither
      one can save them from hiding their own identity. If they did something
      wrong
      (e.g. either said unethical hacking or cyber terrorising) the fake
      picture would not help from making them obscure over the Internet. Even
      they
      use more than one images or handles, the same thing goes.

      The real message
      is that the Internet regulation should broaden and lapidate their
      policies to get rid of these activities. One of the worst thing that
      may happen is the flooding of the Internet backbone itself not as
      temporary basis but a permanent one. Need to replace it physically to
      get back on a normal operation. See if that can be done by some strange
      hackers? Think of what they did to AT&T some decades ago. Hackers
      now even more intelligible and can use sophisticated tools than the
      government existing infrastructure and security. They might even cause
      the traffic to become very slow and packets tend to cast off. Example
      is people who usually uses the Internet for financial transaction
      preferred to just visit the bank letting them to process everything. If
      something anomalous happened it is the bank’s responsibility.

      “Defenders barely defeats the offenders, Why?” What if doing it wayward this time a little more professional? Think.

    • #3195000

      Applied Computer and Internet Security Guidelines

      by octopuseize ·

      In reply to Welcome To My Pad

      For someone who is trying to uncover the security behind any of the
      systems running the Internet, first is to learn how to circumvent an
      undated OS. This setup might give how attacks can be applied to some of
      the existing infrastructure found any where on the web.

      This
      applied security guidelines neither state that someone can attack any
      host found on the Internet nor escape the accountability and damages
      made during such activity.

      If you are located in the U.S or in
      Europe there are several laws that will catch you for doing such
      computer and Internet anomalies/crimes/fraud etc. To learn more about
      the laws that governed the legalities of computer usage in the U.S. and
      Europe buy the book of Spindler and B?rner, ?Ecommerce Law in Europe
      and the U.S.A. In the Philippines there is an e-Commerce law, and so
      with the other countries too.

      To portray an attack use your own
      computer. Simulate how does attacks will prosper. Do not attack any of
      the host in the Internet! Get a virtual machine and install it in your
      computer. Now you?ve got at least two OS working, one from your base
      system and a virtual machine. One may ask what a virtual machine looks
      like, and where to get the installer (can be done using MS virtual pc
      and Vmware, choose GSX server ? there is usually a 30-day trial for
      this)?

      When all things are properly working to start your
      strange motive, run nmap, nessus, any version of packet sniffer
      available around, then compromise the other computer (in your VM or
      base). Remember you have to learn how to configure a service (LDAP/ADS,
      DNS, mail, web, file server ? samba) also. If you do not have these
      things in your computer what else do you have to attack it? Of course
      there are available but few and limited exploits to be used like
      password cracking, crashing it locally but not using format command,
      buffer overflow, tcp attacks and congestion of computer resources such
      as memory (and many more use your imagination).

      Start out with a
      pre-written exploit from http://www.insecure.org/sploits.html, Fyodor
      (the king of insecure.org and one of the authors of the hacking fiction
      book: how to own a continent) is very kind to compile these for us,
      there are lots of it. The older version of OS you have the more
      exploits you can use from there. You will be using your skills in
      programming, C to name one of the few languages used. These
      exploits
      has a little variations when used to a newer version of OS. After using
      a pre-written exploit, compiled and brute force the proper offset, now
      its time to break in again, use different technique and apply your own
      exploit.

      Another thing to consider is to understand network
      traffic by the use of any network monitor/sniffer during both
      exploitation and normal network operation. Install NIDS (best one is
      snort) in a suppose victim-machine and watch the activities during
      attacks. Execute an active MITM attack (using dsniff) on an SSH and SSL
      connection between two of your computers. Try out the top 75 security
      tools at http://www.insecure.org/tools.html.

      Of course,
      malicious attacks can be thwarted with Richard Clarke (famed as the
      former counterterrorism czar for Bill Clinton and George W. Bush–ended
      his government career as the White House advisor to the President on
      Cyberspace Security. He is now bringing that expertise to the IT world)
      listed 10 steps for enterprises to follow:

      1. Establish
      automatic monitoring of compliance and auditing capabilities of
      networks. “Every day you can see if you’re secure,” he said.

      2.
      Acquire a patch-management system and service. Noting that 50 or 60
      patches are issued each week by software providers, Clarke called
      patching “the number one headache of CIOs.”

      3. Set up an
      identity-access-management system, preferably a two-factor password-ID
      system. He noted that, today, “almost any password can be broken” by
      programs easily available on the Internet.

      4. Data should be
      encrypted in sensitive areas. He said proposed California legislation
      calls for many IT organizations to encrypt data.

      5. Participate in an early-warning system, preferably with an organization with a set of detect sensors.

      6.
      Establish rigorous security-oriented service-level agreements (SLAs)
      with ISPs. Clarke indicated that the FCC is considering making this
      provision mandatory for certain IT users.

      7. Institute an IT
      security-awareness program, a sort of catch-all program that would
      educate staff on widespread security aspects of their networks.

      8.
      Software should be systematically tested–and not just Microsoft
      software. He noted that buffer-overflow problems have been cited for
      years, but little has been done to correct the problem. He said there
      is a need for “software products that test software.”

      9. Secure the physical part the IT organization to make sure that intruders can’t just walk in and violate security.

      10.
      Address “the road-warrior problem,” as illustrated by network users
      logging in from remote locations, who unknowingly have infected
      software, typically on laptops.

      Click here for Clarke’s security measures.

    • #3195434

      Authentication Capabilities of Kerberos vs. LDAP

      by octopuseize ·

      In reply to Welcome To My Pad

      The SASL/GSS (Simple Authentication Security Layer/Generic Security
      Service) mechanism supported by the LDAP server is used to securely
      access the directory. Using SASL/GSS and LDAP does not help
      authenticate a user so he/she can use an application which then
      presents the users identity to another application components in a
      secure manner – this is one of the many requirements for application
      security which Kerberos is idealy suited.

      I think we need to
      compare the LDAP directory and Kerberos protocol in order to answer the
      original question asked. Admitedly, if SASL/GSS is used to securely
      access a directory so that a password can be read and compared, then
      LDAP can be used to authenticate a user.

      I have provided a short
      list of some differences, not necessarily a complete list so maybe
      others on this email discussion can add comments and think of other
      important differences.

      LDAP server for user authentication
      – can be used to store password + other information about users.
      – useful for simple user authentication requirements where checking of password is all that is required.

      Kerberos for user authentication
      – uses security credentials which have a lifetime – LDAP does not have this capability

      built in prevention from network replay attacks and protect against
      other network security concerns – LDAP does not protect against these
      issues
      – removes the need to pass any form of password across a network – LDAP requires password transmission

      A protocol that alows support for userid/password, token card, smart
      card authentication and other forms of user authentication – LDAP is
      only suited to userid/password
      – works well in a client/server and multi-tier environment especially when using credential delegation or impersonation
      – can be used to setup a security context between application components on the network – LDAP cannot be used for this.
      – provide mutual authentication, integrity, confidentiality services – LDAP does not do any of these

      makes single signon easy, especially since Microsoft Active Directory
      does the Kerberos authentication when a user logs onto a MS network
      – works well in a heterogeneous environment
      – supported and utilised by a growing number of application vendors and standards

      a strategic protocol in many ways because of having many uses – it can
      even be used very effectively to allow an unattended application to
      authenticate itself to another application (e.g. ftp -> ftpd).

      Original message here.

    • #3195398

      Status on Government’s Computing and Communications

      by octopuseize ·

      In reply to Welcome To My Pad

      It may or may not be true. Just an arbitrary eyeshots.

      Governments
      “in general” might be on the process -the others might have been done
      and even implemented it a long time ago “time to review”- of studying
      intensively their computing and communications infrastructure.

      There
      are lots of ciphers around from WW1 up to the present. Others are
      vulnerable to attack mainly brute force. Few have been tested of their
      reliability to handle data securely.

      If you notice your
      goverment is employing one these susceptible to attacks ciphers to
      secure your data, please consult any one of your lawmakers. They may be
      securing the data but really did use it for purposes of passive
      attacks, reading and tracking all conversations either from the
      opposition or from the administration itself.

      The following ciphers are vulnerable to such attacks:

      1. Transposition
      2. Substitution
      3. Ceasar
      4. Multiplication
      5. Linear
      6. Polyalphabetic
      7. DES
      8. AES
      9. 3DES
      10. IDEA
      11. Diffie-Helman

      there might be other that are not mentioned here.

      And the ciphers that are rock-steady are the following:

      1. RSA
      2. Blowfish
      3. Twofish

      there might be other that are not mentioned here.

      The
      primary purpose of employing ciphers is to protect all data crossing
      the Internet. No one should see the message or data unless the shared
      key for symmetric ciphers or the private key for asymmetric ciphers has
      been stolen. Most ciphers have become vulnerable to different attacks
      because of their weak mathematical functions.

      Beware, it is time
      to know and learn the secrets of your government’s computing and
      infrastructure. Secure your data and your conversation. Be not a victim
      of terroristic acts.

    • #3195395

      Job Security in Computer and Information era: Jack-of-all-trades

      by octopuseize ·

      In reply to Welcome To My Pad

      Recalling the Industrial era

      Prior to the current working age,
      it is important to know how does things evolved into where people are
      now experiencing, computer and information era. According to the
      workers of the industrial era, workers’life and their work in 1833 in
      factories spent fifteen hours working. They had only two hours to eat
      potatoes and bread and they didn’t have enough strength. It was a
      working-day for one worker and it was very hard [001]. This is common
      that some of our ancestors were able to experience that hard life.

      Many
      workers were very tired because they worked a lot. They didn’t have
      enough money to get some proper food. They worked in very dirty places
      with much noise and pollution. It was very dangerous because they could
      cut hands. Accidents happened a lot. When workers were too tired, they
      lost their work. They didn’t go on strike. So much for the 18th
      century. People today might imagine how hard really the way of life to
      survive was.

      A mature industrial era

      Workers were
      called as a specialist, one who concentrate one’s efforts in a special
      activity, field, or practice [002]. One example is a building
      constraction where the civil engineer has to concentrate on the
      structures and design. The others like carpenter will work on laying
      out necessary materials to fit in based on the structures and design.

      Information era

      In
      industrial era people/workers tend to concentrate on their
      specialization, focus is there to finish the project perfectly. The
      present information era has a different and several type of
      responsibilities. Most people have heard of the word “IT Professional”,
      it is the start of the jack-of-all-trade. In IT several skill has
      evolved such as

      technical support, for what? network cabling,
      computer HW and SW troubleshooting, telephone lines, slight carpentry
      work and line man are few of the works being assigned to this position

      systems/network
      administrator sometimes take the responsibilities of the tehnical
      support and vice-versa. the good thing for network administrator is
      that they can work without the supervision of the IT manager. so to
      make themselves easy go lucky, instead of working the job really at
      their level, they will designate it to the technical support or to
      someone under their supervision.

      systems analysts, developer,
      and programmers are almost having the same context of work and
      responsibilities. they only happened to have different name-positions
      but in the real word they really have to work as what the bosses tell
      them to do no matter what. in other areas they would also work as a
      technical support.

      This type of work occurs usually to
      somebody who is really new to its career, who are just starting to
      experience the work in IT. Most of these IT professionals were able to
      escape jack-of-all-trade by choosing what would be the next level of
      their work. One factor to do this is to get certified. One who would
      like to focus in security has to get a certification (CISSP) related to
      this, one of the best is that you should be able to learn the corporate
      strategy not just the technical skills. It is like mapping of technical
      to management skills that can be applied to your organization. One who
      would like to work using MS application should get MCSE certification,
      or at least MCSA far better than MCP (which is still considered at the
      technical support level). Open source certification? Lots of them has
      been around like RHCE (i almost forget, is Linux still on the
      principles of the free softwares? i think they are getting on the MS
      principles already.). Same thing with SuSE been acquired by Novell. The
      best certification in open source is the skills you have got. Practice
      all the essential skills to get the best career in the open source
      arena, somebody can be a developer, computer and Internet security
      professional, systems/network administrator, and even better skills,
      having a solid foundation to whoever wanted to be a technical support.
      I strong recommend the number one advocacy of the free software (all
      source code made available to the public at no cost), the OpenBSD
      project which includes OpenBSD operating system, OpenBGPD, OpenNTPD,
      redundancy firewall in combination of PF, pfsync and common address
      redundancy protocol) CARP.

      With lots of hints being
      thrown, now its your turn to secure your job in computer and
      information era. Beware everything goes temporary. Update skills,
      better if you can get them in advance. It is time to use these for
      letter word, “RTFM”, what is this? You have got to find it.

      • #3051828

        Job Security in Computer and Information era: Jack-of-all-trades

        by cway1979 ·

        In reply to Job Security in Computer and Information era: Jack-of-all-trades

        The sentence structure and verb-tense errors in this article are below
        third grade level. Please spend a LOT more time studying the
        english language before you submit something like this again. I
        would be embarrased to have other people read it; delete it from
        the archive if you can.

    • #3053274

      The Better Side of the Philippines

      by octopuseize ·

      In reply to Welcome To My Pad

      The following was written by INTEL General Manager Robin Martin about the Philippines:

      Filipinos (including the press, business people and myself) tend to dwell
      too much on the negative side, and this affects the perception of
      foreigners, even the ones who have lived here for a while. The
      negative perception of the Philippines is way disproportionate to
      reality when compared to countries like Columbia, Egypt, Middle East,
      Africa, etc.

      Let us all help our country by balancing the negative with the positive
      especially when we talk to foreigners, whether based here or abroad.

      Looking back and comparing the Philippines today and 1995 (the year I came
      back), I was struck by how much our country has progressed physically.

      Consider the following:
      1. The great telecom infrastructure that we have now did not exist in
      1995. 1995 was the year the telecom industry was deregulated. Since then
      billions of dollars have been invested in both fixed line and
      cellular networks producing a system with over 5,000 kms of fiber
      optic backbone at a world competitive cost. From a fixed line
      capacity of about 900,000 in 1995 we now have over 7 million. Cellular
      phones practically did not exist in 1995; now we have over 11
      million line capacity.

      2. The MRT, many of the EDSA flyovers (including the Ayala Avenue
      flyover), the SKYWAY, Rockwell and Glorietta 4, the Fort, NAIA
      terminal 2 and most of the new skyscrapers were not yet built in
      1995.

      3. If you drive to the provinces, you will notice that national roads are
      now of good quality (international quality asphalt roads). I just went to
      Iba, Zambales last week and I was impressed that even a not so frequently
      travelled road was of very good quality.

      4. Philippine exports have increased by 600% over the past eight years.
      There are many, many more examples of progress over the last eight years.
      Philippine mangoes are now exported to the US and Europe.

      Additional tidbits to make our people prouder:

      1. INTEL has been in the Philippines for 28 years. The
      Philippines plant is where Intel’s most advanced products are
      launched, including the Pentium IV. By the end of 2002, Philippine
      operations are expected to be Intel’s biggest assembly and
      testing operations worldwide.

      2. TEXAS INSTRUMENTS has been operating in Baguio for over 20
      years. The Baguio plant is the largest producer of DSP chips in
      the world. DSP chips are the brains behind cellphones. TI’s
      Baguio plant produces the chip that powers 100% of all NOKIA
      cellphones and 80% of Erickson cellphones in the world.

      3. TOSHIBA laptops are produced in Santa Rosa, Laguna.

      4. If you drive a BENZ, BMW, or a VOLVO, there is a good chance
      that the ABS system in your car was made in the Philippines.

      5. TREND-MICRO, makers of one of the top anti virus software
      PC-Cillin (I may have mispelled this) develops its “cures” for
      viruses right here in Eastwood Libis, Quezon City. When a virus
      breaks in any computer system in the world, they try to find a
      solution within 45 minutes of finding the virus.

      6. By the end of this year, it is expected that a majority of the
      top ten U.S. Call Center firms in the U.S. will have set up
      operations in the Philippines. This is one area in which I believe we
      are the best in the world in terms of value for money.

      7. America Online (AOL) has 1,000 people in Clark answering 90% of AOL’s global e-mail inquiries.

      8. PROCTOR & GAMBLE has over 400 people right here in Makati
      (average age 23 years) doing back-up office work to their Asian
      operations including finance, accounting, Human Resources and
      payments processing.

      9. Among many other things it does for its regional operations
      network in the Asia-Pacific region here in Manila, CITIBANK also
      does its global ATM programming locally.

      10. This is the first year ever that the Philippines will be
      exporting cars in quantity courtesy of FORD Philippines.

      Next time you travel abroad and meet business associates tell
      them the good news. A big part of our problem is perception and
      one of the biggest battles can be won simply by believing and by
      making others believe.

      This message is shared by good citizens of the Philippines who persevere to hope and work for our country.

    • #3051476

      RTFM: Read The Fact Manual

      by octopuseize ·

      In reply to Welcome To My Pad

      Of course everyone knows its real acronym. This rule has been tested
      and it is a successful one since the UNIX inception. It is actually a
      hacker term. Everywhere you go, IRC, hacker forums and many other geeks
      sites, this term is widespread and a person who is very kind seeking
      answer to a question, all of a sudden there the RTFM. Seemed like a
      frantic one to any victim of this four letter word. If someone take it
      really seriously then some things will end up nothing.

      But if it takes really with a drive to discover everything then some
      things will end up with an exemplerary outcome.
      Experience wise, this four letter word has become an inspiration to
      everyone who is determined to learn and master what they want.

      It really needs lots of effort for research and practice applications
      in order to achieve what anybody wants.
      Spoon fed is not anymore applicable. Feeding the brain properly, use
      RTFM and anybody will get the best result considering the technology
      evolves from time to time. Nobody will ever be left behind with RTFM.

Viewing 9 reply threads