Archive | August 2007

Aug30

It annoys me that I cannot do private posts on my blog.

It annoys me greatly.

tiger balm

Aug30

How old am I? 33, right? Right. So, why the hell is my skin still so oily? Isn’t that, like, a teenager thing? Does my body actually still believe it’s a teenager?

Yar. :)

Are you just trying to piss us off?

Aug30

(Mel, sweetie, avert your eyes. This one’s not nice.)

Full rtardedness over at CNN.

We were briefed for an entire day after this incident by our chief of police. We are working on implementing an alert system since we have so many buildings and it’s difficult to reach everyone at once.

It’s not like you just expect some kid to go fucking mental and start shooting, wander off, then wander back. We can plan for it now because it’s happened. And really we’re just planning for what we think might happen, not what we know will happen “next time”. But, in the moment the administration thought they were doing the right thing. Sometimes we’re wrong. We’re fallible. We just are. It’s because humans are not as predictable as we all hope each other will be, especially when a human is off his (or her) fucking rocker.

So, allow us to learn the lessons that are actually helpful to learn from this tragedy and not just point the finger and walk away with a repeat of history.

(To the one person who is going to argue this was not a tragedy, definition: a lamentable, dreadful, or fatal event or affair. It was that, Sir. It was that.)

I still haven’t collected on the last rootkit scandal

Aug29

Of course we bought CDs that had the Sony rootkit on them. Luckily I don’t have a microvault which has the newest rootkit on it! :

From Reuters here:

Software included with high-end memory sticks sold by Sony Corp can make personal computers vulnerable to attack by computer hackers, according to researchers with two Internet security firms.

Sony’s MicroVault USB memory stick and fingerprint reader includes software that creates a hidden directory on the computer’s hard drive, researchers with Finnish security software maker F-Secure Corp reported on the company’s blog on Monday.

Such software that hides itself, which is known as a root kit, leaves room for hackers to secretly infect personal computers, they said.

F-Secure’s blog posting said it attempted to contact Sony before alerting the public about the software, but the company had not replied.

On Tuesday, researchers with McAfee Inc. said they had confirmed the vulnerability described by F-Secure.

“The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,” said McAfee spokesman Dave Marcus. “However, software creators apparently did not keep the security implications in mind. The application could be used to hide arbitrary software, including malicious software.”

This is not the first time F-Secure has found Sony software installing hidden directories on the drives of its customers. In 2005 there was a similar situation involving the electronics maker’s digital rights management software, security experts say.

On F-Secure’s blog today, the security group confirms that the rootkit can be used by malware authors to hide any file folder.

This new rootkit (which can still be downloaded from sony.net) can be used by any malware author to hide any folder. We didn’t want to go into the details about this in our public postings, but we suppose the cat’s out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware’s folder, no questions asked.

Nested quoted quotes! :)

Thanks to Pat who passes me some tasty geekery.

astronauts are NOT drunk!

Aug29

Following up When good space ladies go bad:

An internal NASA review found no evidence to back up last month’s report that astronauts have been allowed to fly drunk, NASA sources told CNN on Tuesday.

The agency ordered the review after an independent panel reported anecdotal evidence of intoxicated astronauts flying aircraft and spacecraft. The review, by NASA’s Office of Safety and Mission Assurance, is to be released Wednesday.

The NASA Astronaut Health Care System Review Committee in July reported two alleged cases in which astronauts were so drunk that flight surgeons or other astronauts raised concerns over flight safety. The astronauts in question were still allowed to fly, the panel said.

The independent panel’s report offered no specifics about the drinking episodes and said no attempt was made to confirm information given in interviews.

It was convened to look into NASA’s medical and psychological screening process after the arrest of former astronaut Lisa Nowak. She is accused of assaulting a romantic rival in February.

Nowak has pleaded not guilty to the charges.

Following the committee’s report, NASA adopted an interim policy saying astronauts are not qualified for flight if they consume alcohol within 12 hours of launch and ordered the review.

The report from the committee said, “Interviews with both flight surgeons and astronauts identified some episodes of heavy use of alcohol by astronauts in the immediate preflight period, which has led to flight safety concerns.”

The committee said in another section of the report that it did not provide the space agency with names.

The NASA sources told CNN that Wednesday’s report also does not name anyone. (CNN)

Wearing a diaper in the car doesn’t mean you’re drunk. Just sayin’.

crossroads

Aug29

This morning in my work mailbox I found an invitation to be included in one of those scammy who’s who directories, which I checked out later and learned I want no part in it, but before checking it out my introspection began.

I have always been resistant to being a “computer person”. I never wanted this to be my career. I just did it because I was good at it. I did it because, despite my dislike for all things service, it’s what my personality type tells me I should be doing.

And then something happened. I’m not sure what. Something changed in me that made me love what I do. Perhaps it’s because my employer became more supportive of my professional development and I was able to actually learn more and practice the security side of computing. This is truly my passion. I love all things to do with security. I could wax poetically for hours on the subject. I could eat up every certification there is to do with this field, read every trade material there is on the subject, handle incidents with no objection indefinitely. I would love to become someone’s CSO, CISO, security consultant, or similar. I would love to be in charge of security infrastructure, planning, implementation, response, resolution… all of it.

But, what if? I have a fear of responsibility, a fear of committing to the big things. I have a fear of saying yes to something and then disappointing everyone involved. I fear that I don’t know enough to do the job well. I fear that everyone will realize I’m a fake. Underneath this confident exterior I’m just winging it like the rest of the world. And somehow that’s okay for everyone else to do, but not for me.

I am very strong willed, know what I want, and go full force toward it, but underneath there is a constant dialog of, “[my nickname here], are you really sure you know what you’re doing?” No, voice, I don’t. But I’m doing it anyway.

The one day several months back when my boss told me, “you know, you could be the CSO” scared the absolute shit out of me. But, is there really anything wrong with being scared?

My eyes just bugged out of my head.

Aug28

B just emailed me:

Oh, I was looking around at restaurants, and it appears that our beloved Tom Colicchio has a restaurant here in Dallas. Of course, he probably wouldn’t be there, but man, just to be in that man’s atmosphere would be breathtaking. Sigh…

Oh, mew mew mew… Cannot wait to visit her!!